Now that I’ve brought this up, our Microsoft rep agrees and is suggesting a
separate domain be added into our DMZ. Is that generally what you’ve seen?
I would imagine you would have mentioned it or the article would have.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Jason Sandys
Sent: November-30-16 4:47 PM
Subject: [mssms] RE: Current Branch - Internet Based CLients - Internet facing
Site Server Need to be on domain?
The below is correct, current, and applicable to ConfigMgr CB: it must be
domain joined. I’ve heard of this being side-stepped through some creative
work, but that wouldn’t be supported (or advisable IMO).
[mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John
Sent: Wednesday, November 30, 2016 1:45 PM
Subject: [mssms] Current Branch - Internet Based CLients - Internet facing Site
Server Need to be on domain?
We are setting this up now and it’s in a dmz and a workgroup. I happened to
read this via this link. Hoping it’s not the case.
It’s Couple years old, and is Configmgr 2012 but I thought recalled something
somewhere. I’m guessing Reza would be able to answer this off the top of his
head. I’m sure he would have let us know if a workgroup wouldn’t work. Feel
free to ignore if this isn’t applicable now.
Before going through these steps, there are a few important prerequisites that
should be in place:
* Site systems for Internet-based client management must have connectivity
to the Internet and must be in an Active Directory domain.
* A supporting public key infrastructure (PKI) has to be in place, that can
deploy and manage the certificates that the clients require and that are
managed on the Internet and the Internet-based site system servers.
* The Internet fully qualified domain name (FQDN) of site systems that
support Internet-based client management must be registered as host entries on
public DNS servers.