Upload
suzanna-melton
View
218
Download
0
Embed Size (px)
Citation preview
Configuration Manager 2012: Deployment and Infrastructure considerations
Kenny BuntinxMVP Configuration ManagerComputacenter
#BEMMS
Who I am• Microsoft Practice Leader @ Computacenter
• Configuration Manager MVP since July 2009
• Co-Founder of the System Center User Group Belgium @ http://www.scug.be
• Email : [email protected]• : KennyBuntinx
What I plan to cover in this session
• Infrastructure setup• High availability• SQL replication• CAS ,Primary Site, Secondary Site & DP’s
• Internet Based Managed Clients• AMT (Vpro)
Infrastructure PromisesModernizing Architecture
Minimizing infrastructure for remote officesConsolidating infrastructure for primary sitesScalability and Data Latency Improvements
Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possibleFile processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)System-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directly
Be TrustworthyInteractions with SQL DBA are consistent with Configuration Manager 2007Configuration Manager admin can monitoring and troubleshoot new replication approach independently
Simplification
Infrastructure
Administration
Infrastructure and DesignInitial impressions / questions
How to design a new infrastructure for a new environment?Will this differ for a customer with SCCM 2007 today ?Where do I need site servers and site role servers?
Good news ! – Initial experience suggests fewer servers
Minimum System Requirements (Beta 2)
Component Minimum Requirement
Site Server and Site Roles Windows Server 2008 (64-bit )Windows Server 2008 R2 (64-bit)
Database SQL Server 2008 SP1 & Cumulative Update 10+ (64-bit)
Distribution Point Windows Server 2003 (including 32-bit) with limited functionalityWindows Vista SP2 and later (including 32-bit)
Client Windows XP SP2 (64-bit) & SP3 (32-bit)Windows 2003 Server SP2 (32-bit & 64-bit)Vista SP2 (32-bit & 64-bit)Windows 7 RTM (32-bit & 64-bit)Windows 2008 SP2 (32-bit & 64-bit)Windows 2008 R2 RTM (64-bit)
Simplification
Infrastructure
Administration
Infrastructure ?
Delivering on the Promise Simplification
Infrastructure
Administration
Simple topology
Central Administration Site
Primary
Secondary SiteDistribution PointDistribution Point
2012
Simplification
Infrastructure
Administration
The business scenario needs for today’s session :
DPMP
Primary 3
Well designed , reduced infrastructure Highly available, well monitoredClients and servers management must be separated Internet connected laptopsSeparate European Active Directory ForestRemote out-of-band support
EMEA.company.com
DPMP
Europe
USA
Asia Solutions enabledWell designed , reduced infrastructureHigh availability/monitoringClients and servers management must be separated Internet facing in USAAdditional Active Directory ForestOut of band management in Asia
AMT enabled devices
• 30.000 clients• 2500 Servers
• 15.000 clients• 250 Servers
• 500 clients• 15 Servers
High available ?
Delivering on the Promise Simplification
Infrastructure
Administration
High Availability (Administration)Ensure I can administer my environment
SQL Clustering: site database
Multiple Admin-Facing Site System Roles: SMS Provider, Reporting Services Point
High Availability (Serving Clients)Ensure clients can be managed
Windows Network Load Balancing continues to be supported for:
Management Point, Software Update Point
New client load balancing and failover solution in 2012High-availability without the need for network load balancer!
Multiple MP’sMultiple DP’s
Multiple Client-Facing Site System Roles: Distribution Point (PXE), Server Locator Point, State Migration Point, System Health Validator Point
Automatic remediation for unhealthy clients
Central Administration site ?
Delivering on the Promise Simplification
Infrastructure
Administration
When do I Need a Central Administration Site?
More than one Primary Site in a single hierarchy
Off-load reporting and administration from your Primary Site
Disaster Recovery scenarios (**)
Migration Consideration: The Central Administration Site must always be installed first
Our IT challenge
EMEA.woodgrove.com
CAS
DPMP
EuropeUSA
AsiaBusiness needs
Well designed , reduced infrastructureHighly available, well monitoredInternet connected laptopsSeparate European Active Directory ForestClients and servers management must be separated Remote out-of-band support
• 500 clients• 15 Servers
• 30.000 clients• 2500 Servers
• 15.000 clients• 250 Servers
AMT enabled devices
SQL ?
Delivering on the Promise Simplification
Infrastructure Administration
SQL Server in Configuration Manager 2012
Be TrustworthyInteractions with SQL DBA are consistent with Configuration Manager 2007Configuration Manager admin can monitor and troubleshoot new replication approach independently
Only one Configuration Manager site per SQL Server instance is allowedAll database communication is encryptedTCP/IP port for service broker
Replication
Data type Examples Replication type Where is data found?
Global data
Created by admin
Collection rules, package metadata, software update metadata, Deployments
SQL Central administration site, all primary sites, secondary sites*
Site data Created by system
Collection members, HINV, alert messages
SQL Central administration site, originating primary site
Content Software package installation bits, software updates, boot images
File-based Primary sites, secondary sites, distribution points
*Subset of global data only
SQL Replicated Data Types
Collection Rules & CountPackage MetadataProgram MetadataDeploymentsConfiguration Item MetadataSoftware Update Metadata Task Sequence MetadataSite Control FileSystem Resource List (site servers)Site Security Objects (Roles, Scopes, etc.)Alert Rules
Collection Membership ResultsAlert MessagesHardware InventorySoftware Inventory & MeteringAsset Intelligence CAL Track DataStatus MessagesSoftware Distribution Status DetailsStatus Summary DataComponent and Site Status SummarizersClient Health DataClient Health HistoryWake On LANQuarantine Client Restriction History
Global Data Examples Site Data Examples
Conceptual Replication ModelCentral Administration Site
USA
EuropeUSA -Texas
AsiaCentral Administration SitePrimary Site
Secondary Site
Global DataAvailable at: Central Administration Site and all Primary SitesExamples• Collection rules• Package metadata• Deployments• Security Scopes
Site DataAvailable at: Central Administration Site, Replicating PrimaryExamples:• HINV• Status• Collection Membership Results
ContentAvailable where content has been distributed to a Distribution Point
SQL Monitoring
Primary site ?
Delivering on the Promise Simplification
Infrastructure Administration
Infrastructure and DesignEvaluating the need of multiple primaries?
Remove those required only due to SCCM 2007Consider addition of multiple roles per site (MP, provider, etc.)Consider changes in network to support client trafficConsider throttling and scheduling added to DPs
Client SettingsEasiest Step to Infrastructure Reduction: Stop using primary
sites for different Client Settings
Default Client Settings for the entire hierarchyCustom Client Settings assigned to collections
Resultant settings can be an aggregation of both default & one or more custom settingsPriority-based conflict resolution
Custom settings override default settings
Simplification
Infrastructure Administration
Collection Based Client Settings
demo
When do I Need a Primary Site?To manage any clientsAdd more primary sites for:
Scale (more than 100,000 clients)Reduce impact of primary site failureLocal point of connectivity for administrationPolitical reasonsContent regulation
Decentralized administrationLogical data segmentationClient settingsLanguageContent routing for deep hierarchies
Simplification
Infrastructure Administration
Our IT challenge
EMEA.woodgrove.com
CAS
DPMP
EuropeUSA
AsiaBusiness needs
Well designed , reduced infrastructureHighly available, well monitoredInternet connected laptopsSeparate European Active Directory ForestClients and servers management must be separated Remote out-of-band support
• 500 clients• 15 Servers
• 30.000 clients• 2500 Servers
• 15.000 clients• 250 Servers
AMT enabled devices
Primary 1
Primary 2
Cross Domain/Forest: Trusted
woodgrove.com
USA.woodgrove.com
Asia.woodgrove.com
CAS
Woodgrove-emea.comSEC1
Distribution Point
Management Point
PR1
ManagementPoint
Distribution Point
PR2
ManagementPoint
DistributionPoint
CAS, Primary and secondary sites must reside in a fully two way trusted Active Directory Domain/Forest.
Secondary site ?
Delivering on the Promise Simplification
Infrastructure Administration
When do I Need a Secondary Site?Manage upward-flowing WAN trafficTiered content routing for deep network topologiesUse of local SMPNo local administrator
Simplification
Infrastructure Administration
Our IT challenge
EMEA.woodgrove.com
CAS
DPMP
EuropeUSA
AsiaBusiness needs
Well designed , reduced infrastructureHighly available, well monitoredInternet connected laptopsSeparate European Active Directory ForestClients and servers management must be separated Remote out-of-band support
• 500 clients• 15 Servers
• 30.000 clients• 2500 Servers
• 15.000 clients• 250 Servers
AMT enabled devices
Primary 1
Primary 2
Secondary 1
Local Distribution Point ?
Delivering on the Promise Simplification
Infrastructure Administration
When a Local Distribution Point?BITS not enough control for WAN trafficMulticast for Operating System DeploymentApp-V streaming
Simplification
Infrastructure Administration
Distribution PointsOne distribution point type
Role can be installed on clients and serversClients - Windows Vista SP2 and later Servers - Windows Server 2003 SP2 and later
Ability to configure throttling and schedulingPXE service and multicast properties
Specify drives for content storageIIS feature is required on all distribution pointsCo-exist on secondary site server or remotely connected
Simplification
Infrastructure Administration
Delivering the Promise ?
Delivering on the Promise Simplification
Infrastructure Administration
Configuration Manager 2007 vs. 2012Delivering on the Promise
Promise Configuration Manager 2007
Configuration Manager 2012
Scalability and data latency improvements
Central primary reprocesses all data from child sites
• Central administration site – no data processing
Consolidating infrastructure for primary sites
Separate primary • Collection-based settings
• Role-based administration/ Admin Segmentation
Minimizing infrastructure for remote offices
Secondary Site
Standard Distribution Points and Branch Distribution Points
• Secondary Site• Distribution Points with
throttling and scheduling
• Distribution Points• BranchCache™
Simplification
Infrastructure
Administration
Internet Based Managed Clients ?
Delivering on the Promise Simplification
Infrastructure Administration
Client CommunicationConfigMgr 2007 ConfigMgr 2012
Intranet Intranet
Internet Internet
PR1
DistributionPoint
ManagementPoint
CEN
PR2
ManagementPoint
DistributionPoint
PR1
ManagementPoint Distribution
Point
ManagementPoint
Distribution Point
PR1 (Site Properties)PR2 (Site Properties)
Client CommunicationConfigMgr 2007
Intranet
Internet
PR1
DistributionPoint
ManagementPoint
CEN
PR2
ManagementPoint
DistributionPoint
ConfigMgr 2012
Intranet
Internet
PR1
ManagementPoint Distribution
Point
ManagementPoint
Distribution Point
Single Primary site can manage both Intranet clients (over HTTP) and Internet clients (over HTTPS).
Primary sites can be configured to either support only HTTPS roles or both HTTP and HTTPS site roles.
Cross Domain/Forest: Internet-Based Client Management
USA.woodgrove.com
PR1
ManagementPoint
DistributionPoint
CAS
Intranet
Internet
DMZ
DistributionPoint
ManagementPoint
USA.woodgrove.com clients
WorkGroup clients
Machine
policies only
Machine
policies only
Machine and user
policies
SoftwareUpdate Point
Software Catalog
Cross Domain/Forest
Site Server• CAS, Primary and secondary site must reside in a
fully two way trusted Active Directory Domain/Forest.
• Client Facing roles can be deployed in untrusted forest.
Intranet Client • Same as in ConfigMgr 2007
Internet-Based client
management
• Deploy remote site roles in DMZ for managing Internet-Based Clients.
• All Internet based clients can get machine policy but to retrieve user policy there should be:• One way trust between DMZ and the forest to
which the client belongs.• Clients must be part of the trusted forest.
AMT ?
Delivering on the Promise Simplification
Infrastructure Administration
Out Band Management – Intel Active Management Technology (AMT)
Scenario refresherRemote wakeup/shutdown/image boot with Windows running or notWakeup all clients in a collection prior to application deployments, software update and OSD operations
Key improvements in ConfigMgr 2012Increased scale for client wake-up (now 20K+ devices)Aligned to RBA Admin, Remote Tools and Software admin rolesSupport for latest firmware (AMT 6.1)
AMT Provisioning Requirements
ConfigMgr 2012 Agent Wired intranet connectionDevice firmware has SSL trust to Out of Band Service Point
Removed in ConfigMgr 2012External provisioning (import of UUID to ConfigMgr)
Best practiceSetup configuration and wireless profiles prior to provisioningRemove AMT provisioning in ConfigMgr 2007 prior to migration
AMT DeploymentEurope
AMT
Primary Site
Out of BandService Point
Enrollment Server
AMT/ConfigMgr Clients
Active Directory
Platform SupportFirmware Version ConfigMgr 2007
SP 2 / R2ConfigMgr 2012
<3.2.13.2.14.1
5.1, 5.26.0, 6.1 TBD
7.0 “Standard Manageability” (non vPro)
Thank You
You. Empowered.
to Our Sponsors
Your Feedback is extremely important
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.