locked
Boundary group question RRS feed

  • Question

  • Currently migrating from 2007 to 2012.  In 2007, we have a dozen distribution points(DP's).  All of them are protected except 1.  Boundaries are defined for the subnets in which we want to ensure a specific DP is used.  For networks where there is no boundary, they connect to the one unprotected DP.  This has worked quite well for us over the years.  It gives us a catchall for any new network that was created without my knowledge, as well as alleviating the need to create a boundary for EVERY network.  It also ensures lower bandwith locations with a DP don't pull content over the wan.

    Reading through the documentation, I'm concerned my approach will need to be changed for 2012.  I'm thinking that I will have to create a boundary for every network, and point them to a specific boundary group for content.  I don't really want to have to define every network, as we have 300ish sites, and 450ish networks.  

    What happens if clients do not have a boundary specified for them for content?

    Is there a way to configure the boundary groups / dp's to allow a catch-all one for clients not in a defined boundary?

    Any other suggestions on how to approach this issue?

    thanks,

    Steve


    Thursday, March 21, 2013 3:26 PM

Answers

  • Hi, for Configmgr to administrate the Clients you need to have Boundaries that defines an IP Scope/range.

    Maintaining this in AD Sites With defining proper IP subnets, and then let the Forest Discovery run fetch them for you is a good way of doing it.

    Then all you need to do is add the discovered boundaries to Boundary Groups for them to be active.

    If Clients are not within a Boundary range it will not be able to figure out automatically what site to Connect to, and will not be allowed to Connect.

    Use IP Ranges Boundaries if you know there might be supernets defined in the subnet Scope or you need to define a spesific range of ip adresses.

    Hope this was helpfull. 


    Nicolai

    Thursday, March 21, 2013 10:14 PM

All replies

  • I should add that I have found the "allow fallback source location for content" setting in the DP configuration.  However the verbiage doesn't state if it will allow clients not in a defined boundary to use it.  All of the verbiage I'm finding states that the client will use fallback if the "preferred" DP doesn't have the content.

    If there is no preferred dp since the client isn't in a boundary, will content download just fail, or will they defer to the fallback?


    Thursday, March 21, 2013 3:58 PM
  • Remember in cm2012 you have a forest discovery that can update your boundaries for you.  If the location is designated in AD, CM12 can create your boundaries for you.  That helps protect you from the scenario you describe. 

    You can also allow clients outside of the boundary groups to pull content from protected DPs. 

    Thursday, March 21, 2013 6:18 PM
  • Thanks SpecialEdward.  I ran the forest discovery yesterday...it only created 70 boundaries.  I'm honestly not sure where it pulled that info from, since several of the boundaries it created have no AD integrated machines on them.  

    Between that and it only creating 70 of over 400 networks....it wasn't the magic pill I was hoping.

    Thursday, March 21, 2013 7:50 PM
  • It should pull that information from the AD Sites and Services settings (networks and AD Sites).  Are the networks/sites being updated in AD?  (I've been in several VERY large companies that have multiple locations all under a single site in AD, so offices in Mexico, Texas and NY, are all in the same AD Site, so I have to ask.  :)   ) 

    Thursday, March 21, 2013 8:33 PM
  • Hi, for Configmgr to administrate the Clients you need to have Boundaries that defines an IP Scope/range.

    Maintaining this in AD Sites With defining proper IP subnets, and then let the Forest Discovery run fetch them for you is a good way of doing it.

    Then all you need to do is add the discovered boundaries to Boundary Groups for them to be active.

    If Clients are not within a Boundary range it will not be able to figure out automatically what site to Connect to, and will not be allowed to Connect.

    Use IP Ranges Boundaries if you know there might be supernets defined in the subnet Scope or you need to define a spesific range of ip adresses.

    Hope this was helpfull. 


    Nicolai

    Thursday, March 21, 2013 10:14 PM
  • We have 3 ad sites, and those are listed in sites and services.  However subnets are no where near up to date.  Part of that may be that our retail locations used to only have thin clients and no windows machines.  Now each retail location has 3 windows machines in addition to the thin clients.  So each boundary for each of the 280ish retail locations would be for only 3 clients...oy.

    I understand that having sites and services accurate and allowing forest discovery to auto create my boundaries would be ideal.  Unfortunately ideal isn't my current reality.

    One thing I was thinking and wondering if it would work....What if I created one boundary group that was for site assignment only (I don't forsee a need for multiple sites).   Create a boundary that was for the entire 10.x.x.x network, and associate it with the site assignment boundary group.

    In my thinking that would allow all clients to be sure to be assigned to the correct site.

    Would clients not assigned to a boundary with a content dp listed still find content on the dp that was set as a fallback dp?

    Friday, March 22, 2013 12:49 PM
  • Hi Steve, To try answer your original question. Devices not in the boundaries will use their assigned site for content and will not have visibilty of downstream servers/DPs in the hierarchy. Therefore either the Primary needs the DP role or you'll need a site system in the Primary's site that is a DP. You can then configure it to be a Fallback DP. ie dont make the mistake i did recently where i thought i could use a secondary to be a fallback DP. ;-) Regards, Dave
    Saturday, October 5, 2013 4:21 AM