SCCM Child Site Setup

[ibrafe]

Hi

 

we are in the process of redesigning our SCCM infrustructure. The Sys Eng who designed initially left with No Docs. But from the setup this is what I came with.

 

Server1 : Main sever with SQL DB

1. Component server
   
2. device management point
   
3. Fall back Status
   
4. Management point
   
5. reporting point
   
6. server locator
   
7. site server
   
8. site system site DB
   

 

Server 2: DP designed for Labs

1. Component server
   
2. Distribution point
   
3. Multicast Point
   
4. Site System
   
5. SMP
   

Server3: DP designed for Desktop Services

1. Component server
   
2. Distribution point
   
3. Multicast Point
   
4. Site System
   
5. PXE Service
   
6. SMP
   

 

The current setup seems to work but when it came to Software Distribution and OSD. The was no way to segregate who can push what packages. This is an issue as we have have Depts that a have limited SW licenses for their own SW.

 

Upper Management wants to open this up so each Dept that has in house Tech to use SCCM to deploy their own packages but keep them separate each other. Making each group invisible to one another. The Idea of having Child sites was thrown on the table to create room for other Depts to Join in.

 

The design proposal is to decommission Server 2 and bring it up as Child to server 1. Server 3 will stay they way it is to act as a DP for server1.

 

My Question is if we are to bring up Child Sites for other Depts

1. Will they stay invisible to one another?
   
2. What's the minimum components I need to setup on the Child?
   

 

Thanks

[wmmayms]

Child sites will get all packages/collections/advertisements etc from parent site.

They will not see anything from another child site on the same level.

 

How big is this company?

How many diffrent departments do you have that might be intrested in administrating a sccm site?

 

Im not convinced that this is the best solution for you.

[ibrafe]

Child sites will get all packages/collections/advertisements etc from parent site.

They will not see anything from another child site on the same level.

 

How big is this company?

How many diffrent departments do you have that might be intrested in administrating a sccm site?

 

Im not convinced that this is the best solution for you.

 

We have roughly 6000 machines. Over 100 Depts. As of now we have 3 depts using sccm and growing.

 

If the solution above is not the best. How can we make the SW and OSD locked down so that each group can only see what they own? I was able to achieve this on the Collections.

[Eswar Koneti]

make the DP's as protected and assign the boundaries to specific DP who can get the right application.

[ibrafe]

make the DP's as protected and assign the boundaries to specific DP who can get the right application.

 

Very interesting Idea. So if I understand you correctly. If a Tech try's to deploy a packages that does not belong to his DP. The deployment will fail based on the boundaries restriction. But what if the Dept spans across different vlans meshing in with another SCCM users?

[wmmayms]

I change my mind. With that amount of clients and proberbly quite a few vlans it would make sence to setup a multiple site setup.

 

Without knowing to much of your companys infrastructure or wan links i would suggest a central site for handling OSD/Updates/Reporting and all other common stuff.

Then you could setup a child site for every department desiring to administer their site on their own or where wan links are bad.

 

At child site level you can then delegate rights for department administrator to add custom applications or what they might need.