Q. What’s the difference between Microsoft System Center Configuration Manager 2007 (SCCM) native-mode and mixed-mode?

A. SCCM introduced the native security model. It's for client-server communications and provides a higher level of security through public key infrastructure (PKI) and Secure Sockets Layer (SSL) encryption for nearly all communications (except for certain distribution-point and fallback-status-point communications). Policies and other sensitive communications are signed using a PKI certificate. Microsoft Systems Management Server (SMS) 2003 mixed security mode uses a self-signed certificate.

It’s important to note that native mode affects only client-to-server communications and not server-to-server communications. To protect server-to-server communications, use IPsec. Also, a native-mode site can’t be a mixed-mode child site.

There are four native-mode requirements:

  • You must have a deployed PKI infrastructure in the organization
  • DNS must be available and configured for clients to locate management points
  • All clients must run the SCCM 2007 client. Native-mode sites don’t support SMS 2003 clients
  • Native-mode sites also don’t support Windows-2000-based clients
There are no SCCM 2007 native-mode Active Directory (AD) domain- or forest-mode requirements.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.