I mentioned most of them. As long as the SCCM client can resolve the MP and DP and the ACLs are open, it's pretty bulletproof. The main hang-up for most SCCM admins that see our site is the fact that we can't remotely connect to our clients. If a client is doing something stupid or stops reporting, it's more difficult to go fix it.
Thanks, James Massardo From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Monday, February 29, 2016 12:56 PM To: [email protected] Subject: [mssms] Re: SCCM in a multi-tenant environment The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Awesome..appreciate the responses from everyone! [😊] What are key the technical challenges with making this happen? You mentioned DNS. I'm curious what other things should be considered. Thanks, Brian M. ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of James Massardo <[email protected]<mailto:[email protected]>> Sent: Wednesday, February 24, 2016 11:51 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: SCCM in a multi-tenant environment We have zero trust between our tenants. It does work. We're managing over 10,000 systems in over 40 domains. It's really not that difficult but it does take some work. DNS must work both directions to start. You have to manually add the SRV records in each domain. You'll need an account in each domain to be able to do discoveries. All of our SCCM infrastructure lives in a different domain than the tenants. As long as the clients have 80 TCP open to the MPs and DPs and 8530 TCP open to the SUP, they shouldn't have any problems connecting. The main challenge for us is allowing tenant access to the console/reporting servers since they are in different domains. Thanks, James Massardo From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Wednesday, February 24, 2016 9:27 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: SCCM in a multi-tenant environment The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. What others have tried was a cloud hosted ConfigMgr environment to support SMB's etc. That's just not feasible when all the organizations are in different domains, have no connectivity etc. In a corporate environment where everyone is well connected and there are trusts in-place etc. management should always be centralized. ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [MVP] <https://mvp.microsoft.com/en-us/overview> [MMS] <http://mmsmoa.com/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Tuesday, February 23, 2016 4:08 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Re: SCCM in a multi-tenant environment This is exactly what is happening. One part of the organization wants to become essentially a service provider for multiple "agencies" using ConfigMgr. But, this is their design, not mine. What issues have folks run into with this that you are aware of? ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Marcum, John <[email protected]<mailto:[email protected]>> Sent: Tuesday, February 23, 2016 9:49 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: SCCM in a multi-tenant environment That helps... Typically when I see someone ask about multi-tenant they are trying to be a service provider for multiple companies using CM. I don't think anyone has ever made that work. This is pretty simple actually... When you migrate over to their domain you are at their mercy. If they continue to allow you to work on CM they will grant you permissions to do so and you will do that at the CAS. ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Tuesday, February 23, 2016 9:28 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Re: SCCM in a multi-tenant environment We are merging multiple domains into 1. So, we will ultimately be tenants with a handful of OUs in THEIR domain. I have SCCM Primary Site in my current domain. The domain we are migrating into has a CAS and some Primaries. ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Marcum, John <[email protected]<mailto:[email protected]>> Sent: Tuesday, February 23, 2016 9:20 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: SCCM in a multi-tenant environment What exactly are you trying to accomplish? ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Tuesday, February 23, 2016 9:10 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] SCCM in a multi-tenant environment Good morning, Can anyone point me to some info running SCCM in a multi-tenant environment scenario? Thanks, Brian ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
