In this article by Vangel Krstevski, author of Mastering System Center Configuration manager, we will learn that a cloud distribution point is a fallback distribution point for the Configuration Manager clients and supports most of the content types. To create a cloud distribution point, you need a Windows Azure subscription, a DNS server, and certificates. For your production environment, you can use the Azure pricing calculator to calculate your subscription fee at http://azure.microsoft.com/en-us/pricing/calculator/?scenario=full.
(For more resources related to this topic, see here.)
Starting with System Center Configuration Manager SP1, you can use a Windows Azure cloud service to host a distribution point server. When you deploy a cloud-based distribution point server, you configure the client settings and through them, enable users and devices to access the content. You also have to specify a primary site that will manage the content transfer to the cloud-based distribution point. Additionally, you need to specify the thresholds for the amount of content that you want to store on the distribution point and the amount of content that you want to enable clients to transfer from the distribution point. Based on these thresholds, the Configuration Manager can raise alerts that warn you when the combined amount of content that you have stored on the distribution point is near the specified storage amount, or when the transfer of data by the clients is close to the threshold that you defined.
The following features are supported by both on-premise and cloud-based distribution points:
- The management of cloud-based distribution points individually or as members of distribution point groups
- A cloud-based distribution point can be used as a fallback content location
- You receive support for both intranet- and Internet-based clients
A cloud-based distribution point provides the following additional benefits:
- The content that is sent to the cloud-based distribution point is encrypted by Configuration Manager before the Configuration Manager sends it to Windows Azure
- In Windows Azure, you can manually scale the cloud service to meet the changing demands for content request by clients, without the requirement to install and provision additional distribution points
- The cloud-based distribution point supports the download of content by clients that are configured for Windows BranchCache
A cloud-based distribution point has the following limitations:
- You cannot use a cloud-based distribution point to host software update packages.
- You cannot use a cloud-based distribution point for PXE-enabled or multicast-enabled deployments.
- Clients are not offered a cloud-based distribution point as a content location for a task sequence that is deployed using the Download content locally when needed by running task sequence deployment option. However, task sequences that are deployed using the Download all content locally before starting task sequence deployment option can use a cloud-based distribution point as a valid content location.
- A cloud-based distribution point does not support packages that run from the distribution point. All content must be downloaded by the client and then run locally.
- A cloud-based distribution point does not support the streaming of applications by using Application Virtualization or similar programs.
- Prestaged content is not supported. The primary site Distribution Manager that is used for distribution point management does all the content transfers to the distribution point.
- A cloud-based distribution point cannot be configured as a pull-distribution point.
To configure a cloud-based distribution point, follow these steps:
-
Create a management certificate and install it on the site server. This certificate establishes a trust relationship between the site server and Windows Azure.
-
Create a cloud distribution point service certificate and install it on the site server.
-
Create a Windows Azure subscription and import the previously created management certificate in Windows Azure through the management portal.
-
Install a cloud distribution point role in Configuration Manager.
-
Set up the client settings to allow Configuration Manager clients to use the cloud-based distribution point.
-
Create a record in your DNS with the IP address of the cloud distribution point.
Cloud distribution points – prerequisites
A cloud-based distribution point has the following prerequisites:
- A Windows Azure subscription.
- A self-signed or PKI management certificate for communication between the Configuration Manager primary site server and the Windows Azure Cloud Service.
- A service certificate (PKI) that Configuration Manager clients will use in order to connect to the cloud-based distribution points and also to download content from these distribution points using secure transfer or HTTPS.
- Before users and devices can access the content on a cloud-based distribution point, a device or a user has to receive the client setting for cloud services of Allow access to cloud distribution points set to Yes. By default, this value is set to No.
- A client must be able to resolve the name of the cloud service, which requires a Domain Name System (DNS) alias and CNAME record, in your DNS namespace.
- A client must have Internet access in order to use the cloud-based distribution point.
Creating certificates
Use the following link to create the needed certificates for the Cloud distribution point creation:
http://technet.microsoft.com/en-us/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clouddp2008_cm2012
Importing the certificates in Windows Azure
First, what you need to do is log in to your Windows Azure subscription. To do this, you have to perform the following steps:
-
Go to https://manage.windowsazure.com.
-
After you log in, go to SETTINGS from the menu on the left-hand side, as shown in the following screenshot:
-
Click on MANAGEMENT CERTIFICATES, as shown here:
-
Upload the management certificate that you created for the site server, as shown in the following screenshot:
-
After the import, you will be able to see the certificate in the list of imported MANAGEMENT CERTIFICATES, as shown here:
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
Creating the cloud distribution point
In order to create the cloud distribution point, you have to do the following:
-
Start the System Center Configuration Manager console.
-
Navigate to Administration | Hierarchy Configuration | Cloud Services | Cloud Distribution Points, as shown in the following screenshot:
-
From the ribbon bar, click on Create Cloud Distribution Point.
-
On the General page, you have to enter the Windows Azure subscription ID. You can find your Windows Azure subscription ID in the Settings section of the Windows Azure management portal. Click on Browse… to select the certificate that you created for the site server, as shown here:
-
On the Settings page, select the region, for example, West Europe. Click on Browse… and import the cloud distribution point service certificate, as shown in the next screenshot:
-
On the Alerts page, you can configure the settings about the threshold levels of your cloud distribution point. These levels are important because they can alert you when levels drop below a certain level that you have defined. For the purpose of this project, just click on Next:
-
Review all the settings in the Summary page and click on Next to start the cloud distribution point's installation process.
-
After the Cloud distribution point is created, you will be able to see it in the list of Cloud Distribution Points in the System Center Configuration Manager console, as shown here:
Configuring DNS for the cloud distribution point
For clients to download content from a cloud distribution point, a DNS record must exist for the cloud distribution point's IP address. You can do this by adding a CNAME record in your DNS server that points to the site URL of the Windows Azure Cloud Service. The FQDN of your Windows Azure Cloud Service can be found by proceeding with the following steps:
-
Log in to your Windows Azure subscription.
-
Select Cloud Services from the menu on the left-hand side.
-
From the list of cloud services, click on the service name that represents your cloud distribution point. This will open the cloud service dashboard. The site URL information can be found on the right-hand side of the dashboard, as shown in the following screenshot:
-
Open your DNS server and create the CNAME record. For the alias name, enter CloudDP and for the FQDN of the target host, enter the site URL of your Windows Azure, shown as follows:
Summary
In this article we saw that the main benefit of a cloud distribution point is that it can work as a backup distribution point. We also saw how we can use System Center Configuration Manager 2012 R2 to deliver applications to different mobile device platforms. We also learned how to connect the Configuration Manager to Windows Intune in order to provide mobile device management and application deployment and to ensure secure and managed access to company resources.
Resources for Article:
Further resources on this subject:
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Canary Islands
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand
