Reasons to build a CAS:
- You will go over 100K clients.
- You fought and lost the political battle to keep just one primary (politics).
- Legal reasons (data must reside in country on a primary) - note that most data will still be copied to the CAS anyway.
- Load balancing\BCP: you don't want the loss of contact to all of your clients should a datacenter go down. 3 primaries and a CAS could mean that a primary and CAS could go down, but you could still reach 2/3 of your client base by connecting to the remaining primary sites. The tradeoff is that you now have 3x the likelihood of an outage now that there are 3 primary sites instead of one.
Reasons to avoid a CAS:
- One extra server to maintain with all its licensing, monitoring, hardware, and support costs.
- Replication requires 8 GB RAM just for the CAS alone. Microsoft recommends a 64GB box with 16 cores for a CAS.
- SQL Enterprise will be needed to go over 50K clients (an added expense).
- All content is stored on the CAS; every package, application, software update, etc. Yes, it's in a content libray to help manage the size, but it's still there taking up space. See more.
- You might merge with another company or someone might buy your company and you could grow beyond 100K clients.
- Neither primary sites nor a CAS can be swung under another site.
- Export objects from losing site and import to winning site (or brand new combined site).
- You're at 90K clients and might grow.
- Good point.
Security necessitates a split of sites:
You don't put servers in one domain and workstations in another. The Full Administrator role in CM12 is much like Domain Admins. You could simply grant an AD group permissions to that role and remove yourself from the role until needed (open a ticket to do the work, add yourself to the AD group, do the work, remove yourself from the group, and close the ticket).
Alex Semibratov points out that even that 2nd bullet for a CAS is faulty:
"The second reason does not seem to be valid since a site is no longer a security boundary. Meaning, that local system on any of primary site servers has full admin access to all sites in "hierarchy". In other words, there is no more site hierarchies for security."
Matt Granstom added the BCP consideration. Email me if you can think of valid reasons.
Fellow MVP Rob Marshall has a nice article on this topic too.