Microsoft Tech Talks | Atlanta |

Stay in Touch – Invite a friend

http://meetup.com/mttatlanta/

AD CA

Windows

Update

AD CA

Windows

Update

AD CA

▪

▪

▪

▪

▪

▪

▪

▪

▪

▪

▪

AD CA

Windows

Update

• Client deployment and upgrade using client push

• Automatic site assignment

• User policies

• Application catalog (including software approval requests)

• Full operating system deployment (OSD)

• Configuration Manager console

• Remote tools

• Reporting website

• Wake on LAN

• Mac, Linux, and UNIX clients

• Azure Resource Manager

• Peer cache

• On-premises Mobile Device Management

East US East Asia

Traditional Internet-Based Client Management

Advantages:

❖ No cloud service dependency.

❖ No additional cost associated with a cloud subscription.

❖ Full control of servers and roles providing the service.

Disadvantages:

• Require additional infrastructure investment.

• Overhead and operational cost of additional infrastructure.

• Complex Security Requirements for functionality

• Infrastructure must be exposed to the Internet.

Azure Cloud Management Gateway

Advantages:

• No additional infrastructure investment required.

• Does not expose on-premises infrastructure to the Internet.

• Cloud virtual machines that run the service are fully managed by Azure and require

no maintenance.

• Persistent Connection to On-Prem for Software Updates (no vpn required)

• Easily set up and configured in the Configuration Manager console.

Disadvantages:

• Cloud subscription cost. (CMG/CDP)

• Management data sent through cloud service.

•

•

▪ CMG Gateway (PaaS) - Server Authentication (exportable)

▪ (MP/SUP Site Systems) – Server Authentication

▪ CM Clients - Workstation Authentication

▪ Connection Point Role/Azure - Client Root Cert

▪ Cloud DP – Workstation Authentication (optional)

PKI Certificates Requirements

Configuration Steps1. Prepare and Deploy PKI Certificates for Site Systems/Clients2. Configure Site Systems (MP/SUP) for SSL Communication3. Verify Client Communication4. Install Azure CMG5. Configure CM CPR6. Enable Cloud Traffic on Site Systems (MP/SUP)7. Test Functionality (logs)8. Configure SUM with Deploy Setting for WSUS9. Perform SUM Deployment10. Monitor

Pertinent Logs

Client SidePolicyagent.log – shows policy retrieval from management point (CMG)CCMessaging.log – shows active connections wit CMGDatatransferService.log – show content binary downloads from sources (Windows Update or Cloud DP)Locationservices.log – shows location for MP/SUP/DP

Server SideSMS_Cloud_ProxyConnector.log - displays activity between connection point role and CMG in Azure

Primary Site Server (MP/SUP, HTTPS, Connector Role)

Firewall

V-Workstation 1 V-Workstation 2

Azure Cloud

CMG Setup videohttps://youtu.be/-awTBMdMHFE

Product documentationhttps://docs.microsoft.com/en-us/sccm/core/clients/manage/manage-clients-internet

Cost estimateshttps://docs.microsoft.com/en-us/sccm/core/clients/manage/plan-cloud-management-gateway#cost-of-cloud-management-gateway