RE: [mssms] Current Branch (1606hf1) and the cloud
Technically, that would work, but I concur, simply forwarding the traffic, particularly to the primary site server, would be bad joo-joos. You would certainly want to reverse proxy it or at least only forward traffic to a separate site system hosting the MP, DP, and SUP roles where this site system is tightly controlled and well locked down. J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Jones Sent: Tuesday, September 20, 2016 6:32 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] Current Branch (1606hf1) and the cloud It was suggested to just put a rule in the netscaler to point the outside requests straight to the primary. That probably makes a security risk. Thanks for the reply Jason. On Mon, Sep 19, 2016 at 10:18 AM, Jason Sandys mailto:ja...@sandys.us>> wrote: They don’t have to be straight outside. You can reverse proxy them (client traffic is just HTTPS traffic after all) and/or put these site systems in the DMZ – many folks do both. As of CB, you could also host the site system in Azure IaaS (or another cloud provider’s IaaS although that won’t strictly be a supported configuration). This would also require a VPN or ExpressRoute to Azure (or the equivalent to another provider if you go down that route). Hopefully in 1610, you’ll be able to use a cloud proxy point in Azure which won’t require IaaS at all – it’ll be just another role in ConfigMgr (somewhat similar to the cloud DP). DirectAccess is another choice here as well as it simply provides a path for all external clients to get to your existing site systems. J From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of David Jones Sent: Monday, September 19, 2016 8:35 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] Current Branch (1606hf1) and the cloud I have never had an Internet facing MP/DP and I won't get one working here because they just won't put anything straight outside. So what are my options to get both MP/DP/App Catalog functions going just for PC's?
Re: [mssms] Current Branch (1606hf1) and the cloud
It was suggested to just put a rule in the netscaler to point the outside requests straight to the primary. That probably makes a security risk. Thanks for the reply Jason. On Mon, Sep 19, 2016 at 10:18 AM, Jason Sandys wrote: > They don’t have to be straight outside. You can reverse proxy them (client > traffic is just HTTPS traffic after all) and/or put these site systems in > the DMZ – many folks do both. > > > > As of CB, you could also host the site system in Azure IaaS (or another > cloud provider’s IaaS although that won’t strictly be a supported > configuration). This would also require a VPN or ExpressRoute to Azure (or > the equivalent to another provider if you go down that route). > > > > Hopefully in 1610, you’ll be able to use a cloud proxy point in Azure > which won’t require IaaS at all – it’ll be just another role in ConfigMgr > (somewhat similar to the cloud DP). > > > > DirectAccess is another choice here as well as it simply provides a path > for all external clients to get to your existing site systems. > > > > J > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *David Jones > *Sent:* Monday, September 19, 2016 8:35 AM > *To:* mssms@lists.myitforum.com > *Subject:* [mssms] Current Branch (1606hf1) and the cloud > > > > I have never had an Internet facing MP/DP and I won't get one working here > because they just won't put anything straight outside. So what are my > options to get both MP/DP/App Catalog functions going just for PC's? > > > >
RE: [mssms] Current Branch (1606hf1) and the cloud
They don’t have to be straight outside. You can reverse proxy them (client traffic is just HTTPS traffic after all) and/or put these site systems in the DMZ – many folks do both. As of CB, you could also host the site system in Azure IaaS (or another cloud provider’s IaaS although that won’t strictly be a supported configuration). This would also require a VPN or ExpressRoute to Azure (or the equivalent to another provider if you go down that route). Hopefully in 1610, you’ll be able to use a cloud proxy point in Azure which won’t require IaaS at all – it’ll be just another role in ConfigMgr (somewhat similar to the cloud DP). DirectAccess is another choice here as well as it simply provides a path for all external clients to get to your existing site systems. J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Jones Sent: Monday, September 19, 2016 8:35 AM To: mssms@lists.myitforum.com Subject: [mssms] Current Branch (1606hf1) and the cloud I have never had an Internet facing MP/DP and I won't get one working here because they just won't put anything straight outside. So what are my options to get both MP/DP/App Catalog functions going just for PC's?
[mssms] Current Branch (1606hf1) and the cloud
I have never had an Internet facing MP/DP and I won't get one working here because they just won't put anything straight outside. So what are my options to get both MP/DP/App Catalog functions going just for PC's?
