Nomad provides a number of advanced features that require changes to the default configuration of Nomad client.
These features are described in greater detail in the following pages:
In this section
Nomad peer-to-peer content transfer uses SMB by default, which requires File and Print services to be enabled in order for it to share the content. For better security Nomad can be configured to use HTTP or HTTPS for peer-to-peer content transfer, removing the requirement for file shares. When Nomad is configured to use HTTP/S, if Peer Backup Assistant is enabled it will also use HTTP/S.
Nomad dynamically analyzes the overall WAN traffic to ensure that it only uses a percentage of the total. It is also aware of mobile devices and knows the difference between wireless and wired connections and is able to select the most efficient available connection to use.
Windows imposes a limit on the number of concurrent connections on the Nomad share. The FanOut feature compensates for this limitation by enabling peers connected to the master to themselves allow connections to other peers requiring the download so that more peers can be updated at the same time.
By providing support for IPv6 environments, Nomad supports distribution to clients connected to the corporate network using the DirectAccess feature.
If you want to make more efficient use of your network when distributing the same data to many devices, you may want to consider using multicast – it may already be used in your environment for multi-media tasks such as providing video content. Multicast is a complex technology that requires complete buy-in from both your system and network administrators.
Nomad has always provided encryption for most of its communications and in Nomad 6.0 an advanced FIPS compliant encryption algorithm was made available. The United States Federal Information Processing Standard (FIPS) is a standard that defines security requirements for software used by the U.S. federal government. It stipulates that applications that encrypt any sensitive data should use only a certain set of approved encryption algorithms.
Nomad SECure enables content to be compressed and signed, and also encrypted on the DP which clients can download. If you intend to use this feature, you must update all Nomad clients to 6.1 or later, or they will fail to download encrypted content. This is because clients older than 6.1 only support the original unencrypted data format.
Enhanced HTTP is a feature implemented in Configuration Manager (CM) to enable administrators to secure client communication with site systems without the need for PKI server authentication certificates. Primarily this feature is used to support a Cloud Management Gateway (CMG) or to support Azure AD joined devices, both of which scenarios would otherwise require Management Points to be configured to use HTTPS with a PKI Server Authentication certificate. Enhanced HTTP also allows clients to download content from a Distribution Point without the need for a Network Access Account, PKI client authentication certificates or Windows authentication as it establishes a new endpoint on the Distribution Point (CCMTOKENAUTH that uses token-based access. Refer to the Microsoft documentation for a full explanation of Enhanced HTTP and how to configure site systems to use it.