We are currently using one of those published options requiring "fewer servers". If I had it to do over again (and I may get that opportunity this year), I would probably choose Troy's recommendation of Scenario 3.
On Sat, Feb 1, 2014 at 3:45 AM, Troy Martin <troy.mar...@1e.com> wrote: > ...there are several > options<http://technet.microsoft.com/en-us/library/bb693824.aspx>to consider, > with - I believe - Scenario > 3 with SQL Server > Replica<http://technet.microsoft.com/en-us/library/bb694250.aspx>being the > most secure and the one I've successfully implemented at several > customers. > > > > Don't worry about the documentation being for ConfigMgr 2007...everything > still applies to 2012. > > > > Microsoft did not include the IBCM supported scenarios documentation in > 2012. > > > > *Troy L. Martin* | Principal Consultant > > *1E | Empowering Efficient IT* > > US Mobile: +1 (678) 898-6147 > > UK Mobile : +44 782 655 0296 > > troy.mar...@1e.com | www.1e.com > > > > Facebook <http://www.facebook.com/1eglobal> | > Twitter<https://twitter.com/1e_global/>| > YouTube <http://www.youtube.com/1enews> | Blogs <http://blogs.1e.com/> | > RSS <http://blogs.1e.com/index.php/feed/> > > Please consider the environment before printing this e-mail > > > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *Brian McDonald > *Sent:* Friday, January 31, 2014 10:36 PM > > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] SCCM 2012, PKI and ICBM > > > > So, it's official. The decision has been made PKI and ICBM. :( > > I have two domains. 1 internal Domain ABC.domain and 1 DMZ ABC0.domain. > > The requirement is to be able to leverage PKI and ICBM for internet > clients. > > Therefore, my requirements would be: > > 1) PKI Infrastructure > 2) Would I absolutely have to have a Standalone DP in my DMZ? I do not > have any workgroup clients in the DMZ? > > Seems to me there would be another way or methods to accomplish this w/o > having to install a DP in the DMZ. Please correct me if I'm wrong. > Thanks, > > Brian > > ------------------------------ > > From: t3chn...@hotmail.com > To: mssms@lists.myitforum.com > Subject: RE: [mssms] SCCM 2012, PKI and ICBM > Date: Sun, 26 Jan 2014 13:32:01 -0700 > > Another good resource that I keep on hand ... > > > > > http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx > > > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Brian McDonald > *Sent:* Friday, January 24, 2014 8:05 AM > *To:* mssms@lists.myitforum.com > *Subject:* RE: [mssms] SCCM 2012, PKI and ICBM > > > > Discussing this with my counterpart now. > > > > No, we do not have a PKI infrastructure. I came across this recently. > There may be other sources out there but this does seem fairly straight > forward. > > > > > http://blogs.msdn.com/b/scstr/archive/2012/05/31/step_2d00_by_2d00_step_2d00_example_2d00_deployment_2d00_of_2d00_the_2d00_pki_2d00_certificates_2d00_for_2d00_configuration_2d00_manager_2d00_2012_2d00_windows_2d00_server_2d00_2008.aspx > > > > I'm entirely new to PKI, so any direction would be nice. > > > > Thanks, > > > Brian > ------------------------------ > > From: eric.morri...@hotmail.com > To: mssms@lists.myitforum.com > Subject: RE: [mssms] SCCM 2012, PKI and ICBM > Date: Wed, 22 Jan 2014 09:29:09 -0600 > > Setting up IBCM in 2012 is a breeze compared to the 2007 days. > > > > I've configured IBCM in both versions and as long as you have basic PKI > understanding, you shouldn't have too many roadblocks. > > > > In the environment you are going to use to set it up, do you already have > PKI setup with machine certificates deployed, specifically workstations to > be managed over the internet? You'll also need to either stand up a new > site system server in your DMZ, or have the ports reverse proxy to your > primary site server. If you're going to do Software Distribution, Software > Updates, and App Catalog, then you'll need to make sure those roles are > setup as HTTPS and the appropriate web server cert in IIS and make sure the > roles allow intranet and internet. After that it's just a matter of making > sure the clients have the public fqdn configured for IBCM and that the > firewall ports are open. > > > > Now, if DA is the option like so many suggested, definitely go that route... > J > > > > Thanks, > > > > Eric Morrison > > > > *From:* listsad...@lists.myitforum.com [ > mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On > Behalf Of *Brian McDonald > *Sent:* Tuesday, January 21, 2014 2:52 PM > *To:* mssms@lists.myitforum.com; mssms@lists.myitforum.com > *Subject:* [mssms] SCCM 2012, PKI and ICBM > > > > Hey everyone, > > > > Just out of curiosity, how many hours would you estimate it would take to > setup a PKI infrastructure and ICBM for SCCM 2012 R2? My boss has asked me > to implement and I have no idea what to guestimate for hours. Looking for > someone who has experience with implementing both PKI and ICBM that might > be able to give me a rough idea of how many hours this would take. From > what I've read ICBM is complex to setup, but that was back in CM07. Not > sure how much has changed with CM12. > > > > Thanks, > > > Brian > > > > > > > > > > > > ------------------------------ > > > DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary > user of this email address. If you are not the intended recipient, please > delete without copying and kindly advise us by e-mail of the mistake in > delivery. NOTE: Regardless of content, this e-mail shall not operate to > bind 1E to any order or other contract unless pursuant to explicit written > agreement or government initiative expressly permitting the use of e-mail > for such purpose. > >