Jump to content


  • 0
Roopa

Manage DMZ servers

Question

Hi Team,

 

I need your help here. I'm pretty new to working on DMZ servers and managing them.

 

At my company they want to get their DMZ Servers managed by SCCM (manual certificate enrollment). I'm not sure how i need to start and reach to my goal of getting this set up. I went through couple of forums on the web and they all say that DMZ servers should be a part of workgroup computers, we need to open up the ports. Then they also say we might need to set up a primary DMZ site so that it can communicate with the primary sccm site server.

 

I'm confused here. Can you please tell me the step by step procedure on what should i follow and how i can i achieve this?

 

Thanks much in advance.

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0

It all depends on your situation. The main question in these situations is, what traffic is allowed between the 'domain' and the DMZ?

 

A mixed mode environment can already manage DMZ clients, as long as the ip-range of the DMZ is added as a boundary and the traffic is allowed between the 'domain' and DMZ. (see for more port information: http://technet.microsoft.com/en-us/library/bb632618.aspx)

Share this post


Link to post
Share on other sites

  • 0

Hi Peter,

 

Thanks for your reply. I know that in my company they not using Mixed Mode. They have native mode environment. So can you please suggest me how can i manage the Houston DMZ servers by SCCM?

 

I guess port 80, 443 , UDP ports should be opened up. If need be other ports. Once this task is achieved what should i be doing in this native mode environment? How do i proceed?

 

Thanks much in advance.

Share this post


Link to post
Share on other sites

  • 0

Create a boundary for the DMZ clients and start creating certificates for the DMZ clients. For a step-by-step for doing that, take a look here: http://www.petervanderwoude.nl/post/how-to-install-a-configmgr-client-on-a-workgroup-computer-when-the-configmgr-site-is-in-native-mode/

Share this post


Link to post
Share on other sites

  • 0

Hi Peter,

 

That link is just awesome!. Thank you very much. I will be trying this out tomorrow in my company. If i face any issues i will post the comment here for more clarifications.

 

Howerver one last question..i just want to reframe my steps on how i will be setting SCCM up on DMZ servers.

 

1. Initially i need to open up all the necessary ports.

2. Follow the Link that you have provided to proceed with the installation of SCCM Client on DMZ.

3. After this i guess the DMZ servers should work fine with the SCCM client on it. I guess i don't have to do more. I hope i am right...

 

Thank You

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.