The final role that we need to install is the OpsMgr Gateway server. This role enables OpsMgr agent communication across different security boundaries – such as DMZ and untrusted Active Directory domains. The Gateway server can also be used to compress agent traffic across slow WAN links inside a Management Group domain.
In our example for this book, the Gateway server is a member of an untrusted Active Directory domain and we will need to utilize a public key infrastructure (PKI) for certificate-based authentication back into the OpsMgr Management Group.
Here's what we need before we begin:
A certificate authority (CA) configured in the same domain as the OpsMgr Management Group.
The fully qualified domain name (FQDN) of the OpsMgr Management server that the Gateway server will connect to.
The
Microsoft.EnterpriseManagement.GatewayApprovalTool.exe
and its associated configuration file from the OpsMgr installation media.The
MOMCertImport.exe
tool from the OpsMgr installation...