SCOM Across Multiple Domains

I recently ran into a question where someone wanted to deploy SCOM in two different domains. The problem was that the two sites they used were connected two domains, and while they trusted each other, they were not in the same forest. The person asking the question wanted to install the remote agent at his other site, but the installation was failing.

The solution to the question was to deploy a gateway server at the remote site as described in this Technet Article:

http://technet.microsoft.com/en-us/library/bb432149.aspx

The procedural overview as laid out in that article is to:

1. Request certificates for any computer in the agent, gateway server, management server chain.
2. Import those certificates into the target computers by using the Operations Manager 2007 MOMCertImport.exe tool.
3. Distribute the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to the management server.
4. Run the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe tool to initiate communication between the management server and the gateway.
5. Install the gateway server.

The detailed directions for each step are laid out there in a simple to understand fashion.
This is actually a very good solution for conditions which require Cross Forest SCOM deployments. While my personal preference would be to bring both domains into a single forest, there are many reasons (mostly legal or political) to not do so. In the event you find yourself needing to have a single management point for multiple domains, this is the way I would go.

Here is the Experts-Exchange Question that prompted me to find this solution:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_25083584.html

Here is the Experts-Exchange Article which resulted from this Question:

http://www.experts-exchange.com/articles/Software/Server_Software/File_Servers/Active_Directory/SCOM-Across-Trusted-Domains-in-Multiple-Forests.html

Justin