Configuration Manager 2007 had two security modes: mixed mode and Native mode. In Configuration Manager 2007, mixed mode was the default mode, which used port 80 to communicate with the clients. Configuration Manager 2007 in Native mode was the more secure mode, which integrated PKI to secure client/server communications. The security mode in Configuration Manager 2007 was site wide.
In Configuration Manager 2012, the concept of Native and mixed modes has been replaced and simplified. You are now able to decide per individual site system role whether clients can connect through HTTP or HTTPS. Instead of configuring a site as mixed or Native mode, you must configure the site role to use HTTP (port 80), HTTPS (port 443), or both. This way, you are more flexible if you want to implement a PKI to secure intranet client communications.
To allow secure communications between your clients and site servers, a PKI needs to be present in your environment, and certificate templates need to be created to be able to enroll certificates for the Configuration Manager 2012 site systems and the Configuration Manager 2012 clients.
The following site roles can be configured in HTTP or HTTPS mode:
◆ Management point
◆ Distribution point
◆ Enrollment point
◆ Enrollment proxy point
◆ Out of band service point
◆ Application Catalog web service point
◆ Application Catalog website point
◆ Software update point (SSL)
Internet-based clients and mobile devices always use secure HTTPS connections. For Internet-based clients, you need to install a site system server in a demilitarized zone (DMZ) and configure the Internet-facing site roles to accept HTTPS client communications and connections from the Internet. When you configure Configuration Manager 2012 to be accessible from the Internet, you can support your clients from the Internet. If you have a lot of mobile workers, managing your Configuration Manager 2012 clients is essential. Mobile devices communicate over the air via the Internet to your Configuration Manager 2012 environment. For this reason, the communication between the Configuration Manager 2012 environment and mobile devices must be secure.
No comments:
Post a Comment