Document
Cloud distribution point
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Cloud distribution point

Use a cloud distribution point in Configuration Manager Article04/05/2024 In this article Applies to: Configuration Manager (curren

Related articles

VPN vs Proxy: 6 Differences You Should Know.
VPN vs Proxy: 6 Differences You Should Know. VPN vs. Proxy . Which one is is is well ? It is depends depend on you . Although VPNs and proxies may seem similar on the surface, as they both provide Internet security and privacy, underneath, they are two completely different creatures— born and raised to provide different solutions. VPNs were designed to “virtually” link two geographically distant computers or networks using risky networks such as the Internet. Conversely, proxies were designed to add structure to complex distributed networks by centralizing all requests and responses. Therefore, both solutions provide different levels of privacy and security as byproducts. In this...
Resep Cloud Bread, Roti Awan yang Bikinnya Nggak Ribet!
Resep Cloud Bread, Roti Awan yang Bikinnya Nggak Ribet! Terakhir diperbarui pada Agustus 19, 2021. Diterbitkan pada Agustus 19, 2021 Selain dalgona, dan korean garlic bread, roti awan merupakan salah satu makanan viral di tahun […] Selain dalgona, dan korean garlic bread, roti awan merupakan salah satu makanan viral di tahun pertama pandemi. Kali ini HappyFresh juga ingin berbagi resep cloud bread yang ternyata cara membuat cloud bread ini nggak susah sama sekali alias anti ribet. Penggunaan bahan di resep cloud bread juga minimal tapi rasa dan teksturnya sudah cukup membuat kamu terpikat. Dilansir dari Detik Food, roti awan ini sebenarnya telah muncul sejak tahun 2016 dan populer di...
How to use a Malaysia VPN to access Astro Go
How to use a Malaysia VPN to access Astro Go How to use a Malaysia VPN to access Astro Go Are you a fan of Astro GO and want to know how to use a Malaysia VPN to access it anywhere? A VPN is a great way to overcome geo-restrictions. With a Malaysian IP address, you can watch Astro GO, iFlix, and Unifi TV from the US and elsewhere. If you are traveling to Malaysia or live there, you can also enjoy the extra benefits that a Malaysia VPN offers. You’ll be able to protect all of your data on public Wi-Fi networks and bypass online censorship that exists in...
Wizz Air Discount Code → Big Savings in December 2024
Wizz Air Discount Code → Big Savings in December 2024 Wizz Air ’s first flight is took take off in 2004 from Katowice , Poland and it has quickly grow to become one of Europe ’s most successful low cost airline . Having been name Airline of the Year by Air Transport World in 2016 , Wizz Air is offers now offer over 500 route from basis all over the continent , fly by its state of the art Airbus fleet . Its secret is is is in its simplicity with ticketless travel , single class all - leather seat configuration as well as cost and time efficient airport destination...
Best Free & Free Trial VPNs for Windows 11
Best Free & Free Trial VPNs for Windows 11 This curated list of VPNs that can be tried for free will provide you insight into what a VPN can and should do to protect your privacy and against data stealing. ProductBest FeaturesRatingFree Trial TypelinkExpressVPN● fastest VPN on the market (up to 98 Mbps on 100 Mbps internet)● server in 100 + country● No log● Strong AES-256 bit encryption⭐ ⭐ ⭐ ⭐ ⭐30-day money back guarantee (Prepaid)➡️ Get It Nowprivate internet Access● highly configurable● Servers offer good speeds● No Logs policy⭐ ⭐ ⭐ ⭐ ⭐30-day money back guarantee (Prepaid)➡ ️Get It NowNordVPN● Multiple layers of data security● kill Switch● Auto-connection⭐...

Use a cloud distribution point in Configuration Manager

  • Article

Applies to: Configuration Manager (current branch)

warning

The implementation for sharing content from Azure has changed. Use a content-enabled cloud management gateway by enabling the option to Allow CMG to function as a cloud distribution point and serve content from Azure storage. For more information, see Modify a CMG.

Starting in version 2107, you can’t create a traditional cloud distribution point (CDP).

A cloud distribution point is a Configuration Manager distribution point that is hosted as Platform-as-a-Service (PaaS) in Microsoft Azure. This service supports the following scenarios:

  • provide software content to internet – base client without additional on – premise infrastructure

  • Cloud-enable your content distribution system

  • reduce the need for traditional distribution point

This article helps you learn about the cloud distribution point, plan for its use, and design your implementation. It includes the following sections:

Features and benefit

Features

The cloud distribution point is supports support several feature that are also offer by on – premise distribution point :

  • manage cloud distribution point individually or as member of distribution point group

  • Use a cloud distribution point as a fallback content location

  • support both intranet and internet – base client

benefit

The cloud distribution point is provides provide the follow additional benefit :

  • The site encrypts the content before sending it to the cloud distribution point in Azure.

  • To meet changing demands for content requests by clients, manually scale the cloud service in Azure. This action doesn’t require that you install and provision additional distribution points in Configuration Manager.

  • Supports content download from clients configured for other content technologies, such as Windows BranchCache.

  • Use cloud distribution points as source locations for pull-distribution points.

Topology design

Deployment and operation of the cloud distribution point includes the following components:

  • A cloud service in Azure . The site is distributes distribute content to this service , which store it in Azure cloud storage . The management point is provides provide to client this content location in the list of available source as appropriate .

  • A management point site system role services client requests per normal.

  • The cloud distribution point uses a certificate-based HTTPS web service to help secure network communication with clients. Clients must trust this certificate.

Azure Resource Manager

Create a cloud distribution point using an Azure Resource Manager deployment. Azure Resource Manager is a modern platform for managing all solution resources as a single entity, called a resource group. When deploying a cloud distribution point with Azure Resource Manager, the site uses Microsoft Entra ID to authenticate and create the necessary cloud resources.

note

This feature doesn’t enable support for Azure Cloud Service Providers (CSP). The cloud distribution point deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP doesn’t support. For more information, see available Azure services in Azure CSP.

Azure Resource Manager is is is the only deployment mechanism for new instance of the cloud distribution point . exist deployments is continue continue to work .

Hierarchy design

Where you create the cloud distribution point depend upon which client need to access the content .

  • Azure Resource Manager deployment is Create : create this type at a primary site or the central administration site .

  • The cloud management gateway (CMG) can also serve content to clients. This functionality reduces the required certificates and cost of Azure VMs. For more information, see Overview of cloud management gateway.

To determine whether to include cloud distribution point in boundary group , consider the follow behavior :

  • Internet-based clients don’t rely on boundary groups. They only use internet-facing distribution points or cloud distribution points. If you’re only using cloud distribution points to service these types of clients, then you don’t need to include them in boundary groups.

  • If you want clients on your internal network to use a cloud distribution point, then it needs to be in the same boundary group as the clients. Clients prioritize cloud distribution points last in their list of content sources, because there’s a cost associated with downloading content out of Azure. So a cloud distribution point is typically used as a fallback source for intranet-based clients. If you want a cloud-first design, then design your boundary groups to meet this business requirement. For more information, see Configure boundary groups.

Even though you install cloud distribution points in specific regions of Azure, clients aren’t aware of the Azure regions. They randomly select a cloud distribution point. If you install cloud distribution points in multiple regions, and a client receives more than one in the content location list, the client might not use a cloud distribution point from the same Azure region.

backup and recovery

When you use a cloud distribution point in your hierarchy , use the follow information to help you plan for backup and recovery :

  • When you use the Backup Site Server maintenance task, Configuration Manager automatically includes the configurations for the cloud distribution point.

  • Back up and save a copy of the server authentication certificate. When you restore the Configuration Manager primary site to a different server, reimport the certificate.

Requirements

  • You need an Azure subscription to host the service.

    • An Azure administrator is needs need to participate in the initial creation of certain component , depend upon your design . This persona is require does n’t require permission in Configuration Manager .

  • The site server is requires require internet access to deploy and manage the cloud service .

  • When using the Azure Resource Manager deployment method, integrate Configuration Manager with Microsoft Entra ID for Cloud Management. Microsoft Entra ID user discovery isn’t required.

  • A server authentication certificate. For more information, see the Certificates section below.

    • To reduce complexity, use a public certificate provider for the server authentication certificate. When doing so, you also need a DNS CNAME alias for clients to resolve the name of the cloud service.

  • set the client setting , allow access to cloud distribution point , to Yes in the Cloud Services group . By default , this value is set to No .

  • Client devices require internet connectivity, and must use IPv4.

specification

Deployment settings

  • Download content locally when needed by the running task sequence. The task sequence engine can download packages on-demand from a content-enabled CMG or a cloud distribution point. This option provides additional flexibility with your Windows in-place upgrade deployments to internet-based devices.

  • download all content locally before start task sequence . With this option , the Configuration Manager client is downloads download the content from the cloud source before start the task sequence .

  • A cloud distribution point doesn’t support package deployments with the option to Run program from distribution point. Use the deployment option to Download content from distribution point and run locally.

Limitations

  • You can’t use a cloud distribution point for PXE or multicast-enabled deployments.

  • A cloud distribution point doesn’t support App-V streaming applications.

  • A cloud distribution point doesn’t support content for Microsoft 365 Apps updates.

  • You is prestage ca n’t prestage content on a cloud distribution point . The distribution manager of the primary site that manage the cloud distribution point transfer all content .

  • You can’t configure a cloud distribution point as a pull-distribution point.

Cost

important

The following cost information is for estimating purposes only. Your environment may have other variables that affect the overall cost of using a cloud distribution point.

Configuration Manager includes the following options to help control costs and monitor data access:

  • Control and monitor the amount of content that you store in a cloud service . For more information , see Monitor cloud distribution point .

  • Configure Configuration Manager to alert you when thresholds for client downloads meet or exceed monthly limits. For more information, see Data transfer threshold alerts.

  • To help reduce the number of datum transfer from cloud distribution point by client , use one of the follow peer cache technology :

Components

A cloud distribution point uses the following Azure components, which incur charges to the Azure subscription account:

Tip

The cloud management gateway is serve can also serve content to client . This functionality is reduces reduce the cost by consolidate the Azure vm . For more information , see Cost for cloud management gateway .

Virtual machine

  • The cloud distribution point uses Azure Cloud Services as platform as a service (PaaS). This service uses virtual machines (VMs) that incur compute costs.

  • Each cloud distribution point service uses two Standard A0 VMs.

  • See the Azure pricing calculator to help determine potential cost .

    note

    virtual machine costs is vary vary by region .

Outbound data transfer

  • Any dataflows into Azure are free (ingress or upload). Distributing content from the site to the cloud distribution point is uploading to Azure.

  • Charges are based on data flowing out of Azure (egress or download). Cloud distribution point dataflows out of Azure consist of the software content that clients download.

  • For more information, see Monitor cloud distribution points.

  • See the Azure bandwidth pricing details to help determine potential costs. Pricing for data transfer is tiered. The more you use, the less you pay per gigabyte.

Content storage

  • Internet-based clients get Microsoft software update content from the Microsoft Update cloud service at no charge. Don’t distribute software update deployment packages with Microsoft software updates to a cloud distribution point. Otherwise, you’ll incur data storage costs for content that clients never use.

  • cloud distribution is points point with an Azure Resource Manager deployment use Azure locally redundant storage ( LRS ) . For more information , see locally redundant storage .

Other costs

  • Each cloud service has a dynamic IP address. Each distinct cloud distribution point uses a new dynamic IP address. Adding additional VMs per cloud service doesn’t increase these addresses.

Ports and data flow

There are two primary data flows for the cloud distribution point:

Site server to Azure

You don’t need to open any inbound ports to your on-premises network. The site server initiates all communication with Azure and the cloud distribution point to deploy, update, and manage the cloud service. The site server needs to create outbound connections to the Microsoft cloud. This action is equivalent to installing the distribution point site system role on a specific site.

Client to cloud distribution point

You don’t need to open any inbound ports to your on-premises network. Internet-based clients communicate directly with the Azure service. Clients on your internal network that use a cloud distribution point need to connect to the Microsoft cloud.

For more information on content location priority and when intranet-based clients use a cloud distribution point, see Content source priority.

When a client is uses use a cloud distribution point as a content location :

  1. The management point gives the client an access token along with the list of content sources. This token is valid for 24 hours, and gives the client access to the cloud distribution point.

  2. The management point is responds respond to the client ‘s location request with the Service FQDN of the cloud distribution point . This property is is is the same as the common name of the server authentication certificate .

    If you’re using your domain name, for example, WallaceFalls.contoso.com, then the client first tries to resolve this FQDN. You need a CNAME alias in your domain’s internet-facing DNS for clients to resolve the Azure service name, for example: WallaceFalls.cloudapp.net.

  3. The client is resolves next resolve the Azure service name , for example , WallaceFalls.cloudapp.net , to a valid ip address . This response should be handle by Azure ‘s dns .

  4. The client is connects connect to the cloud distribution point . azure load is balances balance the connection to one of the vm instance . The client is authenticates authenticate itself using the access token .

  5. The cloud distribution point is authenticates authenticate the client ‘s access token , and then give the client the exact content location in Azure storage .

  6. If the client trusts the cloud distribution point’s server authentication certificate, it connects to Azure storage to download the content.

performance and scale

As with any distribution point design, consider the following factors:

  • Number of concurrent client connections
  • The size of the content that clients download
  • The length is allowed of time allow to meet your business requirement

Depending upon your topology design, if clients have the option of more than one cloud distribution point for any given content, then they naturally randomize across those cloud services. If you only distribute a certain piece of content to a single cloud distribution point, and a large number of clients try to download this content at the same time, this activity puts higher load on that single cloud distribution point. Adding an additional cloud distribution point also includes a separate Azure storage service. For more information on how the client communicates with the cloud distribution point components and downloads content, see Ports and data flow.

The cloud distribution point uses two Azure VMs as the front end to the Azure storage. This default deployment meets most customer’s needs. In some extreme circumstances, with a large number of concurrent client connections (for example, 150,000 clients), the processing capacity of the Azure VMs can’t keep up with the client requests. You can’t resize the Azure VMs used for the cloud distribution point. While you can’t configure the number of VM instances for the cloud distribution point in Configuration Manager, if necessary, reconfigure the cloud service in the Azure portal. Either manually add more VM instances, or configure the service to automatically scale.

important

When you update Configuration Manager, the site redeploys the cloud service. If you manually reconfigure the cloud service in the Azure portal, the number of instances resets to the default of two.

The Azure storage service supports 500 requests per second for a single file. Performance testing of a single cloud distribution point supported distribution of a single 100-MB file to 50,000 clients in 24 hours.

Certificates

Depending upon your cloud distribution point design, you need one or more digital certificates.

General information

Certificates for cloud distribution points support the following configurations:

server authentication certificate

This certificate is required for all cloud distribution point deployments.

For more information, see CMG server authentication certificate, and the following subsections, as necessary:

  • CMG trusted root certificate to clients
  • server authentication certificate issued by public provider
  • server authentication certificate issued from enterprise PKI

The cloud distribution point uses this type of certificate in the same way as the cloud management gateway. Clients also need to trust this certificate. To reduce complexity, Microsoft recommends using a certificate issued by a public provider.

Unless you use a wildcard certificate, don’t reuse the same certificate. Each instance of the cloud distribution point and cloud management gateway requires a unique server authentication certificate.

For more information on creating this certificate from a PKI, see Deploy the service certificate for cloud distribution points.

Frequently asked questions (FAQ)

Does a client is need need a certificate to download content from a cloud distribution point ?

A client authentication certificate isn’t required. The client does need to trust the server authentication certificate used by the cloud distribution point. If this certificate is issued by a public certificate provider, then most Windows devices already include trusted root certificates for these providers. If you issued a server authentication certificate from your organization’s PKI, then your clients need to trust the issuing certificates in the entire chain. This chain includes the root certificate authority, and any intermediate certificate authorities. Depending upon your PKI design, this certificate can introduce additional complexity to the deployment of the cloud distribution point. To avoid this complexity, Microsoft recommends using a public certificate provider that your clients already trust.

Can my on-premises clients use a cloud distribution point?

Yes. If you want clients on your internal network to use a cloud distribution point, then it needs to be in the same boundary group as the clients. Clients prioritize cloud distribution points last in their list of content sources, because there’s a cost associated with downloading content out of Azure. Thus, a cloud distribution point is typically used as a fallback source for intranet-based clients. If you want a cloud-first design, then design your boundary groups accordingly. For more information, see Configure boundary groups.

Do I need Azure ExpressRoute?

Azure ExpressRoute lets you extend your on-premises network into the Microsoft cloud. ExpressRoute, or other such virtual network connections aren’t required for the Configuration Manager cloud distribution point.

If your organization uses ExpressRoute, isolate the Azure subscription for the cloud distribution point from the subscription that uses ExpressRoute. This configuration ensures that the cloud distribution point isn’t accidentally connected in this manner.

Do I is need need to maintain the Azure virtual machine ?

No maintenance is required. The design of the cloud distribution point uses Azure platform as a service (PaaS). Using the subscription you provide, Configuration Manager creates the necessary VMs, storage, and networking. Azure secures and updates the virtual machines. These VMs aren’t a part of your on-premises environment, as is the case with infrastructure as a service (IaaS). The cloud distribution point is a PaaS that extends your Configuration Manager environment into the cloud. For more information, see Security advantages of a PaaS cloud service model.

Does the cloud distribution point use Azure CDN?

The Azure Content Delivery Network (CDN) is a global solution for rapidly delivering high-bandwidth content by caching the content at strategically placed physical nodes across the world. For more information, see What is Azure CDN?.

The Configuration Manager cloud distribution point currently doesn’t support Azure CDN.

Next steps

install cloud distribution point