Internet Based Client Management Steps
Question
I want to setup IBCM setup in our environment.
What are the exact prerequisite required.[For internally we have created All required certificate but for Internet clients company is going to purchased third party internet certificate] – Can we use internal client authentication certificate for internet client or the purchased internet certificate need to be used on internet clients.
Which certificates [Like IIS,DP or client] need to be import on secondary server ?
Which ports required from SCCM server to IBCM [DMZ], IBCM [DMZ] to SCCM primary Server, IBCM [DMZ] to internet client and Internet client to IBCM [DMZ] ?
Can we use WSUS and SUP as standalone on SCCM secondary server instead of using downstream server with primary server ?
Answers ( 4 )
Need clearity What if internet certificate is for ibcm server then how we can apply for the same on IBCM server
It can’t be clear than this https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/plan-internet-based-client-management
Server side and client side certs are required
as well as the cert chain is required
root cert
intermeidiate cert
etc
for certificate specific question:
Its not recommended to purchase third party certificate for all internet clients. It will be a hell job to manage those certificates ( Intsalling & renewing it after the 1 year/2Year validity period)
Better to use Internal PKI workstation certificates on client machines.
It’s all documented – https://www.anoopcnair.com/sccm-cb-firewall-ports-communication-details-and-download-the-spreadsheet/
MP/DP/ – 443?
SUP – 443/8531?