Hello all,
I posted something on Techent Forums regarding Multi-forest, one way trust with DMZ scenario for SCCM 2012 and I hope that someone can answer it here or there:
http://social.technet.microsoft.com/Forums/en-US/configmanagergeneral/thread/0a1f4ea2-1751-4370-add2-9dadbe6256a9
Bottom line is that:
We have 150 machines (50 offices, 1-3 clients per office) joined to DomainB (ForestB)
We used to have totally separate SCCM 2007 Infrastructure but we want to manage them via a single SCCM 2012 Primary site used by the main domainA (ForestA)
Security team doesn't allow any direct traffic from the PRI Server (in DataCenter) to the clients (DomainB), vice versa but does allow through DMZ hosted servers.
We are thinking about doing Option3 described on the following awesome blog by placing DomainB joined server (with DP, MP and SUP, ACWP) on DMZ: http://blogs.technet.com/b/neilp/archive/2012/08/24/cross-forest-support-in-configmgr-2012-part-3-deploying-site-server-site-systems-in-an-untrusted-forest.aspx
Questions are:
Is this going to work? Is this the right direction?
When I want to place workstation grade Sub-DPs (On-demand) on each office to make it more efficient but now I don't know how I can avoid the "DIRECT" traffic from PRI server to the Sub-DPs when I initiate the content pre-staging/pushing via Admin Console? If I have MP on DMZ, will the traffic be from DMZ DP to Sub-DP automatically?
Thanks in advance,
Young-
