[isapros] Re: SCCM and ISA - Worth a shot!
- From: Jason Jones <Jason.Jones@xxxxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Fri, 1 Feb 2008 15:49:15 +0000
Hi All,
Any more thoughts on this?
From what I now understand, the SCCM client is using a client auth cert to
authenticate to the IIS instance running on the SCCM management point (mutual
cert auth).
We are getting close to SCCM deployments where customers want IBCM, but the
only ISA Server solution I can get working is to use SSL tunnelling (server
publishing). I have tried various web publishing configurations and none of
them seem to work - I have tried the following:
* Simple web publishing , ISA listener with no authentication and
"allow client to authenticate" defined in the delegation tab - assumed this
would just use pass-through auth to the IIS website to allow for this to do the
client auth.
* Pre-auth web publishing, ISA listener using client cert auth and then
KCD to delegate to IIS.
Do we think that one of these should work, or is web publishing for SCCM IBCM
fundamentally flawed?
Anyone actually got it working??? I know SCCM is quite new, but are we just too
ahead of the curve here?
Cheers
JJ
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: 19 October 2007 08:50
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: SCCM and ISA - Worth a shot!
Hi t,
I was hoping to do the former and then use KCD, but from what I gather SCCM is
using computer based certs - I believe this makes things harder?. Not really
comes across this scenario before...I currently have it working in the lab
using server publishing, but I cannot bear the thought of doing this for
customers...
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: 18 October 2007 22:15
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: SCCM and ISA - Worth a shot!
While I've not used SCCM, I've done a good bit of work with different
certificate-based authentication models. Are you considering using a
web-listener configured for SSL Client Certificate Authentication, or just
web-publishing to a back-end web server where it will do its own
certificate-to-user mapping?
t
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: Thursday, October 18, 2007 1:11 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: SCCM and ISA - Worth a shot!
Did this Q get hidden within Amy's posts or is it a big fat "don't know"? :)
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: 17 October 2007 00:49
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] SCCM and ISA - Worth a shot!
Hi,
Has anyone used ISA with System Centre Configuration Manager (SCCM) yet?
Specifically when using Native mode (e.g. full-on PKI mode).
The initial documentation is a little patchy and seems to contradict itself
between using Web Publishing and Server Publishing when using Internet based
clients that cannot back into the CM server. The SCCM documentation talks about
lots of perimeter and internet-facing scenarios, but I want to try and use an
ISA based model in a similar way to protecting Exchange or SharePoint. A quote
from Jim comes to mind "..we don't need no stinking DMZs"
Ideally I want to use Web Publishing, but all communications in SCCM utilise
client certificate based authentication.
Am I right in thinking I can use ISA Web publishing combined with KCD to secure
access from CM clients to the CM server?
Answers that tell me that I have to use Server Publishing will make me cry, so
please be sensitive
Thanks in advance...
Cheers
JJ
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
Other related posts:
