Helpful ReplyAdvice needed: deploying SCCM in multi-domain and multi-enterprise environment

Author
Muug
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 2450
  • Joined: 2014/01/24 06:01:42
  • Status: offline
2014/01/24 06:26:34 (permalink)
0

Advice needed: deploying SCCM in multi-domain and multi-enterprise environment

Hi,
my name is Paul. I'm an employee in a relatively small enterprise (about 700 persons), let's call it Comp-A. My collegue and me are about to make up an SCCM hierarchy for our enterprise. We need to present it next week, which is a bit short, alas. And here are things getting complicated. I'll explain our situation. SCCM will we used to deploy pc's, servers and mobile devices for ourselves. Comp-A consists of three buildings in one city and two sattelites in two other cities. Bandwidth is no problem, we have enough fibers. So Comp-A could do with one primary site and no CAS. BUT.
There is also Comp-B, about 1400 employees, this company has her own domain and her own buildings. It is totally independent. But the firewalls between Comp-A and B are wide open, due to policital reasons. We are twins.
There is also Comp-C, about 120 employees. It's the same scenario: it's a seperate company but the firewalls are wide open. So we aren't twins, we are three !
Next, we have Comp-D and Comp-E. For those two we deliver pc's and their configurations and updates etc.
You get the picture, Comp-A is what you could call a "service provider" for the other companies. We live in some kind of symbiose with them.
Now, knowing all this, how would you organise SCCM? CAS/no CAS? SQL remote or local? Primary site in every Comp or not?And what about redundancy and high availability? We do have a huge data center with hundreds of virtual servers, fibers everywhere, a SAN, so resources are no problem.
post edited by Muug - 2014/01/24 07:31:00
#1
npherson
Expert Member
  • Total Posts : 408
  • Scores: 61
  • Reward points: 84850
  • Joined: 2009/08/19 13:13:36
  • Location: Saint Paul, Minnesota
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/01/26 14:09:26 (permalink)
0
Since corp A, B, and C all have network connectivity, you can handle them with a single primary just fine. If D and E don't have network connectivity, you can handle them as internet clients.
 
The only technical reason to have a CAS is if you have more than 100,000 clients.
 
 
I hope that helps,
 
 
Nash
 

See my blog posts on MyITforum:
http://myitforum.com/myitforumwp/author/npherson
#2
Muug
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 2450
  • Joined: 2014/01/24 06:01:42
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/01/27 03:03:07 (permalink)
0
Hi, so multiple domains can be handled within one single Primary Site? That's an interesting thought. So we could have one primary site in corpA, and then put distribution and management points at corpB, C, D and E ? (just to have them as close as possibel to the clients)
#3
npherson
Expert Member
  • Total Posts : 408
  • Scores: 61
  • Reward points: 84850
  • Joined: 2009/08/19 13:13:36
  • Location: Saint Paul, Minnesota
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/01/28 09:59:10 (permalink)
0
Yes.  The easiest thing to do would be to have the clients from those domains communicate with site system roles in the Corp A domain, especially when those other domains have full two-way trusts.  It is supported to have site system roles in other untrusted forests (DP, MP), but it difficult and cumbersome.
 
http://technet.microsoft.com/en-ca/library/gg712701.aspx#Plan_Com_X_Forest
http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx

I hope that helps,
 
 
Nash
post edited by npherson - 2014/01/28 10:02:42

See my blog posts on MyITforum:
http://myitforum.com/myitforumwp/author/npherson
#4
Muug
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 2450
  • Joined: 2014/01/24 06:01:42
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/01/28 10:21:24 (permalink)
0
Thanks for your reply Nash.
Unfortunately the trust between CorpA and B has been removed a few years ago. Some people thought it wasnt' secure enough. Duh. So that complicates things a lot.
Meanwhile, management over here asked us to implement a POC, and only for a few teams in Corp A. So all in all that's a good decision. We'll be implementing nothing but one PS, using SQL Express locally. That'll give us time to understand SCCM and discover it's benefits. It'll give us a better understanding of the possible scenario's because in the not so far away future, we'll be using SCCM for those other Corps, that's for sure.
#5
Muug
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 2450
  • Joined: 2014/01/24 06:01:42
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/07/03 03:05:08 (permalink)
0
In the mean time I've been able to talk with the network guys. They explained the topology. There seems to be an extranet which is the back bone where all the client networks connect to. Also connected to this backbone is the management network. This network collects lots of management servers. So this is where the PS will have to reside. One PS will do because you confirmed that I can manage several domains on one PS. There are no 2-way trusts so I will have to install a DP and an MP in every network and communication with those will have to be in https. That's how far I am right now. A CAS doesn't seem necessary for now.
While reading here and there, I'm beginning to understand that the next big issue will be the definition of the boundaries and how to organise the discovery...
To be continued.
#6
woundeddove09
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 100
  • Joined: 2014/07/03 11:46:55
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/07/03 12:06:15 (permalink) ☄ Helpful
0
Hi there
 
 i dont seem to see a problem there in you setting up boundaries since you are setting up DPs in every site for communication as well as configuring discovery. according to how you set up your Dps it shouldnt be a problem for you to setup your clients to report to those same MPs you would have defined.
 
discovery you can set up that it discovers domain specifics then you are rocking.
 
hope this helps :)
 
#7
Muug
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 2450
  • Joined: 2014/01/24 06:01:42
  • Status: offline
Re:Advice needed: deploying SCCM in multi-domain and multi-enterprise environment 2014/07/08 03:04:40 (permalink)
0
I'm reading and learning about discovery methods and boundaries right now and I have a question. If the PS is in the management network, and the AD is in the other network, and there is no 2-way trust in between, is AD discovery (system/user/group) possible then? Because the book (it's the 10747C course manual) describes (among other methods) AD Discovery, with automatic creation of boundaries, based on what it finds in the AD.

Know what you know, and don't know what you don't know...
#8
Jump to:
© 2018 APG vNext Commercial Version 5.5