My MVP Profile

Thursday, June 14, 2007

Audit Collection (ACS) and the Gateway Role in Ops Mgr 2007

The Audit Collection Collector role can be installed on a gateway server....usually.

The gateway role was designed to facilitate a couple of purposes as I understand it:

  1. Minimize points of communication between disconnected environments
  2. Allow utilization of Kerberos authentication in disconnected / untrusted domains, which reduces TCO by eliminating the need to configure a bunch of certifcates on client machines in the untrusted environment.

So if you wanted to employ Audit Collection in such an environnment, you can install ACS Collector on a Gateway server. HOWEVER, Audit Collection has a dependency on Active Directory, so you cannot install Audit Collection on a Gateway in a workgroup environment (as of RTM, the Gateway role has no AD dependency).

Joseph from the product team offered up an interesting workaround if you have a Gateway Server in a workgroup environment and wish to deploy Audit Collection on the Gateway Server:

Since the ACS Collector has dependency on AD, you could promote your Gateway server to a Domain Controller - which can be a completely isolated and seperate domain.If agents are in a workgroup, certificate auth between them and the Gateway+Collector box will be required.

Comments on "Audit Collection (ACS) and the Gateway Role in Ops Mgr 2007"


post a comment links to this post