We have a need to send software distribution, software updates, and Allow remote control for clients for both the internet and intranet.
I have seen people talk about Direct Access but it is not in scope for this project. I have also seen adding a box out in the DMZ for internet clients only. What about certs and pki? I found the following link but is it still relevant for my SCCM version?
I have an intranet only environment set up today. Can somebody point me in the right direction on the best practice and how to add internet based clients?
It is an SCCM 2012 SP1, Server 2012, SQL 2012, WSUS 6.X env. Latest and greatest.
Update. i just found this thread
So i should be able to create a site in the dmz, for internet facing clients. But what I am a bit confused about is how does the dmz site get the deployments info from the internal site? How do the 2 talk, or do they?
- Edited by Bitterswwweet Wednesday, July 24, 2013 7:16 PM
Remote Tools is not supported for internet clients. The MP/DP in the DMZ is deployed as a site server just like any other server. Just have to make sure they can communicate. On smaller clients, they were ok with just forwarding ports to the internal servers.
Here is the link I have used to set up IBCM in CM2012.
- Edited by Mike H Leach Thursday, July 25, 2013 8:04 PM IBCM
That first link to the ConfigMgr 2007 documentation can still be applied to ConfigMgr 2012.
You can create a site fully in your DMZ, or put an MP/DP in your DMZ. The MP needs to be able to communicate with SQL for the site so if your site is in the intranet there needs to be either a replica for the MP, or the MP needs a direct communication channel. There does not need to be domain trust between the two networks.
I hope this helps a bit.
Check out my Configuration Manager blog at http://aka.ms/ameltzer