- Central Administration Site (CAS): Install CAS in a large organization when there are more than 100,000 clients in the hierarchy. The CAS is only used for administration and reporting purposes. It’s only next layer of primary layer where all processing happens.
- Primary Site: All clients are connected to a primary site. Primary site can only support child secondary sites, but not child primary sites.
- Secondary Site: Use secondary sites to extend a primary site to manage a few devices that have a slower connection to the primary site.
As you can see in the below diagram, hierarchy starts from the central administration site (CAS) which is extended by using the Primary and Secondary site. Distribution point (DP) is deployed so that client coulddownload updates and patches. Management Point (MP) is helping clients in downloading policies. Software Updating Point (SUP) connecting to the Microsoft Update for downloading updates.
1. Application Catalog Web Service Point: A site system role that serves as application catalog web services point. This site system role requires IIS and support new client application, Software Center.
2. Application Catalog Website Point: Website for users to browse and request software.
3. Asset Intelligence Synchronization Point: A site system role that connects to System Center Online to download and manage Asset Intelligence catalog information and upload uncategorized titles to consider them for future inclusion in the catalog.
4. Component Server: Any server running SMS Executive and Configuration Manager services. This role is automatically installed when you install all the site system roles except for the Distribution Point role.
5. Distribution Point: A site system role used by the clients for downloading contents such as software packages and updates, application contents, OS image, and boot image.
6. Endpoint Protection Point: This role allows you to manage Window Firewall and antimalware security policies for client computers in your hierarchy.
7. Enrollment Point: This role must be installed in the user’s forest for authentication when they are enrolling their mobile devices from an untrusted forest.
8. Enrollment Proxy Point: When you are supporting mobile devices from the internet, recommendation from security perspective is to install enrollment proxy point in the perimeter network and the enrollment point on the intranet.
9. Fallback Status Point: This site system role gathers state messages from clients for monitoring client installation and identifies clients that are not able to communicate with their Management Point.
10. Management Point (MP): Clients uses this server for downloading the policies. Management Point provides service location information to clients.
11. Out of band service point: IT allows administrators to connect to the computers that have the Intel vPro chip set and a version of Intel Active Management Technology (Intel AMT), when the computer is turned off, in hibernation, or not responding.
12. Site Server: A server that provides the core functionality for the site.
13. Software Update Point (SUP): A site system role that runs Microsoft WSUS services. It retrieves software updates metadata from Microsoft Updates and replicate the metadata to all site enabled for software updates in the hierarchy.
14. State Migration Point: This role stores user state data when a computer is migrated to a new operating system.
15. System Health Validator Point: This role must be installed on a Network Policy Server, to validate if Configuration Manager clients are compatible or not with software updates you select and passes the health state of the computers to the Windows Network Policy Server.
16. Windows Intune connector: Helps in managing managed PC and mobile devices through the “cloud” by setting up a Windows Intune Subscription.
Roles decommissioned in Configuration Manager 2012
- The reporting point.
- The PXE service point. This functionality is moved to the distribution point.
- The server locator point. This functionality is moved to the management point.
- The branch distribution point. Use Distribution point or BranchCache
No comments:
Post a Comment