1 / 30

Native Mode in Microsoft System Center Configuration Manager - PowerPoint PPT Presentation

  • Uploaded on

Native Mode in Microsoft System Center Configuration Manager . Jason Sandys Senior Lead Consultant Catapult Systems, Inc. Session Code: MGT312. Native Mode Setup Dialogs. Overview. What Is Native Mode Benefits Pre-requisites PKI Refresher Misperceptions

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Native Mode in Microsoft System Center Configuration Manager' - obert

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Native mode in microsoft system center configuration manager

Native Mode in Microsoft System Center Configuration Manager

Jason Sandys

Senior Lead Consultant

Catapult Systems, Inc.

Session Code: MGT312

Native mode setup dialogs
Native Mode Setup Dialogs


  • What Is Native Mode

  • Benefits

  • Pre-requisites

  • PKI Refresher

  • Misperceptions

  • Certificate Deployment & Demo

  • Implications

  • Notes from the Field

What is native mode
What Is Native Mode?

  • A site mode for Configuration Manager that dictates key client to site system communication






  • Enables Internet Based Client Management (IBCM)

    • Inventory

    • Software Distribution

    • Software Updates

    • Desired Configuration Management Compliance

  • Security in general


  • Certificates (aka Public Key Infrastructure)

  • Clients

    • ConfigMgr 2007 only

    • Windows 2000 not supported





Pki refresher key distribution
PKI Refresher Key Distribution

  • How do I get your Public Key?

    • Trusted source

  • Certificates

  • Trust

Pki refresher certificate revocation lists crl certificate distribution points cdp
PKI Refresher Certificate Revocation Lists (CRL)Certificate Distribution Points (CDP)








  • PKI is Easy

  • You must use a Microsoft PKI

  • AMT takes advantage of Native Mode

Misperceptions enterprise edition enterprise ca
Misperceptions Enterprise Edition = Enterprise CA


  • Internet-based clients can roam

  • Fallback Status Points (FSP) are only for Native Mode

  • An FSP in a Native Mode site can happily co-exist with other site roles


  • Mixed mode does not use certificates

  • Native mode protects all site communication

  • Only domain joined systems can participate in a Native Mode site

Certificate deployment
Certificate Deployment

  • Three Primary Certificate Types

    • Primary Site Server Signing Cert

    • Site System Server Authentication Cert(s)

    • Client Authentication Certs

      • All Clients must have their own, unique client authentication certificate

    • Secondary site servers do not need a site server signing certificate

Certificate deployment1


Certificate Deployment

Implications agent deployment
Implications Agent Deployment

  • Certificates on the clients

  • By default SLPs are not used

  • “Internet only” clients must be installed manually

  • CCMSetup.exe /native:CRL SMSSITECODE=ABC SMSMP=mgmtpoint

Implications wsus sup
Implications WSUS/SUP

  • Must manually add the Web server cert in IIS

  • Must manually configure IIS for SSL

  • Require SSL on virtual directories

    • APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService

<WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>

Implications osd
Implications OSD

  • Boot Images require client certificatesand a copy of the Root CA certificate

  • Build and Capture reference systems are not on the domain

    • CDP must be available


Notes from the field initial installation
Notes from the Field Initial Installation

  • Install in mixed mode and migrate

    • Easier to troubleshoot

    • Better when no PKI in place already

    • Better for organizations unfamiliar with ConfigMgr

  • Install in native mode

    • Requires PKI

    • Compounding issues

Notes from the field pki decisions
Notes from the Field PKI Decisions

  • Some decisions are not reversible without a lot of pain

  • Just because it works in the lab, does not mean it will work in production

CRL Distribution Points

Certificate Validity Period

Key Length

Notes from the field intra sup communication
Notes from the Field Intra-SUP Communication

  • SUP to SUP communication is mostly HTTPS in native mode





Internet Based

Update Metadata


Notes from the field pki timing
Notes from the Field PKI Timing

  • Certificate deployment is not instantaneous

    • Templates are stored in AD

    • Clients must be active and have connectivity to request a certificate

  • Plan for this delay

Other notables
Other Notables

  • Native Mode is not a one-way choice

  • Parent sites must be migrated first

    • Mixed mode parent sites do not support Native Mode child sites

  • Secondary site modes are dictated by their parent site’s mode

  • Native Mode Readiness Tool


  • MS Internet Clients & Native Mode Forum

  • System Center ConfigMgrTechCenter Library

  • Configuration Manager Team Blog

  • My Blog



    Sessions On-Demand & Community


  • Microsoft Certification & Training Resources


    • Resources for IT Professionals


    Resources for Developers

Microsoft Certification and Training Resources

Related content
Related Content

MGT304 Deploying Microsoft System Center Configuration Manager 2007, Part 1: Site Deployment

MGT305 Deploying Microsoft System Center Configuration Manager 2007, Part 2: Client Deployment

MGT306 Deploying Microsoft System Center Configuration Manager 2007, Part 3: Hierarchy Design and Implementation Best Practices

MGT02-HOL Microsoft System Center Configuration Manager: Migrating from Mixed Mode to Native Mode

Management track resources
Management Track Resources

  • Key Microsoft Sites

    • System Center on

    • System Center on TechNet:

    • Virtualization on

  • Community Resources

    • System Center Team Blog:

    • System Center on TechNet Edge:

    • System Center on Twitter:

    • Virtualization Feed:

    • System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact [email protected]

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.