NEW How to use Internet-based Configuration Manager (IBCM) with multi-site model with clients in multiple AD Domains

[mbeijer]

Hi All

We need to ensure that SCCM clients are receiving updates and Applications/packages while they are not connected to the corporate network, but connected to the internet only.

Fact is, we support multiple customers using 3 SCCM Sites. 1 site for Central Administration (Separate AD Domain) and 2 primary sites of which 1 site for internal use and 1 site for all customers with different AD Domains per customer.

The Site Servers are not bound to 1 AD domain and span AD domains
Example:

• Central Site Server – Site A01 – AD Domain Contoso.local (has PKI Infrastructure)
• Primary Site Server – Site B01 – AD Domain Contoso.local (has PKI Infrastructure)
• Management Point – Site B01 – AD Domain Woodgrove.local (Client Computers) (No PKI)
• Primary Site Server + MP – Site C01 – AD Domain Contoso.local (has PKI Infrastructure)
• Site Server + MP – Site C01 – AD Domain Awesome.local (Client Computers) (has PKI Infrastructure)
• Site Server + MP – Site C01 – AD Domain LitWare.local (Client Computers) (No PKI)
• Site Server + MP – Site C01 – AD Domain Fabrikam.local (Client Computers) (No PKI)

How can we implement IBCM with this configuration?

For IBCM you need a PKI infrastructure which is bound to AD Domain or forest, but we have multiple customer domains of which some do not have a PKI Infrastructure we can use.

The question is: can we use multiple PKI infrastructures for managing certificates for SCCM IBCM in the current configuration and if so, how?