RE: [mssms] SCCM 2012, PKI and ICBM

[Dzikowski, Michael]

Correct me if I am wrong, but I don't think we can run the Intune client and 
ConfigMgr client side by side on one system.


Michael Dzikowski
Senior Systems Engineer |  Ally Technical Infrastructure - Windows Hosting
[cid:image002.gif@01CDF887.776259A0]

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian McDonald
Sent: Friday, January 24, 2014 10:08 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM 2012, PKI and ICBM

What about Windows Intune fitting into the discussion as a possible solution? 
This would get us what we need (Patch Deployment, Compliance Management, 
Software Deployment). This gives us the same ability to manage internet clients 
all from a single pane in CM12.
________________________________
From: mcdonald...@hotmail.com<mailto:mcdonald...@hotmail.com>
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] SCCM 2012, PKI and ICBM
Date: Fri, 24 Jan 2014 09:04:55 -0600
Discussing this with my counterpart now.

No, we do not have a PKI infrastructure. I came across this recently. There may 
be other sources out there but this does seem fairly straight forward.

http://blogs.msdn.com/b/scstr/archive/2012/05/31/step_2d00_by_2d00_step_2d00_example_2d00_deployment_2d00_of_2d00_the_2d00_pki_2d00_certificates_2d00_for_2d00_configuration_2d00_manager_2d00_2012_2d00_windows_2d00_server_2d00_2008.aspx

I'm entirely new to PKI, so any direction would be nice.

Thanks,

Brian
________________________________
From: eric.morri...@hotmail.com<mailto:eric.morri...@hotmail.com>
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] SCCM 2012, PKI and ICBM
Date: Wed, 22 Jan 2014 09:29:09 -0600
Setting up IBCM in 2012 is a breeze compared to the 2007 days.

I've configured IBCM in both versions and as long as you have basic PKI 
understanding, you shouldn't have too many roadblocks.

In the environment you are going to use to set it up, do you already have PKI 
setup with machine certificates deployed, specifically workstations to be 
managed over the internet? You'll also need to either stand up a new site 
system server in your DMZ, or have the ports reverse proxy to your primary site 
server. If you're going to do Software Distribution, Software Updates, and App 
Catalog, then you'll need to make sure those roles are setup as HTTPS and the 
appropriate web server cert in IIS and make sure the roles allow intranet and 
internet. After that it's just a matter of making sure the clients have the 
public fqdn configured for IBCM and that the firewall ports are open.

Now, if DA is the option like so many suggested, definitely go that route... :)

Thanks,

Eric Morrison

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald
Sent: Tuesday, January 21, 2014 2:52 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>; 
mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] SCCM 2012, PKI and ICBM

Hey everyone,

Just out of curiosity, how many hours would you estimate it would take to setup 
a PKI infrastructure and ICBM for SCCM 2012 R2? My boss has asked me to 
implement and I have no idea what to guestimate for hours. Looking for someone 
who has experience with implementing both PKI and ICBM that might be able to 
give me a rough idea of how many hours this would take. From what I've read 
ICBM is complex to setup, but that was back in CM07. Not sure how much has 
changed with CM12.

Thanks,

Brian

<<inline: image001.png>>