Now that Cloud Management Gateway (Classic Service classic) is deprecated and will be removed in the future releases of Configuration Manager after 1 March 2022 we can now longer deploy a CMG using the cloud service (classic).
This is most likely due the fact that Classic VMs is being removed in Azure as the link below shows.
https://docs.microsoft.com/en-us/azure/virtual-machines/classic-vm-deprecation.
Which options do we have to migrate then?
It depends on the Cloud Management Gateway is configured today if it uses a custom DNS domain name or a *.cloudapp.net name. If a custom DNS name is being used the built-in wizard can be used to convert the Cloud Management Gateway to a Virtual Machine Scale set as I wrote a post on when it was in Technical Preview: https://ccmexec.com/2021/06/convert-cmg-to-vm-scale-set-memc-tp-2106/.
Important when migrating to a CMG Virtual Machine Scale set is that we configure the prereqs which differs from classic to virtual machine scale set.
In the Azure Subscription used we need to add the following Resource Providers that are required when using Virtual machine scale sets.
What if we used a *.cloudapp.net DNS name then? The challenge is that the DNS name has changed for Virtual Machine Scale Sets to *<Region>.cloudapp.azure.com, in my example that would be *.northeurope.cloudapp.azure.com.
When we run the migration wizard we cannot change the certificate used for the service which means that we cannot change the name, which makes perfect sense because all clients that are connected to the CMG will have no chance to get the new name of the service.
With the release of Configuration Manager 2107 we got a new option, we can now deploy a CMG cloud service (Classic) and a CMG that uses Virtual Machine Scale Set at the same time.
This was not possible before and this gives us a great migration option, simply deploy a new cloud management gateway using Virtual Machine Scale set in parallel with our classic one.
Remember that you need to have a second site system that we can install an additional Cloud Management Gateway Connector that you need.
If we look a client which is on the internet it picks up the new CMG as a DP really fast and after a while the new CMG as a MP as well.
Before the new CMG was installed:
The client rotates the Internet-based management point after a while or when we remove the old CMG.
Important: If co-management is used and we deploy the Configuration Manager client to Intune managed device the installation string needs to be updated with the correct one. The installation string sample under Cloud Attach updated itself with the new one as soon as I deployed the new CMG
My sample CM Client Bootstrap LoB app in Intune which I needs to be updated manually to reflect the new CMG.
I wrote above that we had two options to migrate, the other option would be to deploy a new CMG using a DNS Name and then migrate that to a Virtual Machine scale set. Which was the way we had to do it before MEMCM 2107 was released.
But now the option described above makes much more sense.
1 thought on “MEMCM Cloud Management Gateway migration options”