Hello,

I am looking for some design recommendations for my test environment that I would like to apply to one production environment (I already posted about this topic but I still have some questions).
I am working with 2 domains (2 forests) with no trust relationships.
Domain A : internal
Domain B : DMZ

From a firewall point of view, only the ports from the internal to the DMZ will be opened.
From the internet to the DMZ, only HTTPS will be opened.
Currently, I only manage the clients connected to the internal domain.
I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients (servers) and my Internet clients (laptops).
Should I use 2 management points ? Is it supported ?
- one for the DMZ clients
- one dedicated to my internet clients

If I use only one MP, should I allow Intranet and Internet clients ?

Should I allow my DMZ clients to communicate with the internal management point (port 80) and only use the MP in DMZ for my Internet clients.

The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment.

Thanks.

• Edited by LiveBTW83 Wednesday, February 04, 2015 5:03 AM

Have a look at the following blog which explains your queries comprehensively.

http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx

-RG

Thanks for the answer but in my case, this is not exactly what I am looking for. I would like to manage both, DMZ client and internet clients from the same MP. 

Did you deploy a similar solution ?