Welcome!

Blog Feed Post

Cloud-Based SCCM Distribution Point? Why yes! – 20 Key Scenarios with Windows Azure Infrastructure Services

Try Windows Azure for FREEWelcome to another main installment of our “20 Key Scenarios with Windows Azure Infrastructure Services”.  For those of you who are just now starting to follow along, make sure to start your FREE TRIAL of Windows Azure, so that you can follow along.

Those of you who are familiar with System Center 2012, and in particular the Configuration Manager component, are already familiar with the concept of Distribution Points.  But for those of you who are new to it, here is a very brief definition that will make it all clear:
Ahem… :  A Distribution Point is a point from which things are distributed.

“Oh yeah, crystal-clear, Kevin.”

You’re welcome.

Get your free evaluation of System Center 2012 HEREIt’s really not complicated (or at least, the idea isn’t complicated).  In a large organization, with centralized IT Management, and perhaps with many locations around the globe, it’s important to be able to define locations from which those far-flung users are getting their software or updates from.  So System Center 2012 Configuration Manager has

But consider this: What if I were able to use Windows Azure – a cloud-based, highly available and globally scalable service - to act as my distribution points? 

“You mean, give immediate, secured, authenticated global reach to your organization’s operating system deployments and software distributions?  That would be amazing, Kevin.”

I knew you’d like it.  This capability is new in System Center 2012 SP1, and was first announced on the System Center Configuration Manager Team Blog here : New Distribution Points in Configuration Manager SP1.

It is further documented at TechNet here: Install Cloud-Based Distribution Points in Windows AzureNOTE: The cloud-based distribution point is going to be used deployments other than Microsoft updates.  Updates are already available “in the cloud” through Microsoft Update, and it’s just as easy to configure your company’s devices to use Microsoft for operating system and application updates.

For the rest of this article, I’ll break the task of installing and testing this into these steps:

  • Install System Center 2012 SP1 Configuration Manager
  • Certificates
  • Create the Distribution Point
  • Considerations for Client Access
  • and we’ll wrap things up with a Summary

Install System Center 2012 SP1 Configuration Manager

To test creating a cloud-based distribution point, I installed the evaluation of System Center 2012 SP1 Configuration Manager on a local virtual machine in my test domain.  My installation was a new Configuration Manager standalone primary site:

Available Setup Options

(Prior to this installation I had installed the evaluation of SQL Server 2012 on the same machine, but I could have used the “typical installation” option to also install SQL Express to use as the local database.  For a good write-up on installing a test machine like this as a Windows Azure Virtual Machine, read THIS EXCELLENT ARTICLE by Keith Mayer.) 

After installing and configuring the prerequisites, I also just took the defaults from that point on.

Certificates

Of course to make an authenticated, secured (SSL) connection between your Configuration Manager installation and your Windows Azure subscription, you’re going to need to generate use a management certificate.  And like most situations where we’re just trying new capabilities out that require certificates, there is a simple way, and there is a recommended-for-production way.  The recommended-for-production way is to use a PKI, and use the templates and certificate types for Server and Client authentication as described in this document:
PKI Certificate Requirements for Configuration Manager

For my purposes, just to get the distribution point created and the trust established between my local Configuration Manager site server and the Azure subscription, I exported both a .CER and a .PFX file from the local machine certificate that was created for my SCCM server and its relationship with SQL Server.  It was already of the proper type (from the proper template), so worked fine for my test.  Here’s how I did that…

Open MMC (On the start screen, type MMC and run MMC.EXE).

On the File Menu, choose Add/Remove Snap-in…  then in the left-hand list, select Certificates, and click Add.

image

When prompted for what your want to manage certificates for, select Computer Account, click Next, and then click Finish.  Click OK to close the Add/Remove Snap-ins form.

Now, in the MMC, navigate to Certificates (Local Computer) –> Personal –> Certificates.  You should find a Server Authentication certificate there with the name of your server in the Issued To column. 

image

We’re going to do two export operations on this certificate; one to get a .cer file that we’ll upload to Windows Azure, and the other to create a password-protected .pfx file that we’ll use to configure the connection from our local Configuration Manager to create the cloud-based distribution point. 

First we’ll export a .cer file:

  1. Right-click on the certificate, select All Tasks –> Export…
  2. On the Certificate Export Wizard welcome page, click Next.
  3. On the Export Private Key page, leave “No, do not export the private key” selected.  Click Next.
  4. On the Export File Format page, leave “DER encoded binary X.509 (.CER)” selected.  Click Next.
  5. On the File to Export page, browse to and select a file system location that you can easily remember and navigate to later; either your desktop or documents folder, and give your file a name.  Make sure it’s saving as a *.cer file. Click Save, then click Next.
  6. On the Completing the File Export Wizard page, click Finish.  Click OK on the resulting “The export was successful.” message.

Now we’ll export a .pfx file:

  1. Right-click on the certificate, select All Tasks –> Export…
  2. On the Certificate Export Wizard welcome page, click Next.
  3. On the Export Private Key page, change the selection to “Yes, export the private key”.  Click Next.
  4. On the Export File Format page, leave “Personal Information Exchange – PKCS #12 (.PFX)” selected.  Click Next.
  5. On the Security page, check the check-box next to Password, and then enter a password in the Password and Confirm password fields.  Click Next.
  6. On the File to Export page, browse to and select a file system location that you can easily remember and navigate to later; either your desktop or documents folder, and give your file a name.  Make sure it’s saving as a *.pfx file. Click Save, then click Next.
  7. On the Completing the File Export Wizard page, click Finish.  Click OK on the resulting “The export was successful.” message.
  8. You can now close the MMC.  We’re done with it.  We have the exports we need.

Upload the .cer file to our Windows Azure subscription.  (If you don’t have one, it’s easy to START A FREE TRIAL HERE.):

  1. Login to your Windows Azure subscription, and at the bottom of the list on the left, select Settings.
  2. At the bottom of the browser window, click the UPLOAD icon.
  3. In the Upload a management certificate form, click Browse for a file, browse for and select the .cer file that you exported earlier, and then click the check-box at the bottom right. 
  4. You will now see a job running message that says “Uploading…” followed shortly by a “Successfully uploaded..” message, and your certificate now shows up in the Management Certificates list.
  5. Before we move over to Configuration Manager, this is a good opportunity to copy and then paste (maybe in Notepad) the value in the SUBSCRIPTION ID column for your certificate.  It is a very long value that we’ll need later when we’re configuring Configuration Manager.

And there you go.  The certificate for our test is in place.  Now we’re ready to create and connect Configuration Manager to a new cloud-based distribution point.

Create the Distribution Point

  1. Open up Configuration Manager.
  2. On the lower-left, click Administration, and then in the section above under Overview, expand Hierarchy Configuration and select Cloud.  (Yes, Cloud!)
  3. Right-Click on Cloud and then click on Create Cloud Distribution Point.
  4. image 
  5. On the Specify details for this cloud service page, this is where we’ll use the copy/pasted Subscription ID we saved, as well as the .pfx file that we exported earlier.  In the Subscription ID: field, pasted the subscription ID you saved.
  6. Next to the Management Certificate field, click Browse.  Navigate to and select the .pfx file that you saved earlier.  After you select it and click Open, you'll be prompted for the password you used to protect it.  Enter the password and click OK.
  7. Click Next.
  8. On the Specify additional details for this distribution point form, note the various regions of the world where you could put your distribution point.  For your Certificate file, click Browse and again navigate to and select your .pfx file, entering the password.  Notice that this also fills in the Service FQDN value that was found in the certificate. Click Next.
  9. On the Configure alerts for this distribution point page, make note of the different alert thresholds that can be set.  We’ll leave the defaults and click Next.
  10. On the Summary page, review the Details, and then click Next
  11. If all goes as it should, you should quickly see a successful completion.  Click Close.

And now you’ll see your new Cloud Distribution Point listed in the main part of the page, that will have a status of Provisioning.  Eventually that status will change to Ready.

image

Go back to your browser and to your Windows Azure administration page.  Navigate to the Cloud Services section on the left.  It will take several minutes but eventually you will see a new cloud service with a long-and-ugly name show up. 

image

Note toward the right that you have a value in the URL column.  That value (which is essentially <your service name>.cloudapp.net) is the DNS name that your clients will use for connecting to the distribution point and getting their software.

Below Cloud Services, find and click on Storage.  Here you’ll see that a new storage account has been created with the same ugly name that the new cloud service has. 

image

As I’m sure you’ve guessed, this is the storage account that will hold all software and other items that you’ve deployed to your distribution point.

And now you’re ready to distribute some software to your new distribution point in the clouds.  Try it out by distributing the Configuration Manager Client Package up to the your distribution point.

  1. In Configuration Manager, click Software Library on the bottom left.  In the section above, under Overview –> Application Management click Packages.
  2. In the details pane, right-click on Configuration Manager Client Package, and select Distribute Content.
  3. image
  4. On the Review selected content page, click Next.
  5. On the Specify the content destination page, click Add.  In the resulting drop-down list, click Distribution Point
  6. In the Add Distribution Points list of available distribution points, check the box next to your cloud-based distribution point.  Click OK, and then click Next.
  7. On the Summary page, click Next.  The distribution should complete successfully, so click Close.

Now let’s see if that package is being distributed. 

  1. In Configuration Manager, on the bottom left, click and open the Monitoring section.  In the section above, under Overview –> Distribution Status click Content Status.
  2. In the details pane, select your Configuration Manager Client Package, and note below that the completion statistics show that the distribution is In Progress.  Eventually that yellow circle will turn to green when the distribution is complete. 

image

Another way to show that you’ve succeeded is to go back to your Windows Azure administration page, click on Storage, click on the your storage account, and select the Containers tab.  You’ll see new containers being created that you can drill-down into and actually see the files and their URLs.

image

Good stuff!

Considerations for Client Access

“So.. is that it?”

Almost, but not quite.  The Planning for Content Management in Configuration Manager document has an important section describing how and when clients will access your cloud based distribution points: Client to Cloud-Based Distribution Point Communication.  Make sure you read and understand the points made there.

Summary

System Center 2012 SP1 Configuration Manager adds the ability to configure and use a Windows Azure-base service to hose a Distribution Point as what is now known as a “Cloud-Based Distribution Point”.  Once certificates are in place, the actual creation of the distribution point in your Windows Azure subscription is fairly straight-forward, and for distributing content, it becomes just another option when choosing where to distribute your deployed applications and packages.

---

What do you think?  Are the wheels turning as you’re now envisioning all of the flexibility that this new capability will give you?  If not, you’d better read this article again.  Smile

Read the original blog entry...

More Stories By Kevin Remde

Kevin is an engaging and highly sought-after speaker and webcaster who has landed several times on Microsoft's top 10 webcast list, and has delivered many top-scoring TechNet events and webcasts. In his past outside of Microsoft, Kevin has held positions such as software engineer, information systems professional, and information systems manager. He loves sharing helpful new solutions and technologies with his IT professional peers.

A prolific blogger, Kevin shares his thoughts, ideas and tips on his “Full of I.T.” blog (http://aka.ms/FullOfIT). He also contributes to and moderates the TechNet Forum IT Manager discussion (http://aka.ms/ITManager), and presents live TechNet Events throughout the central U.S. (http://www.technetevents.com). When he's not busy learning or blogging about new technologies, Kevin enjoys digital photography and videography, and sings in a band. (Q: Midlife crisis? A: More cowbell!) He continues to challenge his TechNet Event audiences to sing Karaoke with him.

Latest Stories
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists discussed...
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
Your clients expect transactions to never fail, cloud access to be fast and always on, and their data to be protected - no exceptions. Hear about how Secure Service Container (SSC), an IBM-exclusive open technology, enables secure building and hosting of next-generation applications, both cloud and on-premises. SSC protects the full stack from external and insider threats, allows automatic encryption of data in-flight and at-rest, and is tamper-resistant during installation and runtime – with no...