VPNs and Boundaries

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

VPNs and Boundaries

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> VPNs and Boundaries

Page: [1]

Message

<< Older Topic Newer Topic >>

VPNs and Boundaries - 7/30/2008 6:57:57 AM

ChrisR

Posts: 51
Score: -2
Joined: 6/19/2008
Status: offline

I know this question has been asked a lot so please bear with me :)

We have a number of clients that connect into our system via a VPN link.

The VPN has it's own unique subnet. This subnet however is associated with one of our LAN sites in AD. This site has it's own SMS server.

We had a contractor in from a well known consultancy before I started who has added in the VPN subnet as a site boundary on our central primary site.

So now the VPN subnet is listed in our Central Primary SMS site boundaries from being added in by this chap, and it's also listed in another Primary child SMS site's boundaries as it's part of this AD site.

I've not done much with boundaries but I'm guessing that being in 2 sites boundaries isn't a good thing and that I should remove the additional entries in the Central site and leave it to beign assigned via the AD site?

I then need to set things up so that I am able to send just certain packages over the VPN, so I was thinking about setting up a new AD site, sticking the VPN subnet over to there and then putting the new site as a remote boundary on our Central Primary site. Then if I create an advert and say don't run if no local dist point is available would it not run the advert? So I can use that as the control as to whether a package can run or not?

Basically I need to be able to push any essential updates out to clients if they are connected over the VPN (ironically I need to update the VPN client itself on machines that only connect over the vpn lol) but not have everything run.

Or have I just talked a load of crap and I'm totally wrong? :)

Does SCCM make managing this kind of thing a lot easier? Plan is to move over to this later in the year, when I've had a chance to look at it.

Cheers for any help :)

< Message edited by ChrisR -- 7/30/2008 7:08:03 AM >

Post #: 1

RE: VPNs and Boundaries - 7/30/2008 10:19:18 AM

pwstrain

Posts: 122
Score: 9
Joined: 3/11/2007
From: Danville, Illinois
Status: offline

SCCM has the ability to deploy packages over the internet when configured correctly.
That said, your plan should work. You're right in that overlapping boundaries can wreak havoc in SMS. I'd fix that sooner rather than later, then implement the rest of your plan. Keep physical location in mind. If the VPN comes into that LAN site for some reason, that's where you want it's DP to be (I would assume, not knowing your WAN link speeds).

_____________________________

My Personal Blog
My Technical Blog

(in reply to ChrisR)

Post #: 2

RE: VPNs and Boundaries - 7/31/2008 4:16:01 AM

ChrisR

Posts: 51
Score: -2
Joined: 6/19/2008
Status: offline

Cheers, I'll strip the entries from the central site as the AD site that the subnet is part of has it's own SMS server so will leave the addresses bound to there. Plus to create a enw site I'd need a DC and that ain't going to happen :) Will look forward to moving over to SCCM as it'll make things a lot easier with remote machines I think.

Don't think the subnet thing is the consultant's fault, guess he didn't know the subnet/ip addresses were already part of another AD site

(in reply to pwstrain)

Post #: 3