Internet Based Clients | Servers in DMZ - Asem Alhourani

Announcements

Internet Based Clients | Servers in DMZ

Asem Alhourani

Home
Contact

Syndication

News

When you’re going to deploy a new package with SCCM 2007, there are a few steps you need to follow. The easiest way to deploy a package is to follow the next steps: [Y] 1.) Collection 2.) Package 3.) Program 4.) Distribution Point 5.) Advertisement Before we are going to deploy Office 2007, we’ve to create a MSP file for customize the Office 2007 installation. You can start the Office Customization Tool using the following command: Run ---> setup.exe /admin. Save the file in the updates folder on your Office 2007 source directory Step 1, creating a collection: 1.) Create a new collection, to specify the computers where Office must be installed. 2.) Navigate to System Center Configuration Manager, Site Database, Computer Management, New Collection 3.) Give your new collection a name, for example “Office 2007 Enterprise” 4.) On the Membership Rules dialog box, Create a collection Packages can only be distributed to members of a collection. A collection can contain multiple computers, a single computer, a single user and members of a security group. Configuration Manager 2007 operates with two different types of collections. · Direct membership based. ü Click the computer icon, which opens the Create Direct Membership Rule Wizard. Click Next ü On the Search for Resources dialog box, click the Resource class drop-down menu and select System Resource. Then, click the Attribute name drop-down menu and select Name. In the Value field enter %, and then click Next ü On the Search for Resources dialog box, click the Resource class drop-down menu and select System Resource. Then, click the Attribute name drop-down menu and select Name. In the Value field enter %, and then click Next ü On the Collection Limiting dialog box, click the Browse button, select All Windows Workstation or Professional Systems, and then click Next ü Select the computer(s) you want to deploy Office 2007 and click Next.,, Finish · Query Based collections are use full when distributing software to a larger group of resources based on specific criteria’s Example, all workstations in Copenhagen or computers belonging to an Active Directory security group. Direct membership collections are use full when distributing software to a narrow group of resources e.g. 5 test pc’s. Step 2, creating a package: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Package, New Package 2.) On the General dialog box of the New Package Wizard, enter the Name, Version, Manufacturer, and Language. For example, Office, 2007, Microsoft, English (US) 3.) On the Data Source dialog box, select This package contains source files. Click the Set button, and then enter the path for the location of the source files in the Source directory field. For example E:\Software\Office 2007\, which contains a copy of the 2007 Office Enterprise installation CD. 4.) Click OK, and then continue to click Next and accept the default settings on all of the following dialog boxes: Data Access, Distribution Settings, Reporting, and Security. On the Wizard Completed dialog box. Step 3, creating a Program: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Packages, Office 2007, Programs, New, Program 2.) Give the new program a Name 3.) On the Command-line box, type in setup.exe 4.) On the Environment dialog box, click the Program can run drop-down box and select Whether or not a user is logged on. This will enable Run with administrative rights for the Run mode. Leave the default for Drive mode to Runs with UNC name, and then click Next (Because the customization file, CustomOffice.MSP, was placed in the \Updates folder, a command line option is not needed to reference its location) 5.) On the Advanced dialog box, select the check box for Suppress program notifications, and then click Next Step 4, Copy to Distibution points: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Packages, Office 2007, Distribution points 2.) Manage Distribution Points 3.) Select “Copy the package to new distribution points” 4.) Select the distribution points 5.) Click finish and wait a copple of minutes 6.) Check the status changing from Install Pending to Installed Step 5, creating the advertisement 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Advertisements 2.) New Advertisement 3.) Give the advertisement a Name 4.) Select the package, Program and Collection 5.) Click finish and wait a copple of minutes 6.) On the client wait for the next Machine Policy Retrievel & Evaluation Cycle After the setup is finished, Office 2007 is deployed to your client(s) and is ready to use!

Archives

I’m writing this article because I want to explain a design scenario I had at one of my customers. After upgrading their SMS 2003 to ConfigMgr 2007, it was decided that their ConfigMgr 2007 should be upgraded to Native Mode because the customer wants to use Internet Based Clients.

With a customer which has 5 sites across the country the question raised by them was if it is necessary to have a site server in the DMZ at each location of these 5 sites. (Because each corporate branch has a site server, meaning different site code and different boundaries)

Or is it a design decision which can be made based on the number of clients intended to be switching between being Internet Based Clients or Intranet clients. So simply if the customer is having very few number of clients to be internet based clients all over the corporate branches, can one site at the DMZ supports this requirements?

The short answer is No! But let me first clarify the Internet Based Clients types explained well in here http://blogs.technet.com/b/configmgrteam/archive/2009/03/03/tips-and-tricks-using-internet-only-client-management-on-the-intranet.aspx by Carol Bailey.

Clients related to this idea can be shortly listed as below:

The first one is the Internet ONLY clients, so these clients will never try to find an intranet management point (that’s the normal management point)

The second one is the intranet only clients, (and as the name indicates these will be majority of clients).

I assumed that because most of them are workstations which are not suppose to be moving out! (Hopefully)

The third is the type of clients which supports both (internet and intranet) which means that the clients can connect over the internet and finds an internet-based management point or stays in the company’s network and connect to intranet based management point.

Having said so, and to address the above questions, there MUST be a site in the DMZ to handle the clients which are assigned to this site when they go out on business trips for instance. But the long answer is, are we absolutely sure that we will have Internet based clients all over our five primary sites? If the answer is YES, then we need to have 5 dedicated servers in the DMZ zone. If the answer is NO, the IT team needs to determine what are the sites\location which has no Internet Based Clients.

The good news is that using the Virtualization technology these 5 servers (from my customer scenarios) can be hosted on a Hyper-V virtual server and all of them can run as Virtual Machines.

This article was inspired by the customer’s questions and I would like to thank Mr. Wilfried Schadenboeck for contribution.

Posted 07-12-2010 12:14 PM by Asem Alhourani

Comments

skhairudin wrote re: Internet Based Clients | Servers in DMZ

on 07-13-2010 2:16 PM

Good One

Omar Alomari wrote re: Internet Based Clients | Servers in DMZ

on 07-16-2010 8:29 PM

Great Information.. Although I didn't implement IBC before.. but I beleive it is somehow complicated...Do u think Asem IBC will be changed or improved in SCCM vNext?

Asem Alhourani wrote re: Internet Based Clients | Servers in DMZ

on 07-17-2010 10:07 AM

Thanks Syed and Omari..

This will be explained in the coming lessons of vNext Abu omair..

Asem Alhourani wrote re: Internet Based Clients | Servers in DMZ

on 07-17-2010 10:14 AM

The article was also published on myitforum website

Announcements

Syndication

Recent Posts

Tags

News

Archives

Comments

Share:
Sponsors: