Cloud Distribution Point in SCCM 2012

Prerequisites for Cloud-Based Distribution Points

 The following are prerequisites to use a cloud-based distribution point:

• A subscription to Windows Azure.
• A management certificate (self-signed or PKI) for communication from a Configuration Manager primary site server to the cloud service in Windows Azure.
• A service certificate (PKI) that Configuration Manager clients use to connect to cloud-based distribution points and download content from them by using HTTPS.
• Before a device or user can access content from a cloud-based distribution point, they must receive the client setting for Cloud Services of Allow access to cloud distribution points set to Yes. By default, this value is set to No.
• Clients must be able to resolve the name of the cloud service, which requires a DNS alias (CNAME record) in your DNS namespace.
• Clients must be able to access the Internet to use the cloud-based distribution point.

 About Certificates

Cloud-based distribution points require certificates to enable Configuration Manager to manage the cloud service that hosts the distribution point, and for clients to access content from the distribution point. The following table provides overview information about these certificates.  

Certificate	Details
Management certificate for site server to distribution point communication	The management certificate establishes trust between the Windows Azure management API and Configuration Manager. This authentication allows Configuration Manager to call on the Windows Azure API when you perform tasks such as deploying content or starting and stopping the cloud service. Windows Azure allows customers to create their own management certificates, which can be either a self-signed certificate or a certificate issued by a certification authority (CA): Provide the .cer file of the management certificate to Windows Azure when you configure Windows Azure for Configuration Manager. The .cer file contains the public key for the management certificate and you must upload this certificate to Windows Azure before you install a cloud-based distribution point. This certificate enables Configuration Manager to access the Windows Azure API. Provide the .pfx file of the management certificate to Configuration Manager when you install the cloud-based distribution point. The .pfx file contains the private key for the management certificate. Configuration Manager stores this certificate in the site database. Because the .pfx file contains the private key, you must provide the password to import this certificate file into the Configuration Manager database.   If you create a self-signed certificate, you must first export the certificate as a .cer file, and then export it again as a .pfx file.
Service certificate for client communication to the distribution point	The Configuration Manager cloud-based distribution point service certificate establishes trust between the Configuration Manager clients and the cloud-based distribution point and secures the data that clients download from it by using SSL over HTTPS. Important The common name in the certificate subject field of the service certificate must be unique in your domain and not match any domain joined device.

Site Server to Cloud-Based Distribution Point Communication

When you install a cloud-based distribution point, you must assign one primary site to manage the transfer of content to the cloud service. This is equivalent to installing the distribution point site system role to a specific site.

Client to Cloud-Based Distribution Point Communication

When a device or user of a device is configured with the client setting that enables the use of a cloud distribution point, they can receive the cloud-based distribution point as a valid content location. A cloud-based distribution point is considered a remote distribution point when a client evaluates available content locations. Clients on the intranet only use cloud-based distribution points as a fallback option if on-premises distribution points are not available.

Clients that can use cloud-based distribution points use the following sequence when they perform a content location request:

1. A client that is configured to use cloud distribution points always attempts to obtain content from a preferred distribution point first.
2. When a preferred distribution point is not available, the client will use a remote distribution point, if the deployment supports this option and a remote distribution point is available.

When a preferred distribution point or remote distribution point is not available, the client can then fall back to obtain the content from a cloud-based distribution point. Note

Clients on the Internet that receive both an Internet-based distribution point and a cloud-based distribution point as content locations for a deployment, only attempt to retrieve content from the Internet-based distribution point. If the client on the Internet fails to retrieve content from the Internet-based distribution point, the client does not then attempt to access the cloud-based distribution point.

When a client uses a cloud-based distribution point as a content location, the client authenticates itself to the cloud-based distribution point by using a Configuration Manager access token. If the client trusts the Configuration Manager cloud-based distribution point certificate, the client can then download the requested content.

 Log File need to be analyzed are :

Distmgr.log in CAS Server

Cloudmgr.log in Primary Server