Embed Size (px)
Citation preview
System Center Configuration Manager v.Next Site Hierarchy Technical OverviewJeffrey Sutherland, Principal Program Manager LeadJohn Vintzel, Program ManagerMicrosoft Corporation
SESSION CODE: MGT306
Session Objectives And Takeaways
Session Objective(s): v.Next Infrastructure PromisesSite Server CharacteristicsData Replication ModelsClient Agent SettingsRole-based Administration/Admin SegmentationSample Customer ProfilesMinimum System Requirements
Infrastructure Promises
Modernizing ArchitectureMinimizing infrastructure for remote officesConsolidating infrastructure for primary sitesScalability and Data Latency Improvements
Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possibleSystem-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directlyFile processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)
Be TrustworthyReplace cumbersome object replication and cost associated to troubleshootingIndustry standard SQL replication sub-system simplifies troubleshooting and reduces operational costs
Site Server Characteristics
Server Purpose Differences from ConfigMgr 2007
Central Administration Site
Recommended location for all administration and reporting for the hierarchy
1. No client data processing2. No clients assigned3. Limited site roles
Primary Site Service clients in well connected network 1. No tiered primaries2. Just add primary for scale out; not
needed for data segmentation, client agent settings, or network bandwidth control
Secondary Site Service clients in remote locations where network control is needed
1. Bundle Proxy MP and DP for install2. Tiered content routing via secondaries3. SQL needed
When do I need a Central Administration Site?
If you have more than one Primary Site and want them linked together in a single hierarchy
If you want to off-load reporting and administration from your Primary Site
Migration Consideration: The Central Administration Site must always be installed on new hardware
When do I need a Primary Site?
To manage any clients
Add more primary sites for:
Scale (more than 100,000 clients)
Reduce impact of primary site failure
Local point of connectivity for administration
Political reasons
Content regulation
When do I not need a Primary Site?
Decentralized administration
Logical data segmentation
Client agent settings
Language
Content routing for deep hierarchies
When do I need a Secondary Site?
No local administrator
If you need to manage upward-flowing WAN traffic
Consider supporting roles like SUP, PXE Service Point, and State Migration Point, also
If you need tiered content routing for deep network topologies
When do I need a Distribution Point?
If you’re not concerned about clients pulling policy or reporting status, inventory, or discovery to their primary site locationIf BITS doesn’t provide enough bandwidth control for your WANIf you want to leverage BITS access for clients (including the use of BranchCache™), multicast for Operating System Deployment, or streaming for App-V
Note: These advanced features are not available on file-share-only Distribution Points
What other options are available for content distribution?
Use Distribution Points with throttling and scheduling capabilities when:The DP will be remotely located from a primary siteYou want to throttle or schedule downward flowing traffic to that location
Use Branch DPs when:You have 100 or fewer clients to manage and expect <=10 concurrent connectionsCan assign at least one workstation as a Branch DP – can run on Win 2008 or client OSesBITS meets your network traffic control needs for content distributionYou want download on demand capabilities
Utilize BranchCache™ when:You have a distribution point running on Windows Server 2008 R2Your clients are running a compatible OS
Profile Item Hierarchy Design ImpactsCompany Locations One campus in Minneapolis metro area and a few
satellite officesAdministrators 1 administrator with other IT responsibilities, limited
day-to-day useSystem Count Approximately 5,000 clients
Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Infrastructure Goal: Minimize ConfigMgr infrastructure to support the remote office locations.
Customer Profile #1 – 5000 clients“Remote office optimization”
Customer Profile #1 – 5000 clients“Remote office optimization”
Configuration Manager 2007
Warehouse• Secondary site (485 clients)• Manage WAN• DP
Sales Office• Only 15 clients• Good connectivity• Branch DP or
BranchCache™
District Office• Secondary site (1,500 clients)• Manage WAN• MP, DP, SUP, PMP
Corporate Campus• Primary site (3,000 clients)• Local SQL Server• MP, DP (x2), FSP*, SLP*, SUP, SMP, RP/RSP
V.Next
Corporate Campus• Primary site (3,000 clients)• Local SQL Server• MP, DP (x2), FSP*, SLP*, SUP, RP/RSP
Sales Office• Only 15 clients• Good connectivity• Branch DP or
BranchCache™
District Office• Secondary site (1,500 clients)• Manage upward/downward WAN traffic• SQL Express• MP, DP, SUP, PMP
Warehouse• DP with throttling and scheduling (485
clients)• Manage downward flow of Content over
WAN
Customer Profile #1 – 5000 clients“Remote office optimization”
Replication
Data Type Examples Replication Type Where is data found?
Global Data Collection Rules, Package Metadata, Software Update Metadata, Deployments
SQL Central Administration Site, All Primary Sites, Secondary sites*
Site Data Collection Membership, HINV, Alert Messages
SQL Central Administration Site, Originating Primary Site
Content Software package installation bits, Patch bits, Boot images
File-based Primary Sites, Secondary Sites, Distribution Points
*Subset of global data only
Conceptual Replication Model
Central Administration Site(Germany)
Germany(Berlin) Spain(Madrid)
Cordoba
Primary Site
Secondary Site
Global DataAvailable at: Central Administration Site and all Primary SitesExamples• Collection rules• Package metadata• Deployments• Security Scopes
Site DataAvailable at: Central Administration Site, Replicating PrimaryExamples:• HINV• Status• Collection Membership Results
Global Data subsetExamples• Packages metadata and status• Program metadataSevilla
ContentAvailable where content has been distributed to a Distribution Point
Content routing between Secondaries
SQL Replicated Data Types
Collection RulesPackage MetadataProgram MetadataDeploymentsConfiguration Item MetadataSoftware Update Metadata Task Sequence MetadataSite Control FileSystem Resource List (site servers)Site Security Objects (Roles, Scopes, etc.)Alert Rules
Collection Membership ResultsAlert MessagesHardware InventorySoftware Inventory & MeteringAsset Intelligence CAL Track DataStatus MessagesSoftware Distribution Status DetailsStatus Summary DataComponent and Site Status SummarizersClient Health DataClient Health HistoryWake On LANQuarantine Client Restriction History
Global Data Examples Site Data Examples
Client Agent Settings
Default client agent settingsDefined for the entire hierarchyIdentifier to not allow customizations
Custom client agent settingsCollection-based Targeting
Multiple custom setting objects Multiple collectionsModel behaviors consistent with targeting todayCan override “optional” client agent settings applied to the hierarchy
Conflict Resolution that is priority-basedResultant settings can be an aggregation of both default & custom setting
Client Agent SettingsCharacteristics ConfigMgr 2007 ConfigMgr v.Next
Granularity •Site level attribute
•Complex workarounds •Deploy separate sites based on client setting requirements•Set client agent settings with local policy on each client
•Hierarchy wide default
•Customizations associated to one or many collections
Policy Applied •Varies by collection attribute
•Maintenance Windows• Uses additive approach in conflict• Hard to determine “what’s” being applied
“where”
•Collection Variables• Non-deterministic conflict resolution• No reporting
•Resultant settings can be an aggregation of both default & custom settings
•Setting Objects are priority based and when conflicts arise, Configuration Manager resolves based on priority
Role-Based Administration lets you map the organizational roles of your administrators to defined security roles
Security role = What types of objects can I see and what can I do to them? (e.g. Read Application)Security scope = Which instances can I see and interact with?Administrator has one or more security roles and security scopes associated
Admins only see what they have access toConfigMgr security management simplified by defining once for the entire hierarchy (Security is global data)
Role-Based Administration“Display what’s relevant to me”
Site Data Segmentation today…
France Primary Site
England Primary SiteMeg Collins“Central Admin”
•French collection(s)•Create advertisement for French collection(s)
•English collection(s)•Create advertisement for English collection(s)
Meg wishes to distribute a package to all of her EMEA users in the West region
•Create and distributepackage Anthony
“English Admin”
Louis“French Admin”
Data Segmentation via Role-Based administration
Meg Collins has full rights and can see:
… assigns Application Deployment role to Louis Louis is responsible for
deploying software
XLouis has rights to, and can see:.
Meg Collins
Client Agent Settings and Role-Based AdministrationJohn VintzelProgram ManagerMicrosoft Corporation
DEMO
Profile Item Hierarchy Design ImpactsCompany Locations Headquarters in Chicago
Subsidiary in London
Administrators 2-4 administrator with other IT responsibilities, limited day to day use
System Count Approx. 25,000 clients
Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Infrastructure Goal: Minimize Configuration Manager infrastructure to support unique remote control settings for the HR department and hardware inventory policies for servers.
Customer Profile #2“Minimize Infrastructure”
HR Primary Site• Primary site (300 clients)• Remote Control Disabled• Admin Segmentation
Chicago Central Site• Primary site (~14,700 clients)• Remote Control Enabled
Chicago Campus15,000 clients
London Offices5,000 desktops
500 Servers
London Primary Site• Primary site (5,000 clients)• Standard Inventory Policies for desktop
London Servers Site• Primary site (500 clients)• Hardware Inventory Policies unique to
Servers• Admin Segmentation
ConfigurationManager 2007
London Primary• Primary site (5,500 clients)• Inventory Class reporting at Collection
level• Admin Segment for Servers
Chicago Campus15,000 clients
London Offices5,000 desktops
500 Servers
Central Admin Site• No Clients• Administration & Reporting for Hierarchy• Admin segment for HR clients
Chicago Primary Site• Primary site (15,000 clients)• Local SQL Server• HR Collection-based settings for Remote
Control
V.Next
Customer Profile #3“200k Clients”
Profile Item Hierarchy Design ImpactsCompany Locations Global distributed across US, Latin America, Europe and Asia
Administrators 8 - 12 administrator dedicated, packaging personnel, distribution only roles , helpdesk & many customer workflows (high automation)
System Count Greater than 200,000 clients
Feature Set Usage Pretty much the same as previous customer, just increasing scale with more clients, more software distribution, and more operating system distributions
Content
CentralAdministration Site
SQL Server Primary 1
Secondary Site
Primary 2Distribution Point
Secondary Sites (3)
Branch Distribution Point or BranchCache™
Primary 3 Distribution Point
Secondary Sites (3)
Branch Distribution Point or BranchCache™
Primary 4Distribution Point
Primary 5 Distribution Point
Secondary SiteSecondary Site
Branch Distribution Point or BranchCache™
Local point of connectivity for administration Fault Tolerance Scale/Perf Content Regulation
Concerned with upward and downward flow of traffic (Client/Content) Concerned with downward flow of content only
Secondary Sites (3)
200k clients
ConfigMgr 2007 vs ConfigMgr.next
Scenario 2007 v.Next
Establish central administration/reporting site for hierarchy
Central primary Reprocess all data from child sites
Central administration site – no data processing
Manage different client agent settings Separate primary Collection-based settings
Provide client and data segmentation* Separate primary Role-based administration/Admin Segmentation
Apply throttling and bandwidth control to content distribution
Secondary Site Secondary SiteDistribution Points with throttling and scheduling
Make content available to clients in small remote offices
Standard Distribution Points and Branch Distribution Points
• Standard Distribution Points• Branch Distribution Points• BranchCache™
Minimum System Requirements
64-bit hardware for all site servers and site system rolesSQL Server 2008 SP1 with CU6 (64-bit)Windows Server 2008* (64-bit)
Exceptions as follows:Standard Distribution Points will support Windows Server 2003 (including 32-bit). Some feature limitations may apply (e.g. BranchCache™).Branch Distribution Points will run on Configuration Manager v.Next supported client operating systems (including 32-bit).
* Latest Service Pack
What can I do now to prepare?
Flatten hierarchy where possiblePlan for Windows Server 2008, SQL 2008, and 64-bitStart implementing BranchCache™ with ConfigMgr 2007 SP2Move from web reporting to SQL Reporting Services
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
Related Sessions this week: BreakoutsSIA309 Secure Endpoint: What’s in Microsoft Forefront Endpoint Protection 2010 - A Deep Dive into the Features and Protection Technologies
Thursday, June 10 , 8:00 AM - 9:15 AM , Rm 388MGT307 Microsoft System Center Configuration Manager v.Next: Migration from Configuration Manager 2007
Thursday, June 10, 9:45 AM - 11:00 AM, Rm 356MGT305 Microsoft System Center Configuration Manager v.Next: Device Management
Thursday, June 10, 5:00 PM - 6:15 PM, Rm 288
Related Sessions this week: Hands on LabsMGT21-HOL | Introduction to Microsoft System Center Configuration Manager v.NextMGT01-HOL | Advanced Software Distribution in Microsoft System Center Configuration Manager v.NextMGT05-HOL | Basic Software Distribution in Microsoft System Center Configuration Manager v.NextMGT06-HOL | Deploying a Microsoft System Center Configuration Manager v.Next HierarchyMGT07-HOL | Deploying Microsoft System Center Configuration Manager v.NextMGT08-HOL | Deploying Microsoft System Center Configuration Manager v.Next Device ManagementMGT10-HOL | Deploying Windows 7 with Microsoft System Center Configuration Manager 2007MGT11-HOL | Generating Asset Intelligence Data with Microsoft System Center Configuration Manager 2007MGT15-HOL | Implementing Microsoft System Center Configuration Manager v.Next Role-Based Access ControlMGT16-HOL | Implementing Desired Configuration Management in Microsoft System Center Configuration Manager v.NextMGT18-HOL | Implementing Software Updates in Microsoft System Center Configuration Manager v.NextMGT23-HOL | Maintaining Healthy Clients in Microsoft System Center Configuration Manager v.NextMGT24-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to Configuration Manager v.Next
Related Sessions this week: Interactive Sessions and BoothBooth – Come talk to the experts…….
TLC-24 Microsoft System Center Configuration Manager
Related ResourcesBlogs
System Center Nexus Team Blog – linkOS Deployment Team blog - linkConfiguration Manager Product Team Blog – link
Twitter #sysctrConfiguration Manager v.Next Beta 1 - LinkConfiguration Manager R3 beta downloadConfiguration Manager SP2 downloadConfigMgr Product Homepage – linkConfiguration Manager TechNet Documentation Library- linkWindows MDOP Product Pages – linkWindows Server 2008 R2 Branch Cache overview – linkBranch Cache ConfigMgr Deployment Guidance – link
Complete an evaluation on CommNet and enter to win!
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
JUNE 7-10, 2010 | NEW ORLEANS, LA
