OK, so I've read multiple threads and have not found the exact answer I need :)
My site; SP2 R3 single site server with all functions except DP (seperate server, mostly for imaging space) Database is on the site server. Appx. 10,000 clients, FEP is installed, Power Managment is enabled.
Converted to Native mode a week or so ago with help from MS. appx 8500 are reporting native mode currently, the other 1500 systems are the ones that need Internet Managment. most of these 1500 will transition from intranet to internet regularly.
I've looked at the different scenarios, but I can't define which gives the clients the ability to move between MPs. Am I correct in assuming that I have to have SQL replicated to the perimeter netowrk to acommplish this?Tuesday, February 07, 2012 8:59 PM
With Native Mode, clients can be in one of three modes:
- Internet-only. In this mode, clients only report to the Internet MP which is assigned at client agent installation time.
- Intranet-only. In the this, clients can freely roam between internal MPs
- Internet or intranet. In this mode, clients try to connect to their assign internal MP. If this fails, they try to connect to their assigned Internet MP which they can query from AD at agent installation time.
How to Configure Configuration Manager Client Computers for Intranet-Only Management: http://technet.microsoft.com/en-us/library/bb693720.aspx
How to Configure Configuration Manager Client Computers for Internet-Only Management: http://technet.microsoft.com/en-us/library/bb694283.aspx
How to Configure Configuration Manager Client Computers for Internet or Intranet Management: http://technet.microsoft.com/en-us/library/bb680683.aspx
Jason | http://myitforum.com/myitforumwp/community/members/jasonsandys/ | Twitter @JasonSandysTuesday, February 07, 2012 11:22 PMModerator
Thanks for the quick reply Jason. My question is not such much as how to reinstall the client without the "CCMALWAYSINF=1 for Internet-only management" property (These are existing R3 clients that never had that parameter included) or even about how to configure AD for the new Interent based Update Server.
I need to understand and define the function of SQL replication to the perimeter network. What added functionality does SQL Replication give me? Is it just increased security due to not requiring inbound SQL traffic to the Intranet SQL database? That's the 5,000 dollar (literally) question :)
Wednesday, February 08, 2012 2:08 PM
- Edited by JBark Wednesday, February 08, 2012 2:08 PM
"What added functionality does SQL Replication give me? Is it just increased security due to not requiring inbound SQL traffic to the Intranet SQL database? "
- Yes. From "Determine Server Placement for Internet-Based Client Management" (http://technet.microsoft.com/en-us/library/bb632871.aspx):
The SQL replica means that all the connections from the perimeter network to the intranet are initiated from the intranet, which is more secure than being initiated from the perimeter network.
In security terms, the intranet is perceived to be a "trusted network", while the perimeter network is "untrusted" because it is vulnerable to attack from the Internet. So for a more secure configuration, you always want connections to be initiated from a trusted source rather than from an untrusted source.Saturday, March 10, 2012 1:58 AM