3

We have multiple forests, each with an independent install of Exchange 2010 SP2.

Can one SCOM installation monitor both forests?

Is a one way or a two way trust needed?

makerofthings7
  • 8,821
  • 28
  • 115
  • 196

2 Answers2

1

You may want to consider using certificates. SCOM has the capability to use certificates for agents that are outside the security boundary. This is also an approach to use with a perimeter network or non-domain computers.

https://blogs.technet.com/b/operationsmgr/archive/2009/09/10/step-by-step-for-using-certificates-to-communicate-between-agents-and-the-opsmgr-2007-server.aspx

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
0

If you have a group of SCOM Agents in a separate (untrusted) forest, it makes sence to install a gateway server. You basically set up certificate-based comms between the SCOM Server and the Gateway server (which sits in the opposite forest), and then have the SCOM agents communicate with the gateway server. That way you only have to set up certificates on one computer (plus the SCOM server). Google around for the PDF called "Gateway Server and Certificate-based Authorization Scenarios in Operations Manager 2007" on systemcentercentral.com, it has everything you need to do clearly written.

Trondh
  • 4,191
  • 23
  • 27