Management Summary for Cloud-Hosted Network Control Hub
The Configuration Manager 1610 release introduces the Cloud Management Gateway (CMG), a cloud-based service that revolutionises the management of internet-based clients. This innovative solution enables Configuration Manager clients to communicate with on-premises infrastructure without the need for complex infrastructure changes such as exposing management points to the internet or setting up VPNs.
Deploying the CMG starts by navigating to Administration -> Overview -> Cloud Services -> Cloud Management Gateway and clicking Create Cloud Management Gateway. The CMG is added as a role called the 'cloud management gateway connector point', which can be managed by going to Administration -> Overview -> Site Configuration -> Server and Site Roles.
To ensure secure communication between clients and the CMG, an SSL server authentication certificate from a public Certification Authority (CA) is installed on the CMG service. Additionally, a client authentication certificate (typically PKI-based) or alternate client authentication methods are required for authentication and securing communication from clients to the CMG.
The Azure subscription is essential for the deployment of CMG as it is hosted as a cloud service in Azure. Proper Azure service permissions are necessary to create and manage cloud resources related to the CMG, and Configuration Manager must be integrated with the Azure subscription for deployment and maintenance of the CMG service.
The CMG supports MP and SUP roles, but it does not support Client Push, OSD or Task Sequences, Wake on LAN, or Peer cache. Each CMG can support up to 4000 clients.
To verify the CMG is functioning correctly, connect one of your clients to an external internet connection and run a Machine Policy Retrieval & Evaluation cycle from the Configuration Manager app. Verify under the Network Tab that you are connected to your Cloud Management Gateway.
The CMG acts as a proxy for internet-based clients to access On-Premises Configuration Manager services or Azure hosted Configuration Manager services. It is a significant step towards a full cloud management solution for Windows 10 devices through Microsoft Intune.
For more help creating certificates or custom settings for the CMG, consult the latest Microsoft Documentation for setting up a Cloud Management Gateway. The setup involves creating a custom Web Service Certificate (SSL Cert), a Client Authentication Certificate, and uploading the Management Certificate to Azure. The client's Root Certificate needs to be exported once the client certificate is on a machine, which will become the Client Root Certificate (CA / PKI Cert).
In summary, the CMG offers a seamless and secure internet-based management solution for Configuration Manager clients without complex on-premises infrastructure exposure. The certificate and Azure requirements ensure secure and reliable cloud communication infrastructure, making remote client management significantly easier compared to traditional methods involving VPNs or DMZs.
Read also:
- Century Lithium Announces Production of Battery-Grade Lithium Metal Anodes from Angel Island Lithium Carbonate
- Differences Among All Electric Vehicles?
- AMD's FSR 4 expands its compatibility thanks to OptiScaler's ability to convert any contemporary upscaler into FSR 4, provided that the game isn't built upon Vulkan or contains anti-cheat software, excluding such titles.
- Benefits, Nutrition, and Applications of Matcha: A Comprehensive Overview
