CSM for MECM architecture

Overview

CSM for MECM is an integration to Microsoft Endpoint Configuration Manager also known as MECM (formerly System Center Configuration Manager). It communicates with a component of MECM called Configuration Manager Console. More precisely, the communication happens with Configuration Manager API and Configuration Manager cmdlets. More information about the API and cmdlets can be found in Microsoft Docs.


Installation

In order for CSM to properly work it must be installed on a machine which has Configuration Manager Console installed. The operating system for the setup can be either Windows or Windows Server. The CSM installation requires a service account which has following prerequisites.

  • Having at least application administrator role in MECM.
  • Being a member of local administrator group or
    • Having full access to the following Windows registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Centero\Agent" and
    • Having modify permission to the following folder: "%ProgramData%\Centero\Software Manager" and 
    • Having modify permission to a folder which is specified for downloads. This folder can be a local folder or an UNC-location.

The service account credentials are saved to a Windows service.


Internal network communication

CSM uses WMI-queries to communicate with MECM Site Server if the Console is installed on a remote machine. On the other hand, if the Configuration Manager Console is installed on a MECM Site Server there is no need for such communication over network. The potential network traffic from CSM/MECM Console installation is similar with WMI queries as if the MECM Console was used manually.

The WMI queries use RPC protocol to TCP port 135. More information about MECM ports and protocols can be found in Microsoft Docs.


Communicating over public network

CSM 2.0.5000 and newer:

CSM for MECM monitors constantly new application versions over the Internet. CSM 2.0.5000 and newer versions download application media from Azure with HTTPS protocol. Type of the communication from the CSM and Configuration Manager Console over the public network is:

  • HTTPS protocol using port 443 to gw-eu.software-manager.com
  • HTTPS protocol using port 443 to centerofileshares.file.core.windows.net

CSM 1.0.5088 and older:

CSM for MECM monitors constantly new application versions over Internet. CSM downloads new application versions by using BITS (Background Intelligent Transfer Service). More information about BITS can be found in Microsoft Docs. Type of the communication from the CSM and Configuration Manager Console over the public network is:

  • HTTPS protocol using port 443 to portal.centero.fi (91.190.196.42).

CSM also sends license and diagnostic information to gw-eu.software-manager.com (CSM 2.0.5000->) or portal.centero.fi (CSM <-1.0.5088). Customer can specify telemetry level and whether this information is send with HTTP or HTTPS protocol.