Determine If You Should Install a Fallback Status Point for Configuration Manager Clients
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
The fallback status point in Configuration Manager 2007 always communicates with clients using HTTP which uses unauthenticated connections and sends data in clear text, even when the site is in native mode. This makes the fallback status point vulnerable to attack, particularly when it is used with Internet-based client management. To help reduce the attack surface, always dedicate a server to running the fallback status point and do not install other site system roles on the same server in a production environment.
Install a fallback status point in the site if all of the following conditions apply:
You want client computers to report any failures to the site database, particularly when they cannot contact a management point.
You want to utilize the Configuration Manager 2007 client deployment reports which use data sent by the fallback status point.
You have a dedicated server for this site system role, and have additional security measures to help protect the server from attack.
The benefits of using a fallback status point outweigh any security risks associated with unauthenticated connections and clear text transfers over HTTP traffic.
Do not install a fallback status point in the site if the following condition applies:
- The security risks of running a Web site with unauthenticated connections and clear text transfers outweigh the benefits of identifying client communication problems.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.