Site modes are used to configure client-to-server communication. Two site modes are available for Configuration Manager sites: native mode and mixed mode.
Native mode was introduced in Configuration Manager 2007 to provide a higher level of security between clients and servers than mixed mode provides. Mixed mode exists to provide a supported site mode for networking environments without an existing PKI infrastructure and backward compatibility with SMS 2003 clients and sites.
Native mode should be used if you need the highest level of security inConfiguration Manager, or must support Internet-based clients. Before you configure native mode, you must have all of the following configured:
- An existing public key infrastructure
(PKI)
- A site server signing certificate installed
on the site server
- Web certificates on certain site system
roles
- Client authentication certificates on all
Configuration Manager clients, and the management point.
Important |
---|
Native mode secures client-to-server communications only. To protect server-to-server communication, implement IPsec. For more information, see Implementing IPsec in Configuration Manager 2007. To protect site-to-site communication, use secure key exchange between sites. For more information, see How to Require Secure Key Exchange Between Sites. |
Mixed mode should be if any of the following are true:
- The site will support SMS 2003
clients
- The site has a parent site configured for
mixed mode
- You have an existing PKI but have not yet
installed the site server signing certificate on the site
server.
Mixed mode sites cannot use client certificates to authorize clients and so uses a configurable approval setting. For more information, see About Client Approval in Configuration Manager.
In This Section
- Benefits of Using Native Mode
- Describes the benefits of using native mode and compares native mode with mixed mode with regard to the security benefits.
- Prerequisites for Native Mode
- Describes both the external dependencies and dependencies within the product.
- Certificate Requirements for Native Mode
- Lists the certificates required for native mode.
- Client Communication in Mixed Mode and Native Mode
- Describes how the site configuration affects the client-to-server communication, both within its assigned site and when roaming between sites in different modes.
- Configuration Manager Mixed Mode
- Describes Configuration Manager mixed-mode site operations.
- Administrator Workflow: Migrating a Site to Native Mode
- Displays the high-level recommended steps to migrate a Configuration Manager 2007 mixed mode site to native mode.
- Administrator Checklist: Migrating a Site to Native Mode
- Lists the recommended steps required to migrate a Configuration Manager 2007 mixed mode site to native mode.
- Administrator Workflow: Deploying the PKI Requirements for Native Mode
- Displays the high-level recommended steps to deploy the public key infrastructure (PKI) requirements for native mode in Configuration Manager 2007.
- Administrator Checklist: Deploying the PKI Requirements for Native Mode
- Lists the recommended steps required to deploy the public key infrastructure (PKI) requirements before a Configuration Manager 2007 site can operate in native mode.