Configure cloud distribution Point
A cloud Distribution Point allows to own a distribution point in the cloud. With this type of distribution point, it is possible to have the following features :
- manage cloud distribution points individually or as members of distribution point groups
- Use this DP as a fallback content location
Before sending content in Azure, SCCM encrypts it. Note that it is not possible to use the cloud distribution point for deployment.
For activate and use Cloud distribution point, the following prerequisites has requires.
- A subscription to Azure
- An internal PKI (Public Key Infrastructure
- Client Settings configured
- Boundary group configured
You can use this log SCCM for validate the creation of the Cloud Distribution Point
Verify the domain name
From the Azure platform, click on create a resource and then click on Service Cloud. Enter the desired domain name and verify if the domain name does not already exist. Be careful not to create it.
You can close Windows without create Cloud Services, the creation will be done later.
Generation of certificates
It is necessary to create a certificate template from the Template web server. From the Certificate Authority console, go to the Certificate Template console (right-click Certificate Template and then Manage). Right-click on the Web Server template and in the context menu, click Duplicate Template.
Click on the General tab and enter the name CDP SCCM. Then select the Publish to Active Directory check box.
In the Request Handling tab, select Allow private key to be exported.
Select the Security tab and give the right to register to the SCCM server.
Click OK and close the certificate Tempalte console. In the Certificate Authority console, right-click Certificate Templates and from the context menu select New / Certificate Template to issue. Select the previously created template and click Ok. The Template now appears in the console.
On the SCCM server that has the primary server role, log on as an administrator. Open an MMC console and click File / Add – Remove snap-in. Add Certificates then in the wizard select computer account.
Click Next and OK. Certificate Snap-in is now added to the console. Right click on Personal and in the context menu select All tasks / Request new certificate. A wizard will appear, select the certificate and click on the link The registration to obtain this certificate requires additional information.
A window appears, select Common Name from the Subject Name drop-down list. In the value field, enter the domain name of the cloud services (domain name validated above – Verify the domain name)and click Add.
From the Alternative name drop-down list, select DNS and enter the cloud Services domain name. Click Apply, ok then enroll
The certificate is now correctly generated
You need export certificate, Cer file for the Azure Management Certificate and a Pfx format for the cloud distribution point creation.
Certificate for Azure Management Certificate
In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Let check the box No, do not export the private key then click Next.
Select the destination directory and proceed to export.
Certificate for Cloud Distribution Point
In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Check the box Yes, export the private key then click Next.
Enter the desired password and click Next. Select the destination directory and proceed to export.
Upload Certificate to Azure
It is necessary to import the certificate previouly exported (certificate without private key). Log in to your Azure account (Azure.microsoft.com) then click on Subscription. Select your subscription and in the menu click on Management Certificate
Click Upload then select the certificate (cer file). Click Upload to proceed with the import.
On the Azure portal, retrieve the Subscription ID in Subscriptions. you need this subscription ID later.
Create the SCCM Cloud DP
This operation is performed from the SCCM console. Click on Administration tab and expand Cloud Services node. Select Cloud Distribution Points and click on Create Cloud Distribution Point on the rubban.
A wizard appears, enter the subscription id in the subscription id field. Using the Browse button select the Certificate (pfx file). Enter the password and click OK. Click Next
Select the Azure region you want and use the Browse button to select the certificate in pfx format. Enter the password, the Service FQDN appear.
Select the distribution point as desired and click Next.
You can start creating the Cloud Distribution Point. Initially, the status will have the value Provisioning. you can use the CloudMgr.log report to follow the installation steps. Creation takes at least 10 minutes.
When the creation is finished, the status is equal to Ready
The SCCM client must be distributed in the Cloud Distribution Point. For my part, the client was automatically distributed following the addition of the Cloud DP. If this is not the case, proceed with the distribution. o validate the operation, click on Monitoring then expand the nodes Distribution Status / Content Status and click on Configuration Manager Client Package.
You can use the sccm log PkgXferMgr.log for validate the distribution.
It’s possible to check that the package is well distributed in Azure. In the Azure portal, click on All resources then click on the storage account.
Click on Blobs, for my part the files are present in Content-nib00002.
You must configure your client SCCM, to do this from the sccm console go to the administration tab and select Client Settings. Select the desired Policy.
Select yes for Allow access to cloud distribution point.
Configure Boundary Groups
It is necessary to configure Boundary Groups when adding a Cloud Distribution Group. From the SCCM console, select the Administration tab and expand the Hierarchy Configuration nodes. Click on Boundary Groups.
Go to the Boundary Groups properties and in the References tab, click Add.
Select the Cloud Distribution Point and click OK. You can now use Distribution point