Search the Community

Hi guys, I'm running through different topics and technet document in order to properly make my SCCM 2012 R2 infrastructure available to internet based clients. Here the background of the beast: Single Site Setup (All roles on the same machine and additional DP's on the intranet side) PKI Certificates implementation is complete and all server roles have been moved to HTTP communication Now comes the question of the Internet availability and it gets tricky. I currently have a TMG 2010 reverse proxy with a single NIC in a DMZ and not joined to AD. According to Microsoft’s documentation, TMG/ISA servers can do SSL Bridging (which needs to access to AD and specific certificates installed) or SSL Tunneling (this one doesn't work with TMG and is simply forwarding requests to the destination host. It can be done by my firewall but it's also the least secure way of working). I also have seen that installing a dedicated MP/DP in the DMZ is a solution but I’m wondering what the best solution is. In my case, I’d rather avoid messing up with TMG and make ADLDS available in the DMZ while setting up a dedicated MP/DP in the same network. Can some of you let me know what their experience is with IBCM implementation, the solution chosen, etc? Thanks for sharing, Fed