You could place TMG in the DMZ and use that to proxy client traffic to an MP/DP/SUP on an internal network.
On Fri, Jan 31, 2014 at 2:36 PM, Brian McDonald <[email protected]>wrote: > So, it's official. The decision has been made PKI and ICBM. :( > > I have two domains. 1 internal Domain ABC.domain and 1 DMZ ABC0.domain. > > The requirement is to be able to leverage PKI and ICBM for internet > clients. > > Therefore, my requirements would be: > > 1) PKI Infrastructure > 2) Would I absolutely have to have a Standalone DP in my DMZ? I do not > have any workgroup clients in the DMZ? > > Seems to me there would be another way or methods to accomplish this w/o > having to install a DP in the DMZ. Please correct me if I'm wrong. > Thanks, > > Brian > > > ------------------------------ > From: [email protected] > > To: [email protected] > Subject: RE: [mssms] SCCM 2012, PKI and ICBM > Date: Sun, 26 Jan 2014 13:32:01 -0700 > > > Another good resource that I keep on hand ... > > > > > http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Brian McDonald > *Sent:* Friday, January 24, 2014 8:05 AM > *To:* [email protected] > *Subject:* RE: [mssms] SCCM 2012, PKI and ICBM > > > > Discussing this with my counterpart now. > > > > No, we do not have a PKI infrastructure. I came across this recently. > There may be other sources out there but this does seem fairly straight > forward. > > > > > http://blogs.msdn.com/b/scstr/archive/2012/05/31/step_2d00_by_2d00_step_2d00_example_2d00_deployment_2d00_of_2d00_the_2d00_pki_2d00_certificates_2d00_for_2d00_configuration_2d00_manager_2d00_2012_2d00_windows_2d00_server_2d00_2008.aspx > > > > I'm entirely new to PKI, so any direction would be nice. > > > > Thanks, > > > Brian > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [mssms] SCCM 2012, PKI and ICBM > Date: Wed, 22 Jan 2014 09:29:09 -0600 > > Setting up IBCM in 2012 is a breeze compared to the 2007 days. > > > > I've configured IBCM in both versions and as long as you have basic PKI > understanding, you shouldn't have too many roadblocks. > > > > In the environment you are going to use to set it up, do you already have > PKI setup with machine certificates deployed, specifically workstations to > be managed over the internet? You'll also need to either stand up a new > site system server in your DMZ, or have the ports reverse proxy to your > primary site server. If you're going to do Software Distribution, Software > Updates, and App Catalog, then you'll need to make sure those roles are > setup as HTTPS and the appropriate web server cert in IIS and make sure the > roles allow intranet and internet. After that it's just a matter of making > sure the clients have the public fqdn configured for IBCM and that the > firewall ports are open. > > > > Now, if DA is the option like so many suggested, definitely go that route... > J > > > > Thanks, > > > > Eric Morrison > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Brian McDonald > *Sent:* Tuesday, January 21, 2014 2:52 PM > *To:* [email protected]; [email protected] > *Subject:* [mssms] SCCM 2012, PKI and ICBM > > > > Hey everyone, > > > > Just out of curiosity, how many hours would you estimate it would take to > setup a PKI infrastructure and ICBM for SCCM 2012 R2? My boss has asked me > to implement and I have no idea what to guestimate for hours. Looking for > someone who has experience with implementing both PKI and ICBM that might > be able to give me a rough idea of how many hours this would take. From > what I've read ICBM is complex to setup, but that was back in CM07. Not > sure how much has changed with CM12. > > > > Thanks, > > > Brian > > > > > > > > >
