Configuring & implementing Cloud Management Gateway


Hi Team,

I am using SCCM 1910 in my prod infra and have only 1-Primary site server with MP role installed on it.
All my clients are communicating with my Primary Site server using http only.Hence no SCCM certificates.
Due to Covid situation, all my users are working from home and they sometime connects to VPN. Whereas we don’t have machines connected in Hybrid or Azure AD join.

Now my management wants to implement CMG and they have already purchased a tenant in Azure.They are ready to have a 3rd party certificate for CMG server.

1> what is the best method to implement CMG if all my machines are communicating with my Primary Site using HTTP (No HTTPS infra) ?
2>Can Enhance HTTP architecture works for my infra without disturbing the present flow.If Yes then how to implement. ?
3>Can 3rd party certificate for CMG with Internal PKI for clients(both on intranet & on internet) architecture works for my infra ?If yes then how to implement ?.
Also for the above 3rd>question, if that architecture works then do I have to use HTTPS SSL Ceritificates from my Root/CA servers to be get install on all my Intranet machines.

I have watched Rajul’s webinar video on HTMD but not sure the architecture to be follow for my present situation.Hence reaching here for good suggestions.

Kindly help me out.
Thanks & Regards,
Rohit Goud

Answers ( 2 )

  1. No response hence closing the thread

  2. 1. In my opinion, it’s better to use eHTTP … and build new site system sever for all cmg connected components like mp, sup… use allow only internet connect …

    2. yes use the method mentioned above

    3. I would recommend to use 3rd party certs only for CMG clients. I don’t recommend changing intranet clients to https using internal pki at the same time of CMG implementation.

    Once you settle down with cmg implementation try to change if needed the intranet clients to https.

    You need to deploy all the cert chain if you are using internal pki

    Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .