24 degrees Posted October 1, 2010 Report post Posted October 1, 2010 I have an internal network and a DMZ. I have a couple of installation plans in mind listed below. I want to use SCCM to keep servers upto date with Windows patches and am particularly interested in using the maintenance windows feature within SCCM. 1) Setup central site server in the internal network to service internal servers and servers in the DMZ. Can you confirm which ports need to open, and will I be able to deploy updates in this manner? 2) Option 2, install a primary child site server in the DMZ, so the DMZ clients communicate with this. The primary child site server will then talk to the Central site server on the internal network and any management can be carried out from the internal network. One snag though, as I understand you cannot install SCCM without AD? If I were to create a NEW domain in the DMZ will the above scenario of Central site server and primary server work? Thanks. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted October 1, 2010 Report post Posted October 1, 2010 Option 1. - Possible, you would need at least port 80/443, 445 and optional 8530/ 8531 (see: http://technet.microsoft.com/en-us/library/bb632618.aspx). Option 2. - Possible, but it indeed needs an AD and you need to open some ports between the Sites (also see the link). Quote Share this post Link to post Share on other sites More sharing options...