Thanks Troy - yup this is the plan. Question - should I implement PKI before building out the two servers in the DMZ? Does it matter? Thanks,Brian
From: [email protected] To: [email protected] Subject: RE: [mssms] DMZ CM servers Date: Thu, 6 Feb 2014 18:03:04 +0000 For security reasons, I would strongly consider splitting the site roles across multiple servers…based upon the type of protocol used to communicate with IIS: · All HTTP-enabled roles on Server A o FSP o PKI CRL-DP (Note: this is not a ConfigMgr site role. However, it is required if you the site is configured with CRL Checking enabled (and you absolutely should if you want the best security scenario J) · All HTTPS-enabled roles on Server B o DP o MP o SUP Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 (678) 898-6147 UK Mobile : +44 782 655 0296 [email protected] | www.1e.com Facebook | Twitter | YouTube | Blogs | RSS Please consider the environment before printing this e-mail From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Thursday, February 6, 2014 3:27 PM To: [email protected] Subject: [mssms] DMZ CM servers I'm going to be building two servers in the DMZ to support IBCM. One server will host FSP and the CRL website. I'm going to have another server that will have Software Update Point, Management Point and Distribution Point roles. Would these servers be best served with Client or Server OS? I don't have a need for PXE booting to these servers, so not sure why I wouldn't just throw Windows 7 or Windows 8.1 on these two machines. Unless there are other requirements I am overlooking. Thanks everyone, Brian DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of this email address. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
