I would like to come up with a design for SCCM 2012 as I think it is a good time to migrate from SCCM 2007. I am planning to do it on Server 2012 and SQL 2012.
I have a management forest, and multiple forest’s below this with only a one way trust (the management forest does not trust anything).
I currently run SCCM 2007 and have a Central Site with Primary Sites nested below this. Sincethis is not supported in 2012 and the Primary Site with Secondary Sites nested below is not supported across untrusted domains I have hit a snag and want to make sure my design will work.
From what I read, we do not have near enough servers to manage to require a CAS, although this is the case would our inter forest environment require a CAS to manage multiple un-trusted forests?
I was thinking of installing a primary site and then installing management roles on a server in each forest that we will be managing. Would that be a good start? Please keep in mind that we would also like to integrate Forefront Endpoint Protection into this design. With this design, would I need a SQL server in each of the domains?
I am also wondering if the following site roles would be enough for a management server in each forest? Management Point Distribution Point Software Update Point
I would greatly appreciate your help as I don’t want to implement a flawed design
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
SCCM 2012 Design Considerations – Inter Forest management with one way trust
in Configuration Manager 2012
Posted
Hi Gurus ,
I would like to come up with a design for SCCM 2012 as I think it is a good time to migrate from SCCM 2007. I am planning to do it on Server 2012 and SQL 2012.
I have a management forest, and multiple forest’s below this with only a one way trust (the management forest does not trust anything).
I currently run SCCM 2007 and have a Central Site with Primary Sites nested below this. Sincethis is not supported in 2012 and the Primary Site with Secondary Sites nested below is not supported across untrusted domains I have hit a snag and want to make sure my design will work.
From what I read, we do not have near enough servers to manage to require a CAS, although this is the case would our inter forest environment require a CAS to manage multiple un-trusted forests?
I was thinking of installing a primary site and then installing management roles on a server in each forest that we will be managing. Would that be a good start? Please keep in mind that we would also like to integrate Forefront Endpoint Protection into this design. With this design, would I need a SQL server in each of the domains?
I am also wondering if the following site roles would be enough for a management server in each forest?
Management Point
Distribution Point
Software Update Point
I would greatly appreciate your help as I don’t want to implement a flawed design