Setup Co-Management Cloud DP Azure Blob Storage

Let us learn how to Setup Co-Management Cloud DP Azure Blob Storage.A Cloud-based Distribution Point (CDP) is an SCCM DP hosted in Microsoft Azure. The application packages will be stored in Azure Blob storage.

And it is a PaaS (Platform As A Service) solution from Microsoft SCCM. Security Patching of Azure PaaS solution servers is Microsoft’s responsibility. In this post, we will see how to set up co-management cloud DP.

Update:-A separate Cloud DP configuration/installation can be avoided. SCCM 1806 onwards, you can have SCCM CMG as Cloud DP. I would recommend reading the following post to get more details. Learn How to Setup SCCM Cloud Management Gateway as cloud DP.

Co-Management Related Posts

All Co-Management Video tutorials

Patch My PC

Overview Windows 10 Co-Management with Intune and SCCM

Custom Report to Identify Machines Connected via SCCM CMG

How to Setup Co-Management – Introduction – Prerequisites Part 1

How to Setup Co-Management – Firewall Ports Proxy Requirements Part 2

Adaptiva

Setup Co-Management – AAD Connect UPN Suffix Part 3

Setup Co-Management – CA PKI & Certificates Part 4

Setup Co-Management Cloud DP Azure Blob Storage Part 5 (This Post)

Setup Co-Management Azure Cloud Services CMG Part 6

SCCM Configure Settings for Client PKI certificates Part 7

How to Setup SCCM Co-Management to Offload Workloads to Intune – Part 8

How to Deploy SCCM Client from Intune – Co-Management – Part 9

End-User Experience of Windows 10 Co-Management – Part 10

Content of this Post

Video Tutorial to Setup Co-Management Cloud DP
Co-Management Cloud DP Requirement
How to Configure Cloud DP
How to Test Cloud DP Functionality 
Sample/Default Configuration of Cloud DP Wizard
Azure Blob Storage Cloud DP

Video Tutorial to Setup Co-Management Cloud DP

Co-Management Cloud DP Requirement

Cloud DP (CDP) is not a prerequisite for SCCM Co-Management. However,  Cloud DP (CDP) is required for the scenario where you want to install an SCCM client from the internet.

SCCM Cloud Management Gateway (CMG) & CDP are necessary for the above situation.

Azure Subscription and access rights are required to provision Cloud DP server and storage in Azure PaaS. SCCM will automatically perform the provisioning of cloud DP for you. You can confirm the details of configurations in the SCCM console wizard.

There is no option to have ARM-based CDP for SCCM 1802 or previous versions. Hence, we need to provision CDP via the classic model with a self-signed authentication certificate.

This cert is required for completing the Cloud DP wizard from the SCCM CB console. I recommend reading the previous post Setup Co-Management CA PKI Certificates to have more details.

A service certificate (PKI) or Public Cert has required SCCM clients to use that to connect to CDP and download content from them by using HTTPS.

A device or user must have Allow Access to cloud distribution points set to Yes in the client setting of Cloud Services before a device or user can access content from a cloud-based distribution point. By default, this value is set to No.

A client must be able to access the Internet to use the cloud-based distribution point.

A client must be able to resolve the name of the cloud service, which requires a Domain Name System (DNS) alias and a CNAME record in your DNS namespace. More details https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/use-a-cloud-based-distribution-point#client-to-cloud-distribution-point

TIP:- For SCCM LAB, use the host file for name resolution. And following is the sample entry that I used in the host file 52.183.228.213 http://5351e58bea6d46e3b2483e2d.cloudapp.net/

I would recommend reading documentation on CDP prerequisites before proceeding further.

How to Configure Cloud DP

Once you have Azure subscription ID, Certs, and appropriate access to the subscription, you can start the Cloud DP installation wizard from the SCCM console. Co-management Cloud DP installation is straightforward once you have the requirements ready.

Navigate via SCCM console \Administration\Overview\Cloud Services\Cloud Distribution Points. Click on the ribbon icon “Create Cloud Distribution Point” to kick-start the CDP installation wizard. Please go through the wizard as I have shown in the video tutorial.

How to Test Cloud DP Functionality

We can confirm the functionality of cloud DP without distributing any packages manually. Two (2) default packages get automatically distributed to CDP.

Configuration Manager Client Package 224.74 MB
Configuration Manager Client Piloting Package 224.74 MB

You can check the status of these package distributions from the SCCM console “\Monitoring\ Overview\Distribution Status\Content Status\Configuration Manager Package.”

You can also look at the log files to get more details about the Cloud DP provisioning process and communication.

  • DistMgr.log
  • CloudDP-.log
  • and PkgXferMgr.log

CloudDP-<ServiceName>.log ***Start of trace dump from WADLogsTable, storage account = 5351e58bec6d46e3b148ve2d. (query for entries between [01/01/1601 00:00:00] and [04/12/2018 13:54:57]

lt;C:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe><04-12-2018 13:59:59.255381-00><thread=33 (2508)> UpdateTraceSwitchValues – Trace switch values set: TraceLevel =Information

lt;ContentService_IN_0 9a7fed20432c44879cd210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)> Starting…; TraceSource ‘CloudDPService’ event

lt;ContentService_IN_0 9a7fdd20432b44879ed210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)> Exiting…; TraceSource ‘CloudDPService’ event

lt;ContentService_IN_0 9a7fed20432c44879cd211acc451b21b><04-12-2018 13:49:26.136926-00><thread=2256 (1784)>

PkgXferMgr.log ————– Sending thread starting for Job: 2, package: PR300004, Version: 4, Priority: 1, server: ACMCDP01.CLOUDAPP.NET, DPPriority: 200 Sent status to the distribution manager for pkg PR300007, version 4, status 0 and distribution point [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net\ is a cloud distribution point. Will attempt to upload the package to this Cloud distribution point Sent status to the distribution manager for pkg PR300003, version 5, status 0 and distribution point [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net\

Sample/Default Configuration of Cloud DP Wizard

General
• Subscription ID: dda75f69a-5a3b-4ecd-b385-db1223e9549873
• Management Certificate:\dc1\Sources\Certs\Azure MGMT Cert\ACNCMGAzureMgmt.pfx
Settings
• Service Name: 5351e58beadhdgd6d46e3b148ee2d
• Description: ACNCDP01
• Primary Site: Primary CB 2 (PR3)
• Region: South Central US
• Resource group:
• Service Certificate:\dc1\Sources\Certs\ACNCDP01.pfx
• CName:ACMCDP01.cloudapp.net
Alerts
• Storage alert threshold: Enabled
• Storage alert threshold: 2000 GB
• Warning Storage alert level: 50%
• Critical Storage alert level: 90%
• Traffic Out Threshold: Enabled
• Traffic Out Threshold: 10000 GB
• Warning Traffic alert level: 50%
• Critical Traffic alert level: 90%

Azure Blob Storage Cloud DP

Deep Dive into the Azure portal and check the blob storage for the content files. The cloud DP package content is stored in the blob storage. You don’t have to change anything in the permission level in the blog storage.

But you can delegate Blob storage permissions to the SCCM team if needed. But this permission setting is not part of SCCM RBAC. However, the permission delegation can be done via an Azure AD.

I recommend reading the following document Install cloud-based distribution points in Microsoft Azure for SCCM.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.