Jump to content


Sign in to follow this  
SMSNewb

Best Practice - Management Points

Recommended Posts

Hello, I'm looking for some best practice advise regarding adding additional management points.

Currently, I have a single SCCM server for all my roles.  I only have 1 site.

I have an offsite office that connects via vpn to my site.  I was going to put a distribution point out there and was considering a management point as well.

Is it best practice to only have management points on you main lan at your primary site? Or would things be okay if I put a management point in my office that connects over vpn?

Or should I consider a secondary site?

Currently using 1610.

 

I've never had to branch out from a single network, single building, so I don't have any experience with building out SCCM beyond that.

Any help appreciated!

Share this post


Link to post
Share on other sites


I believe it is a 20 megabyte connection, but the ISP is terrible there and the connection is flaky and drops quite a bit.

Share this post


Link to post
Share on other sites

I currently only have 1 site server, but 7 DP's.  All of my DP's are either on MPLS or direct VPN connections.  My slowest site is 4MB VPN.  Here is what I have...having a local DP works well for content distribution and PXE image deployment.  The only problem I have is that my 4MB site takes forever to copy large packages (seeding took 2 weeks). 

The 20MB connection you have should work no problem.  The nice thing about SCCM is that if a package fails, it will retry at given intervals and should eventually give you all green check marks.  My China site fails all the time (horrible connection), but eventually it works.  Once I have green check boxes, uses can utilize the resources w/o issue.

Share this post


Link to post
Share on other sites

So, let the clients use the management point in the main building across the vpn?

In what scenario would I want to add additional management points?

Share this post


Link to post
Share on other sites

Yes, let clients at the VPN site access the MP across the WAN. They should only be querying the MP for policy, and get content from the local DP (i would suggest a local DP at that location). I have this exact type of setup and have locations with 500+ machines and it works fine. I do not know the threshold of when adding a local MP would become beneficial.

Share this post


Link to post
Share on other sites

OK, thanks simulacra75.  Do I limit that distribution point with a boundary group for the IP subnet for that office to force things to that DP?  The will be ~3-5 /24 networks there

Share this post


Link to post
Share on other sites

Yes, you would need a Boundary Group at that location, with a reference to the DP that you're going to setup. You could also use AD as your Boundaries, if you have all those VPN-located clients in the same AD OU,

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...