Configure cloud distribution Point

Configure cloud distribution Point

Configure cloud distribution Point

A cloud Distribution Point allows to own a distribution point in the cloud. With this type of distribution point, it is possible to have the following features :

  • manage cloud distribution points individually or as members of distribution point groups
  • Use this DP as a fallback content location

Before sending content in Azure, SCCM encrypts it. Note that it is not possible to use the cloud distribution point for deployment.

Prerequisites

For activate and use Cloud distribution point, the following prerequisites has requires.

  • A subscription to Azure
  • An internal PKI (Public Key Infrastructure
  • Client Settings configured
  • Boundary group configured

SCCM Log

You can use this log SCCM for validate the creation of the Cloud Distribution Point

  • CloudMGR.log
  • PkgXferMgr.log

Verify the domain name

From the Azure platform, click on create a resource and then click on Service Cloud. Enter the desired domain name and verify if the domain name does not already exist. Be careful not to create it.

Configure cloud distribution Point

Configure cloud distribution Point

Configure cloud distribution Point

You can close Windows without create Cloud Services, the creation will be done later.

Generation of certificates

It is necessary to create a certificate template from the Template web server. From the Certificate Authority console, go to the Certificate Template console (right-click Certificate Template and then Manage). Right-click on the Web Server template and in the context menu, click Duplicate Template.

Configure cloud distribution Point

Click on the General tab and enter the name CDP SCCM. Then select the Publish to Active Directory check box.

Configure cloud distribution Point

In the Request Handling tab, select Allow private key to be exported.

Configure cloud distribution Point

Select the Security tab and give the right to register to the SCCM server.

Configure cloud distribution Point

Click OK and close the certificate Tempalte console. In the Certificate Authority console, right-click Certificate Templates and from the context menu select New / Certificate Template to issue. Select the previously created template and click Ok. The Template now appears in the console.

Configure cloud distribution Point

On the SCCM server that has the primary server role, log on as an administrator. Open an MMC console and click File / Add – Remove snap-in. Add Certificates then in the wizard select computer account.

Configure cloud distribution Point

Click Next and OK. Certificate Snap-in is now added to the console. Right click on Personal and in the context menu select All tasks / Request new certificate. A wizard will appear, select the certificate and click on the link The registration to obtain this certificate requires additional information.

Configure cloud distribution Point

A window appears, select Common Name from the Subject Name drop-down list. In the value field, enter the domain name of the cloud services (domain name validated above – Verify the domain name)and click Add.

Configure cloud distribution Point

From the Alternative name drop-down list, select DNS and enter the cloud Services domain name. Click Apply, ok then enroll

Configure cloud distribution Point

The certificate is now correctly generated

Configure cloud distribution Point

Generation of certificates

You need export certificate, Cer file for the Azure Management Certificate and a Pfx format for the cloud distribution point creation.

Certificate for Azure Management Certificate

In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Let check the box No, do not export the private key then click Next.

Configure cloud distribution Point

Select the destination directory and proceed to export.

Configure cloud distribution Point

Certificate for Cloud Distribution Point

In the Certificates (Local Computer) console, right-click to the previously generated certificate. On the context menu, select All Tasks / Export. Click Next in the Welcome Window. Check the box Yes, export the private key then click Next.

Configure cloud distribution Point

Enter the desired password and click Next. Select the destination directory and proceed to export.

Configure cloud distribution Point

Configure cloud distribution Point

Upload Certificate to Azure

It is necessary to import the certificate previouly exported (certificate without private key). Log in to your Azure account (Azure.microsoft.com) then click on Subscription. Select your subscription and in the menu click on Management Certificate

Configure cloud distribution Point

Click Upload then select the certificate (cer file). Click Upload to proceed with the import.

Configure cloud distribution Point

On the Azure portal, retrieve the Subscription ID in Subscriptions. you need this subscription ID later.

Configure cloud distribution Point

Create the SCCM Cloud DP

This operation is performed from the SCCM console. Click on Administration tab and expand Cloud Services node. Select Cloud Distribution Points and click on Create Cloud Distribution Point on the rubban.

Configure cloud distribution Point

A wizard appears, enter the subscription id in the subscription id field. Using the Browse button select the Certificate (pfx file). Enter the password and click OK. Click Next

Configure cloud distribution Point

Select the Azure region you want and use the Browse button to select the certificate in pfx format. Enter the password, the Service FQDN appear.

Configure cloud distribution Point

Select the distribution point as desired and click Next.

Configure cloud distribution Point

You can start creating the Cloud Distribution Point. Initially, the status will have the value Provisioning. you can use the CloudMgr.log report to follow the installation steps. Creation takes at least 10 minutes.

Configure cloud distribution Point

When the creation is finished, the status is equal to Ready

Configure cloud distribution Point

Configure cloud distribution Point

SCCM Client

The SCCM client must be distributed in the Cloud Distribution Point. For my part, the client was automatically distributed following the addition of the Cloud DP. If this is not the case, proceed with the distribution. o validate the operation, click on Monitoring then expand the nodes Distribution Status / Content Status and click on Configuration Manager Client Package.

Configure cloud distribution Point

You can use the sccm log PkgXferMgr.log for validate the distribution.

Configure cloud distribution Point

It’s possible to check that the package is well distributed in Azure. In the Azure portal, click on All resources then click on the storage account.

Configure cloud distribution Point

Click on Blobs, for my part the files are present in Content-nib00002.

Configure cloud distribution Point

Configure cloud distribution Point

Client configuration

you must configure your client SCCM, to do this from the sccm console go to the administration tab and select Client Settings. Select the desired Policy.

Configure cloud distribution Point

Select yes for Allow access to cloud distribution point.

Configure cloud distribution Point

Configure Boundary Groups

It is necessary to configure Boundary Groups when adding a Cloud Distribution Group. From the SCCM console, select the Administration tab and expand the Hierarchy Configuration nodes. Click on Boundary Groups.

Configure cloud distribution Point

Go to the Boundary Groups properties and in the References tab, click Add.

Configure cloud distribution Point

Select the Cloud Distribution Point and click OK. You can now use Distribution point

Laisser un commentaire

Your email address will not be published.