Branch dp's could make sms admins and firewall admins friends again - blog by Kim Oppalfens

blog by Kim Oppalfens

Blog about System center configuration manager 2007

Branch dp's could make sms admins and firewall admins friends again

Sccm 2007 has a brand new feature called branch distribution points. The best-known fact about this feature is that it functions as a distribution point that is supported on any of the operating systems that can run an SCCM 2007 client. In other words it is supported to run a branch office distribution point on Windows 2000 Professional SP4 as well as on Windows XP Professional SP1. This little fact has ment that the feature was quite immediately compared to another 3rd party product that has been providing us with "branch dp's" since sms 2.0, 1E's SMS Nomad Branch. And as others have already pointed out, SMS Nomad Branch still has somethings available that branch office dp's don't offer. Most importantly the 1E solution for specifying a "branch dp" is dynamic, you as an sms administrator don't have to designate a branch dp, as it is automagically selected by an election process. Which means you don't have to leave one machine up and running 24x7 in every branch.

 A rather less stressed fact about SCCM 2007 branch dp's though is that the type of network traffic from a standard dp (as this is where branch dp's get their packages from) to a branch dp is no longer the good old file sharing SMB traffic. SCCM 2007 branch dp's use http BITS to communicate with branch dp's. This little gem, according to my personal beliefs, might mean that branch dp's in SCCM 2007 could be incredibly useful.

 In SMS 2003 my advise for "branch dp's" used to be, don't use them, sms 2003 only supported distribution points on a server os, by consequence my advice used to be to install a secondary site instead. Sms 2003 distribution points received their packages from the site server in an unscheduled, unthrottled, uncompressed format. Now that all this has been taken care of, an SCCM 2007 branch dp might actually make sense. They even make perfect sense if you keep my traffic remark in paragraph 2 into mind. One of the downsides/problems I have with secondary sites in SMS2003 is the fact that they rely on SMB traffic, which makes for annoying discussions with the security/firewall team about opening up the file sharing ports. These ports are used for quite a bit more, and because of some historically annoying exploits, most firewall admins are fairly reluctant to open these up.

Net result of this all is that with what I know my advise might shift to using branch dp's on a server os in the larger sites, and a branch dp on a desktop os for the smaller sites, hoping to brush up my relationship with the security team, as I might need to rely on them for helping me set up the PKI that I need to run in native mode, which I need to get internet based client management rolled out. 

Enjoy.

"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS

 

Share this post:                                       
Posted: Apr 24 2007, 05:56 PM by kimoppalfens | with 3 comment(s)
Filed under:

Comments

Abhishek Joshi said:

Hi Kim,

I read on the following link that "Branch distribution points cannot be installed on client computers running the Windows°2000 Professional operating system or the Windows°2000 Server operating system."

Is that mean we can install it on only on win2k SP4  version and not less than this.

http://technet.microsoft.com/en-us/library/bb680853.aspx#

# December 23, 2007 1:20 PM

kimoppalfens said:

Nope, this means like the text sais that you can't install branch dp's on a windows 2000 os. And even if you did get it to install that it would be unsupported.

Kim

# December 25, 2007 6:29 AM

branch distribution point local install said:

Pingback from  branch distribution point local install

# July 17, 2008 8:52 AM