Solutions for SUP in untrusted forest ? RRS feed

  • Question

  • we have two domains and the dmz is untrusted (atm around 150 systems)

    before we had two primary sccm 2007 sites + central site with replication based on sender adresses - worked perfectly.

    now because of sql replication we cant place a primary site system in the untrusted domain.

    only standalone primary site would be possible but then we have no central reporting.

    so we deployed primary site with additional dp and mp in untrusted forest like microsoft prefers for cross forest deployment.

    now we want to deploy software updates to our dmz servers like before and here is the showstopper because sccm does not allow two sup in one site.

    possible solutions ?

    1. wait for sp1 because it allows multiple sups per site. really ? release ?

    2. set all dmz clients / servers to internet-based and deploy certificates. not really !

    3. install local wsus on "site server" in untrusted domain and manage patches outside sccm ? is fep 2012 pattern update possible without sccm ?

    4. open internal primary site wsus for dmz systems so that they can check catalog through firewall but update from their local dp. rights problem on wus webserver ?

    what would u prefer and why does microsoft canceled the option to connect untrusted domains like before (sql replication could be handled imo).

    thx in advance

    Tuesday, October 16, 2012 1:41 PM

All replies