Configuration Manager 2012High Availability and Disaster RecoveryTim De KeukelaereConsultant

June 2013

About MeInfrastructure Consultant

Tim.De.Keukelaere@IT-Essence.be

@Tim_DK

http://scug.be/tim/

Agenda

High Availability

High Availability Options• Clustering the Site Database

• Implementing Multiple instances of site system roles

• Implementing Multiple instances of the SMS provider

Components supporting high availability• Site Database

• SQL Clustering

• Site System Roles• Management Point• Distribution Point• State Migration Point• System Health Validator Point• Application Catalog Web Service Point• Application Catalog Website Point• Software Update Point

• SMS Provider

Components not supporting high availability• Site Server• Site System Role(s)

• Asset Intelligence Synchronization Point• Endpoint Protection Point• Enrollment Point• Enrollment Proxy Point• Fallback Status Point• Out of Band Service Point

An example ...Datacenter A Datacenter

B

Management Point• Support for multiple management points• Client behavior:

• MP List retrieval:• At installation time• At client startup• Every 25 Hours• In case of IP change

• MP Selection:• Preference: HTTPS management points before HTTP management points• Locates the closest management point, based on its forest membership• When the client is on the Internet, it non-deterministically chooses one of the

Internet-based management points

Management Point (Continued)• Remediation:

• Automatic based on client functionality.• If client communication fails 5 times within a 10 minute timeframe, the client will

connect to the next management point on the list.

Distribution Point• Support for multiple distribution points• Client behavior:

• Request to MP for DP’s with available content• Local DP’s in own site are used first• Then order by network connection: local first, then remote.• Then order by own subnet, active directory site and others.

• Remediation• Automatic based on client behaviour.• Clients keep attempting to connect for a total time of 8 hours, before attempting to

connect to another DP

Software Update Point• Support for multiple SUPs• Client behavior:

• A list of SUPS is retrieved when:• Software Updates feature is enabled on a new client.• Client cannot contact its SUP and needs to switch to another SUP

• Clients randomly pick a SUP from the list• Priority for SUP’s in the same forest

• Cost:• Client preserves affinity with the last software update point for which it

successfully scanned.• When the client switches to a new WSUS server to scan for software updates, the

result is an increase in the catalog size and associated client-side and network performance demands.

Software Update Point (Continued)• Remediation:

• Server Side:• When the software update point is configured as the synchronization source for the

other software update points at the site, you must manually remove the failed software update point and select a new software update point to use as the synchronization source.

• Client Side• When the scan fails with a retry error code at scheduled time (or after being

triggered), the client starts a retry process to scan for the software updates on the software update point.

• Process in case of failure:• The client waits 30 minutes to retry the scan, and it uses the same software update point.• The client retries a minimum of four times at 30 minute intervals. After the fourth failure,

and after it waits an additional two minutes, the client will move to the next software update point in the software update point list.

• After a successful scan, the client will continue to connect to the same SUP.

App Cat Website Point / Web Service Point• Support for multiple instances• Client behavior:

• The client makes this service location request every 25 hours or whenever it detects a network change.

• If the Computer Agent policy is set to automatically detect the application catalog website point the client makes a service location request to a management point.

• If there is an Application Catalog website point in the same site as the client, this server is given to the client as the Application Catalog server to use.

• When there is more than one available Application Catalog website point in the site, an HTTPS-enabled server takes precedence over a server that is not enabled for HTTPS.

Reporting Services Point• Multiple RSP’s supported• Remediation:

• Requires manual intervention• Monitoring workspace > Reports > Report Options

FAQ• Will implementing a hierarchy with a CAS improve HA

in my environment?

Implementation Best Practices• Implement multiple instances of the most critical

roles

• Implement multiple instances of the SMS provider

• Efficient and fast DR strategy for site servers

Disaster Recovery

Backup Methods Overview• ConfigMgr Backup Maintenance Task

• SQL Backup

• System Center 2012 Data Protection Manager (DPM)

Backup Methods – Backup Maintenance Task• Automated backups based on a schedule• Can be used for:• CAS• Primary Sites

• Not for:• Secondary Sites• Site Systems

• Includes: • Site database• Registry keys• Folders and files

Backup Methods – Backup Maintenance Task (2)• Afterbackup.bat

• Automatically triggered by Backup Site Server task• Skipped if not present• Manually created in <ConfigMgrInstallationFolder>\Inboxes\Smsbkup• Useful for:• Archiving / Copy to remote location• Triggering additional backup related tasks

• Smsbkup.log • Contains details on backup task activity• Stored in the backup destination folder

Backup Methods – Backup Maintenance Task (3)• Smsbkup.ctl

• Backup control file• Contains instructions for the backup task• <ConfigMgrInstallationFolder>\Inboxes\Smsbkup.box\• Can be customized

Backup Methods - SQL• Native SQL Backup

• SQL Server Maintenance plan

• Advantages: • Compression• Optionally include other DB’s

Backup Methods - DPM• ConfigMgr 2012 SP1• High-level steps:

• Create new protection group in DPM for the site database computer• Select Data Source : SMS Writer• Select site database as member

• Clustering• SQL Server cluster that uses the default instance of SQL supported• SQL Server cluster that uses a named instance not supported

Additional items to include in your DR plan• Content Files

• Package Source Files• To be restored before content update• Restore to same location

• Content Library• SCCMContentLib folder on the site server• To be restored before redistributing content to DP’s

• Custom Reports• Custom Software Updates

• System Center Updates Publisher 2011 Local Database

• User State Migration data• Folders used for storing user state data

Site Recovery - Primary Site• Install media > Setup > Recover site option• Options:

• Recover Site Server using Existing Backup• Requires backup from built in backup maintenance task

• Reinstall Site Server• When no backups are available• Use same settings / site code / database used prior to site loss

Site Database Recovery• Recovery Options:

• Recover site database using backup set from maintenance task• Hierarchy: changes since backup are replicated• StandAlone: changes since backup are lost

• Create new database• In case no backups are available• Data is replicated from CAS or Reference Primary site• Not available in standalone scenarios

• Use manually recovered database• External database restore process• Hierarchy: changes since backup are replicated• StandAlone: changes since backup are lost

• Skip database restore• In case no data loss occurred on remote SQL server

Post Recovery Tasks (1)

• Overview on recovered Site Server• C:\ConfigMgrPostRecoveryActions.html

Post Recovery Tasks (2)

• Re-Enter User Account Passwords• Passwords are reset during site recovery• Accounts are listed on the Post Recovery Actions overview page

• Re-Install Hotfixes• Listed on the Post Recovery Actions overview page

• Recover custom reports on RSP• Restore package sources and content library

• Same location!

• Restore USMT data• Same location!

Site Recovery – Secondary Site• Service Pack 1 Feature• Recovery prerequisites:

• Server must meet all secondary site prereqs• Server must have same FQDN• Permissions• Install SQL / SQL Express (Same Version / Same Instance)

• Console > Administration > Sites > Recover Secondary Site

• High-level steps:• ConfigMgr reinstalls the secondary site• Secondary site data is reinitialized with data from parent primary site• Content library verification• If not existing or content not OK : manually redistribute content

Site Recovery – Secondary Site• Secondary site DP’s:

• No need to reinstall after secondary site recovery• Site will sync with DP’s after recovery

Unattended Site Recovery• Supported for CAS and Primary Sites• Using /script setup command line option

• Example: setup.exe /script c:\admin\setup.ini

• Section names, key names and values• http://technet.microsoft.com/en-us/library/

gg712697.aspx#BKMK_UnattendedSiteRecoveryKeys

FAQ• What about using snapshots of virtual machines?

Q and A

Thank You to our SPONSORS