If all your client computers are on the intranet, you do not need to configure Configuration Manager 2007 for Internet-based client management. However, if you have client computers that are either always or sometimes on the Internet, and you need to manage them when they are not on your intranet, you must determine whether Internet-based client management is a suitable solution for your environment.
You can manage remote computers when they connect to the intranet with a virtual private network (VPN). However, this management method can have a number of disadvantages, such as the additional costs of maintaining this service and the reliance on users to make the additional connection. When determining whether you should use Internet-based client management rather than a virtual private network to manage client computers that are not connected to the intranet, you should consider the advantages and disadvantages of each solution to best meet your business requirements.
The following table outlines the advantages and disadvantages of both management solutions to help you determine whether you should use Internet-based client management to manage remote computers.
Management Solution | Advantage | Disadvantage |
---|---|---|
Configuration Manager with a virtual private network (VPN) |
No change in network infrastructure if this is already in place. All Configuration Manager features are supported, such as software distribution to users and Network Access Protection. Does not require the site to be in native mode, with a supporting public key infrastructure (PKI). |
Costs and overhead of maintaining this additional service. Large volumes of data are transferred, and the data transfer method is not suitable for slow and unreliable connections. Relies on users making the additional connection, which can delay or prevent management tasks such as software deployment and inventory reporting. |
Configuration Manager with Internet-based client management |
No additional service with associated costs and overhead. Less data is transferred, and the data transfer method is more suitable for slow and unreliable networks. Does not rely on users making an additional connection (or even logging on), which can increase the success rate of management tasks. |
Requires changes in the network infrastructure, such as implementing firewalls and placing Configuration Manager site systems in the perimeter network. Requires additional configuration in Configuration Manager, and it could require additional servers. Not all Configuration Manager features are supported. Requires that the site is in native mode, with a PKI support infrastructure. |