InigoMontoya Posted May 27, 2013 Report post Posted May 27, 2013 In my organization, everyone is issued laptops to use as their computer. We have UAG DA, and we want to move it to DirectAccess 2012 - but that is later down the line. If DirectAccess is unavailable for Laptops, then I would like them to still be able to reach the DP, SUP, MP.. etc. Everyone takes their computers home and we all work from where ever we have an internet connection. What would be the best SCCM configuration solution for this environment? Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted May 27, 2013 Report post Posted May 27, 2013 I haven't played with UAG DA but If I remember right both DA and UAG DA should work without any issues with CM12. Quote Share this post Link to post Share on other sites More sharing options...
InigoMontoya Posted May 27, 2013 Report post Posted May 27, 2013 Right, I guess I am more concerned with what would happen if DA wasn't available for clients... Scenario: I have users who regularly connect up to Microsoft's Corporate Network which uses NAP. Those users for whatever reason, aren't up to date and Microsoft won't allow them into the network until they update the latest security patches and endpoint protection definitions. DA is not working on their PCs and when they go to update they cannot reach the SUP back at the office. now, I have endpoint protection set up to fall back to Windows Update after 0 hours if they cannot reach the SUP. BUT, for Windows updates - I would be getting a lot of calls about "not able to get updates on my computer" which, all they would have to do is select - get updates from Microsoft. But, that is a call that can be avoided. I want clients to be able to reach the SUP from the intranet and internet so if DA ever did go down, they wouldn't be without a MP,DP,SUP.. etc. I don't know where to start with this one. I have read about setting up a reverse web proxy with TMG for a SUP that will serve intranet and internet clients, but I don't know what is required for this, or if it is the best practice, and if it is - where do I start? I am looking for resources that I can study up on in order to allow clients to connect over the internet and the intranet. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted May 28, 2013 Report post Posted May 28, 2013 I don’t think you can do anything about DA going down. (Yes, you can look at IBCM but I don’t think that is practical in this situation DA does with IBCM does so….) If they can’t get to your DP, MP, and SUP, there isn’t much you can do to help them. If this become a big issue, I would work on why they are getting out of sync ( or can’t access DA) vs trying to come up with a work around for those that do get out of sync. One suggestion would be to allow one MP, SUP and DP to existing in the unprotected (NAP) network, thereby allowing client to be able to update themselves when they do exist there. Quote Share this post Link to post Share on other sites More sharing options...
