locked
Secondary Site in DMZ on Workgroup Server RRS feed

  • Question

  • Hi Guys,

    I have a simple question.

    Is it possible to install the role secondary site server on a server in the DMZ which is only in a workgroup (no AD!) or is AD a prerequisites for the installation?

    Greetings Chris

    Tuesday, February 25, 2014 11:42 AM

Answers

  • That's on possible solution but one that I would never implement.

    The common solution is to put an HTTPS enabled MP (and DP and SUP) in the DMZ to control MP affinity and essentially force the DMZ clients to use the HTTPS MP. This doesn't get rid of the requirement for this site system (as a single site system could easily hold all three roles) to be domain joined though.



    Jason | http://blog.configmgrftw.com

    Tuesday, February 25, 2014 2:59 PM

All replies

  • No on both accounts. All site servers and site systems must be installed on a domain joined system and secondary site servers are not gateways so even if it was on a domain system it is not meant for use on a segregated network where the clients have no direct access to an MP in the primary site.

    Jason | http://blog.configmgrftw.com

    Tuesday, February 25, 2014 2:04 PM
  • Thanks Jason for the fast answer.

    This mean I need a second primary site in the segregated network to have a little bit gateway functionality so the clients communicate directly with the primary site in the segregated network?

    Tuesday, February 25, 2014 2:30 PM
  • That's on possible solution but one that I would never implement.

    The common solution is to put an HTTPS enabled MP (and DP and SUP) in the DMZ to control MP affinity and essentially force the DMZ clients to use the HTTPS MP. This doesn't get rid of the requirement for this site system (as a single site system could easily hold all three roles) to be domain joined though.



    Jason | http://blog.configmgrftw.com

    Tuesday, February 25, 2014 2:59 PM