Microsoft Tech Talks | Atlanta |
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Microsoft Tech Talks | Atlanta |
Stay in Touch – Invite a friend
http://meetup.com/mttatlanta/
AD CA
Windows
Update
AD CA
Windows
Update
AD CA
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
AD CA
Windows
Update
• Client deployment and upgrade using client push
• Automatic site assignment
• User policies
• Application catalog (including software approval requests)
• Full operating system deployment (OSD)
• Configuration Manager console
• Remote tools
• Reporting website
• Wake on LAN
• Mac, Linux, and UNIX clients
• Azure Resource Manager
• Peer cache
• On-premises Mobile Device Management
East US East Asia
Traditional Internet-Based Client Management
Advantages:
❖ No cloud service dependency.
❖ No additional cost associated with a cloud subscription.
❖ Full control of servers and roles providing the service.
Disadvantages:
• Require additional infrastructure investment.
• Overhead and operational cost of additional infrastructure.
• Complex Security Requirements for functionality
• Infrastructure must be exposed to the Internet.
Azure Cloud Management Gateway
Advantages:
• No additional infrastructure investment required.
• Does not expose on-premises infrastructure to the Internet.
• Cloud virtual machines that run the service are fully managed by Azure and require
no maintenance.
• Persistent Connection to On-Prem for Software Updates (no vpn required)
• Easily set up and configured in the Configuration Manager console.
Disadvantages:
• Cloud subscription cost. (CMG/CDP)
• Management data sent through cloud service.
•
•
▪ CMG Gateway (PaaS) - Server Authentication (exportable)
▪ (MP/SUP Site Systems) – Server Authentication
▪ CM Clients - Workstation Authentication
▪ Connection Point Role/Azure - Client Root Cert
▪ Cloud DP – Workstation Authentication (optional)
PKI Certificates Requirements
Configuration Steps1. Prepare and Deploy PKI Certificates for Site Systems/Clients2. Configure Site Systems (MP/SUP) for SSL Communication3. Verify Client Communication4. Install Azure CMG5. Configure CM CPR6. Enable Cloud Traffic on Site Systems (MP/SUP)7. Test Functionality (logs)8. Configure SUM with Deploy Setting for WSUS9. Perform SUM Deployment10. Monitor
Pertinent Logs
Client SidePolicyagent.log – shows policy retrieval from management point (CMG)CCMessaging.log – shows active connections wit CMGDatatransferService.log – show content binary downloads from sources (Windows Update or Cloud DP)Locationservices.log – shows location for MP/SUP/DP
Server SideSMS_Cloud_ProxyConnector.log - displays activity between connection point role and CMG in Azure
Primary Site Server (MP/SUP, HTTPS, Connector Role)
Firewall
V-Workstation 1 V-Workstation 2
Azure Cloud
CMG Setup videohttps://youtu.be/-awTBMdMHFE
Product documentationhttps://docs.microsoft.com/en-us/sccm/core/clients/manage/manage-clients-internet
Cost estimateshttps://docs.microsoft.com/en-us/sccm/core/clients/manage/plan-cloud-management-gateway#cost-of-cloud-management-gateway
Related Documents
