Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« IE8 to Be Fully Standards-Complianct. Administrators to Complain that "IE8 Sucks". | Main | What's New in System Center Configuration Manager SP1 & R2 »

Are you Considering System Center Configuration Manager? Mixed or Native Mode?

In addition to new native features NAP and WSUS integration, SCCM 2007 includes the support for added security through elevation of your SCCM site to "Native Mode". Native Mode enables Internet-based clients to connect to your SCCM server for management and converts much of the client communication from HTTP to HTTPS.

But it also requires a PKI infrastructure in your domain, something I'll bet very few networks currently have in-place and a technology that is fairly complex to setup.

So, here's my question for today. If you're considering an SCCM installation, are you considering mixed mode (no PKI) or native mode (with PKI)?

Click past the fold for a list of the pro's and con's associated with native mode and mixed mode.

These are taken from the Microsoft web site at: http://technet.microsoft.com/en-us/library/bb632431.aspx

Native Mode Advantages

  • More secure solution than mixed mode because it provides better authentication, encryption, and signing using standard industry security protocols.
  • Supports Internet-based client management.
  • Does not use WINS as the means by which clients locate their default management point.
  • Can integrate with existing PKI deployment, and the security controls can be managed independently from the product.

Native Mode Disadvantages

  • Requires a PKI deployment and specific certificates.
  • The parent site (if applicable) must be in native mode.
  • Clients that roam into this site from a mixed-mode site will not be able to download content from the site's distribution points.
  • Must configure a custom Web site if the site systems running Internet Information Services (IIS) are not dedicated to Configuration Manager.
  • Might require registering fully qualified domain names (FQDNs) in DNS (FQDNs are a requirement for Internet-based client management, and recommended for native mode on the intranet).
  • If a mixed-mode client roams into the site, it will not be able to download local content.

Mixed Mode Advantages

  • Does not require a PKI deployment, so it has no external dependencies.
  • Supports clients running SMS 2003.
  • Supports WINS for the means by which clients locate their default management point if Active Directory and DNS cannot be used.

Mixed Mode Disadvantages

  • Provides less comprehensive signing, encryption, and authentication.
  • Does not support Internet-based client management.
  • Requires approval of clients before they can receive policies that might contain sensitive data.
  • Clients that roam into this site from a native-mode site will not be able to download local content unless their site is configured with the option: Allow HTTP Communication for Roaming and Site Assignment.
Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on March 6, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/701

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.