Native mode in microsoft system center configuration manager
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Native Mode in Microsoft System Center Configuration Manager PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on
  • Presentation posted in: General

Native Mode in Microsoft System Center Configuration Manager . Jason Sandys Senior Lead Consultant Catapult Systems, Inc. Session Code: MGT312. Native Mode Setup Dialogs. Overview. What Is Native Mode Benefits Pre-requisites PKI Refresher Misperceptions

Download Presentation

Native Mode in Microsoft System Center Configuration Manager

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Native mode in microsoft system center configuration manager

Native Mode in Microsoft System Center Configuration Manager

Jason Sandys

Senior Lead Consultant

Catapult Systems, Inc.

Session Code: MGT312


Native mode setup dialogs

Native Mode Setup Dialogs


Overview

Overview

  • What Is Native Mode

  • Benefits

  • Pre-requisites

  • PKI Refresher

  • Misperceptions

  • Certificate Deployment & Demo

  • Implications

  • Notes from the Field


What is native mode

What Is Native Mode?

  • A site mode for Configuration Manager that dictates key client to site system communication

DP*

MP

SUP

SMP


Benefits

Benefits

  • Enables Internet Based Client Management (IBCM)

    • Inventory

    • Software Distribution

    • Software Updates

    • Desired Configuration Management Compliance

  • Security in general


Prerequisites

Prerequisites

  • Certificates (aka Public Key Infrastructure)

  • Clients

    • ConfigMgr 2007 only

    • Windows 2000 not supported

DP*

MP

SUP

SMP


Pki refresher key distribution

PKI Refresher Key Distribution

  • How do I get your Public Key?

    • Trusted source

  • Certificates

  • Trust


Pki refresher certificate revocation lists crl certificate distribution points cdp

PKI RefresherCertificate Revocation Lists (CRL)Certificate Distribution Points (CDP)

CRL

CDP

LDAP

FTP

SMB

HTTP


Misperceptions

Misperceptions

  • PKI is Easy

  • You must use a Microsoft PKI

  • AMT takes advantage of Native Mode


Misperceptions enterprise edition enterprise ca

MisperceptionsEnterprise Edition = Enterprise CA


Misperceptions1

Misperceptions

  • Internet-based clients can roam

  • Fallback Status Points (FSP) are only for Native Mode

  • An FSP in a Native Mode site can happily co-exist with other site roles


Misperceptions2

Misperceptions

  • Mixed mode does not use certificates

  • Native mode protects all site communication

  • Only domain joined systems can participate in a Native Mode site


Certificate deployment

Certificate Deployment

  • Three Primary Certificate Types

    • Primary Site Server Signing Cert

    • Site System Server Authentication Cert(s)

    • Client Authentication Certs

      • All Clients must have their own, unique client authentication certificate

    • Secondary site servers do not need a site server signing certificate


Certificate deployment1

demo

Certificate Deployment


Implications agent deployment

ImplicationsAgent Deployment

  • Certificates on the clients

  • By default SLPs are not used

  • “Internet only” clients must be installed manually

  • CCMSetup.exe /native:CRL SMSSITECODE=ABC SMSMP=mgmtpoint


Implications wsus sup

ImplicationsWSUS/SUP

  • Must manually add the Web server cert in IIS

  • Must manually configure IIS for SSL

  • Require SSL on virtual directories

    • APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService

<WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>


Implications osd

ImplicationsOSD

  • Boot Images require client certificatesand a copy of the Root CA certificate

  • Build and Capture reference systems are not on the domain

    • CDP must be available

PXE


Notes from the field initial installation

Notes from the FieldInitial Installation

  • Install in mixed mode and migrate

    • Easier to troubleshoot

    • Better when no PKI in place already

    • Better for organizations unfamiliar with ConfigMgr

  • Install in native mode

    • Requires PKI

    • Compounding issues


Notes from the field pki decisions

Notes from the FieldPKI Decisions

  • Some decisions are not reversible without a lot of pain

  • Just because it works in the lab, does not mean it will work in production

CRL Distribution Points

Certificate Validity Period

Key Length


Notes from the field intra sup communication

Notes from the FieldIntra-SUP Communication

  • SUP to SUP communication is mostly HTTPS in native mode

Active

EULAs

SUP

SUP

Internet Based

Update Metadata

Configuration


Notes from the field pki timing

Notes from the FieldPKI Timing

  • Certificate deployment is not instantaneous

    • Templates are stored in AD

    • Clients must be active and have connectivity to request a certificate

  • Plan for this delay


Other notables

Other Notables

  • Native Mode is not a one-way choice

  • Parent sites must be migrated first

    • Mixed mode parent sites do not support Native Mode child sites

  • Secondary site modes are dictated by their parent site’s mode

  • Native Mode Readiness Toolhttp://technet.microsoft.com/en-us/library/bb680986.aspx


Links

Links

  • MS Internet Clients & Native Mode Forumhttp://social.technet.microsoft.com/Forums/en/configmgribcm/threads/

  • System Center ConfigMgrTechCenter Libraryhttp://technet.microsoft.com/en-us/library/bb735860.aspx

  • Configuration Manager Team Bloghttp://blogs.technet.com/configmgrteam/

  • My Blog http://myitforum.com/cs2/blogs/jsandys


Resources

Resources

  • www.microsoft.com/teched

    Sessions On-Demand & Community

  • www.microsoft.com/learning

  • Microsoft Certification & Training Resources

  • http://microsoft.com/technet

    • Resources for IT Professionals

  • http://microsoft.com/msdn

    Resources for Developers

www.microsoft.com/learning

Microsoft Certification and Training Resources


Related content

Related Content

MGT304 Deploying Microsoft System Center Configuration Manager 2007, Part 1: Site Deployment

MGT305 Deploying Microsoft System Center Configuration Manager 2007, Part 2: Client Deployment

MGT306 Deploying Microsoft System Center Configuration Manager 2007, Part 3: Hierarchy Design and Implementation Best Practices

MGT02-HOL Microsoft System Center Configuration Manager: Migrating from Mixed Mode to Native Mode


Management track resources

Management Track Resources

  • Key Microsoft Sites

    • System Center on Microsoft.com: http://www.microsoft.com/systemcenter

    • System Center on TechNet: http://technet.microsoft.com/systemcenter/

    • Virtualization on Microsoft.com: http://www.microsoft.com/virtualization

  • Community Resources

    • System Center Team Blog: http://blogs.technet.com/systemcenter

    • System Center on TechNet Edge: http://edge.technet.com/systemcenter

    • System Center on Twitter: http://twitter.com/system_center

    • Virtualization Feed: http://www.virtualizationfeed.com

    • System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact [email protected]


Native mode in microsoft system center configuration manager

Complete an evaluation on CommNet and enter to win!


Native mode in microsoft system center configuration manager

question & answer


Native mode in microsoft system center configuration manager

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


  • Login