使用 Configuration Manager 管理網際網路上的用戶端Manage clients on the internet with Configuration Manager

適用於:Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

一般來說,在 Configuration Manager 中,大部分受管理的電腦和伺服器實際上是與執行管理功能的站台系統伺服器位於相同的內部網路。Typically in Configuration Manager, most of the managed computers and servers are physically on the same internal network as the site system servers that perform management functions. 不過,您可以管理內部網路之外的用戶端 (如果它們連線到網際網路)。However, you can manage clients outside your internal network when they are connected to the internet. 這項功能並不需要用戶端透過 VPN 連線,才能連線到站台系統伺服器。This ability doesn't require the clients to connect via VPN to reach the site system servers.

Configuration Manager 提供下列兩種方式來管理連接網際網路的用戶端:Configuration Manager provides two ways to manage internet-connected clients:

  • 雲端管理閘道Cloud management gateway

  • 以網際網路為基礎的用戶端管理Internet-based client management

注意

您可以為單一網站結合這兩個服務。You can have a combination of both services for a single site. 如果裝置從網站取得 IBCM 和 CMG 的原則,其會在兩者之間隨機分配以進行通訊。If a device gets policy from the site for both IBCM and CMG, then it randomizes between them for communication. 控制通訊的唯一可用機制是用戶端驗證。The only mechanism available to control communication is client authentication. 例如,如果已加入 Azure AD 的用戶端不信任網際網路型管理點的伺服器驗證憑證,則只能使用 CMG。For example, if an Azure AD-joined client doesn't trust the server authentication certificate of the internet-based management point, it can only use the CMG. 如果加入網域的用戶端不信任 CMG 的伺服器驗證憑證,其只能使用網際網路型管理點。If a domain-joined client doesn't trust the server authentication certificate of the CMG, it can only use the internet-based management point.

雲端管理閘道Cloud management gateway

雲端管理閘道提供網際網路用戶端的管理。The cloud management gateway provides management of internet-based clients. 其使用 Microsoft Azure 雲端服務與會與該服務通訊之內部部署站台系統角色的組合。It uses a combination of a Microsoft Azure cloud service, and an on-premises site system role that communicates with that service. 以網際網路為基礎的用戶端則使用雲端服務與內部部署 Configuration Manager 通訊。Internet-based clients use the cloud service to communicate with the on-premises Configuration Manager.

CMG 的優點CMG advantages

  • 不需要任何額外的內部部署基礎結構投資。No additional on-premises infrastructure investment required.

  • 不會將內部部署基礎結構公開至網際網路。Does not expose on-premises infrastructure to the internet.

  • 執行服務的雲端虛擬機器完全受 Azure 的管理,而且不需要維護。Cloud virtual machines that run the service are fully managed by Azure and require no maintenance.

  • 可在 Configuration Manager 主控台中輕鬆進行設定。Easily set up and configured in the Configuration Manager console.

CMG 的缺點CMG disadvantages

  • 雲端訂閱成本。Cloud subscription cost.

  • 會透過雲端服務傳送管理資料。Management data sent through cloud service.

如需詳細資訊,請參閱規劃雲端管理閘道For more information, see Plan for cloud management gateway.

以網際網路為基礎的用戶端管理Internet-based client management

此方法需仰賴網際網路面向站台系統伺服器 (用戶端與其直接進行通訊) 以進行管理。This method relies on internet-facing site system servers to which clients directly communicate for management purposes. 您必須針對用戶端與站台系統伺服器進行相關設定,才能執行以網際網路為基礎的用戶端管理 (IBCM)。It requires clients and site system servers to be configured for internet-based client management (IBCM).

IBCM 的優點IBCM advantages

  • 無任何雲端服務相依性。No cloud service dependency.

  • 無任何雲端訂閱的額外相關成本。No additional cost associated with a cloud subscription.

  • 可完整控制提供服務的伺服器和角色。Full control of servers and roles providing the service.

IBCM 的缺點IBCM disadvantages

  • 需要額外的基礎結構投資。Require additional infrastructure investment.

  • 額外基礎結構會造成其他負荷和營運成本。Overhead and operational cost of additional infrastructure.

  • 基礎結構必須公開到網際網路。Infrastructure must be exposed to the internet.

如需詳細資訊,請參閱規劃以網際網路為基礎的用戶端管理For more information, see Plan for internet-based client management.