Native mode in microsoft system center configuration manager
Download
1 / 30

Native Mode in Microsoft System Center Configuration Manager - PowerPoint PPT Presentation


  • 139 Views
  • Uploaded on
  • Presentation posted in: General

Native Mode in Microsoft System Center Configuration Manager . Jason Sandys Senior Lead Consultant Catapult Systems, Inc. Session Code: MGT312. Native Mode Setup Dialogs. Overview. What Is Native Mode Benefits Pre-requisites PKI Refresher Misperceptions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Native Mode in Microsoft System Center Configuration Manager

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Native mode in microsoft system center configuration manager
Native Mode in Microsoft System Center Configuration Manager

Jason Sandys

Senior Lead Consultant

Catapult Systems, Inc.

Session Code: MGT312


Native mode setup dialogs
Native Mode Setup Dialogs


Overview
Overview

  • What Is Native Mode

  • Benefits

  • Pre-requisites

  • PKI Refresher

  • Misperceptions

  • Certificate Deployment & Demo

  • Implications

  • Notes from the Field


What is native mode
What Is Native Mode?

  • A site mode for Configuration Manager that dictates key client to site system communication

DP*

MP

SUP

SMP


Benefits
Benefits

  • Enables Internet Based Client Management (IBCM)

    • Inventory

    • Software Distribution

    • Software Updates

    • Desired Configuration Management Compliance

  • Security in general


Prerequisites
Prerequisites

  • Certificates (aka Public Key Infrastructure)

  • Clients

    • ConfigMgr 2007 only

    • Windows 2000 not supported

DP*

MP

SUP

SMP


Pki refresher key distribution
PKI Refresher Key Distribution

  • How do I get your Public Key?

    • Trusted source

  • Certificates

  • Trust


Pki refresher certificate revocation lists crl certificate distribution points cdp
PKI Refresher Certificate Revocation Lists (CRL)Certificate Distribution Points (CDP)

CRL

CDP

LDAP

FTP

SMB

HTTP


Misperceptions
Misperceptions

  • PKI is Easy

  • You must use a Microsoft PKI

  • AMT takes advantage of Native Mode


Misperceptions enterprise edition enterprise ca
Misperceptions Enterprise Edition = Enterprise CA


Misperceptions1
Misperceptions

  • Internet-based clients can roam

  • Fallback Status Points (FSP) are only for Native Mode

  • An FSP in a Native Mode site can happily co-exist with other site roles


Misperceptions2
Misperceptions

  • Mixed mode does not use certificates

  • Native mode protects all site communication

  • Only domain joined systems can participate in a Native Mode site


Certificate deployment
Certificate Deployment

  • Three Primary Certificate Types

    • Primary Site Server Signing Cert

    • Site System Server Authentication Cert(s)

    • Client Authentication Certs

      • All Clients must have their own, unique client authentication certificate

    • Secondary site servers do not need a site server signing certificate


Certificate deployment1

demo

Certificate Deployment


Implications agent deployment
Implications Agent Deployment

  • Certificates on the clients

  • By default SLPs are not used

  • “Internet only” clients must be installed manually

  • CCMSetup.exe /native:CRL SMSSITECODE=ABC SMSMP=mgmtpoint


Implications wsus sup
Implications WSUS/SUP

  • Must manually add the Web server cert in IIS

  • Must manually configure IIS for SSL

  • Require SSL on virtual directories

    • APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService

<WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>


Implications osd
Implications OSD

  • Boot Images require client certificatesand a copy of the Root CA certificate

  • Build and Capture reference systems are not on the domain

    • CDP must be available

PXE


Notes from the field initial installation
Notes from the Field Initial Installation

  • Install in mixed mode and migrate

    • Easier to troubleshoot

    • Better when no PKI in place already

    • Better for organizations unfamiliar with ConfigMgr

  • Install in native mode

    • Requires PKI

    • Compounding issues


Notes from the field pki decisions
Notes from the Field PKI Decisions

  • Some decisions are not reversible without a lot of pain

  • Just because it works in the lab, does not mean it will work in production

CRL Distribution Points

Certificate Validity Period

Key Length


Notes from the field intra sup communication
Notes from the Field Intra-SUP Communication

  • SUP to SUP communication is mostly HTTPS in native mode

Active

EULAs

SUP

SUP

Internet Based

Update Metadata

Configuration


Notes from the field pki timing
Notes from the Field PKI Timing

  • Certificate deployment is not instantaneous

    • Templates are stored in AD

    • Clients must be active and have connectivity to request a certificate

  • Plan for this delay


Other notables
Other Notables

  • Native Mode is not a one-way choice

  • Parent sites must be migrated first

    • Mixed mode parent sites do not support Native Mode child sites

  • Secondary site modes are dictated by their parent site’s mode

  • Native Mode Readiness Toolhttp://technet.microsoft.com/en-us/library/bb680986.aspx


Links
Links

  • MS Internet Clients & Native Mode Forumhttp://social.technet.microsoft.com/Forums/en/configmgribcm/threads/

  • System Center ConfigMgrTechCenter Libraryhttp://technet.microsoft.com/en-us/library/bb735860.aspx

  • Configuration Manager Team Bloghttp://blogs.technet.com/configmgrteam/

  • My Blog http://myitforum.com/cs2/blogs/jsandys


Resources
Resources

  • www.microsoft.com/teched

    Sessions On-Demand & Community

  • www.microsoft.com/learning

  • Microsoft Certification & Training Resources

  • http://microsoft.com/technet

    • Resources for IT Professionals

  • http://microsoft.com/msdn

    Resources for Developers

www.microsoft.com/learning

Microsoft Certification and Training Resources


Related content
Related Content

MGT304 Deploying Microsoft System Center Configuration Manager 2007, Part 1: Site Deployment

MGT305 Deploying Microsoft System Center Configuration Manager 2007, Part 2: Client Deployment

MGT306 Deploying Microsoft System Center Configuration Manager 2007, Part 3: Hierarchy Design and Implementation Best Practices

MGT02-HOL Microsoft System Center Configuration Manager: Migrating from Mixed Mode to Native Mode


Management track resources
Management Track Resources

  • Key Microsoft Sites

    • System Center on Microsoft.com: http://www.microsoft.com/systemcenter

    • System Center on TechNet: http://technet.microsoft.com/systemcenter/

    • Virtualization on Microsoft.com: http://www.microsoft.com/virtualization

  • Community Resources

    • System Center Team Blog: http://blogs.technet.com/systemcenter

    • System Center on TechNet Edge: http://edge.technet.com/systemcenter

    • System Center on Twitter: http://twitter.com/system_center

    • Virtualization Feed: http://www.virtualizationfeed.com

    • System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact scnetsup@microsoft.com


Native mode in microsoft system center configuration manager

Complete an evaluation on CommNet and enter to win!



Native mode in microsoft system center configuration manager

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


ad
  • Login