Yes, I know it's a very common question and there are already a lot of articles and discussions about that on the Internet. Even myself, I already wrote an article after the SCCM 2012 SP1 release.
However, I think it's time to provide some pragmatic information and to kill some very common ideas.
1. The Fundamentals
CAS or not CAS ? Part 1 - The Fundamentals
I. Why not using a CAS ?
A CAS doesn't provide any specific feature that you can't have with a standalone primary site.
Even if you install a standalone primary site, you can always install after a CAS (see Expanding a stand-alone primary site).
Never forget that:
- A CAS server require a large amount of hardware resources (https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/recommended-hardware) ;
- You have additional licenses costs (OS, SQL server...) ;
- You need to check and sometime troubleshoot replication links ;
- You need to ensure your architecture is perfectly healthy.
About the last point, lot of people ignore site recovery prerequisites:
- To restore a CAS, all your primary sites must function.
- To restore a primary site, your CAS must function.
What if you've got a problem with your CAS and you discover that a primary site is also down ? You're stuck and you only have to call Microsoft support. :(
So my 1st recommendation: Keep your SCCM infrastructure as simple as possible and use a CAS only if you need one.
II. Why using a CAS ?
Sometime, there is no other solution but to install a CAS.
1. Because you're above the limits of standone primary site: Saying Microsoft (https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/size-and-scale-numbers), a standalone primary site can manage up to 175.000 devices (150.000 PC + 25.000 mac).
2. Because you need more than 15 Management Point:
You need 1 MP for 25.000 PC (or 10.000 MDM devices / MAC).
You need also 1 MP if you want to manage clients is an untrusted forest (https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/communications-between-endpoints).
If you've got a lot of untrusted forests (for security reason for example), you may require a lot of MP. However, never forget you can also manage clients in untrusted forest as workgroup clients (https://docs.microsoft.com/en-us/sccm/core/clients/deploy/deploy-clients-to-windows-computers#BKMK_ClientWorkgroup).
Quick Case Study : you have :
- 20.000 computers in your main forest (the forest that contains your site server);
- 10.000 computers in a two-way trusted forest;
- 10.000 computers (that you want to manage fully) in an untrusted forest;
- 50 computers in an untrusted forest that you will manage as workgroup computers.
You need... 3 Management Point
2 Management Point that will manage 30.050 clients (main forest + trusted forest + workgroup)
1 Management Point that will manage the 10.000 clients in the untrusted forest.
3. Because you need to install a MP across a slow link:
A Management Point requires a fast link to the Database server.
Some people uses database replica, but that feature is normally reserved to reduce CPU processing of the site database server, not to provide a "local cache". Moreover, I'd rather to troubleshoot site replications than database replication. Note also that database replica must be disabled during SCCM updates (more maintenance operations).
As a consequence, when you need to install a MP across a slow link, you need to create an additional site. That can be secondary or another primary site with a CAS.
4. Because, you're above the limits a primary site:
- > 250 secondary sites
- > 250 Distribution point in the site
- > 2000 pull-DP
- > 5000 DP in the site and in the child secondary sites
In the next part, I will discuss about a really common question:
Is it relevant to create several primary site when you have several admin teams ?
Stay tuned!
Julien