--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"rykkim" <ryk...@discussions.microsoft.com> wrote in message
news:7E6D0ED0-37D4-4587...@microsoft.com...
Kim Oppalfens
In article <D0AC25DF-AA7D-4EAE...@microsoft.com>,
ryk...@discussions.microsoft.com says...
--
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default
.mspx
"Kim Oppalfens" wrote:
> ..mspx
>
This should accomplish everything you want to do, you can still have
them receive packages when they are remote, and you can specify to
download & execute.
Kim oppalfens
In article <4A7E03CC-9D81-4417...@microsoft.com>,
ryk...@discussions.microsoft.com says...
.mspx
"Kim Oppalfens" wrote:
> ..mspx
>
Then, in SMS, specify both AD sites as roaming boundaries.
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"rykkim" <ryk...@discussions.microsoft.com> wrote in message
news:EAB7DD3A-31D1-49CF...@microsoft.com...
I understand that Roaming Boundaries are for when you have advance clients
Site Boundaries are for Legacy clients.
So in practice, I only need to define the Roaming Boundaries using AD site
names
and don't need to have the same sites on the Site Boundaries tab right ?
for example, I have 4 Primary Site Servers as follows :
CU0 - Primary Central Site In Florida
the central site has the following AD Sites configured in site
boundaries and roaming boundaris : Florida, New York, New Jersey
CU1 - Primary Site In Illinois
Chicago, Nevada, Utah
CU2 - Primary Site In California
San Diego, Los Angeles, Seattle
CU3 - Primary Site Hiwaii
Kona, Oahou
or assining sites: the following AD Sites configured in site boundaries and
roaming boundaris.
Others have told me I just need them on the Site Boundaries, some other guys
told me to leave them on the Roaming Boundaries.. so I am more confuse as
some of the books seem to say the same thing.
If machines roam around from say site CU0 to CU1 etc, do I also put the AD
Sites from CU1 into CU0, or does SMS figure out that the sites in CU1 if not
connected and assigned to the site code for the site go and pick up the
distributions from another site ?
Were should the AD sites or IP Ranges sit ? Site Boundaries or Romaing
boundaries or both, it seems like when I put it only on the Roaming
boundaries the site code assignments dissapears.
Any help you can provide will be most help full, I this is driving me nuts
When a client goes into a roaming boundary, it will get packages from a DP
whose site has that roaming boundary listed.
So, in your case, clients who are assigned to CU0 normally get packages from
CU0's DPs. If they roam to Nevada AD site, they should now get the DP's
from CU1.
If you added Nevada as a roaming bouandary to CU0, then all clients in
Nevada would get their packages from EITHER CU0 or CU1's distribution
points. NOT GOOD!
So, to make it simple, make sure that the site boundaries contain only the
AD sites that you want serviced by that site's distribution points. Then,
enable the checkbox on the roaming boundaries tab that says "Include site
boundaries within the local roaming boundaries of this site". That way, SMS
picks up your site boundaries and uses them for advanced clients too.
Also, you might want to check out the following resources. They can help
clarify this and more:
Roaming Animated Demo:
http://www.microsoft.com/smserver/techinfo/productdoc/media/acr.htm
Roaming Whitepaper:
http://www.microsoft.com/downloads/details.aspx?FamilyID=37ac2246-453a-4418-b026-f7140a6fce3c&DisplayLang=en
Let us know how it goes.
Dave Randall
SMS Team
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:EB58DC62-F7E4-4E7A...@microsoft.com...
To bug you for a minute, was just told to setup 5 VPN Clients ip ranges for
users who will be loging in either via 56K modems who are on the road or
cable, would these go in the Roaming Boundary as a remote roaming boundary
or local remote boundary in the Roaming Boundary or should it go on the Site
Boundaries tab ?
Thanks, I think I am finally getting this down but any help will keep me from
going spasticcc.. :)
Laslo
--------------
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:EB58DC62-F7E4-4E7A...@microsoft.com...
I'm going to assume Advanced Clients because there are some ways you can
tweak the Legacy Client to make sure it won't be uninstalling every day or
so, but that doesn't really help much for installing clients across that
modem when they are on the road.
If they are in fact Advanced Clients, think about your largest package that
you will be pushing. Do you want a way to make them not install that large
package when they are dialed in? Or a way to make it install differently
(maybe download and execute when they are dialed in vs. run from server when
they are in the office?) If so, designate the ranges as remote roaming
boundaries. If you don't care, just leave them as local roaming boundaries.
--
Cathy Moya, MCSE: Security, MCT
Technical Writer, Enterprise Management Content Group
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
This posting is provided AS IS with no warranties and confers no rights.
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:739CB5DF-A9F1-4F92...@microsoft.com...
They will all be Advance Clients, the big issue is we have about 2000 users
who dial in and are Road Warriors, always on the road, some do connect via
Cable in hotels, but 'most' dial up from customer sites at 56K.
So just to clarify - Advance Client over 56k modems using vpn will go on the
Roaming Boundaries as remote roaming boundaries right ?
Thanks for the clarification,
Laslo
Also, when you set up your advertisements, make sure to change the settings
on the Advanced Client tab. You'll probably want to set the "when no
distribution point is available locally" setting to: Download program from a
remote distribution point.
That will enable the BITS transfer of data down to the client, and when the
entire package has finally downloaded (even if the person dropped their VPN
connection in the middle of download), it will run from their hard drive.
Dave
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:0F84D3A8-D7CF-4A25...@microsoft.com...
Thanks for the clarification and outstanding definition of the issue.
Very interesting seeing as I've never posted on this topic. Oh well bit of
hiccup somewhere in the system then.
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:5C2927A7-567D-40C6...@microsoft.com...
Got a question though, as I am still confused on Remote Roaming Boundaries.
A company has VPN/Dial Up clients, and that site is defined as an AD site
There is no SMS site for that AD site
The company wants clients to receive software distributions from their
assigned MP and DPs.
Would the answer be No Remote Roaming Boundaries?
And
A company has VPN/Dial Up clients, and that site is defined as an AD site
There is a SMS site and DPs for that AD site
The company wants clients to run software distributions from the DPs local
to the SMS Site.
Would the answer be no Remote Roaming Boundaries?
I guess the main question is: Under what scenarios would you use remote
roaming boundaries?
BDerr
"LasvegasOps" <Lasve...@discussions.microsoft.com> wrote in message
news:A4308126-9827-4563...@microsoft.com...
So let's look at your first scenario. Let's say I have my AD site Redmond. I
have SMS but I haven't included the Redmond site nor any of its IP addresses
in any SMS site or roaming boundaries. This is covered in the Most Excellent
whitepaper on roaming that is on microsoft.com. It says:
"Roaming Outside the SMS Site Hierarchy
In the event that a client computer roams to a network location that is not
in the boundary list for any SMS site, it will not be able to find a
resident or proxy management point and will revert to its assigned
management point. Any distribution points returned for a content location
request will always be the assigned site distribution points and will be
considered remote. In this situation, all packages will be distributed
according to the settings under When no distribution point is available
locally for each advertisement. This is also called a fallback scenario, or
fallback state."
Now, think about deploying something big like Office. The Advanced Clients
in your Redmond site would fallback to wherever your SMS site is, but since
they are remote, you can configure the advertisement NOT to install office
(or to download and execute). If they happen to travel to the SMS site, they
would be connected locally to the distribution point and could process the
advertisement differently.
So far, so good?
Let's look at your second scenario. Now they have an AD site named Redmond,
and they also have an SMS site SEA with DP1 an DP2 as the distribution
points. You say they have VPN/Dial up clients, but I'm assuming only some of
the client computers are connecting remotely and then only some of the time.
For example, let's say they have a mobile sales force that comes into the
office every week or two for meetings but otherwise they are home-based or
on the road. In that case, you would want to configure the VPN or Dial Up
subnets and/or address ranges as remote, but leave all the other subnets,
the ones for the clients plugged into the LAN, as local roaming boundaries.
Then when they come into the office, they can run that whole Office package
from the distribution point (if you like) but when they dial in, they won't
get it at all (if you like.)
Does that make sense? If you haven't read that roaming whitepaper, please do
so. It's really good. (No, I didn't write it but I know the folks who did
and they put a lot of effort into that). Get it here:
Hope that helps
--
Cathy Moya, MCSE: Security, MCT
Technical Writer, Enterprise Management Content Group
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
This posting is provided AS IS with no warranties and confers no rights.
"BDerr" <bd...@nospam.com> wrote in message
news:expYZ0%23pEH...@tk2msftngp13.phx.gbl...
Anyway, last questions:
I would "typically" use Remote Roaming boundaries if I wanted to include a
site (branch office) that had a slow link to the site where the DPs sit, if
there was no DP out there. That way, all clients in that location would use
whatever I specified in the package for remote clients (Download and
Execute, run from DP, do not run package).
If I put a DP out there, I would use a protected DPs in the site to keep
clients from accessing DPs across the slow link (both ways).
Now, if I had a SMS site that had DPs close to the Dialup\VPN clients, I
could choose to either make those Dialup/VPN clients remote roaming, or
local roaming boundaries, depending on what I was going to distribute to
those clients. The advantage with making them remote roaming is that I
could use different settings for advertisements than the clients in the
local roaming boundaries (local vs. remote).
When a client roams, the client will query AD, find the resident MP if one
exists, and query that MP for DPs that have the package content that the
client needs to run. It still goes back to the assigned MP to get policy
info, and submit inventory, status, etc. I understand the MP usage, I was
just confused on the remote roaming boundary information.
Thanks again.
BDerr
"Cathy Moya [MS]" <cam...@online.microsoft.com> wrote in message
news:%236JTpj$pEHA...@TK2MSFTNGP14.phx.gbl...
"BDerr" <bd...@nospam.com> wrote in message
news:eH8NDRNq...@TK2MSFTNGP12.phx.gbl...
> I think I almost have it. I've read through the whitepaper several times
> before I posted, but was still confused.
***OK, fair enough. If you can give us specific feedback about things we
could change in the whitepaper to make it less confusing, please email us at
sms...@microsoft.com.
> Anyway, last questions:
>
> I would "typically" use Remote Roaming boundaries if I wanted to include a
> site (branch office) that had a slow link to the site where the DPs sit,
if
> there was no DP out there. That way, all clients in that location would
use
> whatever I specified in the package for remote clients (Download and
> Execute, run from DP, do not run package).
***Yes, exactly.
> If I put a DP out there, I would use a protected DPs in the site to keep
> clients from accessing DPs across the slow link (both ways).
***Just to clarify, if you protect the DP in RemoteSite1 but do not protect
the DP in MainSite1, Advanced Clients in RS1 could still use the DP in MS1.
Protecting the DP in RS1 just means no one outside RS1 can use that DP. When
you say "both ways", I'm not sure if you mean protecting the DP in RS1 AND
the DP in MS1, but that is what it would take to make them stay in their own
sites. The downside of doing this is, you lose fault tolerance. If the DP in
RS1 goes down, and all of the DPs at MS1, RS2, RS3 are all protected, there
is no where else for clients to go. But it's a valid design choice, if you
understand the implications.
> Now, if I had a SMS site that had DPs close to the Dialup\VPN clients, I
> could choose to either make those Dialup/VPN clients remote roaming, or
> local roaming boundaries, depending on what I was going to distribute to
> those clients. The advantage with making them remote roaming is that I
> could use different settings for advertisements than the clients in the
> local roaming boundaries (local vs. remote).
***Yes, you have the advantage part right. Now, some other things: You might
not need to "make them" local roaming boundaries. If you already set those
boundaries as site boundaries, the default is to make all site boundaries
local roaming boundaries and no further action is required. If you did not
make them site boundaries, then yes, you could make them local roaming
boundaries or in any case you could make them remote roaming boundaries.
Remote is recommended in this case because even if they have DSL at home,
that client really isn't very close to the DP. Maybe if they have T1 to
their home, yeah, that's a fat enough pipe. Of course another common
scenario is they have DSL, but then at home they connect to the DSL over
wireless. That's how I do it and it would be painful to receive a big
package over my DLS trickled down to my often very slow wireless connection.
> When a client roams, the client will query AD, find the resident MP if one
> exists, and query that MP for DPs that have the package content that the
> client needs to run. It still goes back to the assigned MP to get policy
> info, and submit inventory, status, etc. I understand the MP usage, I was
> just confused on the remote roaming boundary information.
***Yup. The remote roaming boundary has no impact whatsoever on how the
Advanced Client finds the MP or what type of information it gets from
resident or assigned MPs. The remote roaming boundary ONLY affects how it
processes a package from a distribution point.
> Thanks again.
You're welcome!