Microsoft Practice Computacenter Configuration Manager MVP since July 2009 Co-Founder of the System...

Configuration Manager 2012: Deployment and Infrastructure considerations

Kenny BuntinxMVP Configuration ManagerComputacenter

#BEMMS

Who I am• Microsoft Practice Leader @ Computacenter

• Configuration Manager MVP since July 2009

• Co-Founder of the System Center User Group Belgium @ http://www.scug.be

• Email : [email protected]• : KennyBuntinx

http://www.scug.be/

http://www.scug.be/

What I plan to cover in this session

• Infrastructure setup• High availability• SQL replication• CAS ,Primary Site, Secondary Site & DP’s

• Internet Based Managed Clients• AMT (Vpro)

Infrastructure PromisesModernizing Architecture

Minimizing infrastructure for remote officesConsolidating infrastructure for primary sitesScalability and Data Latency Improvements

Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possibleFile processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)System-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directly

Be TrustworthyInteractions with SQL DBA are consistent with Configuration Manager 2007Configuration Manager admin can monitoring and troubleshoot new replication approach independently

Simplification

Infrastructure

Administration

Infrastructure and DesignInitial impressions / questions

How to design a new infrastructure for a new environment?Will this differ for a customer with SCCM 2007 today ?Where do I need site servers and site role servers?

Good news ! – Initial experience suggests fewer servers

Minimum System Requirements (Beta 2)

Component Minimum Requirement

Site Server and Site Roles Windows Server 2008 (64-bit )Windows Server 2008 R2 (64-bit)

Database SQL Server 2008 SP1 & Cumulative Update 10+ (64-bit)

Distribution Point Windows Server 2003 (including 32-bit) with limited functionalityWindows Vista SP2 and later (including 32-bit)

Client Windows XP SP2 (64-bit) & SP3 (32-bit)Windows 2003 Server SP2 (32-bit & 64-bit)Vista SP2 (32-bit & 64-bit)Windows 7 RTM (32-bit & 64-bit)Windows 2008 SP2 (32-bit & 64-bit)Windows 2008 R2 RTM (64-bit)

Simplification

Infrastructure

Administration

Infrastructure ?

Delivering on the Promise Simplification

Infrastructure

Administration

Simple topology

Central Administration Site

Primary

Secondary SiteDistribution PointDistribution Point

2012

Simplification

Infrastructure

Administration

The business scenario needs for today’s session :

DPMP

Primary 3

Well designed , reduced infrastructure Highly available, well monitoredClients and servers management must be separated Internet connected laptopsSeparate European Active Directory ForestRemote out-of-band support

EMEA.company.com

DPMP

Europe

USA

Asia Solutions enabledWell designed , reduced infrastructureHigh availability/monitoringClients and servers management must be separated Internet facing in USAAdditional Active Directory ForestOut of band management in Asia

AMT enabled devices

• 30.000 clients• 2500 Servers


• 500 clients• 15 Servers

High available ?


Infrastructure

Administration

High Availability (Administration)Ensure I can administer my environment

SQL Clustering: site database

Multiple Admin-Facing Site System Roles: SMS Provider, Reporting Services Point

High Availability (Serving Clients)Ensure clients can be managed

Windows Network Load Balancing continues to be supported for:

Management Point, Software Update Point

New client load balancing and failover solution in 2012High-availability without the need for network load balancer!

Multiple MP’sMultiple DP’s

Multiple Client-Facing Site System Roles: Distribution Point (PXE), Server Locator Point, State Migration Point, System Health Validator Point

Automatic remediation for unhealthy clients

Central Administration site ?


Infrastructure

Administration

When do I Need a Central Administration Site?

More than one Primary Site in a single hierarchy

Off-load reporting and administration from your Primary Site

Disaster Recovery scenarios (**)

Migration Consideration: The Central Administration Site must always be installed first

Our IT challenge

EMEA.woodgrove.com

CAS

DPMP

EuropeUSA

AsiaBusiness needs

Well designed , reduced infrastructureHighly available, well monitoredInternet connected laptopsSeparate European Active Directory ForestClients and servers management must be separated Remote out-of-band support




AMT enabled devices

SQL ?


Infrastructure Administration

SQL Server in Configuration Manager 2012

Be TrustworthyInteractions with SQL DBA are consistent with Configuration Manager 2007Configuration Manager admin can monitor and troubleshoot new replication approach independently

Only one Configuration Manager site per SQL Server instance is allowedAll database communication is encryptedTCP/IP port for service broker

Replication

Data type Examples Replication type Where is data found?

Global data

Created by admin

Collection rules, package metadata, software update metadata, Deployments

SQL Central administration site, all primary sites, secondary sites*

Site data Created by system

Collection members, HINV, alert messages

SQL Central administration site, originating primary site

Content Software package installation bits, software updates, boot images

File-based Primary sites, secondary sites, distribution points

*Subset of global data only

SQL Replicated Data Types

Collection Rules & CountPackage MetadataProgram MetadataDeploymentsConfiguration Item MetadataSoftware Update Metadata Task Sequence MetadataSite Control FileSystem Resource List (site servers)Site Security Objects (Roles, Scopes, etc.)Alert Rules

Collection Membership ResultsAlert MessagesHardware InventorySoftware Inventory & MeteringAsset Intelligence CAL Track DataStatus MessagesSoftware Distribution Status DetailsStatus Summary DataComponent and Site Status SummarizersClient Health DataClient Health HistoryWake On LANQuarantine Client Restriction History

Global Data Examples Site Data Examples

Conceptual Replication ModelCentral Administration Site

USA

EuropeUSA -Texas

AsiaCentral Administration SitePrimary Site

Secondary Site

Global DataAvailable at: Central Administration Site and all Primary SitesExamples• Collection rules• Package metadata• Deployments• Security Scopes

Site DataAvailable at: Central Administration Site, Replicating PrimaryExamples:• HINV• Status• Collection Membership Results

ContentAvailable where content has been distributed to a Distribution Point

SQL Monitoring

Primary site ?



Infrastructure and DesignEvaluating the need of multiple primaries?

Remove those required only due to SCCM 2007Consider addition of multiple roles per site (MP, provider, etc.)Consider changes in network to support client trafficConsider throttling and scheduling added to DPs

Client SettingsEasiest Step to Infrastructure Reduction: Stop using primary

sites for different Client Settings

Default Client Settings for the entire hierarchyCustom Client Settings assigned to collections

Resultant settings can be an aggregation of both default & one or more custom settingsPriority-based conflict resolution

Custom settings override default settings

Simplification


Collection Based Client Settings

demo

When do I Need a Primary Site?To manage any clientsAdd more primary sites for:

Scale (more than 100,000 clients)Reduce impact of primary site failureLocal point of connectivity for administrationPolitical reasonsContent regulation

Decentralized administrationLogical data segmentationClient settingsLanguageContent routing for deep hierarchies

Simplification


Our IT challenge

EMEA.woodgrove.com

CAS

DPMP

EuropeUSA

AsiaBusiness needs





AMT enabled devices

Primary 1

Primary 2

Cross Domain/Forest: Trusted

woodgrove.com

USA.woodgrove.com

Asia.woodgrove.com

CAS

Woodgrove-emea.comSEC1

Distribution Point

Management Point

PR1

ManagementPoint

Distribution Point

PR2

ManagementPoint

DistributionPoint

CAS, Primary and secondary sites must reside in a fully two way trusted Active Directory Domain/Forest.

Secondary site ?



When do I Need a Secondary Site?Manage upward-flowing WAN trafficTiered content routing for deep network topologiesUse of local SMPNo local administrator

Simplification


Our IT challenge

EMEA.woodgrove.com

CAS

DPMP

EuropeUSA

AsiaBusiness needs





AMT enabled devices

Primary 1

Primary 2

Secondary 1

Local Distribution Point ?



When a Local Distribution Point?BITS not enough control for WAN trafficMulticast for Operating System DeploymentApp-V streaming

Simplification


Distribution PointsOne distribution point type

Role can be installed on clients and serversClients - Windows Vista SP2 and later Servers - Windows Server 2003 SP2 and later

Ability to configure throttling and schedulingPXE service and multicast properties

Specify drives for content storageIIS feature is required on all distribution pointsCo-exist on secondary site server or remotely connected

Simplification


Delivering the Promise ?



Configuration Manager 2007 vs. 2012Delivering on the Promise

Promise Configuration Manager 2007

Configuration Manager 2012

Scalability and data latency improvements

Central primary reprocesses all data from child sites

• Central administration site – no data processing

Consolidating infrastructure for primary sites

Separate primary • Collection-based settings

• Role-based administration/ Admin Segmentation

Minimizing infrastructure for remote offices

Secondary Site

Standard Distribution Points and Branch Distribution Points

• Secondary Site• Distribution Points with

throttling and scheduling

• Distribution Points• BranchCache™

Simplification

Infrastructure

Administration

Internet Based Managed Clients ?



Client CommunicationConfigMgr 2007 ConfigMgr 2012

Intranet Intranet

Internet Internet

PR1

DistributionPoint

ManagementPoint

CEN

PR2

ManagementPoint

DistributionPoint

PR1

ManagementPoint Distribution

Point

ManagementPoint

Distribution Point

PR1 (Site Properties)PR2 (Site Properties)

Client CommunicationConfigMgr 2007

Intranet

Internet

PR1

DistributionPoint

ManagementPoint

CEN

PR2

ManagementPoint

DistributionPoint

ConfigMgr 2012

Intranet

Internet

PR1

ManagementPoint Distribution

Point

ManagementPoint

Distribution Point

Single Primary site can manage both Intranet clients (over HTTP) and Internet clients (over HTTPS).

Primary sites can be configured to either support only HTTPS roles or both HTTP and HTTPS site roles.

Cross Domain/Forest: Internet-Based Client Management

USA.woodgrove.com

PR1

ManagementPoint

DistributionPoint

CAS

Intranet

Internet

DMZ

DistributionPoint

ManagementPoint

USA.woodgrove.com clients

WorkGroup clients

Machine

policies only

Machine

policies only

Machine and user

policies

SoftwareUpdate Point

Software Catalog

Cross Domain/Forest

Site Server• CAS, Primary and secondary site must reside in a

fully two way trusted Active Directory Domain/Forest.

• Client Facing roles can be deployed in untrusted forest.

Intranet Client • Same as in ConfigMgr 2007

Internet-Based client

management

• Deploy remote site roles in DMZ for managing Internet-Based Clients.

• All Internet based clients can get machine policy but to retrieve user policy there should be:• One way trust between DMZ and the forest to

which the client belongs.• Clients must be part of the trusted forest.

AMT ?



Out Band Management – Intel Active Management Technology (AMT)

Scenario refresherRemote wakeup/shutdown/image boot with Windows running or notWakeup all clients in a collection prior to application deployments, software update and OSD operations

Key improvements in ConfigMgr 2012Increased scale for client wake-up (now 20K+ devices)Aligned to RBA Admin, Remote Tools and Software admin rolesSupport for latest firmware (AMT 6.1)

AMT Provisioning Requirements

ConfigMgr 2012 Agent Wired intranet connectionDevice firmware has SSL trust to Out of Band Service Point

Removed in ConfigMgr 2012External provisioning (import of UUID to ConfigMgr)

Best practiceSetup configuration and wireless profiles prior to provisioningRemove AMT provisioning in ConfigMgr 2007 prior to migration

AMT DeploymentEurope

AMT

Primary Site

Out of BandService Point

Enrollment Server

AMT/ConfigMgr Clients

Active Directory

Platform SupportFirmware Version ConfigMgr 2007

SP 2 / R2ConfigMgr 2012

<3.2.13.2.14.1

5.1, 5.26.0, 6.1 TBD

7.0 “Standard Manageability” (non vPro)

Thank You

You. Empowered.

to Our Sponsors

Your Feedback is extremely important

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Practice Computacenter Configuration Manager MVP since July 2009 Co-Founder of the System...

Documents

Transcript of Microsoft Practice Computacenter Configuration Manager MVP since July 2009 Co-Founder of the System...