Branch dp’s could make sms admins and firewall admins friends again

April 24, 2007 at 2:56 pm in SCCM 2007 by The WMI guy

Sccm 2007 has a brand new feature called branch distribution points. The best-known fact about this feature is that it functions as a distribution point that is supported on any of the operating systems that can run an SCCM 2007 client. In other words it is supported to run a branch office distribution point on Windows 2000 Professional SP4 as well as on Windows XP Professional SP1. This little fact has ment that the feature was quite immediately compared to another 3rd party product that has been providing us with “branch dp’s” since sms 2.0, 1E’s SMS Nomad Branch. And as others have already pointed out, SMS Nomad Branch still has somethings available that branch office dp’s don’t offer. Most importantly the 1E solution for specifying a “branch dp” is dynamic, you as an sms administrator don’t have to designate a branch dp, as it is automagically selected by an election process. Which means you don’t have to leave one machine up and running 24×7 in every branch.


 A rather less stressed fact about SCCM 2007 branch dp’s though is that the type of network traffic from a standard dp (as this is where branch dp’s get their packages from) to a branch dp is no longer the good old file sharing SMB traffic. SCCM 2007 branch dp’s use http BITS to communicate with branch dp’s. This little gem, according to my personal beliefs, might mean that branch dp’s in SCCM 2007 could be incredibly useful.


 In SMS 2003 my advise for “branch dp’s” used to be, don’t use them, sms 2003 only supported distribution points on a server os, by consequence my advice used to be to install a secondary site instead. Sms 2003 distribution points received their packages from the site server in an unscheduled, unthrottled, uncompressed format. Now that all this has been taken care of, an SCCM 2007 branch dp might actually make sense. They even make perfect sense if you keep my traffic remark in paragraph 2 into mind. One of the downsides/problems I have with secondary sites in SMS2003 is the fact that they rely on SMB traffic, which makes for annoying discussions with the security/firewall team about opening up the file sharing ports. These ports are used for quite a bit more, and because of some historically annoying exploits, most firewall admins are fairly reluctant to open these up.


Net result of this all is that with what I know my advise might shift to using branch dp’s on a server os in the larger sites, and a branch dp on a desktop os for the smaller sites, hoping to brush up my relationship with the security team, as I might need to rely on them for helping me set up the PKI that I need to run in native mode, which I need to get internet based client management rolled out. 


Enjoy.


“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS


 

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest