Planning for Cloud Services in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
The information in this topic applies to System Center 2012 Configuration Manager SP1 or later, and System Center 2012 R2 Configuration Manager or later.
Beginning with System Center 2012 Configuration Manager SP1, you can use cloud services to help you manage resources and to reduce the number of remote distribution points that you deploy in a hierarchy. Use the information in the following sections to help you plan for using a cloud-based infrastructure, such as site system roles by using Windows Azure.
About Cloud Services for Site System Roles
Beginning with Configuration Manager SP1, you can use a cloud service in Windows Azure to host the following site system roles:
- Distribution point - For information about how to use cloud-based distribution points, see the Planning for Cloud-Based Distribution Points section in the Planning for Content Management in Configuration Manager topic.
Site system roles that Windows Azure hosts are named site system cloud services. These cloud services are in contrast to site system servers, which refer to on-premises computers that you manage in your network environment.
Before you can use a cloud service to host a site system role, you must have a subscription to Windows Azure, and configure Windows Azure to support the site system roles. To use Windows Azure for site system roles, you must obtain a management certificate that you upload to Windows Azure. The management certificate enables Configuration Manager to communicate with the cloud service. For additional requirements, see the planning topic that is specific to the site system role that you install as a cloud service.
When you use a cloud service to host a site system role, you do not have to plan for the hardware that the site system role is installed on. The cloud service in Windows Azure replaces the hardware. For example, for a distribution point, you define the amount of storage that you want the distribution point to use, and specify when Configuration Manager generates alerts that are based on data transfer thresholds. You also specify the Windows Azure region that each cloud-based distribution point serves. For example, you might deploy one cloud-based distribution point to the North America region, and a second distribution point to Asia.
Typically, the primary concern for a site system role that is installed as a cloud service is cost management for the Windows Azure account that hosts the cloud service. Therefore, plan to monitor each cloud service that you use for ongoing costs that are associated with the storage of data in the cloud, and for data transfers from site system cloud services that you use with Configuration Manager. For more information, see Costs of Using a Cloud Service with Configuration Manager, and review the details for your Windows Azure subscription.
Costs of Using a Cloud Service with Configuration Manager
When you use a cloud service, plan for the cost of data storage and transfers that Configuration Manager clients perform. System Center 2012 Configuration Manager does not control charges for using a cloud service, nor does Configuration Manager add additional costs to access a cloud service. Instead, your Windows Azure account and subscription details, and the volume of data that you store and allow clients to download determine all costs.
For more information about Windows Azure, see Windows Azure in the MSDN Library.
Security and Cloud Services with Configuration Manager
Configuration Manager uses certificates to provision and access your content in Windows Azure, and to manage the services that you use. Configuration Manager encrypts the data that you store in Windows Azure, but does not introduce additional security or data controls beyond those that Windows Azure provides. For more information about Windows Azure security, see the documentation for Windows Azure.
The following topics on the TechNet website can help you understand security in Windows Azure: