Un-trusted domain and DMZ monitoring Guide update

Posted on 3 November, 2008. Filed under: SCOM 2007 |

Getting a lot of requests bringing the un-trusted domain monitoring and DMZ Monitoring guide back online after Stefan Stranger moved his weblog to the new location on Technet Blogs, “Weblog Stranger”. Stefan did already put the guide back for download but this is a good moment for an update.

The previous guide was for Server 2003 and un-trusted domain or workgroup servers with a standalone CA. I’ve added the scenarios for Server 2008 with an Enterprise Root CA for both un-trusted domains and DMZ servers.

One thing I missed when requesting a certificate on Server 2008 was the “Store certificate in the local computer certificate store” option to make the process a few steps shorter. In addition to the Server 2003 Enterprise CA you don’t have to create your own template for the client, server authentication. In the Server 2003 Enterprise CA a predefined Gateway server template is present which just have to be activated to use when for client and gateway authentication. The SCOM Gateway client, server certificate can be used for both DMZ and Gateway server scenarios.

To download the DMZ or un-trusted monitoring guide open the public skydive web folder!


Update: The OpsMgs product team just published a complete scripting guide to automate the Certificate request and installation process.

Walter Eikenboom

About these ads

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

5 Responses to “Un-trusted domain and DMZ monitoring Guide update”

RSS Feed for System Center Dynamics by wwwally Comments RSS Feed

WIll this document be updated for Windows Server 2008 R2 Standalone CA, as well as SCOM 2007 R2?

I have a question about using a Windows 2003 Enterprise CA being used on a Windows 2008 server. Can this be done? I did a momcertimport without an issue but I am still getting errors on authentication.

Nice article. You raise some interesting points. Thank you.

Thanks for the article.
One question: how many minimum clients in workgroup/dmz that you recommend to use Gateway Server? I have about 18 Microsoft His 2006 workgroup servers outside my domain, would you recommend an G.S?

If the HIS 2006 Servers are in a DMZ domain i would use a GS otherwise i would use that if i would just want to have one single firewall gs to MS and back rule. If not just use work group scenario.
Good luck,

Where's The Comment Form?

Liked it here?
Why not try sites on the blogroll...


Get every new post delivered to your Inbox.

%d bloggers like this: