A branch distribution is intended to allow smaller or distributed offices to host a Microsoft System Center Configuration Manager 2007 distribution point on an existing client computer without requiring a secondary site to be set up. However, they can also be installed in secondary sites.
Branch distribution points provide an option for efficient package distribution to a small office with limited bandwidth. Branch distribution points function much like standard distribution points and can be assigned packages in the same way by using the Configuration Manager console.
A branch distribution point does not function entirely on its own and depends on a standard distribution point from which it receives its content. To function properly, a branch distribution must contact a BITS-enabled standard distribution. This is a distribution point that is configured by using the Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS option. For more information about this configuration, see How to Configure a BITS-Enabled Distribution Point.
If the branch distribution point cannot download content from a standard distribution point, the branch distribution point does not function. The branch distribution point is instructed to download the packages it is assigned by using client policy and then uses standard client components to download the content. This content download does not use senders, which are used only for site-to-site communication.
|If the standard distribution point is configured as a protected site system, ensure that the protected boundaries of the standard site system include the branch distribution point. If the computer running the branch distribution point is excluded from the protected boundaries of the standard distribution point, it cannot install the packages that it needs.|
The following illustration demonstrates a common layout for a branch distribution point, where the branch distribution point could be in the same primary site as the standard distribution point, or in a secondary site:
You can also have multiple branch distribution points in the same location, to help distribute the requests from clients to download package source files. If you protect these branch distribution points with the same protected boundaries, these branch distribution points effectively work as a group.
If you have branch distribution point in the same site as a standard distribution point, by default, clients will always download content from a BITS-enabled standard distribution point rather than the branch distribution point. This is because clients automatically select distribution points that are configured for BITS over distribution points configured for SMB. To ensure that clients prefer the branch distribution point, protect the branch distribution point site system and verify that it is configured with protected boundaries that contain the clients that you want to use for the branch distribution point. Make sure that this boundary is not added to the standard distribution point, if that is also protected. For more information about content location behavior, see Configuration Manager and Content Location (Package Source Files).
Although a branch distribution point functions as a site system role, it is not intended to replace the role of a site server, management point, or software update point. Branch distribution points can be installed in a primary site and in a secondary site, and on either a server-class computer or a workstation-class computer. If you install a branch distribution point on a workstation rather than a server, this operating system has a limitation of 10 concurrent client connections.
When you are using branch distribution points on workstations and a client tries to connect when all 10 current sessions are in use, the client retries the same branch distribution point after 30 seconds. If the client still fails to connect and if the client has other distribution points to try, the client immediately tries the next distribution point in its list. This retry behavior is repeated if the second branch distribution point has also run out of concurrent sessions. The client continues to cycle through its list of available distribution points until it makes a successful connection. If there is only a single branch distribution point in the client’s list, the client twice retries the same branch distribution point every hour. For more information about which distribution points are given to clients and how the client orders them into a list, see Configuration Manager and Content Location (Package Source Files).
This retry behavior when branch distribution points run out of concurrent sessions means that you can scale out branch distribution points in locations where you cannot run a server (for example, for licensing or administration reasons) and have a good end user experience. For example, if you have 15 clients in a location, but you do not know whether they all have to download content at the same time, consider installing two branch distribution points. Because the selection between the two branch distribution points by the client is nondeterministic, the added distribution point provides a built-in element of load balancing. Additionally, if a client selects a branch distribution point that already has the maximum of 10 concurrent sessions, the client automatically tries the other distribution point without a noticeable delay.
|The branch distribution point is the only Configuration Manager site system that can be installed on a workstation-class operating system. If it is installed on Windows Server 2008, it must be the full installation of the operating system and not Server Core.|
Unlike standard distribution points, branch distribution points cannot be placed on server shares. Branch distribution points also have the following requirements:
- The computer is running the Configuration
Manager client and is assigned to the site.
- The computer is not a workgroup client.
- The computer is not running
- The computer is not configured to use an
Internet-based management point.
If any of these conditions are detected by Configuration Manager, the option to enable the branch distribution point will be disabled. For more information about installing a branch distribution point, see How to Deploy a Branch Distribution Point.
If you need help deciding whether to install a branch distribution point or a standard distribution point, see Choose Between a Standard and Branch Distribution Point. You can also convert an existing standard distribution point to a branch distribution point without having to delete the original standard distribution point and redeploy the packages. For more information, see How to Convert a Standard Distribution Point to a Branch Distribution Point.
Branch Distribution points can be distinguished from standard distribution points in the Configuration Manager console by referencing the Type column in the results pane for the selected site system. This column will display Branch or Standard for the ConfigMgr distribution point role, and the ConfigMgr site system role will always display Server, even when it is installed on a workstation computer.
Because branch distribution points use client policy to discover which packages are assigned to them, you might consider creating a collection for branch distribution points so that you can configure a shorter client polling interval for these computers by using the collection specific settings. For more information, see How to Configure the Client Policy Polling Interval for a Specific Collection.
Limited Network Bandwidth
To support possible bandwidth limitations, a branch distribution point can use the Background Intelligent Transfer Service (BITS) to limit network traffic when downloading packages from the standard distribution point. BITS enables administrators to control the transfer rates to the branch distribution point and provides a checkpoint restart of a package download. If a package download is interrupted or the connection is lost because of slow or unreliable network connections, the download can continue from the point of interruption. However, clients should have good network connectivity (fast and reliable) to the branch distribution point because clients always use server message blocks (SMB) and never HTTP or HTTPS connections to download packages from a branch distribution point.
|Even if you install the branch distribution point on a server with IIS installed and enable BITS, clients continue to use SMB to connect to the branch distribution point.|
The configuration for BITS transfers between the branch distribution point and the standard distribution point is sent to the branch distribution point with the computer’s client policy. By default, these settings apply to branch distribution points only but can also be applied to all clients or can be disabled. Settings include throttling windows and maximum transfer rates. Be aware that these settings can be overridden by Group Policy. To configure these settings, select the BITS tab on the Computer Client Agent Properties dialog box. For more information about these settings, see Computer Client Agent: BITS Tab. For more information about the Group Policy options related to BITS, see the information about Background Intelligent Transfer Service Bandwidth Management from the Infrastructure section of Windows XP Service Pack 2 Feature Management Using Group Policy (http://go.microsoft.com/fwlink/?LinkId=124012).
Branch distribution points also provide an option that allows packages to be downloaded to the branch distribution point only after the package has been specifically requested by a client, allowing more efficient bandwidth management. For more information, see About On-Demand Package Distribution.
Administrators also have the option to prestage the package on branch distribution points. When prestaging a package, the administrator manually creates the directory and copies the files to the directory. Prestaging requires more administrative overhead but provides maximum control over bandwidth and timing. For example, an administrator can copy the files from the standard distribution point onto a USB drive, ship the drive to the branch location, and then copy the files onto the branch distribution, incurring no network bandwidth. Prestaging is not available for standard distribution points. For more information, see How to Prestage Packages on a Branch Distribution Point,
Space Considerations on Branch Distribution Points
Branch distribution points can receive copies of large packages from a standard distribution point that can take up large amounts of disk space on the branch distribution point computer. While this might not be a significant problem if the branch distribution point has been placed on a server-class computer dedicated to that purpose, many branch distribution points are placed on personal workstation computers. In this case, it is possible to fill up so much available space with Configuration Manager packages that normal workstation functions become difficult. To avoid this, branch distribution points have a setting to reserve space for the operating system rather than filling up all the available hard disk space. This setting is 50 MB by default, but at least 1 GB is recommended. You can also select a specific partition for the packages.
|Because of the reserved hard disk space, the branch distribution point can report an error condition indicating that it has no hard disk space available when it reaches the configured reserved limit, even though the computer itself has free disk space.|
Just like standard distribution points (and other site systems), Configuration Manager will not install the branch distribution point component files on a drive that contains the file no_sms_on_drive.sms. For more information about the no_sms_on_drive.sms file, see How to Prevent Configuration Manager From Installing Files on a Specific Drive.
Security Concerns with Branch Distribution Points
The branch distribution point should be created on a computer with site system-like physical and network mobility, because it is actually a site system role and part of the site core infrastructure. Because of this, care should be taken to protect the branch distribution point from theft or tampering just as if it were a server. You can use a workstation computer as a branch distribution point, but allowing physical access to this computer might allow an attacker to compromise the content stored on the branch distribution point. If the program is downloaded before running, tampering will cause the signature check to fail and the client will discard the package. However, if the program is run from the distribution point, no package validation occurs and the client could run a modified package.
Additionally, site reassignment, client deinstallation, and roaming should not be common scenarios for a branch distribution point. When one of these scenarios in necessary, you should follow the guidelines to remove the branch distribution point role from the client first and then proceed with the other operations. For more information about removing branch distribution points, see How to Remove a Branch Distribution Point.
Because clients always connect to branch distribution points by using server message blocks (SMB), this client-to-site system communication cannot be secured by using native mode operation. However, because the branch distribution point is also a client, the branch distribution point communication to the standard distribution point will use native mode communication. For more information, see Client Communication in Mixed Mode and Native Mode and Benefits of Using Native Mode.
Although convenient for distributed offices, branch distribution points, like standard distribution points, require formal planning, deployment, change control, and monitoring processes.
Availability of Branch Distribution Points
If a branch distribution point is configured on a client workstation, you must educate whoever logs on to the workstation not to shut down or restart the computer when it might be needed by other users in the office.
If a branch distribution point is in a sleep state, clients do not send wake-up packets to the branch distribution point, so they will not be able to retrieve packages from the branch distribution point until it is online again.
Branch Distribution Points and Internet-Based Clients
Do not create branch distribution points on Internet-based clients. This combination is not supported by Configuration Manager and will be blocked. Because clients use SMB connections to branch distribution points, branch distribution points cannot accept client connections from the Internet.
Distribution Points and Configuration Manager 2007 R2 Features
Standard distribution points and branch distribution points support streaming virtual application packages. For more information, see About Virtual Application Packages.
Standard distribution points that are configured as server site systems support multicast for the operating system deployment feature. Branch distribution points and standard distribution points that are configured as server share site systems do not support multicast. For more information about multicast, see About Multicast for Operating System Deployment.