This network diagram shows server placement and firewall configuration for the following operational scenario for Internet-based client management in Configuration Manager 2007:
- Scenario 1: A Configuration Manager 2007 site
that does not support intranet clients and spans the perimeter
network and intranet. All the Internet-based site systems are in
the perimeter network, and they accept connections for clients
connecting over the Internet. The site server is in the intranet.
The management point that supports Internet-based clients
communicates directly with the SQL server in the intranet.
If you have a server running the software update point role that needs to synchronize software update metadata with an active software update point in a parent site in the intranet, Configuration Manager synchronizes the software updates metadata with a connection from this server to the active software update point. Most connections will use HTTPS. However, when the software updates metadata has associated license terms (for example, if the software update is a service pack), the connection uses HTTP. To avoid these in-bound connections from the perimeter network to the intranet, use the export and import method of synchronizing the software updates as described in How to Synchronize Updates Using Export and Import.
|For additional information relating to the installation requirements for the site systems, see the section “Installation Requirements for Internet-Based Site Systems” in Ports Used by Configuration Manager.|