Configuration Manager v.Next Site Hierarchy Technical Overview 4/20/2017 8:03 PM Configuration Manager v.Next Site Hierarchy Technical Overview © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Infrastructure Promises Modernizing Architecture Minimizing infrastructure for remote offices Consolidating infrastructure for primary sites Scalability and Data Latency Improvements Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possible System-generated data (HW Inventory and Status) can be configured to flow to CAS directly File processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy) Be Trustworthy Replace cumbersome object replication and cost associated to troubleshooting Industry standard SQL replication sub-system simplifies troubleshooting and reduces operational costs
Site Server Characteristics Purpose Differences from ConfigMgr 2007 Central Administration Site Recommended location for all administration and reporting for the hierarchy No client data processing No clients assigned Limited site roles Primary Site Service clients in well connected network No tiered primaries Just add primary for scale out; not needed for data segmentation, client agent settings, or network bandwidth control Secondary Site Service clients in remote locations where network control is needed Bundle Proxy MP and DP for install Tiered content routing via secondaries SQL needed
When do I need a Central Administration Site? If you have more than one Primary Site and want them linked together in a single hierarchy If you want to off-load reporting and administration from your Primary Site Migration Consideration: The Central Admin Site must always be installed on new hardware
When do I need a Primary Site? To manage any clients Add more primary sites for: Scale (more than 100,000 clients) Reduce impact of primary site failure Local point of connectivity for administration Political reasons Content regulation
When do I not need a Primary Site? Decentralized administration Logical data segmentation Client agent settings Language Content routing for deep hierarchies
When do I need a Secondary Site? No local administrator If you need to manage upward-flowing WAN traffic Consider supporting roles like SUP, PXE Service Point, and State Migration Point, also If you need tiered content routing for deep network topologies
When do I need a Distribution Point? If you’re not concerned about clients pulling policy or reporting status, inventory, or discovery to their primary site location If BITS doesn’t provide enough bandwidth control for your WAN If you want to leverage BITS access for clients (including the use of BranchCache™), multicast for OSD, or streaming for App-V Note: These advanced features are not available on file-share-only DPs
What other options are available for content distribution? Utilize Distribution Points with throttling and scheduling capabilities when: The DP will be remotely located from a primary site When you want to throttle or schedule downward flowing traffic to that location Utilize Branch DPs when: Have location with 100 or fewer clients to manage and don’t expect more than 10 concurrent connections Are able to identify at least one workstation as a Branch DP – can run on Win 2008 or client OSes BITS gives you enough network traffic control for content distribution You want the download on demand capabilities Utilize BranchCache™ when: You have a distribution point running on Windows Server 2008 R2 Your clients are running a compatible OS
Customer Profile #1 – 5000 clients “Remote office optimization” Infrastructure Goal: Minimize ConfigMgr infrastructure to support the remote office locations. Profile Item Hierarchy Design Impacts Company Locations One campus in Minneapolis metro area and a few satellite offices Administrators 1 administrator with other IT responsibilities, limited day-to-day use System Count Approximately 5,000 clients Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Customer Profile #1 – 5000 clients “Remote office optimization” Corporate Campus Primary site (3,000 clients) Local SQL Server MP, DP (x2), FSP*, SLP*, SUP, SMP, RP/RSP Sales Office Only 15 clients Good connectivity Branch DP or BranchCache™ Warehouse Secondary site (485 clients) Manage WAN DP District Office Secondary site (1,500 clients) Manage WAN MP, DP, SUP, PMP Configuration Manager 2007
Customer Profile #1 – 5000 clients “Remote office optimization” Corporate Campus Primary site (3,000 clients) Local SQL Server MP, DP (x2), FSP*, SLP*, SUP, RP/RSP Sales Office Only 15 clients Good connectivity Branch DP or BranchCache™ Warehouse DP with throttling and scheduling (485 clients) Manage downward flow of Content over WAN District Office Secondary site (1,500 clients) Manage upward/downward WAN traffic SQL Express MP, DP, SUP, PMP v.Next
Replication Data Type Examples Replication Type Where is data found? Global Data Collection Rules, Package Metadata, Software Update Metadata, Deployments SQL Central Administration Site, All Primary Sites, Secondary sites* Site Data Collection Membership, HINV, Alert Messages Central Administration Site, Originating Primary Site Content Software package installation bits, Patch bits, Boot images File-based Primary Sites, Secondary Sites, Distribution Points *Subset of global data only
Conceptual Replication Model Site Data Available at: CAS, Replicating Primary Examples: HINV Status Collection Membership Results Global Data Available at: CAS & all Primary Sites Examples Collection rules Package metadata Deployments Security Scopes Content Available where content has been distributed to a DP Central Site (Germany) Germany (Berlin) Spain(Madrid) Cordoba Global Data subset Examples Packages metadata and status Program metadata Sevilla Primary Site Secondary Site Content routing between Secondaries
SQL Replicated Data Types Global Data Examples Site Data Examples Collection Membership Results Alert Messages Hardware Inventory Software Inventory & Metering Asset Intelligence CAL Track Data Status Messages Software Distribution Status Details Status Summary Data Component and Site Status Summarizers Client Health Data Client Health History Wake On LAN Quarantine Client Restriction History Collection Rules Package Metadata Program Metadata Deployments Configuration Item Metadata Software Update Metadata Task Sequence Metadata Site Control File System Resource List (site servers) Site Security Objects (Roles, Scopes, etc.) Alert Rules
Client Agent Settings Default client agent settings Defined for the entire hierarchy Identifier to not allow customizations Custom client agent settings Collection-based Targeting Multiple custom setting objects Multiple collections Model behaviors consistent with targeting today Can override “optional” client agent settings applied to the hierarchy Conflict Resolution that is priority-based Resultant settings can be an aggregation of both default & custom setting
Client Agent Settings Characteristics ConfigMgr 2007 ConfigMgr v.Next Granularity Site level attribute Complex workarounds Deploy separate sites based on client setting requirements Set client agent settings with local policy on each client Hierarchy wide default Customizations associated to one or many collections Policy Applied Varies by collection attribute Maintenance Windows Uses additive approach in conflict Hard to determine “what’s” being applied “where” Collection Variables Non-deterministic conflict resolution No reporting Resultant settings can be an aggregation of both default & custom settings Setting Objects are priority based and when conflicts arise, CM resolves based on priority
Display What’s Relevant to Me Role-Based Administration enables mapping the organizational roles of administrators directly to built-in security roles Security role = Contains Permissions (e.g. Read Package) Security scope = Contains securable objects Administrator has one or more security roles and security scopes associated Admins only see what they have access to Management of security is further simplified by enabling administrative security for the entire hierarchy (Security is global data)
Site Data Segmentation today… France Primary Site Meg wishes to distribute a package to all of her EMEA users in the West region Louis “French Admin” French collection(s) Create advertisement for French collection(s) Meg Collins “Central Admin” England Primary Site Create and distribute package Vintzel “English Admin” English collection(s) Create advertisement for English collection(s)
Data Segmentation via RBAC France Primary Site England Primary Site Central Admin Site Meg wishes to distribute a package to all of her EMEA users in the West region Meg Collins “Central Admin” Vintzel “English Admin” Louis “French Admin” English collection(s) Create advertisement for English collection(s) French collection(s) Create advertisement for French collection(s) Create and distribute package
Customer Profile #2 Profile Item Hierarchy Design Impacts Infrastructure Goal: Minimize ConfigMgr infrastructure to support unique remote control settings for the HR department and hardware inventory policies for servers. Profile Item Hierarchy Design Impacts Company Locations Headquarters in Chicago Subsidiary in London Administrators 2-4 administrator with other IT responsibilities, limited day to day use System Count Approx. 25,000 clients Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Configuration Manager 2007 Chicago Campus London Offices HR Primary Site Primary site (300 clients) Remote Control Disabled Admin Segmentation Chicago Central Site Primary site (~14,700 clients) Remote Control Enabled Chicago Campus 15,000 clients London Primary Site Primary site (5,000 clients) Standard Inventory Policies for desktop London Servers Site Primary site (500 clients) Hardware Inventory Policies unique to Servers Admin Segmentation Configuration Manager 2007 London Offices 5,000 desktops 500 Servers
Chicago Campus London Offices v.Next 15,000 clients 5,000 desktops Chicago Primary Site Primary site (15,000 clients) Local SQL Server HR Collection-based settings for Remote Control Central Admin Site No Clients Administration & Reporting for Hierarchy Admin segment for HR clients Chicago Campus 15,000 clients London Primary Primary site (5,500 clients) Inventory Class reporting at Collection level Admin Segment for Servers v.Next London Offices 5,000 desktops 500 Servers
Customer Profile #3 “200k Clients” Profile Item Hierarchy Design Impacts Company Locations Global distributed across US, Latin America, Europe and Asia Administrators 8 - 12 administrator dedicated, packaging personnel, distribution only roles , helpdesk & many customer workflows (high automation) System Count Greater than 200,000 clients Feature Set Usage Pretty much the same as previous customer, just increasing scale with more clients, more software distribution, and more OS distributions
200k clients Link Speed Content Central Admin Site SQL Server Primary 1 Primary 2 Primary 3 DP Primary 4 Primary 5 DP DP DP Local point of connectivity for administration Fault Tolerance Scale/Perf Content Regulation Secondary Site Secondary Site Secondary Sites (3) Secondary Sites (3) Secondary Site Content Concerned with upward and downward flow of traffic (Client/Content) Concerned with downward flow of content only Branch DP or BranchCache™ Branch DP or BranchCache™ Link Speed Fast Medium Slow Secondary Sites (3) Branch DP or BranchCache™
ConfigMgr 2007 vs ConfigMgr.next Scenario 2007 v.Next Establish central administration/reporting site for hierarchy Central primary Reprocess all data from child sites Central Administration Site – no data processing Manage different client agent settings Separate primary Collection-based settings Provide client and data segmentation* RBAC/Admin Segmentation Apply throttling and bandwidth control to content distribution Secondary Site DPs with throttling and scheduling Make content available to clients in small remote offices Standard DPs and Branch DPs Standard DPs Branch DPs BranchCache
Minimum System Requirements 64-bit hardware for all site servers and site system roles SQL Server 2008 SP1 with CU6 (64-bit) Windows Server 2008* (64-bit) Exceptions as follows: Standard Distribution Points will support Windows Server 2003 (including 32-bit). Some feature limitations may apply (e.g. BranchCache™). Branch Distribution Points will run on ConfigMgr v.Next supported client operating systems (including 32-bit). * Latest Service Pack
What can I do now to prepare? Flatten hierarchy where possible Plan for Windows Server 2008, SQL 2008, and 64-bit Start implementing BranchCache™ with ConfigMgr 2007 SP2 Move from web reporting to SQL Reporting Services
4/20/2017 8:03 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.