The following site system roles in a native mode primary site support Internet-based client management, and they can be located in a different forest than the site server:

If these site systems are located in a perimeter network and the site server is located in the intranet, these site system servers should be configured to accept data retrieval from the site server. In this scenario, the site server initiates a connection to the site systems to retrieve information such as status messages from the site systems. Configuring data retrieval from the site server is a more secure configuration than the default configuration in which site systems initiate connections to the site server.

Only the management point is required for Internet-based client management (for example, to send machine policy and receive client information such as inventory results). The other site system roles are optional for Internet-based client management and depend on the Configuration Manager features you require.

See Also