Security Incident Response

In case of emergency, let our security experts stop the cyberattack and minimize the impact of intruders.

Onevinn CSIRT can help you recover data from encrypted files, get the rebuilding process up to speed, and provide strategic advice moving forward. Fill out the form below and we will contact you!

Jörgen Nilsson 16 Sep 2020
2 min

MEMCM 2009 TP CMG – Virtual Machine sets

Configuration Manager 2009 Technical Preview is out with some great new features for us to test. One of them is Cloud Management Gateway(CMG) support for Virtual Machine Sets. This a great feature as it solves the CSP issue we had with CMG as it is using a classic service that is not available in a CSP subscription.

I needed to test it out of course, it was one of the scenarios as well which I always try to complete for all Technical Preview builds.

So what has changed?
I deleted my “old” CMG and started over. We now have the choice when we setup a new CMG if we want to use “Virtual machine scale set” or “Cloud Service ( Classic)”. As shown below

Setting up a new CMG

What I of course failed at in my first attempt was to read the documentation…… hmm.
Using Virtual machine scale sets requires new/different resource providers in Azure to be enabled in the Subscription.
I logged in to my Azure Subscription and added the following Resource Providers that are required when using Virtual machine scale sets.

Azure Resource Groups

Next change is the new service name which includes the region as well, in my case North Europe. Which required a new certificate if cloudapp.net names are used as it is in my case. If you are using a different DNS name and certificate than cloudapp.net you can just update the CNAME in DNS to point to the new service name.

CMG setup new servicename

I requested a new certificate from my CA using the same template as I used to set it up my old CMG but with the new DNS name “CCMEXECTP4.northeurope.cloudapp.azure.com” as shown below.

CMG Setup new servicename

Next step is adding my trusted Root certificate.

Adding trusted root certificate

Then we configure our alerts for our CMG

Configuring CMG alerts

Next I reconfigured my Cloud Management Connection point to use the new CMG I have setup.

Cloud management gateway properties

Then we are done, a Configuration Manager cup of coffee or actually dinner in my case and the deployment of my new CMG using Virtual Machine Scale sets was ready to use!

CMG Deployed using Virtual machine scale set

If we look in azure there are a couple of new services created for us compared to when we use the classic CMG or should we start calling it “Legacy” now? 😉

A great addition to Configuration Manager cannot wait until it ships. Support for CSP has been a long awaited feature and discussed numerous times. For more information about what is new in MEMCM 2009 TP check out the docs: Technical Preview 2009
Now that I have a new CMG up and running testing out remote control over CMG will be my next task.