SCCM hierarchy design

Copper Contributor

Hi All

I'm new to this community and SCCM so I would like some advice please; I currently have an SCCM CB environment running in the corporate domain and my company is planning on buying a few companies and they want to keep the domains separate but will have trusts in place. 

The current environment is set up as follows 
Domain A (Based in Europe)
150 users 
1 site
Currently has the only stand-alone primary site 
Bandwidth not an issue

Domain B (Based in Africa)
350 users
3 sites 
No SCCM service 
Bandwidth is very limited (reminds me of the old PSTN dial-up days)

Domain C (Based in South America)
300 users 
5 sites 
Not bandwidth issues

So what I’m looking for is some advice on how I should implement my SCCM infrastructure?
What I was thinking was extending my current primary site with a CAS server and then installing a primary site server in each domain and extend those sites with secondary sites and DP’s? 
If I go this route will it give each local IT team the ability to manage there own SCCM server while having the corporate CAS server pushing down applications and policies? As each SCCM server will be installed into its own domain/forest will I have any issues or challenges?

6 Replies

@TazzKT are you looking to consolidate your three environments into one?

are there any links between each of the domains?

 

Sounds like you do not need a CAS, instead just a Primary with a couple of secondaries hanging of it with DP, although it depends on how you answer the above. :)

@TazzKT 

 

hi, 

i would agree with mcgees, 
there is no needs for the CAS-Primary Design on your side.

the Primary is fine. and personaly i would not install the secondary Site, if your network design ok and running without problems you should only place a couple of DP for the Deployments on the local sites. (this will reducue of cousere the bandwith for heavy installations like  OS Deployment, Windows Updates and so.. 

 

@mcgees Thank you for taking the time to respond. 

 

My company has decided all three domains will remain but I will be creating a 2-way trust between the domains. I'm in the process of setting the companies up so that the network will be connected. 

 

As each site has there own IT team looking after each SCCM server, am I correct in saying that each secondary server can be in the separate domains and the team admins can connect to the secondary sites to administer and deploy site-specific applications? 

@Klaus_Bilger  Thanks for taking the time to respond. 

 

The issue I have is the Africa site's network is really slow and stability isn't the best so I was thinking a secondary site which is joined to the sites specific domain will be installed in the main office and then DP's to the smaller in-country offices as I've read a secondary site will help with limited bandwidth deployments? 

@TazzKT ConfigMgr doesn't care about trusts between domains so that's irrelevant for this discussion really. Trusts are about authentication, ConfigMgr doesn't use AD to authenticate managed systems. The trust only matters if you will be targeting users with deployments as that's the only time AD authentication across forest boundaries matters.

 


As each site has there own IT team looking after each SCCM server, am I correct in saying that each secondary server can be in the separate domains and the team admins can connect to the secondary sites to administer and deploy site-specific applications? 


No, this is not the purpose or function of secondary sites. Secondary sites are about extending a ConfigMgr primary site to remote locations with limited bandwidth connections. Administrative separation is provided using Role-based Administration in ConfigMgr and not an artifact of the infrastructure design.

Secondary sites have issues across high-latency, very low bandwidth links. Your best bet for the Africa locations is to use a PullDP (with BranchCache enabled to enable data deduplication) or just client-based BranchCache and enable LEDBAT on the site server and the DP that systems at that location pull content from.