Hi all
as usual, what I think is a pretty non-standard question (sorry) This comes from a customer with some pretty specific security requirements, so please bear with this, and only respond to it rather than question the rationalle behind it
So the ideal design from the security authority is
Windows Server 2012 R2 , SCCM 2012 R2
MS Updates -HTTPS-> WSUS workgroup Server in DMZ-
HTTPS -> WSUS on SCCM primary site server (not DMZ) - HTTP->Clients
We really dont want to use certificates for clients so is the above actually possible ?
They may accept this as an alternative
MS Updates -HTTPS> WSUS workgroup Server in DMZ- HTTP -> WSUS on SCCM primary site server - HTTP->Clients
would that work ? my obvious gut feel is that once you use HTTPs on one WSUS, it can only communicate with another WSUS server over HTTPS ??
HUGE thanks for your time
Nick B