Configure cloud distribution Point

Configure cloud distribution Point

Configure cloud distribution Point

A cloud Distribution Point allows to own a distribution point in the cloud. With this type of distribution point, it is possible to have the following features :

  • manage cloud distribution points individually or as members of distribution point groups
  • Use this DP as a fallback content location

Before sending content in Azure, SCCM encrypts it. Note that it is not possible to use the cloud distribution point for deployment.

Prerequisites

For activate and use Cloud distribution point, the following prerequisites has requires.

  • A subscription to Azure
  • An internal PKI (Public Key Infrastructure
  • Client Settings configured
  • Boundary group configured

SCCM Log

You can use this log SCCM for validate the creation of the Cloud Distribution Point

  • CloudMGR.log
  • PkgXferMgr.log

Verify the domain name

From the Azure platform, click on create a resource and then click on Service Cloud. Enter the desired domain name and verify if the domain name does not already exist. Be careful not to create it.

Create service on Azure
Create application on Azure
Configure application on Azure

You can close Windows without create Cloud Services, the creation will be done later.

Generation of certificates

It is necessary to create a certificate template from the Template web server. From the Certificate Authority console, go to the Certificate Template console (right-click Certificate Template and then Manage). Right-click on the Web Server template and in the context menu, click Duplicate Template.

Duplicate Certificate for Cloud Management Gateway

Click on the General tab and enter the name CDP SCCM. Then select the Publish to Active Directory check box.

Tab General for the new model

In the Request Handling tab, select Allow private key to be exported.

Allow export private key on certificate

Select the Security tab and give the right to register to the SCCM server.

Configure security for template

Click OK and close the certificate Tempalte console. In the Certificate Authority console, right-click Certificate Templates and from the context menu select New / Certificate Template to issue. Select the previously created template and click Ok. The Template now appears in the console.

Certificate template added into the console

On the SCCM server that has the primary server role, log on as an administrator. Open an MMC console and click File / Add – Remove snap-in. Add Certificates then in the wizard select computer account.

Request Certificate

Click Next and OK. Certificate Snap-in is now added to the console. Right click on Personal and in the context menu select All tasks / Request new certificate. A wizard will appear, select the certificate and click on the link The registration to obtain this certificate requires additional information.

Choose template certificate

A window appears, select Common Name from the Subject Name drop-down list. In the value field, enter the domain name of the cloud services (domain name validated above – Verify the domain name)and click Add.

Request certificate

From the Alternative name drop-down list, select DNS and enter the cloud Services domain name. Click Apply, ok then enroll

Configure request certificate

The certificate is now correctly generated

Certificate is generated

You need export certificate, Cer file for the Azure Management Certificate and a Pfx format for the cloud distribution point creation.

Certificate for Azure Management Certificate

In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Let check the box No, do not export the private key then click Next.

Export Certificate

Select the destination directory and proceed to export.

Certificate has been exported

Certificate for Cloud Distribution Point

In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Check the box Yes, export the private key then click Next.

Export Certificate and private key

Enter the desired password and click Next. Select the destination directory and proceed to export.

Enter password for private key
Certificate has been exported

Upload Certificate to Azure

It is necessary to import the certificate previouly exported (certificate without private key). Log in to your Azure account (Azure.microsoft.com) then click on Subscription. Select your subscription and in the menu click on Management Certificate

Import certificate into Azure

Click Upload then select the certificate (cer file). Click Upload to proceed with the import.

Upload certificate on Azure

On the Azure portal, retrieve the Subscription ID in Subscriptions. you need this subscription ID later.

Copy Abonnement ID of Azure

Create the SCCM Cloud DP

This operation is performed from the SCCM console. Click on Administration tab and expand Cloud Services node. Select Cloud Distribution Points and click on Create Cloud Distribution Point on the rubban.

Create Distribution Point

A wizard appears, enter the subscription id in the subscription id field. Using the Browse button select the Certificate (pfx file). Enter the password and click OK. Click Next

Configure Distribution Point

Select the Azure region you want and use the Browse button to select the certificate in pfx format. Enter the password, the Service FQDN appear.

Configure Service FQDN on SCCM

Select the distribution point as desired and click Next.

Configure alerts for distribution pont

You can start creating the Cloud Distribution Point. Initially, the status will have the value Provisioning. you can use the CloudMgr.log report to follow the installation steps. Creation takes at least 10 minutes.

Configure Azure Distribution point on SCCM

When the creation is finished, the status is equal to Ready

Configure Distribution point
Ressource on Azure Distribution point

SCCM Client

The SCCM client must be distributed in the Cloud Distribution Point. For my part, the client was automatically distributed following the addition of the Cloud DP. If this is not the case, proceed with the distribution. o validate the operation, click on Monitoring then expand the nodes Distribution Status / Content Status and click on Configuration Manager Client Package.

Configure Distribution point

You can use the sccm log PkgXferMgr.log for validate the distribution.

Validate the distribution

It’s possible to check that the package is well distributed in Azure. In the Azure portal, click on All resources then click on the storage account.

Ressource on Azure

Click on Blobs, for my part the files are present in Content-nib00002.

Content on blob storage
Content on Azure for Distribution Point

Client configuration

You must configure your client SCCM, to do this from the sccm console go to the administration tab and select Client Settings. Select the desired Policy.

Distribution point Azure on SCCM

Select yes for Allow access to cloud distribution point.

Parameters on SCCM for Cloud Distribution Point

Configure Boundary Groups

It is necessary to configure Boundary Groups when adding a Cloud Distribution Group. From the SCCM console, select the Administration tab and expand the Hierarchy Configuration nodes. Click on Boundary Groups.

SCCM Console

Go to the Boundary Groups properties and in the References tab, click Add.

Configure Boundary Groups for Azure

Select the Cloud Distribution Point and click OK. You can now use Distribution point

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.