Blog Feed Post

Cloud-Based SCCM Distribution Point? Why yes! – 20 Key Scenarios with Windows Azure Infrastructure Services

Try Windows Azure for FREEWelcome to another main installment of our “20 Key Scenarios with Windows Azure Infrastructure Services”.  For those of you who are just now starting to follow along, make sure to start your FREE TRIAL of Windows Azure, so that you can follow along.

Those of you who are familiar with System Center 2012, and in particular the Configuration Manager component, are already familiar with the concept of Distribution Points.  But for those of you who are new to it, here is a very brief definition that will make it all clear:
Ahem… :  A Distribution Point is a point from which things are distributed.

“Oh yeah, crystal-clear, Kevin.”

You’re welcome.

Get your free evaluation of System Center 2012 HEREIt’s really not complicated (or at least, the idea isn’t complicated).  In a large organization, with centralized IT Management, and perhaps with many locations around the globe, it’s important to be able to define locations from which those far-flung users are getting their software or updates from.  So System Center 2012 Configuration Manager has

But consider this: What if I were able to use Windows Azure – a cloud-based, highly available and globally scalable service - to act as my distribution points? 

“You mean, give immediate, secured, authenticated global reach to your organization’s operating system deployments and software distributions?  That would be amazing, Kevin.”

I knew you’d like it.  This capability is new in System Center 2012 SP1, and was first announced on the System Center Configuration Manager Team Blog here : New Distribution Points in Configuration Manager SP1.

It is further documented at TechNet here: Install Cloud-Based Distribution Points in Windows AzureNOTE: The cloud-based distribution point is going to be used deployments other than Microsoft updates.  Updates are already available “in the cloud” through Microsoft Update, and it’s just as easy to configure your company’s devices to use Microsoft for operating system and application updates.

For the rest of this article, I’ll break the task of installing and testing this into these steps:

  • Install System Center 2012 SP1 Configuration Manager
  • Certificates
  • Create the Distribution Point
  • Considerations for Client Access
  • and we’ll wrap things up with a Summary

Install System Center 2012 SP1 Configuration Manager

To test creating a cloud-based distribution point, I installed the evaluation of System Center 2012 SP1 Configuration Manager on a local virtual machine in my test domain.  My installation was a new Configuration Manager standalone primary site:

Available Setup Options

(Prior to this installation I had installed the evaluation of SQL Server 2012 on the same machine, but I could have used the “typical installation” option to also install SQL Express to use as the local database.  For a good write-up on installing a test machine like this as a Windows Azure Virtual Machine, read THIS EXCELLENT ARTICLE by Keith Mayer.) 

After installing and configuring the prerequisites, I also just took the defaults from that point on.


Of course to make an authenticated, secured (SSL) connection between your Configuration Manager installation and your Windows Azure subscription, you’re going to need to generate use a management certificate.  And like most situations where we’re just trying new capabilities out that require certificates, there is a simple way, and there is a recommended-for-production way.  The recommended-for-production way is to use a PKI, and use the templates and certificate types for Server and Client authentication as described in this document:
PKI Certificate Requirements for Configuration Manager

For my purposes, just to get the distribution point created and the trust established between my local Configuration Manager site server and the Azure subscription, I exported both a .CER and a .PFX file from the local machine certificate that was created for my SCCM server and its relationship with SQL Server.  It was already of the proper type (from the proper template), so worked fine for my test.  Here’s how I did that…

Open MMC (On the start screen, type MMC and run MMC.EXE).

On the File Menu, choose Add/Remove Snap-in…  then in the left-hand list, select Certificates, and click Add.


When prompted for what your want to manage certificates for, select Computer Account, click Next, and then click Finish.  Click OK to close the Add/Remove Snap-ins form.

Now, in the MMC, navigate to Certificates (Local Computer) –> Personal –> Certificates.  You should find a Server Authentication certificate there with the name of your server in the Issued To column. 


We’re going to do two export operations on this certificate; one to get a .cer file that we’ll upload to Windows Azure, and the other to create a password-protected .pfx file that we’ll use to configure the connection from our local Configuration Manager to create the cloud-based distribution point. 

First we’ll export a .cer file:

  1. Right-click on the certificate, select All Tasks –> Export…
  2. On the Certificate Export Wizard welcome page, click Next.
  3. On the Export Private Key page, leave “No, do not export the private key” selected.  Click Next.
  4. On the Export File Format page, leave “DER encoded binary X.509 (.CER)” selected.  Click Next.
  5. On the File to Export page, browse to and select a file system location that you can easily remember and navigate to later; either your desktop or documents folder, and give your file a name.  Make sure it’s saving as a *.cer file. Click Save, then click Next.
  6. On the Completing the File Export Wizard page, click Finish.  Click OK on the resulting “The export was successful.” message.

Now we’ll export a .pfx file:

  1. Right-click on the certificate, select All Tasks –> Export…
  2. On the Certificate Export Wizard welcome page, click Next.
  3. On the Export Private Key page, change the selection to “Yes, export the private key”.  Click Next.
  4. On the Export File Format page, leave “Personal Information Exchange – PKCS #12 (.PFX)” selected.  Click Next.
  5. On the Security page, check the check-box next to Password, and then enter a password in the Password and Confirm password fields.  Click Next.
  6. On the File to Export page, browse to and select a file system location that you can easily remember and navigate to later; either your desktop or documents folder, and give your file a name.  Make sure it’s saving as a *.pfx file. Click Save, then click Next.
  7. On the Completing the File Export Wizard page, click Finish.  Click OK on the resulting “The export was successful.” message.
  8. You can now close the MMC.  We’re done with it.  We have the exports we need.

Upload the .cer file to our Windows Azure subscription.  (If you don’t have one, it’s easy to START A FREE TRIAL HERE.):

  1. Login to your Windows Azure subscription, and at the bottom of the list on the left, select Settings.
  2. At the bottom of the browser window, click the UPLOAD icon.
  3. In the Upload a management certificate form, click Browse for a file, browse for and select the .cer file that you exported earlier, and then click the check-box at the bottom right. 
  4. You will now see a job running message that says “Uploading…” followed shortly by a “Successfully uploaded..” message, and your certificate now shows up in the Management Certificates list.
  5. Before we move over to Configuration Manager, this is a good opportunity to copy and then paste (maybe in Notepad) the value in the SUBSCRIPTION ID column for your certificate.  It is a very long value that we’ll need later when we’re configuring Configuration Manager.

And there you go.  The certificate for our test is in place.  Now we’re ready to create and connect Configuration Manager to a new cloud-based distribution point.

Create the Distribution Point

  1. Open up Configuration Manager.
  2. On the lower-left, click Administration, and then in the section above under Overview, expand Hierarchy Configuration and select Cloud.  (Yes, Cloud!)
  3. Right-Click on Cloud and then click on Create Cloud Distribution Point.
  4. image 
  5. On the Specify details for this cloud service page, this is where we’ll use the copy/pasted Subscription ID we saved, as well as the .pfx file that we exported earlier.  In the Subscription ID: field, pasted the subscription ID you saved.
  6. Next to the Management Certificate field, click Browse.  Navigate to and select the .pfx file that you saved earlier.  After you select it and click Open, you'll be prompted for the password you used to protect it.  Enter the password and click OK.
  7. Click Next.
  8. On the Specify additional details for this distribution point form, note the various regions of the world where you could put your distribution point.  For your Certificate file, click Browse and again navigate to and select your .pfx file, entering the password.  Notice that this also fills in the Service FQDN value that was found in the certificate. Click Next.
  9. On the Configure alerts for this distribution point page, make note of the different alert thresholds that can be set.  We’ll leave the defaults and click Next.
  10. On the Summary page, review the Details, and then click Next
  11. If all goes as it should, you should quickly see a successful completion.  Click Close.

And now you’ll see your new Cloud Distribution Point listed in the main part of the page, that will have a status of Provisioning.  Eventually that status will change to Ready.


Go back to your browser and to your Windows Azure administration page.  Navigate to the Cloud Services section on the left.  It will take several minutes but eventually you will see a new cloud service with a long-and-ugly name show up. 


Note toward the right that you have a value in the URL column.  That value (which is essentially <your service name>.cloudapp.net) is the DNS name that your clients will use for connecting to the distribution point and getting their software.

Below Cloud Services, find and click on Storage.  Here you’ll see that a new storage account has been created with the same ugly name that the new cloud service has. 


As I’m sure you’ve guessed, this is the storage account that will hold all software and other items that you’ve deployed to your distribution point.

And now you’re ready to distribute some software to your new distribution point in the clouds.  Try it out by distributing the Configuration Manager Client Package up to the your distribution point.

  1. In Configuration Manager, click Software Library on the bottom left.  In the section above, under Overview –> Application Management click Packages.
  2. In the details pane, right-click on Configuration Manager Client Package, and select Distribute Content.
  3. image
  4. On the Review selected content page, click Next.
  5. On the Specify the content destination page, click Add.  In the resulting drop-down list, click Distribution Point
  6. In the Add Distribution Points list of available distribution points, check the box next to your cloud-based distribution point.  Click OK, and then click Next.
  7. On the Summary page, click Next.  The distribution should complete successfully, so click Close.

Now let’s see if that package is being distributed. 

  1. In Configuration Manager, on the bottom left, click and open the Monitoring section.  In the section above, under Overview –> Distribution Status click Content Status.
  2. In the details pane, select your Configuration Manager Client Package, and note below that the completion statistics show that the distribution is In Progress.  Eventually that yellow circle will turn to green when the distribution is complete. 


Another way to show that you’ve succeeded is to go back to your Windows Azure administration page, click on Storage, click on the your storage account, and select the Containers tab.  You’ll see new containers being created that you can drill-down into and actually see the files and their URLs.


Good stuff!

Considerations for Client Access

“So.. is that it?”

Almost, but not quite.  The Planning for Content Management in Configuration Manager document has an important section describing how and when clients will access your cloud based distribution points: Client to Cloud-Based Distribution Point Communication.  Make sure you read and understand the points made there.


System Center 2012 SP1 Configuration Manager adds the ability to configure and use a Windows Azure-base service to hose a Distribution Point as what is now known as a “Cloud-Based Distribution Point”.  Once certificates are in place, the actual creation of the distribution point in your Windows Azure subscription is fairly straight-forward, and for distributing content, it becomes just another option when choosing where to distribute your deployed applications and packages.


What do you think?  Are the wheels turning as you’re now envisioning all of the flexibility that this new capability will give you?  If not, you’d better read this article again.  Smile

Read the original blog entry...

More Stories By Kevin Remde

Kevin is an engaging and highly sought-after speaker and webcaster who has landed several times on Microsoft's top 10 webcast list, and has delivered many top-scoring TechNet events and webcasts. In his past outside of Microsoft, Kevin has held positions such as software engineer, information systems professional, and information systems manager. He loves sharing helpful new solutions and technologies with his IT professional peers.

A prolific blogger, Kevin shares his thoughts, ideas and tips on his “Full of I.T.” blog (http://aka.ms/FullOfIT). He also contributes to and moderates the TechNet Forum IT Manager discussion (http://aka.ms/ITManager), and presents live TechNet Events throughout the central U.S. (http://www.technetevents.com). When he's not busy learning or blogging about new technologies, Kevin enjoys digital photography and videography, and sings in a band. (Q: Midlife crisis? A: More cowbell!) He continues to challenge his TechNet Event audiences to sing Karaoke with him.

Latest Stories
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
"NetApp is known as a data management leader but we do a lot more than just data management on-prem with the data centers of our customers. We're also big in the hybrid cloud," explained Wes Talbert, Principal Architect at NetApp, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they responded to were some very unique security capabilities that we have," explained Mark Figley, Director of LinuxONE Offerings at IBM, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
I love the beginning of the year. It is always enjoyable to see people's predictions for trends in the coming year. Publications like Fortune, CNN Money, Washington Post and the Atlantic speculate about what gadgets and technologies are going to take off in popularity this year, psychics predict which celebrities will have babies and fall in love, and I start to think about trends like DevOps and where the software delivery industry is headed next.CollabNet, Eric Robertson, predicted.
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...