What is the recommended config something like this or are there other possible solutions?
Brian Sent from my iPhone > On Jan 31, 2014, at 5:40 PM, "Benjamin Monrad" <[email protected]> wrote: > > You could place TMG in the DMZ and use that to proxy client traffic to an > MP/DP/SUP on an internal network. > > >> On Fri, Jan 31, 2014 at 2:36 PM, Brian McDonald <[email protected]> >> wrote: >> So, it's official. The decision has been made PKI and ICBM. :( >> >> I have two domains. 1 internal Domain ABC.domain and 1 DMZ ABC0.domain. >> >> The requirement is to be able to leverage PKI and ICBM for internet clients. >> >> Therefore, my requirements would be: >> >> 1) PKI Infrastructure >> 2) Would I absolutely have to have a Standalone DP in my DMZ? I do not have >> any workgroup clients in the DMZ? >> >> Seems to me there would be another way or methods to accomplish this w/o >> having to install a DP in the DMZ. Please correct me if I'm wrong. >> Thanks, >> >> Brian >> >> >> From: [email protected] >> >> To: [email protected] >> Subject: RE: [mssms] SCCM 2012, PKI and ICBM >> Date: Sun, 26 Jan 2014 13:32:01 -0700 >> >> >> Another good resource that I keep on hand … >> >> >> >> http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx >> >> >> >> >> >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Brian McDonald >> Sent: Friday, January 24, 2014 8:05 AM >> To: [email protected] >> Subject: RE: [mssms] SCCM 2012, PKI and ICBM >> >> >> >> Discussing this with my counterpart now. >> >> >> >> No, we do not have a PKI infrastructure. I came across this recently. There >> may be other sources out there but this does seem fairly straight forward. >> >> >> >> http://blogs.msdn.com/b/scstr/archive/2012/05/31/step_2d00_by_2d00_step_2d00_example_2d00_deployment_2d00_of_2d00_the_2d00_pki_2d00_certificates_2d00_for_2d00_configuration_2d00_manager_2d00_2012_2d00_windows_2d00_server_2d00_2008.aspx >> >> >> >> I'm entirely new to PKI, so any direction would be nice. >> >> >> >> Thanks, >> >> >> Brian >> >> From: [email protected] >> To: [email protected] >> Subject: RE: [mssms] SCCM 2012, PKI and ICBM >> Date: Wed, 22 Jan 2014 09:29:09 -0600 >> >> Setting up IBCM in 2012 is a breeze compared to the 2007 days. >> >> >> >> I’ve configured IBCM in both versions and as long as you have basic PKI >> understanding, you shouldn’t have too many roadblocks. >> >> >> >> In the environment you are going to use to set it up, do you already have >> PKI setup with machine certificates deployed, specifically workstations to >> be managed over the internet? You’ll also need to either stand up a new site >> system server in your DMZ, or have the ports reverse proxy to your primary >> site server. If you’re going to do Software Distribution, Software Updates, >> and App Catalog, then you’ll need to make sure those roles are setup as >> HTTPS and the appropriate web server cert in IIS and make sure the roles >> allow intranet and internet. After that it’s just a matter of making sure >> the clients have the public fqdn configured for IBCM and that the firewall >> ports are open. >> >> >> >> Now, if DA is the option like so many suggested, definitely go that route… J >> >> >> >> Thanks, >> >> >> >> Eric Morrison >> >> >> >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Brian McDonald >> Sent: Tuesday, January 21, 2014 2:52 PM >> To: [email protected]; [email protected] >> Subject: [mssms] SCCM 2012, PKI and ICBM >> >> >> >> Hey everyone, >> >> >> >> Just out of curiosity, how many hours would you estimate it would take to >> setup a PKI infrastructure and ICBM for SCCM 2012 R2? My boss has asked me >> to implement and I have no idea what to guestimate for hours. Looking for >> someone who has experience with implementing both PKI and ICBM that might be >> able to give me a rough idea of how many hours this would take. From what >> I've read ICBM is complex to setup, but that was back in CM07. Not sure how >> much has changed with CM12. >> >> >> >> Thanks, >> >> >> Brian >> > >
