SCCM CAS with 3 Primary site in one domain

All replies

• 

  

  0

  Sign in to vote

  Hello,

  Yes this is definitely possible. Please look the below for your planning

  https://technet.microsoft.com/en-us/library/gg712681.aspx 

  ---

  Regards, Regin Ravi

  Tuesday, October 18, 2016 4:42 AM
• 

  

  0

  Sign in to vote

  That seems overkill to deploy a CAS and 3 primary sites if you have 500-1000 clients per site with 3 sites. What is your total client count? A single primary site supports up to 150,000 clients (unless this number has changed, I can't remember).

  I would deploy a Primary site, then depending on the link speeds of the other sites, you could deploy a secondary site, or use distribution points. Then you can use RBAC to manage which teams have the required access to resources for their region. Installing a CAS introduces more complexities to manage that don't seem to be required for your setup.
  
  Also if it is a new deployment, you have posted in the ConfigMgr 2012 seciton, I would deploy a new site with ConfigMgr 1606. 
  
  Size and scale numbers for System Center Configuration Manager
  
  Design a hierarchy of sites for System Center Configuration Manager

  
  

  • Edited by Nick HogarthMVP Tuesday, October 18, 2016 4:57 AM .
  • Proposed as answer by Frank Dong Tuesday, October 18, 2016 7:10 AM
  • Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM

  Tuesday, October 18, 2016 4:56 AM
• 

  

  0

  Sign in to vote

  Dear Sir,

  Honestly, no one will recommend to use a CAS here as it's only needed when you've got more than 150,000 clients. Based on how your site look like, you can consider to use secondary sites or remote distribution points. 

  If management is separated for 3 sites, you can use RBAC.

  Best regards

  Frank

  ---

  Please remember to mark the replies as answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM

  Tuesday, October 18, 2016 7:20 AM
• 

  

  0

  Sign in to vote

  to be clear, primary sites are NOT a security boundary! anything done at site WILL affect the other sites. You will need to use RBA, in order to prevent this. As such, you only need one primary site.

  ---

  Garth Jones

  Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

  Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

  • Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM

  Tuesday, October 18, 2016 11:15 AM
• 

  

  0

  Sign in to vote

  
  Yes this is definitely possible. Please look the below for your planning

  https://technet.microsoft.com/en-us/library/gg712681.aspx 

  Possible, yes. Many things are possible. Driving down the freeway in the wrong direction during rush hour at 100 MPH is possible. Ill-advised (among many other synonymous adjectives) is a better description of doing this here.

  As the others have pointed out, do *not* do this. There is no technical reason whatsoever to do this. Primary sites are *not* (let me repeat that, NOT) for delegation, administrative separation, or network separation in any way shape or form. Primary site are for one thing (and only one thing): client scalability. Thus, unless you have over 150,000 clients to manage, the word CAS should be considered among one of the most hateful words/terms in IT -- along with Blue Screen, Root Kit, and McAfee.

  As Garth and Nick noted, Role Based Administration (RBA) if the functionality that will meet your requirements using a *single* primary site and no CAS.

  ---

  Jason | http://blog.configmgrftw.com | @jasonsandys

  
  

  • Edited by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:54 PM

  Tuesday, October 18, 2016 12:54 PM