I didn't knew it until now! System Center Essentials SP1 is capable, just like scom, to monitor workgroup or DMZ computers!
SP1 introduces certificate-based
authentication for scenarios where Active Directory and Kerberos
authentication is not available. This requires both the Essentials
Server and the agent-managed computer have a X.509 digital certificate
installed. The digital certificate can be issued from either a Windows
®
Standalone or Enterprise root Certificate Authority. If you do not
currently have a Windows Certificate Authority in your environment, you
can install this feature through Add/Remove Programs on a domain
controller or member server in your environment, including the
Essentials Server. For more information on Certificate Services and
Public Key Infrastructure (PKI) in Windows Server 2003, see
microsoft.com/windowsserver2003/technologies/pki.
To
configure certificate-based authentication in Essentials, you first
request and issue a certificate to both the Essentials Server and the
computer targeted for management. The request can be entered via a Web
site on the server acting as the Certificate Authority.
After
the certificate is issued and installed, it must be "registered" for
use with Essentials by using the MOMCertImport command-line utility. To
complete the certificate configuration, you simply export the
certificate to a file (in .pfx format) and run MOMCertImport on the
local computer with the following syntax:
MOMCertUtil.exe <cert path \ name>
Once
all of these steps have been executed on the Essentials Server and the
computer targeted for management, these systems can mutually
authenticate and then securely exchange data over an encrypted channel.
To complete the agent deployment process, just perform a manual
installation of the Essentials agent on the target computer.
You can find some nice documentation about monitoring un-trusted domains on these websites:
Greetz,
Alkin
Read the complete post at http://scug.be/blogs/sce/archive/2008/05/05/support-for-workgroup-computers.aspx