Your network contains a System Center 2012 Configuration Manager environment. The
environment contains a single primary site. The primary site has a distribution point and a
management point.
You need to recommend a commutation solution that meets the following requirements:
Communication between the client computes in the research department and the
management point must use MTTPS.
Communication between all of the other client computes and the management point must be
able to use HTTP.
Minimize the number of site system.
What should you do?
A.
Configure the existing management point to use HTTPS. Configure the research
department computers always to um HTTPS.
B.
Create a now primary child site and configure the site to use native mode. Assign all of
the research department computers to the new site.
C.
Install a new management point and configure the management point always to use
HTTPS. Configure the research department computers always to use HTTPS.
D.
Install a new management point and configure Windows Firewall to block abound TCP
port 80. Configure the research department computes always to use HTTPS.
Explanation:
Answer> Install a new management point and configure the management point always to use
HTTPS.
Configure the research department computers always to use HTTPS.http://technet.microsoft.com/en-us/library/gg712282.aspx#BKMK_Site_System_Roles
Planning for Site Systems in Configuration Manager
Optional Site System Roles
Optional site system roles are site system roles that are not required for the core operation
of a Configuration Manager site. However, by default, the management point and distribution
point, which are optional site system roles, are installed on the site server when you install a
primary or secondary site. Although these two site system roles are not required for the core
operation of the site, you must have at least one management point to support clients at
those locations. After you install a site, you can move the default location of the
management point or distribution point to another server, install additional instances of each
site system role, and install other optional site system roles to meet your business
requirements.
The optional site system roles are described in the following table:
Management point
A site system role that provides policy and service location information to clients and
receives configuration data from clients.
You must install at least one management point at each primary site that manages clients,
and at each secondary site where you want to provide a local point of contact for clients to
obtain computer and user polices.
http://technet.microsoft.com/en-us/library/gg682060.aspx
How to Assign Clients to a Site in Configuration Manager
Locating Management Points
After a client is successfully assigned to a site, it locates a management point in the site.
Client computers download a list of management points in the site that they can connect to.
This process happens whenever the client restarts, every 25 hours, and if the client detects
a network change, such as the computer disconnects and reconnects on the network or it
receives a new IP address. The list includes management points on the intranet and whether
they accept client connections over HTTP or HTTPS. When the client computer is on the
Internet and the client doesn’t yet have a list of management points, it connects to the
specified Internet-based management point to obtain a list of management points. When the
client has a list of management points for its assigned site, it then selects one to connect to:
When the client is on the intranet and it has a valid PKI certificate that it can use, the client
chooses HTTPS management points before HTTP management points. It then locates the
closest management point, based on its forest membership.
When the client is on the Internet, it non-deterministically chooses one of the Internetbased
management points.
Personal
comment:
From
my point of view, the correct answer would have been:
Configure
the existing management point to use HTTPS or HTTP.
Configure the Research Department client computers to use PKI certificates; considering the
fact that the client chooses HTTPS management points before HTTP management points,
that would have ensured the requirements.
However, if there is a dedicated Management Point for the Research Department, that
guarantees the requirements and makes the above answer the only correct one.
Further information 1:
Further information 2:
http://blogs.technet.com/b/configmgrteam/archive/2012/05/25/system-center-
2012configuration-manager-r-i-pnative-mode.aspx
System Center 2012 Configuration Manager: R.I.P. Native Mode efore System Center
Configuration Manager 2012, Configuration Manager 2007 had concepts called native mode
and mixed mode: The philosophy behind native mode was to secure the site server and all
its site systems, in addition to securing all site-to-site communication. This involved
configuring a site signing certificate on all installed sites, plus there was an added restriction
that a native mode site must always report to a native mode site. During the planning phase
for System Center 2012 Configuration Manager, we listened to customer feedback and
revisited this native and mixed mode model, and debated our previous concept of securing
the site. The result was client computer communication. Key concepts for client computer
communication: Client computer communication is about securing end points. The two end
points in this case are the client and the site system roles that the client talks to. A client can
communicate by using either the HTTP or HTTPS protocol. HTTPS requires the client and
site system roles to be configured with valid PKI certificates for mutual authentication.Intelligent client behavior: This enables the client to select the most secure communication
option available:
1.
If the client is configured with a valid PKI certificate and there are HTTPS site system
roles available, the client uses HTTPS.
2.
If the client is configured with a valid PKI certificate and there are NO HTTPS site system
roles available and the client is configured to use HTTP, the client uses HTTP to
communicate with site system roles.
