Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Based Client Management

Similar presentations

Presentation on theme: "Internet Based Client Management"— Presentation transcript:


2 Internet Based Client Management
In System Center 2012 Configuration Manager R2 Justin Chalfant Jason Sandys @JasonSandys

3 In-scope Out-of-scope Overview IBCM Hierarchy Scenarios
Reverse Proxy (TMG) SSL Bridging Out-of-scope HTTPS Client Communication Basics Public Key Infrastructure (PKI) Configuration Implementation Basics or Details

4 Steps To Implement IBCM
Setup PKI Deploy site system and client certificates Setup/configure site systems and client facing roles Configure site Test, Test, Test

5 Certificate Authority
What’s Needed Trusted PKI Certificate Authority Unique client authentication certificates for each client Server authentication certificates for each site system*

6 Lab Environment – Traffic Flow
BOBOI Internet Client Edge Router Reverse Proxy (TMG) Site System (MP, DP, SUP, App Catalog) Site Server BOBOI = Big Old, Bad Old Internet

7 Certificate Templates
DEMO WSUS Configuration Verify IIS Certificate on Internet Facing Site System Exporting the Certificate for Workgroup Client Requesting the Certificate Template for Workgroup Client Issuing the Certificate Templates Creating Certificate Templates

8 IBCM Site Architecture – No DMZ
FSP Reverse Proxy Site Server MP / DP / SUP Passthrough Bridged

9 IBCM Site Architecture – DMZ
FSP Reverse Proxy Site Server Passthrough MP / DP / SUP Site Server initiated communication Bridged SQL Replica

10 DEMO TMG Review TMG Configurations Review the Web Listener
Review Website Publishing Rules MP, Application Catalog Create TMG Web Publishing Rules Create Website Publishing Rules for DP and SUP

11 Site Systems and AD Forests/Domains
3 Internal Forest 1 Site Server 2 Site System DMZ Forest Site DB Site Server’s AD Computer Account or Specified Installation Account MP Connection Account Site System’s AD Computer Account or Specified Installation Account

12 IBCM Three Client Modes
BOBOI Intranet only Intranet or Internet AD GC Internet only ccmsetup.exe CCMALWAYSINF=1 CCMHOSTNAME=SERVER3.CONTOSO.COM SMSSITECODE=ABC CCMHOSTNAME set via policy starting in R2

13 Intranet only - HTTPS Intranet or Internet Internet only
IBCM Three Role Modes BOBOI Intranet only - HTTPS Intranet or Internet Internet only

14 DEMO Clients Domain Joined Client
Review Client Switching from Intranet to Internet Review Software Update Installation on Internet Client Review Application Catalog from Intranet Client Workgroup Client Review Importing the Client Authentication Certificate Review Installation of the Client

15 Certificate Revocation Lists (CRL) are hard-coded
The Missing Link LDAP, HTTP, SMB, FTP Certificate Revocation Lists (CRL) are hard-coded in each certificate at certificate creation time CRLs are available on CRL Distribution Points (CDP) CRL checking is optional

16 IBCM Communication and Content Sources
Cloud DP DP Other Content** All Other Content Software Updates* Update Catalog WSUS Policy Internet Client MP * Content only ** Does not include any updates

17 IBCM vs. VPN vs. Direct Access Highlights
ConfigMgr only PKI Required VPN User Initiated The networking team Direct Access Always on IPv6 May require PKI

18 Hints, Allegations & Things Left Unsaid
Most of this has nothing to with ConfigMgr PKI is not easy Manually bind certificates in IIS* Certificate deployment can be challenging Client auth certs define ConfigMgr client identity ccmhttpstate is undocumented for a reason

19 Links native-mode-client-mp-error-messages-and-what-to-do-about- them.aspx _sms_writing_team/archive/2008/01/17/tips-tricks-hints-for-native- mode-and-internet-based-client-management-part-3-of-3.aspx


Download ppt "Internet Based Client Management"

Similar presentations

Ads by Google