SCCM IBCM Vs CMG Differences a Real World Comparison

2
SCCM IBCM Vs CMG Home

Isn’t a revolution (really?) happening with Digital Transformation? Let’s check the SCCM internet client management revolutions. In this post, I will try to give a quick SCCM IBCM Vs CMG comparison.

What is SCCM Internet Client Management?

Managing SCCM clients from the internet is called Internet client management. There are two (2) methods to manage SCCM clients from the internet.

The SCCM clients connected through traditional VPN tunnel is NOT SCCM internet client management.

SCCM IBCM Vs CMG

The following table will give a quick overview between SCCM IBCM Vs CMG. More detailed discussion on all the columns and some pointers are available in the below sections of this post.

SCCM IBCMSCCM CMG
CostFixed CostVariable Cost
LocationOn-Prem/Private CloudAzure Cloud (PaaS)
StabilityStableContinuous Improvements
Complexity (Setup + Troubleshoot)ComplexComplex
Location AwarenessNo (for internet clients)No Support for location awareness
OperabilityUse existing Process Might Need to setup new process
SecurityYes (Traditional)Yes (Modern)
Future ProofNOYes
IT Community SupportLess Blog posts/VideosMany Blog Posts/Videos
Co-MGMT SupportYesYes (Advanced)
API SupportYesNo (checkout the comments to get more details)




All SCCM client Communications are supported (Almost?) Only selected SCCM client Communication is supported.

Cost

Yes, the cost is one of the factors which we need to look into when we try to decide between SCCM IBCM Vs CMG.

The comparison here is between variable and fixed costs. I won’t say IBCM always will have fixed costs, but it’s more or less fixed or internal to your organization. So, it’s near to a FIXED cost.

In the other hand, SCCM CMG is a variable cost depending on the usage of data storage, data transfer, and client count, etc… The best way to analyze SCCM CMG cost is by using Azure Pricing Tool. The following SCCM CMG component list will give you some hints:-

Locations

The location topic is essential from the decision making perspective. You should be clear about your location preferences before checking on SCCM IBCM Vs CMG comparison.

  • SCCM CMG is a Platform As A Service (PaaS) solution located in Microsoft Azure (You can’t create an SCCM CMG in Amazon or Google Cloud – Full Stop)!
  • SCCM IBMC is a solution you can build within your ON-PREM data center. Or in Private cloud or Amazon/Google Cloud

Stability

SCCM IBCM is used to manage internet based clients for many years. However, CMG is introduced with SCCM 1610 version as a pre-release version. SCCM CMG has been promoted since SCCM 1802 version.

Stability is essential for SCCM IBCM Vs CMG discussions. I don’t think SCCM CMG is unstable at all. But, many new features are getting added to SCCM CMG and CMG code is changing in all the releases.

Location Awareness

SCCM CMG doesn’t have regional awareness capabilities. So the SCCM client connected from the internet can go to any one of the CMG available.

The new SCCM CMG behavior with boundary groups helps scenario which will help you to move SCCM traffic off the expensive and slow WAN/VPN and on to the cheaper Internet links to SCCM CMG.

The new preview version of SCCM 1902 will give more parity to SCCM CMG with IBCM features. So the new developments will help you to decide between SCCM IBCM Vs CMG.

Setup Troubleshooting Complexity

I think SCCM CMG and IBCM are equally complex to setup + troubleshooting because of different reasons.

SCCM IBCM complexity is mainly because of dealing with your PKI, Firewall, and Security teams within your organizations.

SCCM CMG complexity is mostly because it’s pretty new to many of SCCM admins. SCCM admins should go through an upskilling process (continuous learning) and learn more about the concepts of SCCM CMG.

[Related PostSCCM Co-Management Video Guide With 16 Posts]

Operability

You can use your existing processes (SAL, TOM, RACI,etc.) to manage and operate SCCM IBCM components.

SCCM CMG requires a modern way of thinking, and you might need to create or update existing SLA, TOM, RACI, etc. But these changes will help you to start the digital transformation for your organization, and that is helpful.

Security

There should not be any comparison between modern and traditional security verticals. Both are made for different reasons.

SCCM IBCM components are placed in the DMZ of your organization’s data center. The SCCM clients from the internet will directly connect to those IBCM components (sometimes via reverse proxy).

SCCM CMG components are placed in the Microsoft Azure data center and not in your on-prem DMZ. And moreover, the internet clients are NOT communicating directly with SCCM on-prem elements. SCCM CMG components will always create outbound connections to the Microsoft cloud.

Future Proof

Don’t get me wrong; I’m not saying SCCM IBCM is not future proof. But what I can see is, Microsoft put many more efforts to improve the capabilities to SCCM CMG.

Co-Management Support

SCCM IBCM Vs CMG comparison always reaches a point where co-management support will come into the discussion. There is NO hardcore dependency on co-management and CMG.

SCCM CMG is more aligned with co-management options and scenarios.

Rethinking SCCM Speed, Security, and Simplicity

I wanted to provide you an additional tip in this blog. And that is about rethinking speed, security, and simplicity of SCCM.

Here is your chance to register for Adaptiva’s webinar on “Rethinking ConfigMgr Speed, Security, and Simplicity.” This webinar is on Tuesday, February 26th, 2019.

Register for Webinar from HERE

2 COMMENTS

  1. Hi Anoop –

    Nice comparison and very helpful to help decide. For Parallels it came down to IBCM has an open to development API and CMG doesn’t. We would have preferred to go with CMG but couldn’t integrate it for Mac management in SCCM. To bring Macs into the policy management of SCCM, external off-prem Mac’s can use an HTTPS URL to receive a download of our Parallels Mac Management for SCCM agent, connect through the DMZ where IBCM is, then be enrolled into SCCM for off-prem policy management. For associates that will seldom be in the office, this gives a secure method to achieve a well managed Mac no matter where it is.

    Regards!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.