Export (0) Print
Expand All

Configuration Manager Site Modes

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Site modes are used to configure client-to-server communication. Two site modes are available for Configuration Manager sites: native mode and mixed mode.

Native mode was introduced in Configuration Manager 2007 to provide a higher level of security between clients and servers than mixed mode provides. Mixed mode exists to provide a supported site mode for networking environments without an existing PKI infrastructure and backward compatibility with SMS 2003 clients and sites.

Native mode should be used if you need the highest level of security inConfiguration Manager, or must support Internet-based clients. Before you configure native mode, you must have all of the following configured:

  • An existing public key infrastructure (PKI)

  • A site server signing certificate installed on the site server

  • Web certificates on certain site system roles

  • Client authentication certificates on all Configuration Manager clients, and the management point.

ImportantImportant
Native mode secures client-to-server communications only.

To protect server-to-server communication, implement IPsec. For more information, see Implementing IPsec for Configuration Manager 2007.

To protect site-to-site communication, use secure key exchange between sites. For more information, see How to Require Secure Key Exchange Between Sites.

Mixed mode should be if any of the following are true:

  • The site will support SMS 2003 clients

  • The site has a parent site configured for mixed mode

  • You have an existing PKI but have not yet installed the site server signing certificate on the site server.

Mixed mode sites cannot use client certificates to authorize clients and so uses a configurable approval setting. For more information, see About Client Approval in Configuration Manager.

In This Section

Benefits of Using Native Mode
Describes the benefits of using native mode and compares native mode with mixed mode with regard to the security benefits.

Prerequisites for Native Mode
Describes both the external dependencies and dependencies within the product.

Certificate Requirements for Native Mode
Lists the certificates required for native mode.

Client Communication in Mixed Mode and Native Mode
Describes how the site configuration affects the client-to-server communication, both within its assigned site and when roaming between sites in different modes.

Configuration Manager Mixed Mode
Describes Configuration Manager mixed-mode site operations.

Administrator Workflow: Migrating a Site to Native Mode
Displays the high-level recommended steps to migrate a Configuration Manager 2007 mixed mode site to native mode.

Administrator Checklist: Migrating a Site to Native Mode
Lists the recommended steps required to migrate a Configuration Manager 2007 mixed mode site to native mode.

Administrator Workflow: Deploying the PKI Requirements for Native Mode
Displays the high-level recommended steps to deploy the public key infrastructure (PKI) requirements for native mode in Configuration Manager 2007.

Administrator Checklist: Deploying the PKI Requirements for Native Mode
Lists the recommended steps required to deploy the public key infrastructure (PKI) requirements before a Configuration Manager 2007 site can operate in native mode.

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft