When I think about managing remote offices, it reminds me of a job I had developing RIP’s (Raster Image Processor) for digital printers. I was on a team of 40 engineers in a remote location. We had our own rules and our own way of doing things – which was quite liberating. But there was always a sense – despite our daily freedoms – that at any moment our productivity could be interrupted by a force outside of our control. Of course, this invisible force was nothing but the IT admins across the ocean doing their best to keep our remote computers secure and make applications available to us. But nonetheless, it was disruptive.
For IT admins, remote locations have always been a challenge when it comes to management. The devices in these locations are only known to them as IP addresses and network link speeds. Without a detailed understanding of the physical environment, they still need to figure out how the systems can be managed with the minimum server infrastructure deployed, while also ensuring the security and integrity of the corporate environment. They do try to minimize the impact to user productivity, but, as in my experience above, it seems like this is often the hardest thing to do.
That’s why I am so excited about some of the new features added to Configuration Manager 2012 that can help our admins who are faced with keeping those remote teams, like my old group, operating at capacity. Let’s take a simple example of an organization that has two remote locations, one head office and a newly acquired company that needs to be managed by Configuration Manager 2012.
For each of these locations, there are some rules of thumb to follow to ensure the best support of remote clients – and most importantly their users.
As the link speed is decent and reliable plus the number of computers managed at this location is relatively low, the admin’s best option is to deploy a local Distribution Point in the remote office. Clients can still reach out to the corporate campus to obtain policies from the Management Point. No new roles would be required as we don’t need to control the upward flow of traffic.
The bandwidth limitation in this scenario would demand an upward network traffic control from the OC to the corporate campus. In that case, it is recommended to install a secondary site which comes bundled with a proxy management point and local distribution point. Using a secondary site would guarantee that any data retrieved from managed clients will always be sent to the primary site in a controlled fashion. And the clients would not send data directly to the primary site in an unpredictable, and potentially bandwidth-impacting, pattern. This way, things like inventory information from all the clients will be bundled at the secondary site and sent to the primary at admin configurable schedules, thereby reducing the overall network impact from that location to the primary site.
The primary concern here is the one-way trust between the NAC forest and CC forest. Since site servers in ConfigMgr 2012 can only be installed when there is a two-way trust in place, the only option is to deploy remote site system roles like a Management Point and a Distribution Point into the NAC forest and enable forest discovery. Doing this would guarantee management of clients in the NAC and, since the link speed is fairly decent, we would not need to control the management of upward flowing traffic from NAC to OC.
Hope you felt this quick walkthrough of some real world scenarios helpful in establishing management of remote offices and locations using Configuration Manager 2012.
Feel free to let me know if you have suggestions/recommendations for future blog posts about topics in this area.
Abhishek Pathak Microsoft Corporation| Program Manager | System Center Configuration Manager
how about one with a scenarios with new aquired companies and getting them up and running with ConfigMgr 2012. the requirements, etc.
Great scenario and recommendation review! One question I have is this, in general what are the specific bandwidth requirments for a end node being managed by Config Mgr 2012? Also, is there or will there be a "sizing guide" that details the relationship between # of end node devices and required bandwidth back to the Config Mgr server?