Help with SCCM 2012 R2

[glenimp617]

Hi all,

One for the SCCM gurus please (IBCM)

I have put a site server into the DMZ with all the required certs. The dp is configured for Internet/HTTPS only

Clients on users machines have all been configured with an Internet FQDN

External DNS record set and firewall is natting through to it (443)

It suddenly dawned on me, now the site server is in the DMZ, how will the primary site server and AD communicate with it

This is the only server in our DMZ

 

[glenimp617]

Thanks guys,

I've looked for guides on sccm and dmz, but they are focused just on the sccm part which I know already. It's just the network / dmz part im struggling with

I really don't want to use a VPN client

Direct Access if needs must, but not vpn

 

[glenimp617]

a little bit more googling and I find another article from MS which sheds a bit more light on the situation

3 options I have:

The Internet-based management point is in the perimeter network where a read-only domain controller resides to authenticate the user and an intervening firewall allows Active Directory packets.

The user account is in Forest A (the intranet) and the Internet-based management point is in Forest B (the perimeter network). Forest B trusts Forest A, and an intervening firewall allows the authentication packets.

The user account and the Internet-based management point are in Forest A (the intranet). The management point is published to the Internet by using a web proxy server.

I think I am going with the bottom option as provisioning another dc just for one server is a bit daft imho. We have a decent firewall so I will lock it down through that.