Determine If You Should Install a Fallback Status Point for Configuration Manager Clients

The fallback status point in Configuration Manager 2007 always communicates with clients using HTTP which uses unauthenticated connections and sends data in clear text, even when the site is in native mode. This makes the fallback status point vulnerable to attack, particularly when it is used with Internet-based client management. To help reduce the attack surface, always dedicate a server to running the fallback status point and do not install other site system roles on the same server in a production environment.

Install a fallback status point in the site if all of the following conditions apply:

• You want client computers to report any failures to the site database, particularly when they cannot contact a management point.

• You want to utilize the Configuration Manager 2007 client deployment reports which use data sent by the fallback status point.

• You have a dedicated server for this site system role, and have additional security measures to help protect the server from attack.

• The benefits of using a fallback status point outweigh any security risks associated with unauthenticated connections and clear text transfers over HTTP traffic.

Do not install a fallback status point in the site if the following condition applies:

• The security risks of running a Web site with unauthenticated connections and clear text transfers outweigh the benefits of identifying client communication problems.

See Also

Tasks

How to Create a Fallback Status Point in Configuration Manager
How to Assign the Fallback Status Point to Configuration Manager Client Computers

Concepts

About the Fallback Status Point in Configuration Manager
Client Communication in Mixed Mode and Native Mode