Request for intelligent MP, SMP and SUP selection based on network location, like current DP selection
This is a DCR requesting that we improve the logic around MP, SMP and SUP selection by clients. Currently, we gather AD Site and IP Subnet details for DPs, store that in DPInfo and include that information in the XML body returned on content lookup requests. Why can we not do this for other server roles so that the client can choose the best server to connect to based on matching AD Site and/or IP Subnet? This would provide a far better solution than having to populate AllowedMPs, too.
Cameron
shared this idea
Admindjam
(Product Director, or Executive, Microsoft Endpoint Configuration Manager)
responded
Boundaries have been rearchitected and improved from 1610, 1702, and now finally 1706 production releases.
7 comments
-
Anonymous
commented
Hello, this is not resolved as of yet on the 1710 and SMP detection.
Please see:
https://social.technet.microsoft.com/Forums/en-US/7bfdd65e-d81f-447c-a132-3df9f2b296c7/client-fails-to-request-user-state-store-no-local-smp-found?forum=configmanagerosd
https://www.windows-noob.com/forums/topic/1916-failure-on-request-state-store/Unless we add the remote MP to the site system for the boundary group with the SMP, OSD fails to detect the SMP as LOCAL. The MP is on another boundary and has nothing do with it.
Another way to override the issue is to remove the Failback boundary groups from the Boundary group in question. -
Anonymous
commented
This is DCR requesting to have the logic to have SUP affinity. If a clients in LAN and you have SUP in DMZ the clients in LAN would not be able to search SUP in DMZ and ONLY point to the SUP in LAN. And same for vice versa.
-
bryan
commented
FWIW: I believe this is a duplicate of this: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8392989-preferred-software-update-points
-
Robert Spinelli
commented
This is really needed in order to support DMZ clients. I know you fixed this for MP's, but this also needs to be fixed for SUP's.
-
Anonymous
commented
I have different zones where clients connect to the network. If the clients do not have the correct security posture, they would be quarantined by the NAC (Network Access Control) solution. Clients will not be able to connect to anything within the network in the mean time. I'll deploy secondary sites to these perimeter zones so that the clients can connect to MP and DP without going in. There is a risk that clients may connect to random SUP and stay stuck in the quarantine zones for a long time until they connect to the SUP in their zone. Basically, I need a preferred SUP configuration, I think.
-
Cameron
commented
-
Michael Kenntenich
commented
I'd like to see "boundary awareness" for SUPs as well as we have it now for DP, MP, and SMP. In some cases clients within a secondary site's boundary fall back to the primary site and cause high network load due to the scan against the WSUS at the Primary Site.