Now that I’ve brought this up, our Microsoft rep agrees and is suggesting a 
separate domain be added into our DMZ.  Is that generally what you’ve seen?

I would imagine you would have mentioned it or the article would have.

From: [] On 
Behalf Of Jason Sandys
Sent: November-30-16 4:47 PM
Subject: [mssms] RE: Current Branch - Internet Based CLients - Internet facing 
Site Server Need to be on domain?

The below is correct, current, and applicable to ConfigMgr CB: it must be 
domain joined. I’ve heard of this being side-stepped through some creative 
work, but that wouldn’t be supported (or advisable IMO).


[] On Behalf Of Burke, John
Sent: Wednesday, November 30, 2016 1:45 PM
Subject: [mssms] Current Branch - Internet Based CLients - Internet facing Site 
Server Need to be on domain?


We are setting this up now and it’s in a dmz and a workgroup.  I happened to 
read this via this link.  Hoping it’s not the case.
It’s Couple years old, and is Configmgr 2012 but I thought recalled something 
somewhere. I’m guessing Reza would be able to answer this off the top of his 
head. I’m sure he would have let us know if a workgroup wouldn’t work.  Feel 
free to ignore if this isn’t applicable now.

Before going through these steps, there are a few important prerequisites that 
should be in place:

  *   Site systems for Internet-based client management must have connectivity 
to the Internet and must be in an Active Directory domain.
  *   A supporting public key infrastructure (PKI) has to be in place, that can 
deploy and manage the certificates that the clients require and that are 
managed on the Internet and the Internet-based site system servers.
  *   The Internet fully qualified domain name (FQDN) of site systems that 
support Internet-based client management must be registered as host entries on 
public DNS servers.

Reply via email to