...Because someone's gotta tell the story...


To return to the main Blog List, click Full Blog Listing.


System Center

SCCM: Traffic in Mixed and Native Mode

Monday, July 13, 2009 in System Center (Views: 2211)
Not all traffic is encrypted in native mode. Below is a list of how traffic is passed.

Mixed Mode Client:

The client talks to the site server roles over HTTP. The exception to this rule is the Software Update Point, which can communicate over HTTPS with the mixed mode client.

Native Mode Client:

Important: Windows 2000 SP4 is not supported as a native mode client, but it is supported as a mixed mode client in SCCM.

Communication is made over HTTPS for the following site systems:

* Management Point

* Distribution Point

* Software Update Point

* State Migration Point

The native mode client uses HTTP for the following site systems:

* Fallback Status Point: This is so clients can communicate errors relating to certificates back to the site

* Server Locator Point: If the client is configured with the option “Configure HTTP communication for roaming and site assignment”, this traffic is not encrypted.

In Native Mode, client policies are signed by the site server, which lowers the risk of a compromised management point sending policies that have been tampered with. Internet based clients and the Internet based management point are required to use Native Mode for this reason.

Between Sites or Site Servers:

Communication is not affected in this way. Site to Site Communication uses SMB, or port 445. This traffic is not encrypted. To secure this traffic, you can use IPSec.

When Clients Roam:

When a mixed mode client roams to a native mode site, this client will not be able to communicate with the native mode management point or with any native mode distribution points in the site. It will, however, use the assigned MP and DP for the client. This can cause a problem if the site system is protected, and the client has roamed outside the boundaries. This client would not be able to communicate back to its site server.


Related Blogs You May Be Interested In:

To leave a comment, please log in and/or register.