locked
SCCM 2012 SP1 Cloud DP - Allowing Clients to connect over the internet RRS feed

  • Question

  • I have setup a Windows Azure based Cloud DP.  Everything seems to be setup correctly, but my SCCM test machine cant install software from the cloud DP over the internet. 

    I followed this link along with the MS documentation related to Cloud DP setup http://blog.coretech.dk/kea/configmgr-cloud-distribution-points/

    My setup is a simple 1 server / primary site install of SCCM 2012 sp1.  The primary server has an FQDN of SCCM01.contoso.biz.  The MGMT certificate that I requested has a service name /DNS name of CloudDP01.contoso.com.  I have been able to successfully create the DP and it has application content.  I can even see that when I am connected to the VPN the content locations are below.

    Distribution Point='http://SCCM01.contoso.biz/SMS_DP_SMSPKG$/Content_563b51a5-8aa1-44d6-83fb-971469d6391c.1', Locality='LOCAL', DPType='SERVER', Version='7804', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://SCCM01.contoso.biz/SMS_DP_SMSSIG$/Content_563b51a5-8aa1-44d6-83fb-971469d6391c.1.tar', ForestTrust='TRUE', LocationServices 3/28/2013 6:35:46 PM 8444 (0x20FC)
    Distribution Point='https://CloudDP01.contoso.com/downloadrestservice.svc/getcontentxmlsecure?pid=p010001c&cid=Content_563b51a5-8aa1-44d6-83fb-971469d6391c.1', Locality='REMOTE', DPType='AZURE', Version='7804', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="35"/></Capabilities>', Signature='https://CloudDP01.contoso.com/downloadrestservice.svc/getcontentxmlsecure?pid=P010001C&cid=P010001C', ForestTrust='TRUE', LocationServices 3/28/2013 6:35:46 PM 8444 (0x20FC)

    I noticed some conflicting information on what needs to happen with DNS.  I have a CNAME internally and externally that points clouddp.contoso.com to the windows azure quid.cloudapp.net.

    I have a couple of questions:

    1. Is is possible to use a cloud DP without an internet MP to serve up content to internet clients?

    2. Does the service name need to match the internal FQDN of the primary SCCM server in my case contoso.biz instead of contoso.com?

    Any help and advice on testing would be greatly appreciated.


    -Jason Dye Consultant - Systems Management

    Thursday, March 28, 2013 11:18 PM

Answers

  • 1. No. Content location as well as all other client activity is predicated on being able to access an MP at some point in the process.

    2. Don't know.


    Jason | http://blog.configmgrftw.com

    Friday, March 29, 2013 12:35 AM

All replies

  • 1. No. Content location as well as all other client activity is predicated on being able to access an MP at some point in the process.

    2. Don't know.


    Jason | http://blog.configmgrftw.com

    Friday, March 29, 2013 12:35 AM
  • Does this mean that the main use case for a cloud DP is really for satellite sites?  Maybe your a company that is based on the east coast, but you have some small branches on the West Coast.  Instead of putting regular DPs out there and managing the servers etc., you just put 1 or 2 in the cloud on the west coast region.  Then they get to the MP from the company network and pull the software over the internet along with software updates from MS Updates etc.


    -Jason Dye Consultant - Systems Management

    Friday, March 29, 2013 7:18 PM
  • Correct. It is not an IBCM / Direct Access replacement. It could complement those by moving the content download burden to Azure instead of an on-prem hosted DP, but MP connectivity must be part the solution and is not addressed by cloud DPs. I've "heard" that download costs from Azure are a bit high though so you should factor this into decisions also.

    Jason | http://blog.configmgrftw.com

    • Proposed as answer by YPae Saturday, March 30, 2013 12:30 AM
    Friday, March 29, 2013 7:26 PM