Hope this post finds you in good health and spirit. In this blog we are going to discuss cloud management gateway and cloud DP. There are so many blogs already online so I tried to create short and crisp summary.
Cloud Management Gateway
SCCM clients use management point as their communication source with SCCM server. If client has to send inventory or needs any policy, it communicates via management point. This statement is true even if clients are on internet. In order to communicate internet based client, management point needs to be internet faced exposing itself and the on-premises infrastructure.
The problem is solved in SCCM 1610 with introduction of cloud management gateway. The cloud management gateway service is deployed on Microsoft Azure and connects to on-premises Configuration Manager infrastructure using a new role called cloud management gateway connector point. Once deployed and configured, clients will be able to access on-premises Configuration Manager site system roles regardless of whether they’re on the internal private network or on the Internet.
- Management point and software update point need not be exposed on internet.
- It uses https, hence in-route communication is secure.
- It can do application deployment, patch deployment, OS upgrade (but not full OSD deployment), inventory
These features are not supported on cloud management gateway:
- Client deployment
- Automatic site assignment
- User policies
- Application catalog (including software approval requests)
- Full operating system deployment (OSD)
- Configuration Manager console
- Remote tools
- Reporting website
- Wake on LAN
- Mac, Linux, and UNIX clients
- Azure Resource Manager
- Peer cache
- On-premises Mobile Device Management
- An Azure subscription.
- Certificates are required to authenticate and encrypt communication.
- Cloud management gateway connector point need to be installed.
- Cloud distribution point for content distribution.
Cloud management gateway is alternative for internet based client management. The major concern for cloud management gateway is cost associated with it. There is cost for Azure subscription (deploying virtual machine for hosting gateway) and egress data. Cloud management gateway also need cloud distribution point for sharing contents which again has cost associated with it. Keeping the cost and limitation in mind, we can decide if cloud management gateway is ideal solution.
I had to configure Cloud management gateway recently in one of my project and this pdf has helped me lot:
You may use it in case needed.
Cloud-based Distribution Point
Cloud-based Distribution Point was introduced in System Center 2012 Configuration Manager SP1. It’s the capability to host distribution point on Azure. A Cloud-based-based distribution point can serve as an alternative to deploying a distribution point at a small branch site. When content is encrypted while in transit to and from Cloud-based distribution point.
- The ability to serve as a Fallback distribution point
- Support both intranet and internet-based clients
- Support for BranchCache-configured systems to download content from the Cloud-based distribution point
- Distribution points can be scaled as necessary without investing in additional hardware.
- Cloud-based distribution point cannot be used for PXE or multicast deployments.
- Prior to using version 1610 with the Hotfix KB4010155, Cloud-based distribution point cannot host software update packages. This issue is fixed beginning with version 1702, and later.
- Clients are not offered a Cloud-based-based distribution point as a content location for a task sequence that is deployed by using the deployment option Download content locally when needed by running task sequence. However, task sequences that are deployed by using the deployment option of Download all content locally before starting task sequencecan use a Cloud-based-based distribution point as a valid content location.
- Cloud-based distribution point does not support packages that run from the distribution point.
- Cloud-based distribution point does not support streaming packages by using Application Virtualization or similar programs.
- A Cloud-based distribution point does not support prestaged content.
- A Cloud-based distribution point cannot be configured as a pull-distribution point.
- An Azure subscription.
- A self-signed or management certificate for communication from a Configuration Manager primary site server to the Cloud-based service in Azure.
- A service certificate that Configuration Manager clients use to connect to Cloud-based-based distribution points and download content from them using HTTPS.
- A client must be able to resolve the name of the Cloud-based service, which requires a Domain Name System alias and a CNAME record in DNS namespace.
- A client must be able to access the internet.
- A device or user must have Allow Access to Cloud-based distribution pointsset to Yes in the client setting of Cloud-based Services before a device or user can access content from a Cloud-based distribution point. By default, this value is set to No.
Cloud-based distribution point is good solution in case if the users are scattered around the globe where it’s not feasible to install distribution point. In this scenario users can use Cloud-based distribution point to access their application and updates. A Cloud-based distribution point can also be deployed at a small branch site.
However, there are pre-requisites to install Cloud-based distribution point as pointed above in document which need to be meet. There will be cost associated with transfer of content as egress (data coming out from Azure) data has cost in Azure. Bandwidth is another consideration for downloading content to clients which can be partially mitigated using BranchCache. Keeping these points in mind you can decide whether to deploy Cloud-based distribution point.
So that’s all in this post. Hope to see you soon with some other technical stuff. Till then, ta-ta. 🙂