We have 1 MP and multiple DP's for our SCCM 2012 infrastructure. We want to push patches using SCCM 2012 in the DMZ in 2 sites. I hear we can setup IBCM. I am curious what is the best way of setting it up, we just want one SCCM server in each site in the DMZ to push patches and we just want it to only communicate to the site server. We will not need to push packages to internet clients, just servers in our DMZ. What are your thoughts of best practice? Do we need to setup certificates? I appreciate the info!