We are looking at putting IBCM into production into the near future and I have two questions.
The first involves communication. Our production environment has 3 MP's. I know that as you phase IBCM in that you should set them to both HTTP and HTTPS, and that the client will choose HTTPS first if it's available. Eventually I'd like to set all three to HTTPS only. My question is, I still want the clients to take advantage of intranet only communications while on the LAN (full SCCM features). I am assuming that when the client comes online, if it finds its IP in the normal boundaries, it assumes Intranet. In my test lab with a single MP and it set to HTTPs only, I noticed that the connection type is "Currently intranet" so I assume that's what it means. So if a client then comes in from the Internet, it will see its IP is not in a boundary and switch its connection to Internet (limited set of features). Does this make sense and is it correct? My second question is really about PKI and SCCM in general. I have been reading over some blog articles and the Technet pages on this, but just wondered if anyone had any links they can swear by. I know a little about PKI and I am not our PKI admin (we do have an Enterprise CA). I would like to understand a bit more about the passing of the certs, how they are used by SCCM, etc. Any additional insights are appreciated. Thanks! Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State
