Audit Collection (ACS) and the Gateway Role in Ops Mgr 2007

The Audit Collection Collector role can be installed on a gateway server....usually. The gateway role was designed to facilitate a couple of purposes as I understand it: Minimize points of communication between disconnected environments Allow utilization of Kerberos authentication in disconnected / untrusted domains, which reduces TCO by eliminating the need to configure a bunch of certifcates on client machines in the untrusted environment. So if you wanted to employ Audit Collection in such an environnment, you can install ACS Collector on a Gateway server. HOWEVER, Audit Collection has a dependency on Active Directory, so you cannot install Audit Collection on a Gateway in a workgroup environment (as of RTM, the Gateway role has no AD dependency). Joseph from the product team offered up an interesting workaround if you have a Gateway Server in a workgroup environment and wish to deploy Audit Collection on the Gateway Server: Since the ACS Collector has dependency on AD, you could promote your Gateway server to a Domain Controller - which can be a completely isolated and seperate domain.If agents are in a workgroup, certificate auth between them and the Gateway+Collector box will be required.