I am designing ConfigMgr infrastructure I have 1 primary site and 11 Secondary sites The 11 Secondary sites will host the proxy management point role, software update point role and distribution point role. If we match each Secondary sites to the correct IP boundaries at their local physical site. Is there any reason to then "Enable this site System as a protected site system" on the 11 Secondary sites? If yes, why? when I have already specified the boundary in the Secondary site properties. What would be the point of specifying boundaries for the Secondary site then.

Hello - See the details of procted DP below http://technet.microsoft.com/en-us/library/bb892788.aspx Anoop C Nair

That should make no difference in that scenario.

To add a little more information, by protecting the DPs you make sure that a client will only use the DP that is protected with the clients boundary. So it might be handy if you have slow connections between the different sites and want to make sure that the client never downloads on a different DP. There is one exeption, and that is when you still have some unprotected DPs and have an advertisement set to Allow clients to fallback to unprotected...My Blog: http://www.petervanderwoude.nl/