How to Manage Remote Offices and Users #1
The management of remote offices is something that I have been asked about a few times recently. So I thought that as I speak to various customers on this subject that I would summarise the advice in a series of posts here. I'll use the category 'Branch Office' if you want to quickly filter them out at some point.
There are obviously a number of scenarios where remote management is required but they broadly fit into two categories:
1) Where you expect to see the user and their machine (or a server) on your 'Corporate' internal network at some point. These users may be Sales Reps, Consultants, Executives, Home Workers etc. so they do 'wander' but you expect them to be back. So you want to manage these users when they are working remotely, perhaps when they connect via a WIFI hotspot, but also when they come back into your network.
2) The second grouping are those users and machines that you never expect on your core network. Examples of this are offices that only connect via the Internet, or users who carry their laptop out of your offices and never expect to connect to your network again. However, you do want to manage this group of users, you want to patch their machines, deliver software packages to them etc.
So how can we use the technologies in Windows Server 2008, System Center Configuration Manager, Operations Manager, Data Protection Manager, and Forefront Client security to help us deploy, manage, secure, backup and monitor these users and their client devices? And obviously it goes without saying that one doesn't need all those products and the technologies within to achieve the goals of remote management, but undoubtedly your solution will be optimised as the sum of the benefits provided by multiple components exceed those of the constituent parts.
It's hard to know where to start, and an easy place would be simply to compare a typical 'corporate' architecture and discuss what won't work when the user leaves the 'office' but that's not very positive is it? :) Therefore I think we'll attack this subject as a management lifecycle discussion but with the two scenarios above in mind. The topics we will cover are:-
- Deployment and Initial configuration
- Securing the client and securing your Internal network against users coming back from the 'outside'
- Compliance and Monitoring
- Patch Management
- Application Deployment to remote users
- Disaster recovery - Data and Machines
Have I missed anything? Also, if this is an area that you designing against or struggling with then please get in touch - mbullock 'AT' microsoft dot com is the contact address, or just post a comment at the bottom for others to see.