Hi,
We, for many years have been deploying PC images and task sequences on our LAN. We're moving to a model where the supplier does as much of the build as possible off-site. In an ideal world I would get a VPN up between us and our supplier, place some SCCM roles down there, replicate some content and get them to build from a PXE box at their end, meaning that when the machines arrive on site they are fully built and ready to use. For compliance reasons a VPN is out of the question so we have tested the water using pre-stage media, which is allowing us to perform about half of the task off-site and then continue with the TS back here, where Windows Updates are applied and the machine is domain joined.
Does anyone have any design suggestions to allow more to take place at the supplier end but without VPN? Our compliance team are happy to expose some ports to enable some communication between us and the supplier, e.g. to allow replication of an image from one site to the other but that is all. I'd be happy for the domain join to take place when the machine arrives on-site but probably the biggest issue is applying updates. We produce a new image each month after patches are released but if an old image is used then the number of applicable updates once built is high. I'd like at least to be apply to run the apply updates stage at the supplier end, or if it was possible run an internet based Windows Update as part of the TS which runs in the factory but this doesn't appear to be an option.
Any thoughts?
Thanks