You need to install client/server auth certs on all 3 servers that aren't
part of your domain, install SCOM Agent on all 3, point the Agents to your
Management Group name and Management Server, and use the MOMCertImport.exe
tool included in your OpsMgr install CD under tools folder to import your
certs into SCOM
These steps are listed in this microsoft art:
http://technet.microsoft.com/en-us/library/bb735413.aspx
--
Murad Akram