Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Based Client Management

Published byErick McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Based Client Management"— Presentation transcript:

1

2 Internet Based Client Management
In System Center 2012 Configuration Manager R2 Justin Chalfant blogs.technet.com/jchalfant Jason Sandys @JasonSandys blog.configmgrftw.com

3 In-scope Out-of-scope Overview IBCM Hierarchy Scenarios
Reverse Proxy (TMG) SSL Bridging Out-of-scope HTTPS Client Communication Basics Public Key Infrastructure (PKI) Configuration Implementation Basics or Details

4 Steps To Implement IBCM
Setup PKI Deploy site system and client certificates Setup/configure site systems and client facing roles Configure site Test, Test, Test

5 Certificate Authority
What’s Needed Trusted PKI Certificate Authority Unique client authentication certificates for each client Server authentication certificates for each site system*

6 Lab Environment – Traffic Flow
BOBOI Internet Client Edge Router Reverse Proxy (TMG) Site System (MP, DP, SUP, App Catalog) Site Server BOBOI = Big Old, Bad Old Internet

7 Certificate Templates
DEMO WSUS Configuration Verify IIS Certificate on Internet Facing Site System Exporting the Certificate for Workgroup Client Requesting the Certificate Template for Workgroup Client Issuing the Certificate Templates Creating Certificate Templates

8 IBCM Site Architecture – No DMZ
FSP Reverse Proxy Site Server MP / DP / SUP Passthrough Bridged

9 IBCM Site Architecture – DMZ
FSP Reverse Proxy Site Server Passthrough MP / DP / SUP Site Server initiated communication Bridged SQL Replica

10 DEMO TMG Review TMG Configurations Review the Web Listener
Review Website Publishing Rules MP, Application Catalog Create TMG Web Publishing Rules Create Website Publishing Rules for DP and SUP

11 Site Systems and AD Forests/Domains
3 Internal Forest 1 Site Server 2 Site System DMZ Forest Site DB Site Server’s AD Computer Account or Specified Installation Account MP Connection Account Site System’s AD Computer Account or Specified Installation Account

12 IBCM Three Client Modes
BOBOI Intranet only Intranet or Internet AD GC Internet only ccmsetup.exe CCMALWAYSINF=1 CCMHOSTNAME=SERVER3.CONTOSO.COM SMSSITECODE=ABC CCMHOSTNAME set via policy starting in R2

13 Intranet only - HTTPS Intranet or Internet Internet only
IBCM Three Role Modes BOBOI Intranet only - HTTPS Intranet or Internet Internet only

14 DEMO Clients Domain Joined Client
Review Client Switching from Intranet to Internet Review Software Update Installation on Internet Client Review Application Catalog from Intranet Client Workgroup Client Review Importing the Client Authentication Certificate Review Installation of the Client

15 Certificate Revocation Lists (CRL) are hard-coded
The Missing Link LDAP, HTTP, SMB, FTP Certificate Revocation Lists (CRL) are hard-coded in each certificate at certificate creation time CRLs are available on CRL Distribution Points (CDP) CRL checking is optional

16 IBCM Communication and Content Sources
Cloud DP DP Other Content** All Other Content Software Updates* Update Catalog WSUS Policy Internet Client MP * Content only ** Does not include any updates

17 IBCM vs. VPN vs. Direct Access Highlights
ConfigMgr only PKI Required VPN User Initiated The networking team Direct Access Always on IPv6 May require PKI

18 Hints, Allegations & Things Left Unsaid
Most of this has nothing to with ConfigMgr PKI is not easy Manually bind certificates in IIS* Certificate deployment can be challenging Client auth certs define ConfigMgr client identity ccmhttpstate is undocumented for a reason

19 Links native-mode-client-mp-error-messages-and-what-to-do-about- them.aspx _sms_writing_team/archive/2008/01/17/tips-tricks-hints-for-native- mode-and-internet-based-client-management-part-3-of-3.aspx

20

Download ppt "Internet Based Client Management"

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Implementing Native Mode and Internet Based Client Management.

Implementing Native Mode and Internet Based Client Management.
Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.

Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.
Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.

Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.

Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
SIM346. General information about the software application.

SIM346. General information about the software application.
Your CMDB and PowerShell DSC: DevOps Techniques

Your CMDB and PowerShell DSC: DevOps Techniques
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT303.

Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT303.
Senior Technical Writer

Senior Technical Writer
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Managing Client Access

Managing Client Access
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Similar presentations

Ads by Google