Planning for Content Management in Configuration Manager

 

Updated: March 15, 2017

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Content management in System Center 2012 Configuration Manager provides the tools for you to manage content files for applications, packages, software updates, and operating system deployment. Configuration Manager uses distribution points to store files that are required for software to run on client computers. These distribution points function as distribution centers for the content files and let users download and run the software. Clients must have access to at least one distribution point from which they can download the files.

Use the following sections in this topic to help you plan how to manage content in your Configuration Manager hierarchy:

  • Plan for Distribution Points

    • Distribution Point Configurations

    • Planning for Preferred Distribution Points and Fallback

      • Content Source Location

      • Network Connection Speed to the Content Source Location

      • On-Demand Content Distribution

      • Content Source Location Scenarios

    • Planning for BranchCache Support

    • Network Bandwidth Considerations for Distribution Points

      • Planning for Scheduling and Throttling

      • Determine Whether To Prestage Content

    • Planning for Pull-Distribution Points

    • Planning for Cloud-Based Distribution Points

      • Prerequisites for Cloud-Based Distribution Points

      • Plan for the Cost of Using Cloud-Based Distribution

      • About Subscriptions and Certificates for Cloud-Based Distribution Points

      • Site Server to Cloud-Based Distribution Point Communication

      • Client to Cloud-Based Distribution Point Communication

    • Determine the Distribution Point Infrastructure

  • Plan for Distribution Point Groups

  • Plan for Distribution Point Priority

  • Plan for Content Libraries

  • Plan for Binary Differential Replication

  • About the Package Transfer Manager

Note

For information about the dependencies and supported configurations for content management, see Prerequisites for Content Management in Configuration Manager.

Plan for Distribution Points

When you plan for distribution points in your hierarchy, determine what distribution point attributes you must have in your environment, how to distribute the network and system load on the distribution point, and how to determine the distribution point infrastructure.

Distribution Point Configurations

Distribution points can have a number of different configurations. The following table describes the possible configurations.

Distribution point configuration

Descriptions

Preferred distribution point

You assign boundary groups to distribution points. The distribution points are preferred for clients that are within the boundary group for the distribution point. The client uses preferred distribution points as the source location for content. When the content is not available on a preferred distribution point, the client uses another distribution point for the content source location. You can configure a distribution point to let clients that are not in the boundary group use it as a fallback location for content.

PXE

Enable the PXE option on a distribution point to enable operating system deployment for Configuration Manager clients. The PXE option must be configured to respond to PXE boot requests that Configuration Manager clients on the network make and must then interact with the Configuration Manager infrastructure to determine the appropriate installation actions to take.

Important

You can enable PXE only on a server that has Windows Deployment Services installed. When you enable PXE, Configuration Manager installs Windows Deployment Services on the distribution point site system if it is not already installed.

Multicast

Enable the Multicast option on a distribution point to use multicast when you distribute operating systems.

Important

You can enable multicast only on a server that has Windows Deployment Services installed. When you enable multicast, Configuration Manager installs Windows Deployment Services on the distribution point site system if it is not already installed.

Pull

For System Center 2012 Configuration Manager SP1 and later:

Enable the pull-distribution point option on a distribution point to change the behavior of how that computer obtains the content that you distribute to the distribution point. When you configure a distribution point to be a pull-distribution point, you must specify one or more source distribution points from which the pull-distribution point obtains the content.

Important

Although a pull-distribution point supports communications over HTTP and HTTPS, when you use the Configuration Manager console, you can only specify source distribution points that are configured for HTTP. You can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS.

Support for mobile devices

You must configure the distribution point to accept HTTPS communications to support mobile devices.

Support for Internet-based clients

You must configure the distribution point to accept HTTPS communications to support Internet-based clients.

Application Virtualization

Although there are no configuration requirements for the distribution point to enable streaming of virtual applications to clients, there are application management prerequisites that you must fulfill. For more information, see Prerequisites for Application Management in Configuration Manager.

Planning for Preferred Distribution Points and Fallback

When you create a distribution point, you have the option to assign boundary groups to the distribution point. The distribution points are preferred for clients that are in a boundary group that is assigned to the distribution point.

Content Source Location

When you deploy software to a client, the client sends a content request to a management point, the management point sends a list of the preferred distribution points to the client, and the client uses one of the preferred distribution points on the list as the source location for content. When the content is not available on a preferred distribution point, the management point sends a list to the client with distribution points that have the content available. The client uses one of the distribution points for the content source location.

In the distribution point properties and in the properties for a deployment type or package, you can configure whether to enable clients to use a fallback source location for content. When a preferred distribution point does not have the content and the fallback settings are not enabled, the client fails to download the content, and the software deployment fails.

Network Connection Speed to the Content Source Location

You can configure the network connection speed of each distribution point in an assigned boundary group. Clients use this value when they connect to the distribution point. By default, the network connection speed is configured as Fast, but it can also be configured as Slow. When the client uses a distribution point that is not preferred, the connection to the distribution point is automatically considered as slow. The network connection speed helps determine whether a client can download content from a distribution point. You can configure the deployment behavior for each network connection speed in the deployment properties for the specific software that you deploy. You can choose to never install software when the network connection is considered slow download and install the software, and so on.

On-Demand Content Distribution

You can select the Distribute the content for this package to preferred distribution points property for an application or package to enable on-demand content distribution to preferred distribution points. The enabled management point creates a trigger for the Distribution Manager to distribute the content to all preferred distribution points in the list when a client requests the content for the package and the content is not available on any preferred distribution points. Depending on the scenario, the client might wait for the content to be available on a preferred distribution point, or it might download the content from a distribution point that is configured to enable a fallback location for content source.

Content Source Location Scenarios

When you deploy software to clients, the content source location that the client uses depends on the following settings:

  • Allow fallback source location for content: This distribution point property enables clients to fall back and use the distribution point as the source location for content when the content is not available on a preferred distribution point.

  • Deployment properties for network connection speed: The deployment properties for network speed are configured as a property for deployed objects, such as application deployment types, software updates, and task sequence deployments. Different deployment objects have different settings, but the properties can configure whether to download and install the software content when the network connection speed is configured as slow.

  • Distribute the content for this package to preferred distribution points: When you select this application deployment type or package property, you enable on-demand content distribution to preferred distribution points.

The following table provides scenarios for different content location and fallback scenarios.

Scenario

Scenario 1

Scenario 2

Scenario 3

Fallback configuration and deployment behavior for slow network:

Allow Fallback 

Not enabled.

Deployment behavior for slow network 

Any configuration.

Allow Fallback 

Enabled.

Deployment behavior for slow network 

Do not download content.

Deployment - Fallback option 

Enabled.

Deployment behavior for slow network 

Download and install content.

Distribution points are online and meet the following criteria:

  • Content is available on a preferred distribution point.

  • Content is available on a fallback distribution point.

  • The package configuration for on-demand package distribution is not relevant in this scenario.

The client sends a content request to the management point.

A content location list is returned to the client from the management point with the preferred distribution points that contain the content.

The client downloads the content from a preferred distribution point on the list.

The client sends a content request to the management point. The client includes a flag with the request that indicates fallback distribution points are allowed.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that contain the content.

The client downloads the content from a preferred distribution point on the list.

The client sends a content request to the management point. The client includes a flag with the request to indicate that fallback distribution points are allowed.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that contain the content.

The client downloads the content from a preferred distribution point on the list.

Distribution points are online and meet the following criteria:

  • Content is not available on a preferred distribution point.

  • Content is available on a fallback distribution point.

  • The package is not configured for on-demand package distribution.

The client sends a content request to the management point.

A content location list is returned to the client from the management point with the preferred distribution points that have the content. There are no preferred distribution points in the list.

The client fails with the message Content is not available and goes into retry mode. A new content request is started every hour.

The client sends a content request to the management point. The client includes a flag with the request that indicates fallback distribution points are allowed.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that have the content. There are no preferred distribution points that have the content, but at least one fallback distribution point has the content.

The content is not downloaded because the deployment property for when the client uses a fallback distribution point is set to Do not download. The client fails with the message Content is not available and goes into retry mode. The client makes a new content request every hour.

The client sends a content request to the management point. The client includes a flag with the request that indicates fallback distribution points are enabled.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that have the content. There are no preferred distribution points that have the content, but at least one fallback distribution point that has the content.

The content is downloaded from a fallback distribution point on the list because the deployment property for when the client uses a fallback distribution point is set to Download and install the content.

Distribution points are online and meet the following criteria:

  • Content is not available on a preferred distribution point.

  • Content is available on a fallback distribution point.

  • The package is configured for on-demand package distribution.

The client sends a content request to the management point.

A content location list is returned to the client from the management point with the preferred distribution points that have the content. There are no preferred distribution points that have the content.

The client fails with the message Content is not available and goes into retry mode. A new content request is made every hour.

The management point creates a trigger for Distribution Manager to distribute the content to all preferred distribution points for the client that made the content request.

Distribution Manager distributes the content to all preferred distribution points.

A content request is initiated by the client to the management point every hour.

A content location list is returned to the client from the management point with the preferred distribution points that have the content. In most cases, the content is distributed to the preferred distribution points within the hour.

The client downloads the content from a preferred distribution point on the list.

The client sends a content request to the management point. The client includes a flag with the request that indicates fallback distribution points are allowed.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that have the content. There are no preferred distribution points that have the content, but at least one fallback distribution point that has the content.

The content is not downloaded because the deployment property for when the client uses a fallback distribution point is set to Do not download. The client fails with the message Content is not available and goes into retry mode. The client makes a new content request every hour.

The management point creates a trigger for Distribution Manager to distribute the content to all preferred distribution points for the client that made the content request.

Distribution Manager distributes the content to all preferred distribution points.

A content request is initiated by the client to the management point.

A content location list is returned to the client from the management point with the preferred distribution points that have the content. Typically, the content is distributed to the preferred distribution points within the hour.

The client downloads the content from a preferred distribution point on the list.

The client sends a content request to the management point. The client includes a flag with the request that indicates fallback distribution points are allowed.

A content location list is returned to the client from the management point with the preferred distribution points and fallback distribution points that have the content. There are no preferred distribution points that have the content, but at least one fallback distribution point that has the content.

The content is downloaded from a fallback distribution point on the list because the deployment property for when the client uses a fallback distribution point is set to Download and install the content.

The management point creates a trigger for Distribution Manager to distribute the content to all preferred distribution points for the client that made the content request.

Distribution Manager distributes the content to all preferred distribution points.

Planning for BranchCache Support

Windows BranchCache has been integrated in Configuration Manager. You can configure the BranchCache settings on software deployments. When all the requirements for BranchCache are met, this feature enables clients at remote locations to obtain content from local clients that have a current cache of the content. For example, when the first BranchCache-enabled client computer requests content from a distribution point that is running Windows Server 2008 R2 and that has also been configured as a BranchCache server, the client computer downloads the content and caches it. This content is then made available for clients on the same subnet that request this same content, and these clients also cache the content. In this way, subsequent clients on the same subnet do not have to download content from the distribution point, and the content is distributed across multiple clients for future transfers. For more information about BranchCache support in Configuration Manager, see the Support for BranchCache section in the Supported Configurations for Configuration Manager topic.

Network Bandwidth Considerations for Distribution Points

To help you plan for the distribution point infrastructure in your hierarchy, consider the network bandwidth that is used for the content management process and ways to reduce the network bandwidth that is used.

When you create a package, change the source path for the content or update content on the distribution point, the files are copied from the source path to the content library on the site server. Then, the content is copied from the content library on the site server to the content library on the distribution points. When content source files are updated, and the source files have already been distributed, Configuration Manager retrieves only the new or updated files, and then sends them to the distribution point. Scheduling and throttling controls can be configured for site-to-site communication and for communication between a site server and a remote distribution point. When network bandwidth between the site server and remote distribution point is limited even after you configure the schedule and throttling settings, you might consider prestaging the content on the distribution point.

Planning for Scheduling and Throttling

In Configuration Manager, you can configure a schedule and set specific throttling settings on remote distribution points that determine when and how content distribution is performed. Each remote distribution point can have different configurations that help address network bandwidth limitations from the site server to the remote distribution point. The controls for scheduling and throttling to the remote distribution point are similar to the settings for a standard sender address, but in this case, the settings are used by a new component called Package Transfer Manager. Package Transfer Manager distributes content from a site server, as a primary site or secondary site, to a distribution point that is installed on a site system. The throttling settings are configured on the Rate Limits tab, and the scheduling settings are configured on the Schedule tab for a distribution point that is not on a site server. The time settings are based on the time zone from the sending site, not the distribution point.

Warning

The Rate Limits and Schedule tabs are displayed only in the properties for distribution points that are not installed on a site server.

For more information about configuring scheduling and throttling settings for a remote distribution point, see the Modify the Distribution Point Configuration Settings section in the Configuring Content Management in Configuration Manager topic.

Determine Whether To Prestage Content

Consider prestaging content for applications and packages in the following scenarios:

  • Limited network bandwidth from the site server to distribution point: When scheduling and throttling do not satisfy your concerns about distributing content over the network to a remote distribution point, consider prestaging the content on the distribution point. Each distribution point has the Enable this distribution point for prestaged content setting that you can configure in the distribution point properties. When you enable this option, the distribution point is identified as a prestaged distribution point, and you can choose how to manage the content on a per-package basis.

    The following settings are available in the properties for an application, package, driver package, boot image, operating system installer, and image, and let you configure how content distribution is managed on remote distribution points that are identified as prestaged:

    • Automatically download content when packages are assigned to distribution points: Use this option when you have smaller packages where the scheduling and throttling settings provide enough control for content distribution.

    • Download only content changes to the distribution point: Use this option when you have an initial package that is possibly large, but you expect future updates to the content in the package to be generally smaller. For example, you might prestage Microsoft Office 2010 because the initial package size is over 700 MB and is too large to send over the network. However, content updates to this package might be less than 10 MB and are acceptable to distribute over the network. Another example might be driver packages where the initial package size is large, but incremental driver additions to the package might be small.

    • Manually copy the content in this package to the distribution point: Use this option for when you have large packages, with content such as an operating system, and you never want to use the network to distribute the content to the distribution point. When you select this option, you must prestage the content on the distribution point.

    Warning

    The preceding options are applicable on a per-package basis and are only used when a distribution point is identified as prestaged. Distribution points that have not been identified as prestaged ignore these settings. In this case, content always is distributed over the network from the site server to the distribution points.

  • Restore the content library on a site server: When a site server fails, information about packages and applications that is contained in the content library is restored to the site database as part of the restore process, but the content library files are not restored as part of the process. If you do not have a file system backup to restore the content library, you can create a prestaged content file from another site that contains the packages and applications that you have to have, and then extract the prestaged content file on the recovered site server. For more information about site server backup and recovery, see the Planning for Backup and Recovery section in the Planning for Site Operations in Configuration Manager topic.

For more information about prestaging content files, see the Prestage Content section in the Operations and Maintenance for Content Management in Configuration Manager topic.

Planning for Pull-Distribution Points

Beginning with Configuration Manager SP1, you can configure a distribution point that is not on a site server to be a pull-distribution point. When you deploy content to a large number of distribution points at a site, pull-distribution points can help reduce the processing load on the site server and can help to speed the transfer of the content to each distribution point. This efficiency is achieved by offloading the process of transferring the content to each distribution point from the distribution manager process on the site server. Instead, each pull-distribution point individually manages the transfer of content by downloading content from another distribution point that already has a copy of the content. A pull-distribution point can only obtain content from a distribution point that is specified as a source distribution point.

Pull-distribution points support the same configurations and functionality as typical Configuration Manager distribution points. For example, a distribution point that is configured as a pull-distribution point supports the use of multicast and PXE configurations, content validation, and on-demand content distribution. A pull-distribution point supports HTTP or HTTPS communications from clients, supports the same certificates options as other distribution points, and can be managed individually or as a member of a distribution point group. However, the following configurations are exceptions to support for the pull-distribution point:

  • A cloud-based distribution point cannot be configured as a pull-distribution point. Similarly, a cloud-based distribution point cannot be used as a source distribution point.

  • A distribution point on a site server cannot be configured as a pull-distribution point.

  • The prestage content configuration for a distribution point overrides the pull-distribution point configuration. A pull-distribution point that is configured for prestaged content waits for the content. It does not pull content from source distribution point, and, like a standard distribution point that has the prestage content configuration, does not receive content from the site server.

  • A distribution point that is configured as a pull-distribution point does not use configurations for rate limits when it transfers content. If you configure a previously installed distribution point to be a pull-distribution point, configurations for rate limits are saved, but not used. If, at a later time, you remove the pull-distribution point configuration, the rate limit configurations are implemented as previously configured.

    Note

    When a distribution point is configured as a pull-distribution point, the Rate Limits tab is not visible in the properties of the distribution point. For more information, see the Modify the Distribution Point Configuration Settings section in the Configuring Content Management in Configuration Manager topic.

  • A distribution point that is configured as a pull-distribution point does not use the Retry settings for content distribution. Retry Settings can be configured as part of the Software Distribution Component Properties for each site. To view or configure these properties, in the Administration workspace of the Configuration Manager console, expand Site Configuration, and then select Sites. Next, in the results pane, select a site, and then on the Home tab, select Configure Site Components, and then select Software Distribution. The following sequence of events occurs when you distribute software to a pull-distribution point:

    • As soon as content is distributed to a pull-distribution point, the Package Transfer Manager on the site server checks the site database to confirm if the content is available on a source distribution point. If it cannot confirm that the content is on a source distribution point for the pull-distribution point, it repeats the check every 20 minutes until the content is available.

    • When the Package Transfer Manager confirms that the content is available, it notifies the pull-distribution point to download the content. When the pull-distribution point receives this notification, it attempts to download the content from its source distribution points.

    • After the pull-distribution point completes the download of content, it submits this status to a management point. However, if after 60 minutes, this status is not received, the Package Transfer Manager wakes up and checks with the pull-distribution point to confirm if the pull-distribution point has downloaded the content. If the content download is in progress, the Package Transfer Manager sleeps for 60 minutes before it checks with the pull-distribution point again. This cycle continues until the pull-distribution point completes the content transfer.

  • To transfer content from a source distribution point in a remote forest, the computer that hosts the pull-distribution point must have a Configuration Manager client installed. A Network Access Account that can access the source distribution point must be configured for use.

You can configure a pull-distribution point when you install the distribution point or after it is installed by editing the properties of the distribution point site system role. A distribution point that you configure as a pull-distribution point can transfer content to clients by HTTP or HTTPS. When you configure the pull-distribution point, you must specify one or more source distribution points. Only distribution points that qualify to be source distribution points are displayed. Only distribution points that support HTTP can be specified as a source distribution points when you use the Configuration Manager console. However, you can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS. To use a source distribution point that is configured for HTTPS, the pull-distribution point must be co-located on a computer that runs the Configuration Manager client. A pull-distribution point can be specified as a source distribution point for another pull-distribution point.

When you distribute content to the pull-distribution point, the Package Transfer Manager notifies the distribution point about the content but does not transfer the content to the distribution point computer. Instead, after the pull-distribution point is notified, the pull-distribution point attempts to download the content from the first source distribution point on its list of source distribution points. If the content is not available, the pull-distribution point attempts to download the content from the next distribution point on the list, continuing until either the content is successfully downloaded or the content is not accessed from any source distribution point. If the content cannot be downloaded from any source distribution point, the pull-distribution point sleeps for 30 minutes and then begins the process again.

Beginning with System Center 2012 R2 Configuration Manager, you can configure each source distribution point on the list with a priority. You can assign a separate priority to each source distribution point, or assign multiple source distribution points to the same priority. The priority determines in which order the pull-distribution point requests content from its source distribution points. Pull-distribution points initially contact a source distribution point with the lowest value for priority. If there are multiple source distribution points with the same priority, the pull-distribution point nondeterministically selects one of the source distribution points that share that priority. If the content is not available, the pull-distribution point then attempts to download the content from another distribution point with that same priority. If none of the distribution points with a given priority has the content, the pull-distribution point attempts to download the content from a distribution point that has an assigned priority with the next larger value, until the content is either located or the pull-distribution point sleeps for 30 minutes before it begins the process again.

To manage the transfer of content, pull-distribution points use the CCMFramework component of the Configuration Manager client software. This framework is installed by the Pulldp.msi when you configure the distribution point to be a pull-distribution point and does not require that the Configuration Manager client be installed. After the pull-distribution point is installed, the CCMExec service on the distribution point computer must be operational for the pull-distribution point to function. When the pull-distribution point transfers content, it transfers content by using Background Intelligent Transfer Service (BITS) and logs its operation in the datatransferservice.log and the pulldp.log on the distribution point computer.

Note

On a computer that is configured as a pull-distribution point and that runs a Configuration Manager client, the version of the Configuration Manager client must be the same as the Configuration Manager site that installs the pull-distribution point. This is a requirement for the pull-distribution point to use the CCMFramework that is common to both the pull-distribution point and the Configuration Manager client.

Tip

When a pull-distribution point downloads content from a source distribution point, that pull-distribution point is counted as a client in the Client Accessed (Unique) column of the Distribution point usage summary report. This report first appears in System Center 2012 R2 Configuration Manager.

By default, a pull-distribution point uses its computer account to transfer content from a source distribution point. However, when the pull-distribution point transfers content from a source distribution point that is in a remote forest, the pull-distribution point always uses the Network Access Account. This process requires that the computer has the Configuration Manager client installed and that a Network Access Account is configured for use and has access to the source distribution point. For information about the Network Access Account, see the "Network Access Account" section in the Technical Reference for Accounts Used in Configuration Manager topic. For information about configuring the Network Access Account, see Configure the Network Access Account in the Configuring Content Management in Configuration Manager topic.

You can remove the configuration to be a pull-distribution point by editing the properties of the distribution point. When you remove the pull-distribution point configuration, the distribution point returns to normal operation, and the site server manages future content transfers to the distribution point.

Note

Beginning with System Center 2012 R2 Configuration Manager, the Configuration Manager console displays information that identifies a pull-distribution point. With System Center 2012 Configuration Manager SP1, you must review the properties of the distribution point to identify if it is configured as a pull-distribution point.

Planning for Cloud-Based Distribution Points

Beginning with Configuration Manager SP1, you can use a cloud service in Microsoft Azure to host a distribution point. When you use a cloud-based distribution, you configure client settings to enable users and devices to access the content, and specify a primary site to manage the transfer of content to the distribution point. Additionally, you specify thresholds for the amount of content that you want to store on the distribution point and the amount of content that you want to enable clients to transfer from the distribution point. Based on these thresholds, Configuration Manager can raise alerts that warn you when the combined amount of content that you have stored on the distribution point is near the specified storage amount, or when transfers of data by clients are close to the thresholds that you defined.

Cloud-based distribution points support the following features that are also supported with on-premises distribution points:

  • You manage cloud-based distribution points individually, or as members of distribution point groups.

  • You can use a cloud-based distribution point for fallback content location.

  • You receive support for both intranet and Internet-based clients.

A cloud-based distribution point provides the following additional benefits:

  • Content that is sent to the cloud-based distribution point is encrypted by Configuration Manager before Configuration Manager sends it to Microsoft Azure.

  • In Microsoft Azure, you can manually scale the cloud service to meet changing demands for content request by clients, without the requirement to install and provision additional distribution points.

  • The cloud-based distribution point supports the download of content by clients that are configured for Windows BranchCache.

A cloud-based distribution point has the following limitations:

  • You cannot use a cloud-based distribution point to host software update packages.

  • You cannot use a cloud-based distribution point for PXE or multi-cast enabled deployments.

  • Clients are not offered a cloud-based distribution point as a content location for a task sequence that is deployed by using the deployment option Download content locally when needed by running task sequence. However, task sequences that are deployed by using the deployment option of Download all content locally before starting task sequence can use a cloud-based distribution point as a valid content location.

  • A cloud-based distribution point does not support packages that run from the distribution point. All content must be downloaded by the client, and then run locally.

  • A cloud-based distribution point does not support streaming applications by using Application Virtualization or similar programs.

  • A cloud-based distribution point does not support prestaged content. The Distribution Manager of the primary site that manages the distribution point transfers all content to the distribution point.

  • A cloud-based distribution point cannot be configured as pull-distribution points.

Prerequisites for Cloud-Based Distribution Points

A cloud-based distribution point requires the following prerequisites for its use:

  • A subscription to Microsoft Azure.

  • A self-signed or PKI management certificate for communication from a Configuration Manager primary site server to the cloud service in Microsoft Azure.

  • A service certificate (PKI) that Configuration Manager clients use to connect to cloud-based distribution points and download content from them by using HTTPS.

  • A device or user must receive the client setting for Cloud Services of Allow access to cloud distribution points set to Yes, before a device or user can access content from a cloud-based distribution point. By default, this value is set to No.

  • A client must be able to resolve the name of the cloud service, which requires a Domain Name System (DNS) alias, CNAME record, in your DNS namespace.

  • A client must be able to access the Internet to use the cloud-based distribution point.

Plan for the Cost of Using Cloud-Based Distribution

To help control costs that are associated with data transfers to and from a cloud-based distribution point, Configuration Manager includes options to control and monitor data access. You can control and monitor the amount of content that you store in a cloud service, and you can configure Configuration Manager to alert you when thresholds for client downloads meet or exceed monthly limits. Use these alerts to proactively manage data charges when you use a cloud-based distribution point.

For more information, see the section Controlling the Cost of Cloud-Based Distribution Points in the topic Manage Cloud Services for Configuration Manager.

About Subscriptions and Certificates for Cloud-Based Distribution Points

Cloud-based distribution points require certificates to enable Configuration Manager to manage the cloud service that hosts the distribution point, and for clients to access content from the distribution point. The following table provides overview information about these certificates. For more detailed information, see PKI Certificate Requirements for Configuration Manager.

Certificate

Details

Management certificate for site server to distribution point communication

The management certificate establishes trust between the Microsoft Azure management API and Configuration Manager. This authentication enables Configuration Manager to call on the Microsoft Azure API when you perform tasks such as deploying content or starting and stopping the cloud service. By using Microsoft Azure, customers can create their own management certificates, which can be either a self-signed certificate or a certificate that is issued by a certification authority (CA):

  • Provide the .cer file of the management certificate to Microsoft Azure when you configure Microsoft Azure for Configuration Manager. The .cer file contains the public key for the management certificate. You must upload this certificate to Microsoft Azure before you install a cloud-based distribution point. This certificate enables Configuration Manager to access the Microsoft Azure API.

  • Provide the .pfx file of the management certificate to Configuration Manager when you install the cloud-based distribution point. The .pfx file contains the private key for the management certificate. Configuration Manager stores this certificate in the site database. Because the .pfx file contains the private key, you must provide the password to import this certificate file into the Configuration Manager database.

If you create a self-signed certificate, you must first export the certificate as a .cer file, and then export it again as a .pfx file.

Optionally, you can specify a version 1 .publishsettings file from the Microsoft Azure SDK 1.7. For information about .publishsettings files, refer to the Microsoft Azure documentation.

For more information, see How to Create a Management Certificate and How to Add a Management Certificate to a Windows Azure Subscription in the Microsoft Azure Platform section of the MSDN Library.

Service certificate for client communication to the distribution point

The Configuration Manager cloud-based distribution point service certificate establishes trust between the Configuration Manager clients and the cloud-based distribution point and secures the data that clients download from it by using Secure Socket Layer (SSL) over HTTPS.

Important

The common name in the certificate subject box of the service certificate must be unique in your domain and not match any domain-joined device.

For an example deployment of this certificate, see the Deploying the Service Certificate for Cloud-Based Distribution Points section in the Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority topic.

Site Server to Cloud-Based Distribution Point Communication

When you install a cloud-based distribution point, you must assign one primary site to manage the transfer of content to the cloud service. This action is equivalent to installing the distribution point site system role on a specific site.

Client to Cloud-Based Distribution Point Communication

When a device or user of a device is configured with the client setting that enables the use of a cloud-based distribution point, the device can receive the cloud-based distribution point as a valid content location. A cloud-based distribution point is considered a remote distribution point when a client evaluates available content locations. Clients on the intranet only use cloud-based distribution points as a fallback option if on-premises distribution points are not available.

Even though you install cloud-based distribution points in specific regions of Microsoft Azure, clients that use cloud-based distribution points are not aware of the Microsoft Azure regions, and non-deterministically select a cloud-based-distribution point. This means if you install cloud-based distribution points in multiple regions, and a client receives multiple cloud-based distribution points as content locations, the client might not use a cloud-based distribution point from the same Microsoft Azure region as the client.

Clients that can use cloud-based distribution points use the following sequence when they perform a content location request:

  1. A client that is configured to use cloud-based distribution points always attempts to obtain content from a preferred distribution point first. For information about preferred distribution points, see the Preferred Distribution Points section in the Introduction to Content Management in Configuration Manager topic.

  2. When a preferred distribution point is not available, the client uses a remote distribution point, if the deployment supports this option, and if a remote distribution point is available.

  3. When a preferred distribution point or remote distribution point is not available, the client can then fall back to obtain the content from a cloud-based distribution point.

    Note

    Clients on the Internet that receive both an Internet-based distribution point and a cloud-based distribution point as content locations for a deployment, only attempt to retrieve content from the Internet-based distribution point. If the client on the Internet fails to retrieve content from the Internet-based distribution point, the client does not then attempt to access the cloud-based distribution point.

When a client uses a cloud-based distribution point as a content location, the client authenticates itself to the cloud-based distribution point by using a Configuration Manager access token. If the client trusts the Configuration Manager cloud-based distribution point certificate, the client can then download the requested content.

Determine the Distribution Point Infrastructure

At least one distribution point is required at each site in the Configuration Manager hierarchy. By default, a primary site server is configured as a distribution point. However, assign this role to a remote site system and remove it from the site server if possible. This role assignment reduces the resource requirements and improves performance on the site server, and also assists in load balancing. The distribution point site system role is automatically configured on the secondary site server when it is installed. However, the distribution point site system role is not required at secondary sites. Clients connect to distribution points at the parent primary site if one is not available at the secondary site. As you configure your distribution points with assigned boundary groups, consider the physical location and network connection speed between the distribution point and site server

Consider the following to help you determine the appropriate number of distribution points to install at a site:

  • The number of clients that might access the distribution point

  • The configuration of the distribution point, such as PXE and multicast

  • The network bandwidth that is available between clients and distribution points

  • The size of the content that clients retrieve from the distribution point

  • The setting for BranchCache that when it is enabled, lets clients at remote locations obtain content from local clients

For more information about creating and configuring distribution points, see the Install and Configure the Distribution Point section in the Configuring Content Management in Configuration Manager topic.

Plan for Distribution Point Groups

Distribution point groups provide a logical grouping of distribution points for content distribution. When you distribute content to a distribution point group, all distribution points that are members of the distribution point group receive the content. If you add a distribution point to the distribution point group after an initial content distribution, the content automatically distributes to the new distribution point member. You can add one or more distribution points from any site in the Configuration Manager hierarchy to the distribution point group. You can also add the distribution point to more than one distribution point group, to manage and monitor content from a central location for distribution points that span multiple sites.

You can also add a collection to distribution point groups, which creates an association, and then distribute content to the collection. When you distribute content to a collection, the content is assigned to all distribution point groups that are associated with the collection. The content is then distributed to all distribution points that are members of those distribution point groups. There are no restrictions on the number of distribution point groups that can be associated with a collection or the number of collections that can be associated with a distribution point group. If you add a collection to a distribution point group, the distribution point group does not automatically receive content previously distributed to the associated collection. However, the distribution point group receives all new content that is distributed to the collection.

Note

After you distribute content to a collection, and then associate the collection to a new distribution point group, you must redistribute the content to the collection before the content is distributed to the new distribution point group.

For more information about creating and configuring distribution point groups, see the Create and Configure Distribution Point Groups section in the Configuring Content Management in Configuration Manager topic.

Plan for Distribution Point Priority

Beginning with System Center 2012 R2 Configuration Manager, Configuration Manager determines a priority for each distribution point that is based on the time it took the last content deployment to that distribution point to transfer across the network. When you distribute content to multiple distributions points at the same time or to a distribution point group, Configuration Manager sends the content to the distribution point with the highest priority before it sends that same content to a distribution point with a lower priority. This process is self-tuning and helps Configuration Manager successfully distribute content to more distribution points in a shorter period of time than in previous versions. By default, all new distribution points share the same priority.

The priority of a distribution point does not replace a packages distribution priority. The distribution priority, which is high, medium, or low, remains the deciding factor in the sequence of when different distributions are transferred. For example, if you distribute content that has a high distribution priority to a distribution point that has a low distribution point priority, this high distribution priority package always transfers before a package that has a lower distribution priority. The distribution priority applies even if packages that have a lower distribution priority are distributed to distribution points that have higher distribution point priorities. The high distribution priority of the package ensures that Configuration Manager distributes that content to its applicable distribution points before any packages with a lower distribution priority are sent.

The priority of distribution points is determined and managed by Configuration Manager automatically. There are no options in the Configuration Manager console to adjust or view this priority. However, you can use the Configuration Manager SDK to manually manage the priority of distribution points.

Note

Pull-distribution points use a concept of priority to order the sequence of their source distribution points. The distribution point priority for content transfers to the distribution point is distinct from the priority that pull-distribution points use when they search for content from a source distribution point. For more information about pull-distribution points, see Planning for Pull-Distribution Points in this topic.

Plan for Content Libraries

Configuration Manager creates a content library on each site server and on each distribution point. The content library stores all content files for software updates, applications, and operating system deployment. An exception to this process is on the central administration site. On the central administration site, the content library only stores content that is created at the central administration site, and content that you migrate from another site and assign to be managed by the central administration site.

When you plan for content management, ensure there is enough free disk space for use by the content library on each distribution point that you deploy, and on each site server that manages content that you create or that you migrate from another Configuration Manager site. For information about the content library, see the Content Library section in the Introduction to Content Management in Configuration Manager topic.

Important

For System Center 2012 Configuration Manager SP1 and later:

To move the content library to a different location on a distribution point after the installation, use the Content Library Transfer Tool in the System Center 2012 Configuration Manager Service Pack 1 Toolkit. You can download the toolkit from the Microsoft Download Center.

Plan for Binary Differential Replication

System Center 2012 Configuration Manager uses binary differential replication, sometimes known as delta replication, to update the copy of applications and packages on remote sites and on distribution points. This process minimizes the network bandwidth that is used to send updates for distributed content by resending only the new or changed content instead of sending the entire set of content source files each time a change to those files is made.

When binary differential replication is used, Configuration Manager identifies the changes that occur to source files for each set of content that has previously been distributed. When files in the source content change, Configuration Manager creates a new incremental version of the content set and replicates only the changed files to destination sites and distribution points. A file is considered to be changed if it renamed, moved, or the contents of the file change. For example, if you replace a single driver file for an operating system deployment package that you previously distributed to several sites, only the changed driver file is replicated to those destination sites.

Configuration Manager supports up to five incremental versions of a content set before it resends the entire content set. After the fifth update, the next change to the content set causes Configuration Manager to create a new version of the content set. Configuration Manager then distributes the new version of the content set to replace the previous set and any of its incremental versions. After the new content set is distributed, subsequent incremental changes to the source files are again replicated by binary differential replication.

Binary replication is supported between each parent and child site in a hierarchy. Within a site, binary replication is supported between the site server and its distribution points. However, pull-distribution points and cloud-based distribution points do not support binary differential replication to transfer content. Pull-distribution points support file-level deltas, transfering new files, but not blocks within a file.

Applications always use binary differential replication. For packages, binary differential replication is optional and is not enabled by default. To use binary differential replication for packages, you must enable this functionality for each package. To do so, select the option Enable binary differential replication when you create a new package or when you edit the Data Source tab of the package properties.

About the Package Transfer Manager

In a System Center 2012 Configuration Manager site, the Package Transfer Manager is a new component of the SMS_Executive that manages the transfer of content from a site server computer to remote distribution points in a site. When you distribute content to one or more remote distribution points at a site, Distribution Manager creates a content transfer job and then notifies the Package Transfer Manager on primary and secondary site servers to transfer the content to the remote distribution points.

Note

In previous versions of Configuration Manager, the Distribution Manager manages the transfer of content to a remote distribution point. Distribution Manager also manages the transfer of content between sites. With System Center 2012 Configuration Manager, Distribution Manager continues to manage the transfer of content between two sites. However, the Package Transfer Manager allows Configuration Manager to offload from Distribution Manager the operations required to transfer content to large numbers of distribution points. Compared to previous product versions, this helps to increase the overall performance of content deployment both between sites and to distribution points within a site.

To transfer content to a standard distribution point, Package Transfer Manager operates the same as the Distribution Manager operates in previous versions of Configuration Manager. That is, it actively manages the transfer of files to each remote distribution point. However, to distribute content to a pull-distribution point, the Package Transfer Manager notifies the pull-distribution point that content is available, and then hands the process of transferring that content over to the pull-distribution point.

Use the following information to help you understand how Package Transfer Manager manages the transfer of content to standard distribution points and to distribution points configured as pull-distribution points:

Action

Standard distribution point

Pull-distribution point

Administrative user deploys content to one or more distribution points at a site

Distribution Manager creates a content transfer job for that content.

Distribution Manager creates a content transfer job for that content.

Distribution Manager runs preliminary checks

Distribution Manager runs a basic check to confirm that each distribution point is ready to receive the content. After this check, Distribution Manager notifies Package Transfer Manager to start the transfer of content to the distribution point.

Distribution manager starts Package Transfer Manager, which then notifies the pull-distribution point that there is a new content transfer job for the distribution point. Distribution Manager does not check on the status of remote distribution points that are pull-distribution points because each pull-distribution point manages its own content transfers.

Package Transfer Manager prepares to transfer content

Package Transfer Manager examines the single instance content store of each specified remote distribution point, to identify any files that are already on that distribution point. Then, Package Transfer Manager queues up for transfer only those files that are not already present.

Note

When you use the Redistribute action for content, Package Transfer Manager copies each file in the distribution to the distribution point, even if the files are already present in the single instance store of the distribution point.

For each pull-distribution point in the distribution, Package Transfer Manager checks the pull-distribution points source distribution points to confirm if the content is available:

  • When the content is available on at least one source distribution point, Package Transfer Manager sends a notification to that pull-distribution point that directs that distribution point to begin the process of transferring content. The notification includes file names and sizes, attributes, and hash values.

  • When the content is not yet available, Package Transfer Manager does not send a notification to the distribution point. Instead, it repeats the check every 20 minutes until the content is available. Then, when the content is available, Package Transfer Manager sends the notification to that pull-distribution point.

Note

When you use the Redistribute action for content, the pull-distribution point copies each file in the distribution to the distribution point, even if the files are already present in the single instance store of the pull-distribution point.

Content begins to transfer

Package Transfer Manager copies files to each remote distribution point. During the transfer to a standard distribution point:

  • By default, Package Transfer Manager can simultaneously process three unique packages, and distribute them to five distribution points in parallel. These are called Concurrent distribution settings and are configured on the General tab of the Software Distribution Component Properties for each site.

  • Package Transfer Manager uses the scheduling and network bandwidth configurations of each distribution point when transferring content to that distribution point. You configure these settings on the Schedule and Rate Limits tabs in the Properties of each remote distribution point. For more information, see the Modify the Distribution Point Configuration Settings section in the Configuring Content Management in Configuration Manager topic.

When a pull-distribution point receives a notification file, the distribution point begins the process to transfer the content. The transfer process runs independently on each pull-distribution point:

  • The pull-distribution identifies the files in the content distribution that it does not already have in its single instance store, and prepares to download that content from one of its source distribution points.

  • Next, the pull-distribution point checks with each of its source distribution points, in order, until it locates a source distribution point that has the content available. When the pull-distribution point identifies a source distribution point with the content, it begins the download of that content.

Note

The process to download content by the pull-distribution point is the same as is used by Configuration Manager clients. For the transfer of content by the pull-distribution point, neither the concurrent transfer settings, nor the scheduling and throttling options that you configure for standard distribution points are used.

Content transfer completes

After the Package Transfer Manager is done transferring files to each designated remote distribution point, it verifies the hash of the content on the distribution point, and notifies Distribution Manager that the distribution is complete.

After the pull-distribution point completes the content download, the distribution point verifies the hash of the content, and then submits a status message to the sites management point to indicate success. However, if after 60 minutes, this status is not received, the Package Transfer Manager wakes up and checks with the pull-distribution point to confirm if the pull-distribution point has downloaded the content. If the content download is in progress, the Package Transfer Manager sleeps for 60 minutes before it checks with the pull-distribution point again. This cycle continues until the pull-distribution point completes the content transfer.

Package Transfer Manager logs its actions in the pkgxfermgr.log file on the site server. The log file is the only location you can view the activities of the Package Transfer Manager.

Supplemental Planning Topics for Content Management

Use the following topics to help you plan for content management in Configuration Manager: