Answered by:
SCCM CAS with 3 Primary site in one domain

Question
-
Dear All
Our company have one single domain single forest , but I have 3 Major site that have client around 500 - 1000 per site, and I have separate team respond for it , I plan to deploy SCCM by each site have own primary server, and have center administrator. it is possible in same domain or not, and can recommend step that I should do, ( deploy sccm Center Admin first ? and deploy primary site on each location )
Thank you
Tuesday, October 18, 2016 4:34 AM
Answers
-
That seems overkill to deploy a CAS and 3 primary sites if you have 500-1000 clients per site with 3 sites. What is your total client count? A single primary site supports up to 150,000 clients (unless this number has changed, I can't remember).
I would deploy a Primary site, then depending on the link speeds of the other sites, you could deploy a secondary site, or use distribution points. Then you can use RBAC to manage which teams have the required access to resources for their region. Installing a CAS introduces more complexities to manage that don't seem to be required for your setup.
Also if it is a new deployment, you have posted in the ConfigMgr 2012 seciton, I would deploy a new site with ConfigMgr 1606.
Size and scale numbers for System Center Configuration Manager
Design a hierarchy of sites for System Center Configuration Manager- Edited by Nick HogarthMVP Tuesday, October 18, 2016 4:57 AM .
- Proposed as answer by Frank Dong Tuesday, October 18, 2016 7:10 AM
- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 4:56 AM -
Dear Sir,
Honestly, no one will recommend to use a CAS here as it's only needed when you've got more than 150,000 clients. Based on how your site look like, you can consider to use secondary sites or remote distribution points.
If management is separated for 3 sites, you can use RBAC.
Best regards
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 7:20 AM -
to be clear, primary sites are NOT a security boundary! anything done at site WILL affect the other sites. You will need to use RBA, in order to prevent this. As such, you only need one primary site.
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 11:15 AM
All replies
-
Hello,
Yes this is definitely possible. Please look the below for your planning
https://technet.microsoft.com/en-us/library/gg712681.aspx
Regards, Regin Ravi
Tuesday, October 18, 2016 4:42 AM -
That seems overkill to deploy a CAS and 3 primary sites if you have 500-1000 clients per site with 3 sites. What is your total client count? A single primary site supports up to 150,000 clients (unless this number has changed, I can't remember).
I would deploy a Primary site, then depending on the link speeds of the other sites, you could deploy a secondary site, or use distribution points. Then you can use RBAC to manage which teams have the required access to resources for their region. Installing a CAS introduces more complexities to manage that don't seem to be required for your setup.
Also if it is a new deployment, you have posted in the ConfigMgr 2012 seciton, I would deploy a new site with ConfigMgr 1606.
Size and scale numbers for System Center Configuration Manager
Design a hierarchy of sites for System Center Configuration Manager- Edited by Nick HogarthMVP Tuesday, October 18, 2016 4:57 AM .
- Proposed as answer by Frank Dong Tuesday, October 18, 2016 7:10 AM
- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 4:56 AM -
Dear Sir,
Honestly, no one will recommend to use a CAS here as it's only needed when you've got more than 150,000 clients. Based on how your site look like, you can consider to use secondary sites or remote distribution points.
If management is separated for 3 sites, you can use RBAC.
Best regards
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 7:20 AM -
to be clear, primary sites are NOT a security boundary! anything done at site WILL affect the other sites. You will need to use RBA, in order to prevent this. As such, you only need one primary site.
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Marked as answer by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:55 PM
Tuesday, October 18, 2016 11:15 AM -
Yes this is definitely possible. Please look the below for your planninghttps://technet.microsoft.com/en-us/library/gg712681.aspx
Possible, yes. Many things are possible. Driving down the freeway in the wrong direction during rush hour at 100 MPH is possible. Ill-advised (among many other synonymous adjectives) is a better description of doing this here.
As the others have pointed out, do *not* do this. There is no technical reason whatsoever to do this. Primary sites are *not* (let me repeat that, NOT) for delegation, administrative separation, or network separation in any way shape or form. Primary site are for one thing (and only one thing): client scalability. Thus, unless you have over 150,000 clients to manage, the word CAS should be considered among one of the most hateful words/terms in IT -- along with Blue Screen, Root Kit, and McAfee.
As Garth and Nick noted, Role Based Administration (RBA) if the functionality that will meet your requirements using a *single* primary site and no CAS.
Jason | http://blog.configmgrftw.com | @jasonsandys
- Edited by Jason Sandys [MSFT]MVP Tuesday, October 18, 2016 12:54 PM
Tuesday, October 18, 2016 12:54 PM