Isn’t a revolution (really?) happening with Digital Transformation? Let’s check the SCCM internet client management revolutions. In this post, I will try to give a quick SCCM IBCM Vs CMG comparison.
What is SCCM Internet Client Management?
Managing SCCM clients from the internet is called Internet client management. There are two (2) methods to manage SCCM clients from the internet.
The SCCM clients connected through traditional VPN tunnel is NOT SCCM internet client management.
SCCM IBCM Vs CMG
The following table will give a quick overview between SCCM IBCM Vs CMG. More detailed discussion on all the columns and some pointers are available in the below sections of this post.
|SCCM IBCM||SCCM CMG|
|Cost||Fixed Cost||Variable Cost|
|Location||On-Prem/Private Cloud||Azure Cloud (PaaS)|
|Complexity (Setup + Troubleshoot)||Complex||Complex|
|Location Awareness||No (for internet clients)||No Support for location awareness|
|Operability||Use existing Process||Might Need to setup new process|
|Security||Yes (Traditional)||Yes (Modern)|
|IT Community Support||Less Blog posts/Videos||Many Blog Posts/Videos|
|Co-MGMT Support||Yes||Yes (Advanced)|
|API Support||Yes||No (checkout the comments to get more details)|
All SCCM client Communications are supported (Almost?) Only selected SCCM client Communication is supported.
Yes, the cost is one of the factors which we need to look into when we try to decide between SCCM IBCM Vs CMG.
The comparison here is between variable and fixed costs. I won’t say IBCM always will have fixed costs, but it’s more or less fixed or internal to your organization. So, it’s near to a FIXED cost.
In the other hand, SCCM CMG is a variable cost depending on the usage of data storage, data transfer, and client count, etc… The best way to analyze SCCM CMG cost is by using Azure Pricing Tool. The following SCCM CMG component list will give you some hints:-
- Standard A2 V2 VM (not IaaS solution but it’s PaaS – ~100$ per month (US)?)
- Outbound data transfer (Lower Estimate 100-300 MB per client per month) – $0.087 per GB/Month
- Content Storage cost (Application content files – 3rd Party patch content as well) –$0.02 / GB / month
- Dynamic IP cost per CMG instance – ~$3/Month
- Public DNS Costs (name resolution)
The location topic is essential from the decision making perspective. You should be clear about your location preferences before checking on SCCM IBCM Vs CMG comparison.
- SCCM CMG is a Platform As A Service (PaaS) solution located in Microsoft Azure (You can’t create an SCCM CMG in Amazon or Google Cloud – Full Stop)!
- SCCM IBMC is a solution you can build within your ON-PREM data center. Or in Private cloud or Amazon/Google Cloud
Stability is essential for SCCM IBCM Vs CMG discussions. I don’t think SCCM CMG is unstable at all. But, many new features are getting added to SCCM CMG and CMG code is changing in all the releases.
SCCM CMG doesn’t have regional awareness capabilities. So the SCCM client connected from the internet can go to any one of the CMG available.
The new SCCM CMG behavior with boundary groups helps scenario which will help you to move SCCM traffic off the expensive and slow WAN/VPN and on to the cheaper Internet links to SCCM CMG.
The new preview version of SCCM 1902 will give more parity to SCCM CMG with IBCM features. So the new developments will help you to decide between SCCM IBCM Vs CMG.
Setup Troubleshooting Complexity
I think SCCM CMG and IBCM are equally complex to setup + troubleshooting because of different reasons.
SCCM IBCM complexity is mainly because of dealing with your PKI, Firewall, and Security teams within your organizations.
SCCM CMG complexity is mostly because it’s pretty new to many of SCCM admins. SCCM admins should go through an upskilling process (continuous learning) and learn more about the concepts of SCCM CMG.
[Related Post – SCCM Co-Management Video Guide With 16 Posts]
You can use your existing processes (SAL, TOM, RACI,etc.) to manage and operate SCCM IBCM components.
SCCM CMG requires a modern way of thinking, and you might need to create or update existing SLA, TOM, RACI, etc. But these changes will help you to start the digital transformation for your organization, and that is helpful.
There should not be any comparison between modern and traditional security verticals. Both are made for different reasons.
SCCM IBCM components are placed in the DMZ of your organization’s data center. The SCCM clients from the internet will directly connect to those IBCM components (sometimes via reverse proxy).
SCCM CMG components are placed in the Microsoft Azure data center and not in your on-prem DMZ. And moreover, the internet clients are NOT communicating directly with SCCM on-prem elements. SCCM CMG components will always create outbound connections to the Microsoft cloud.
Don’t get me wrong; I’m not saying SCCM IBCM is not future proof. But what I can see is, Microsoft put many more efforts to improve the capabilities to SCCM CMG.
SCCM IBCM Vs CMG comparison always reaches a point where co-management support will come into the discussion. There is NO hardcore dependency on co-management and CMG.
SCCM CMG is more aligned with co-management options and scenarios.
Rethinking SCCM Speed, Security, and Simplicity
I wanted to provide you an additional tip in this blog. And that is about rethinking speed, security, and simplicity of SCCM.
Here is your chance to register for Adaptiva’s webinar on “Rethinking ConfigMgr Speed, Security, and Simplicity.” This webinar is on Tuesday, February 26th, 2019.
Register for Webinar from HERE