Export (0) Print
Expand All
3 out of 5 rated this helpful - Rate this topic

Prerequisites for Internet-Based Client Management

Updated: April 1, 2009

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Internet-based client management in Configuration Manager 2007 has the following external dependencies and dependencies within the product.

Dependencies External to Configuration Manager 2007

 

Dependency More Information

Clients that will be managed on the Internet must have an Internet connection.

Configuration Manager 2007 uses existing Internet Service Provider (ISP) connections to the Internet, which can be either permanent or temporary connections. Client mobile devices must have a direct Internet connection, but client computers can have either a direct Internet connection or connect using a proxy Web server.

Determine Requirements for Proxy Web Servers to Use With Internet-Based Client Management

Site systems that will support Internet-based client management must have connectivity to the Internet.

Site System Roles that Support Internet-Based Client Management

Determine Server Placement for Internet-Based Client Management

Site systems that will support Internet-based client management must be in an Active Directory domain, but can be in a different Active Directory forest from the forest that contains the site server.

noteNote
The Internet-based site systems do not require a trust relationship with the site server's Active Directory forest.

Configuration Manager in Multiple Active Directory Forests

You must have a supporting public key infrastructure (PKI) that can deploy and manage the certificates required for native mode.

Certificate Requirements for Native Mode

The Internet fully qualified domain name (FQDN) of site systems that support Internet-based client management must be registered as host entries on public DNS servers.

Configuring DNS for Configuration Manager Site System Roles

Intervening firewalls or proxy servers between the client and the Internet-based systems have the following communication requirements:

  • Support HTTP 1.1

  • Allow HTTP content type of multipart MIME attachment (multipart/mixed and application/octet-stream)

  • Allow the following verbs for the Internet-based management point:

    • HEAD

    • CCM_POST

    • BITS_POST

    • GET

    • PROPFIND

  • Allow the following verbs for the Internet-based distribution point:

    • HEAD

    • GET

    • PROPFIND

  • Allow the following verbs for the Internet-based fallback status point:

    • POST

  • Allow the following HTTP headers for the Internet-based management point:

    • Range:

    • CCMClientID:

    • CCMClientIDSignature:

    • CCMClientTimestamp:

    • CCMClientTimestampsSignature:

  • Allow the following HTTP header for the Internet-based distribution point:

    • Range:

Refer to your firewall or proxy server documentation for configuration information to support these requirements.

For similar communication requirements when using the software update point for client connections from the Internet, see the documentation for WSUS. For example, for WSUS on Windows Server 2003, see the deployment appendix for security settings: http://go.microsoft.com/fwlink/?LinkId=143368.

Configuration Manager 2007 Dependencies

 

Dependency More Information

The Configuration Manager 2007 site must be in native mode, and a primary site.

Prerequisites for Native Mode

noteNote
You cannot specify different port numbers for intranet and Internet client requests on the same site.

Clients must be configured to use the Internet-based management point from their assigned site.

Clients cannot use an Internet-based management point (or any other Internet-based site systems) from another site.

To configure clients to use the Internet-based management point, see How to Assign Configuration Manager Client Computers to the Internet-Based Management Point.

Site systems that will support Internet-based client management must be configured in Configuration Manager 2007 with an Internet fully qualified domain name.

How to Configure the Internet FQDN of Site Systems that Support Internet-Based Client Management

How to Configure the Internet FQDN of an Internet-based NLB Management Point

Site systems that will support Internet-based client management must be configured in Configuration Manager 2007 to accept connections from the Internet.

noteNote
You cannot configure site systems for Internet-based client management if they are configured as a site server share, a protected site system, or a branch distribution point.

How to Configure a Management Point for Internet-Based Client Connections

How to Configure a Distribution Point for Internet-Based Client Connections

How to Configure a Fallback Status Point for Internet-Based Client Connections

How to Configure a Software Update Point for Internet-Based Client Connections

Internet-based site systems in Configuration Manager 2007 must be configured with the same Internet fully qualified domain names (FQDN) that are registered as host entries on public DNS servers.

How to Configure the Internet FQDN of Site Systems that Support Internet-Based Client Management

Distribution points must be configured in Configuration Manager 2007 to transfer content using BITS, HTTP, and HTTPS.

How to Configure a Distribution Point to Transfer Content Using BITS, HTTP, and HTTPS

If the Internet-based site systems are in a different Active Directory forest from the site server's forest, you must specify the following properties for these site systems:

  • A site system installation account

  • Allow only site server initiated data transfers from the site system

How to Configure the Site System Installation Account

How to Configure Internet-Based Site Systems to Allow Only Site Server Initiated Data Transfers

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.