Is This SMS Setup Possible? 1

[baldhead]

I work for a non-profit company and we have 9 different sites. Each site is on their own domain in their own forest. The Internet connection at each one varies from as low as 256K DSL to as high as 4MB DSL at the main office. There isn't a VPN setup and that is one of my main concerns in the scenario I am about to describe.

What I would like to do is setup the Primary Site at the main office which would hold the main database as well as act as a reporting point, inventory collection point, distribution point, etc. As a distribution point I would have it hold all of the necessary Software including Windows Updates which need to be loaded and updated on all the machines at each site. This way I can update at one location and all the secondary sites would notice this and update there machines. My main goal is to centralize as much as I can at the main office and have as little maintenance and upkeep of SMS at the other eight site as possible.

Is the setup I described possible? What has to happen in order to have a secondary site talk to a Primary site over a WAN line? How do you recommend I setup SMS with all my sites in order to maximize efficiency and lower maintenance of the machines? Is this possible w/o setting up a VPN? Can I forward ports at each router? What would I have to do?

I know it's a lot of questions but I'm hungry to learn and develop a good plan to deploy SMS. I would greatly appreciate any help you can provide.

thanks
baldhead

 

[Mich]

Here is a good place to start,

http://www.microsoft.com/downloads/...B4-2336-4254-8A18-9BC180713F7E&displaylang=en

-If it ain't broke, break it and make it better.

 

[tbrennans]

A single SMS site cannot span multiple forests, it can span multiple domains in a single forest. (its not supported by MS)

Multiple SMS 2003 sites each in its own forest can communicate if the forests have transitive trusts, advanced security is enabled,...

This doc covers this a bit

http://www.microsoft.com/technet/prodtechnol/sms/sms2003/deploy/spgsms03/spsms04.mspx

 

[Jpoandl]

Actually, you can have have a single SMS site that spans multiple forests... but you will have to use WINS. This requires SMS 2003 SP1. Worgroup clients are also now supported in SP1

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[tbrennans]

I stand corrected...thanks Joseph, after looking at this a bit more I found this from Chuck Stevens on MYITFORUM:


Well, here's what I found so far: The Concepts, Planning, and Deployment Guide appears to be wrong.

From page 263:

"Windows Server 2003 and site communications

Communications across forests work in SMS if the following conditions are met:

- You are using the Microsoft Windows Server 2003 family

- The forest functional level is set to Windows Server 2003

- SMS is running in advanced security mode

- The forests are configured with a transitive trust"

The first three bullets are fine. The fourth seems to be untrue - I was easily able to get two primaries in different, completely non-trusted forests to communicate just fine.

Instead of using the site's computer accounts for the Address, I created site connection accounts for each site; Site A (Parent) used an account from Site B's (Child) domain (which only has rights in the SMS_Site directory on Site B), and vice-versa.

Test #1: Set up both SMS sites with full trusts between the forests. No problem. Shut off all trusts. Still no problem.
Test #2: Set up both SMS sites with no trusts between the forests. No problem.
Test #3: (On a lark) Set up Site B as a Secondary Site, with no trusts between the forests. Seemed to have no problem communicating (though there would be other issues with this configuration).

Am I missing something important here, or is the CPDG just wrong on this subject? I'd hate to go forward with a production implementation using this scheme, only to have it fall apart later.

This was further enforced by a MS employee in their newsgroups.

 

[baldhead]

So it looks like I would have to use WINS if I wanted to my setup to look like how I described above? Would I have to setup a VPN between all the sites? How have you guys done this? What must you do in order for everything to communicate over WAN lines? I need something that goes into detail on getting all the different forests to communicate over WAN lines and configuring SMS as a primary site with secondary sites located accross WAN lines.

thanks for the help
baldhead

 

[baldhead]

can anyone help me here with my setup? I really need some advice on how I should setup my SMS heirarchy. I'm also curious what specifics need to be done in order to deploy SMS and get everything to communicate. Any advice on this would be greatly appreciated.

thanks
baldhead

 

[baldhead]

I forgot to add on the last post that I will create a visio layout of what I would like to do and how I see things working so that you can get an idea of what my SMS setup will look like and point me in the right direction. So far I don't see in all the documentation, the specifics on setting up the network part of SMS with the kind of situation I'm in. Getting different forests(domains) to communicate and work as a whole in SMS.