CAS with two primaries?

[Kevin79]

Question for all of you guru's. I have two IT departments that are from two old, separate companies. The IT departments work separately and manage many locations. There is a history between the two departments and we don't really get a long very well. (Yes, I know. Grow up and work together but I don't see that happening any time soon).

 

Anyhow, we have SCCM up and running now with 1 primary and multiple DP's and secondary sites. We also use SCEP for antivirus. SCCM is 2012 SP1. They now want to start using SCCM to manage their software packages while keeping their current antivirus (Symantec). Would it be best to create a CAS and make my primary part of it and then setup their primary under the CAS or create a primary for them and keep the two completely separate? If I do a CAS, what can they change on our servers and what can we change on theirs? How would SCCM handle laptops that go between their site and ours?

 

In general, what is the best way to do this and what are the 'gotcha's'?

[GarthMJ]

How many user do you have?

Is reason why you can’t use RBA for this?

Remember that a CAS will not prevent Admin from deploying SW to the other company.

[Kevin79]

There is about 2500 clients total. We don't manage users with SCCM yet, but there are less then 3500 users.

[GarthMJ]

I wouldn’t put up a CAS, I would have a single primary and maybe a secondary or two. It would really depend on what the network look like.

[Kevin79]

Ok. I don't think a secondary site will fly though... I'm sure the other IT department will not want to be a child off of our site.

[GarthMJ]

That is a political reason not a technical reason, however since you will have a CAS and the best practices if for them to do their management from the CAS only. How will this be any different then having just a single primary?

 

By removing the CAS, you are reducing the complexity of your environment and save the HW cost too.

[Kevin79]

With a CAS, will they still need to transfer their packages over the WAN to the CAS server when they create new packages?

[GarthMJ]

Data is shared between all Primary sites. This mean that all packages details will be replicated between all sites. The same thing with adverts, etc.

 

So if the admin create a package and send it out to All Systems, Then everyone at every site will cross the wan to get the content from their site, this assume that their DP is the only one that has the source files.

 

Remember that a CAS is not a security / package / advert (etc) boundary.

[Kevin79]

Assuming we decide to go with two completely separate systems, how do I configure the boundaries and such so that there won't be a conflict? Is there a way to have it so that clients that come to the US won't be managed by the US system even though it is in the boundary?