Using IPsec to Secure an Internet-based Child Primary Site

Published 19 February 09 05:14 PM | rodtrent

 

 

Feed: The Configuration Manager Support Team Blog
Posted on: Thursday, February 19, 2009 9:10 AM
Author: jchornbe
Subject: Using IPsec to Secure an Internet-based Child Primary Site

imageOver on the Configuration Manager Team Blog Carol Bailey has another fantastic post, this one covering how to using IPsec to secure an Internet-based child primary site.  If you've ever wanted to do this then head on over and follow along as she shows you how:

 At first glance, dedicating a whole primary site to running Internet-based client management can seem very attractive when you're deciding on site and server placement in your Configuration Manager hierarchy.  Then one look at the Network Diagram for Internet-Based Servers - Scenario 2 with Child Site and you realize that this means two-way SMB traffic, which is not going to fly with your firewall admins or your security folks (and quite rightly so!).  However, think again because this configuration might work well with a simple IPsec policy between the site server in the perimeter network, and the site server in the parent site (often the central site). Because you have to run native mode in both sites, both sites are already using PKI.  You can take advantage of this and deploy additional certificates on the site servers to support IPsec, and then create IPsec policies that use certificate authentication.

To continue reading visit http://blogs.technet.com/configmgrteam/archive/2009/02/18/using-ipsec-to-secure-an-internet-based-child-primary-site.aspx

J.C. Hornbeck | Manageability Knowledge Engineer


View article...

Published with BlogMailr

Comments

No Comments

This Blog

News

    Ni Hao! Wo shi Rod.



    The Bruce Campbell Fan Store



    Proud member of the myITforum Network



Community

Things I've done

myITforum.com

Things I do

Blog Roll

Syndication