Does this seem correct or have I missed something in my config?
I am going to document the client settings next.
System Center Configuration Management Server 2012 R2 Configuration
The System Center Configuration Management software (SCCM) is configured in a
spoke and wheel topology. The Central Administration Site (CAS) is configured
on a physical server located at our nearest most site to the Firewall. This
physical server also hosts the Primary Site (SC1) for the entire Credit Union.
The Primary Site has a SQL 2012 backend database server and runs the only WSUS
server in the Credit Union. The Heirarchy is configured using the following
settings:
Active Directory Forest Discovery
Forest Discovery is set to automatically create IP address
ranges for IP subnets once a week.
Active Directory Group Discovery
Group Discovery is set to Recursively search Active Directory child containers
from LDAP://DC=IMCU,DC=local, completing a Full Discovery every 7 days and
delta discoveries every 5 minutes. Only discovery computers that have logged
on in the past 90 days, updated their computer account information in the past
90 days or updated their membership in a Distribution Group.
Active Directory System Discovery
System Discovery is set to Recursively search Active Directory child containers
from LDAP://DC=IMCU,DC=local, completing a Full Discovery every 7 days and
delta discoveries every 5 minutes. Upon completion the msTPM-OwnerInformation
attribute is retrieved and added to the SQL entry for the device. Only
discovery computers that have logged on in the past 90 days, updated their
computer account information in the past 90 days.
Active Directory User Discovery
User Discovery is set to Recursively search Active Directory child containers
from LDAP://DC=IMCU,DC=local, completing a Full Discovery every 7 days and
delta discoveries every 5 minutes.
Heartbeat Discovery
This is set to every 1 week.
Network Discovery
Is currently disabled.
System Roles assigned to the SCCM server are as follows:
Application Catalog Web Service Point
Application Catalog Website Point
Asset Intelligence Synchronization Point
Component Server
Distribution Point
Fallback Status Point
Management Point
Reporting Services Point
Site Database Server
Site Server
Site System
Software Update Point
System Roles assigned to the Branch server are as follows:
Distribution Point
Site System
The Primary Site is configured with Boundaries. Each boundary is defined by an
IP address range.
Every boundary is tied to a Site and Boundary Group. Sites are defined in
Distribution Points and Boundary Groups are used with content distribution.
The following Boundaries are configured in the Primary Site:
IP Range Site Systems
Boundary Group
10.0.1.0/24
\\12051601VV801.imcu.local<file:///\\12051601VV801.imcu.local>
Campus Boundary Group
10.0.10.0/24
\\120615VMBR0401.imcu.local<file:///\\120615VMBR0401.imcu.local>
Henry St Boundary Group
10.0.100.0/24
\\1206154O031605.imcu.local<file:///\\1206154O031605.imcu.local>
Beech Grove Boundary Group
10.0.110.0/24
\\120615O8072306.imcu.local<file:///\\120615O8072306.imcu.local>
Community Boundary Group
10.0.120.0/24
\\12061525008V507.imcu.local<file:///\\12061525008V507.imcu.local>
St Vincent Boundary Group
10.0.130.0/24
\\1206151600WW08.imcu.local<file:///\\1206151600WW08.imcu.local>
College Park Boundary Group
10.0.140.0/24
\\1206154802D610.imcu.local<file:///\\1206154802D610.imcu.local>
Castleton Boundary Group
10.0.150.0/24
\\12061505O26211.imcu.local<file:///\\12061505O26211.imcu.local>
Greenwood Boundary Group
10.0.160.0/24
\\12061515021R12.imcu.local<file:///\\12061515021R12.imcu.local>
Marion Boundary Group
10.0.170.0/24
\\120615402MBB13.imcu.local<file:///\\120615402MBB13.imcu.local>
VA Hospital Boundary Group
10.0.180.0/24
\\1206150400CW14.imcu.local<file:///\\1206150400CW14.imcu.local>
Noblesville Boundary Group
10.0.190.0/24
\\1206152403MC15.imcu.local<file:///\\1206152403MC15.imcu.local>
Eastside Boundary Group
10.0.2.0/24
\\12061548037W02.imcu.local<file:///\\12061548037W02.imcu.local>
Downtown Boundary Group
10.0.200.0/24
\\120615160RLY16.imcu.local<file:///\\120615160RLY16.imcu.local>
Muncie Boundary Group
10.0.220.0/24
\\1206154306HW19.imcu.local<file:///\\1206154306HW19.imcu.local>
Government Center Boundary Group
10.0.23.0/24
\\120615210B0926.imcu.local<file:///\\120615210B0926.imcu.local>
Carmel Boundary Group
10.0.250.0/24
\\12121470B3M22.imcu.local<file:///\\12121470B3M22.imcu.local>
Avon Boundary Group
10.0.3.0/24
\\1206151109A603.imcu.local<file:///\\1206151109A603.imcu.local>
Brownsburg Boundary Group
10.0.31.0/24
\\1212142402WD31.imcu.local<file:///\\1212142402WD31.imcu.local>
Center Grove Boundary Group
10.0.32.0/24
\\1205151406RZ32.imcu.local<file:///\\1205151406RZ32.imcu.local>
Westfield Boundary Group
10.0.33.0/24
\\12061523O61033.imcu.local<file:///\\12061523O61033.imcu.local>
Plainfield Boundary Group
10.0.34.0/24
\\1206152403MX34.imcu.local<file:///\\1206152403MX34.imcu.local>
Stop 11 Boundary Group
10.0.35.0/24
\\12061510022F35.imcu.local<file:///\\12061510022F35.imcu.local>
Zionsville Boundary Group
10.0.50.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Legacy Boundary Group
10.0.51.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Back Offices Building 1
10.0.52.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Back Offices Building 2
10.0.53.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Back Offices Building 3
10.0.54.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Back Offices Building 4
10.0.55.0/24
\\120314VMWU1201.imcu.local<file:///\\120314VMWU1201.imcu.local>
Southside Production
10.0.9.0/24
\\120515240#NQ09.imcu.local<file:///\\120515240%23NQ09.imcu.local>
Southside Boundary Group
10.0.90.0/24
\\120615VMBR0401.imcu.local<file:///\\120615VMBR0401.imcu.local>
Westside Boundary Group
10.0.95.0/24
\\120615VMBR0401.imcu.local<file:///\\120615VMBR0401.imcu.local>
Westside DR Boundary Group
With this set up there are 0 overlapping boundaries. (Overlapping boundaries
can cause unpredictable results with automatic site assignment.)
Each Boundary Group has a Boundary and Site assignment associated with it.
The following are the Boundary Groups configured in the Primary Site:
Boundary Group Assigned Site
System Server Speed
10.0.1.1-10.0.0.254 \\12051601VV801.imcu.local
SC1 Fast
10.0.10.1-10.0.0.254
\\120615VMBR0401.imcu.local<file:///\\120615VMBR0401.imcu.local>
SC1 Fast
10.0.100.1-10.0.0.254 \\1206154O031605.imcu.local SC1
Fast
10.0.110.1-10.0.0.254 \\120615O8072306.imcu.local SC1
Fast
10.0.120.1-10.0.0.254 \\12061525008V507.imcu.local SC1
Fast
10.0.130.1-10.0.0.254 \\1206151600WW08.imcu.local SC1
Fast
10.0.140.1-10.0.0.254 \\1206154802D610.imcu.local SC1
Fast
10.0.150.1-10.0.0.254 \\12061505O26211.imcu.local SC1
Fast
10.0.160.1-10.0.0.254 \\12061515021R12.imcu.local SC1
Fast
10.0.170.1-10.0.0.254 \\120615402MBB13.imcu.local SC1
Fast
10.0.180.1-10.0.0.254 \\1206150400CW14.imcu.local SC1
Fast
10.0.190.1-10.0.0.254 \\1206152403MC15.imcu.local SC1
Fast
10.0.2.1-10.0.0.254 \\12061548037W02.imcu.local SC1
Fast
10.0.200.1-10.0.0.254 \\120615160RLY16.imcu.local SC1
Fast
10.0.220.1-10.0.0.254 \\1206154306HW19.imcu.local SC1
Fast
10.0.23.1-10.0.0.254 \\120615210B0926.imcu.local
SC1 Fast
10.0.250.1-10.0.0.254 \\12121470B3M22.imcu.local SC1
Fast
10.0.3.1-10.0.0.254 \\1206151109A603.imcu.local
SC1 Fast
10.0.31.1-10.0.0.254 \\1212142402WD31.imcu.local SC1
Fast
10.0.32.1-10.0.0.254 \\1205151406RZ32.imcu.local
SC1 Fast
10.0.33.1-10.0.0.254 \\12061523O61033.imcu.local SC1
Fast
10.0.34.1-10.0.0.254 \\1206152403MX34.imcu.local SC1
Fast
10.0.35.1-10.0.0.254 \\12061510022F35.imcu.local
SC1 Fast
10.0.50.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.51.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.52.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.53.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.54.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.55.1-10.0.0.254 \\120314VMWU1201.imcu.local SC1
Fast
10.0.9.1-10.0.0.254 \\120515240#NQ09.imcu.local SC1
Fast
10.0.90.1-10.0.0.254 \\120615VMBR0401.imcu.local SC1
Fast
10.0.95.1-10.0.0.254
\\120615VMBR0401.imcu.local<file:///\\120615VMBR0401.imcu.local>
SC1 Fast
The Primary Site has a connector with the Exchange Servers of the Credit Union.
This connector has limited management of the devices it finds connected to
Exchange but does get up to date accountability of all devices that either are
connected or have been connected with Users accounts.
Currently there is no Database replication from the Primary Site to any other
site. There are no other sites configured at this time.
The Primary Site is only configured with one Active Directory site, IMCU.LOCAL.
The Primary Site does not have connections or configurations with any Cloud
Services at this time.
The Primary Site name is SC1. The following are configured on the Primary Site:
Wake on LAN is enabled to use wake-up packets only in
Subnet-directed broadcasts
Ports used are TCP:80,443,445,8530,8531,135,10123 and
UDP:9,135,63000-64000
Maximum concurrent connections 25 to all sites and 5 retries
with 5 minutes delay
This Site is published to the IMCU.LOCAL Active Directory.
Clients can connect either HTTP or HTTPS and are not required
client certificates but do check a certificate revocation list (CRL) for all
site systems.
Disk space Warning alerts are Generated when space falls below
10GB and Critical alerts when
below 3GB.
Collections sizes are limited to 100 and deployments are blocked if a Site
System is included in the collection of selected deployment.
No Signing or Encrypting is enabled at this time.
Each branch has 2 SCCM roles installed to make them Distribution Points. (All
sites regardless of network connectivity or function have the same settings.)
The configurations of the Distribution Groups are below:
BranchCache is disabled at this time.
Clients connect over HTTP traffic.
Create self-signed certificate is enabled.
PXE is disabled in the branches at this time.
Multicast is disabled in the branches at this time.
Group Relationships is set to All Branches at this time.
Content is set with predetermined Packages.
(Currently Package ID SC100028 and SC10002D)
Content validation is set to run Saturdays at 7:00 pm. with the
lowest priority.
Boundary Groups are set per the IP range of the branch and
Allow fallback is not enabled.
Schedule it set to as below:
[cid:[email protected]]
Rate limits are set to data blocks of 3KB pulsed in 5 second
intervals.
Pull Distribution Points are not enabled.
David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190 | F: 317.554.8106
[Description: imcu email icon]<http://imcu.com/> [Description: facebook email
icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email
icon] <https://twitter.com/IndMembersCU>
[Description: email logo]
[mcp2]
This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of
the named recipient(s) or otherwise have reason to believe that you have
received this message in error, please notify the sender and delete this
message immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited.
Please consider the environment before printing this email.
