One of the new features in ConfigMgr SP1 is Cloud based distribution points. ConfigMgr SP1 clients can use the CDP as a fallback solution when the requested content is not available at an on-premise distribution point (the new term for the “old fashion DP”). It is not a replacement for Internet Based Client Management.

The benefit of having cloud distribution points are:

  • You can easily create them
  • You can easily add more resources if the scenarios where extra bandwidth is needed e.g. when upgrading to Office 2013 worldwide
  • Nice fallback solution
  • Clients will fallback to the Cloud DP if the requested packages are not found on the local DP or a remote DP.

Installing the Cloud DP – high level

When installing the Cloud DP you will have to go thru these steps.

  • Prepare Configuration Manager, install and export the needed certificate
  • Configure Windows Azure
  • Install the CloudDP in SCCM 2012 and configure the Client Settings to allow the use of a Cloud DP
  • Configure DNS so clients can connect with the Cloud DP

Prepare Configuration Manager

First you need to create a certificate that can be uploaded to Azure and also used when installing the Cloud DP role.

  1. I used the Windows Server 2012 certificate authority to create the certificate with these settings:
  2. from the Server Manager Dashboard, select Tools and Certification Authority
  3. Right click Certificate Templates and click Manage.
  4. Select the WEB Server Template and click Duplicate Template
  5. General tab, Name: CM12 Windows Azure
  6. Request handling tab, allow the private key to be exported True
  7. Security tab: Added the Active Directory group CM Servers with Read and Enroll Certificate permissions
  8. Click OK and close Certificate Templates Console.
  9. Right click Certificate Template, select New Certificate Template to Issue
  10. Select the CM12 Windows Azure Certificate and click OK. The certificate is now created and must be enrolled on the server.
  11. Open an MMC and add the Certificates snap-in, select the Local Computer.
  12. Open the Personal store, right click Certificates and select  All Tasks, Request New certificate.
  13. On the Before you begin page, click Next.
  14. On the Select Certificate Enrollment Policy page, select Active Directory Enrollment Policy and click Next.
  15. On the Request Certificates page, select the CM12 Windows Azure certificate and click the link more information is required to enroll this certificate…..
  16. In the Subject name, select Common name and type CloudDP.SC2012.Local and click Add (where SC2012.local is the name of your domain)
  17. In Alternative name, select DNS, type CloudDP.SC2012.local and click Add.
  18. Click OK and finish the enrollment.
  19. Still in the Certificates snap-in, right click the new CloudDP, select All Tasks, Export. You need to walkthru the export process twice, export a cer file and a pxf certificate.
  20. On the first page click Next.
  21. On the Export Private Key page, select No do not export the private key and click Next.
  22. On the Export file format, select CER and click Next.
  23. Save the file as CloudDP.cer and finish the wizard.
  24. Export the certificate once more and this time select Yes, I want to export the private key.
  25. Finish the export and save the certificate using the default settings.

Configuring Windows Azure

  • In order to get started you first need to create a Windows Azure account.
  • Log on to Windows Azure with you account
  • Select Hosted Services, Storage Accounts & CDN
  • Click on Management Certificates.
  • Right click on the subscribtion and select Add Certificate and add the .Cer file.
  • That was it for Azure – it takes a little while before the settings are applied.

Install the Cloud DP

  1. In Configuration Manager, select the Administration Workspace, Hierarchy Configuration, Cloud
  2. Click Create Cloud Distribution Point on the Ribbon.
  3. In Subscription ID, copy the subscription ID from you Azure account (you find it, by selecting Certificates).
  4. In Management Certificate, click Browse and select th PXF certificate.
  5. Click Next – it might take a little while to verify the subscription ID.
  6. Select your “local region” and click Next
  7. Configure the exptected storage quota, monthly transfer rate and finish the wizard.
  8. In the background the CloudDP manager component will connect to Azure and start creating the service. This process can easily take several minutes (as in 30).
  9. When Azure is configured the Status in the ConfigMgr console will change to Ready.
  10. The Cloud DP is now ready and you can start distributing content to the service in the same way as you normally distribute content.
  11. You can monitor the content in Azure or open the Cloud DP properties and select the Content tab.

Configure DNS

  1. In order for the clients to be able to download content, they must be able to resolve the CloudDP.SC2012.Local name to an IP address. You find the IP address in Windows Azure. Select Hosted Services, and navigate to the BLOB.


  2. Open DNS and create a new host record for CloudDP.SC2012.Local

Testing the deployment

  1. Distribute the content as any other regular package and select the CloudDP type
  2. The package transfer manager will copy the content to the Cloud
  3. The client receives the policy and initiates the download. Notice that the contentlocation is our new CloudDP

At the same time I was writting this blog post, my good friend and fellow MVP James Bannan posted a similar post -  make sure you also read that article.