Maybe I misunderstood your configuration. I am under the impression that DEV, UAT and PROD are all separate SCCM Sites. Are you saying that there is only one SCCM Site (in the PROD domain) and you are simply trying to figure out how to manage clients and get apps to users in three different domains?
Jerry From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Thursday, May 05, 2016 3:36 PM To: ms...@lists.myitforum.com Subject: Re: [mssms] RE: Application Catalog in multiple forest/domains Not sure why we'd have to do that. As long as cross forest support is setup and clients in DEV and UAT are supported by the PROD Primary Site. Why not create domain local security groups for each domain. The collections are query based and look for members of the corresponding AD user or computer group. DEV security groups get DEV Apps UAT security groups get UAT Apps Same thing with PROD. Those are my thoughts Brian Sent from my iPhone On May 5, 2016, at 1:52 PM, Bradnan, Jerry <jerry.brad...@bluechip-llc.com<mailto:jerry.brad...@bluechip-llc.com>> wrote: If I am understanding you correctly, the DEV, UAT and PROD sites are not in the same hierarchy (connected via CAS) then you'll need to add an Application Catalog in the DEV and UAT environments and manage them all separately. So you'll have to add an Application Catalog in DEV and another in UAT and configure client settings for each. Once in place you can then target the appropriate User collection(s) with applications to appear in the Application Catalog. The Application Catalog can live on the site server in UAT and DEV I would imagine. Unless you have thousands of users using these sites, in which case you might want to move the Application Catalog website and web service point roles to a separate server. Jerry From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Thursday, May 05, 2016 1:41 PM To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com> Subject: Re: [mssms] RE: Application Catalog in multiple forest/domains Ideally prod apps would be deployed to prod users, Dev Apps would be deployed to Dev users, and UAT Apps would be deployed to you UAT users. Thanks, Brian Sent from my iPhone On May 5, 2016, at 12:22 PM, Bradnan, Jerry <jerry.brad...@bluechip-llc.com<mailto:jerry.brad...@bluechip-llc.com>> wrote: It is possible to deploy the application catalog to an untrusted forest, however I might be concerned with boundary overlap issues. Does the App Catalog need to present PROD apps in the DEV/UAT environment, or do you just need the Application Catalog from any site? Jerry From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Thursday, May 05, 2016 12:44 PM To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com> Subject: [mssms] Application Catalog in multiple forest/domains Hello, I have 3 environments (DEV/UAT,PROD). My primary site resides in my PROD environment. I have a use case to provide Application Catalog support in DEV and UAT. There are NO Trusts setup between the 3 environments. Would it be easier to manage clients cross-forest using the App Catalog in the PROD domain or build out additional site systems in DEV and UAT that host the Application Catalog website? To me, the easiest solution would be to use collection structure for users in each environment DEV/UAT/PROD and target app deployments/publishing to app catalog based off the collection design that will query a domain local security group in each environment. Can someone give me some ideas on the best way to tackle this? Thanks, Brian
