locked
SCCM CAS with 3 Primary site in one domain RRS feed

  • Question

  • Dear All

       Our company have one single domain single forest , but I have 3 Major site that have client around 500 - 1000 per site, and I have separate team respond for it , I plan to deploy SCCM by each site have own primary server, and have center administrator. it is possible in same domain or not, and can recommend step that I should do, ( deploy sccm Center Admin first ? and deploy primary site on each location )

    Thank you

    Tuesday, October 18, 2016 4:34 AM

Answers

  • That seems overkill to deploy a CAS and 3 primary sites if you have 500-1000 clients per site with 3 sites. What is your total client count? A single primary site supports up to 150,000 clients (unless this number has changed, I can't remember).

    I would deploy a Primary site, then depending on the link speeds of the other sites, you could deploy a secondary site, or use distribution points. Then you can use RBAC to manage which teams have the required access to resources for their region. Installing a CAS introduces more complexities to manage that don't seem to be required for your setup.

    Also if it is a new deployment, you have posted in the ConfigMgr 2012 seciton, I would deploy a new site with ConfigMgr 1606. 

    Size and scale numbers for System Center Configuration Manager

    Design a hierarchy of sites for System Center Configuration Manager


    Tuesday, October 18, 2016 4:56 AM
  • Dear Sir,

    Honestly, no one will recommend to use a CAS here as it's only needed when you've got more than 150,000 clients. Based on how your site look like, you can consider to use secondary sites or remote distribution points. 

    If management is separated for 3 sites, you can use RBAC.

    Best regards

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 18, 2016 7:20 AM
  • to be clear, primary sites are NOT a security boundary! anything done at site WILL affect the other sites. You will need to use RBA, in order to prevent this. As such, you only need one primary site.

    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Tuesday, October 18, 2016 11:15 AM

All replies

  • Hello,

    Yes this is definitely possible. Please look the below for your planning

    https://technet.microsoft.com/en-us/library/gg712681.aspx 


    Regards, Regin Ravi

    Tuesday, October 18, 2016 4:42 AM
  • That seems overkill to deploy a CAS and 3 primary sites if you have 500-1000 clients per site with 3 sites. What is your total client count? A single primary site supports up to 150,000 clients (unless this number has changed, I can't remember).

    I would deploy a Primary site, then depending on the link speeds of the other sites, you could deploy a secondary site, or use distribution points. Then you can use RBAC to manage which teams have the required access to resources for their region. Installing a CAS introduces more complexities to manage that don't seem to be required for your setup.

    Also if it is a new deployment, you have posted in the ConfigMgr 2012 seciton, I would deploy a new site with ConfigMgr 1606. 

    Size and scale numbers for System Center Configuration Manager

    Design a hierarchy of sites for System Center Configuration Manager


    Tuesday, October 18, 2016 4:56 AM
  • Dear Sir,

    Honestly, no one will recommend to use a CAS here as it's only needed when you've got more than 150,000 clients. Based on how your site look like, you can consider to use secondary sites or remote distribution points. 

    If management is separated for 3 sites, you can use RBAC.

    Best regards

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 18, 2016 7:20 AM
  • to be clear, primary sites are NOT a security boundary! anything done at site WILL affect the other sites. You will need to use RBA, in order to prevent this. As such, you only need one primary site.

    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Tuesday, October 18, 2016 11:15 AM

  • Yes this is definitely possible. Please look the below for your planning

    https://technet.microsoft.com/en-us/library/gg712681.aspx 

    Possible, yes. Many things are possible. Driving down the freeway in the wrong direction during rush hour at 100 MPH is possible. Ill-advised (among many other synonymous adjectives) is a better description of doing this here.

    As the others have pointed out, do *not* do this. There is no technical reason whatsoever to do this. Primary sites are *not* (let me repeat that, NOT) for delegation, administrative separation, or network separation in any way shape or form. Primary site are for one thing (and only one thing): client scalability. Thus, unless you have over 150,000 clients to manage, the word CAS should be considered among one of the most hateful words/terms in IT -- along with Blue Screen, Root Kit, and McAfee.

    As Garth and Nick noted, Role Based Administration (RBA) if the functionality that will meet your requirements using a *single* primary site and no CAS.


    Jason | http://blog.configmgrftw.com | @jasonsandys


    Tuesday, October 18, 2016 12:54 PM