SCCM 2012R2 - Points To Know.
System Center Configuration Manager (SCCM, also known as ConfigMgr), formerly Systems Management Server (SMS) is a systems management software product by Microsoft for managing large group of computer systems. Configuration manager provides remote control, patch management, software distribution, operating system deployment, network access protection and manages software and hardware inventory.
Releases:
Microsoft originally released it as "Systems Management Server" in 1994
>>Systems Management Server 2003, released in 2003 with improved stability, reliability, and software-distribution capabilities.
>>System Center Configuration Manager 2007, released in 2007 with support for Windows Vista and Windows Server 2008.
>>System Center Configuration Manager 2012, released in 2012 with significant changes to application deployment capabilities.
>>System Center Configuration Manager 1511, released in November 2015 to support Windows 10 and new Windows servicing options.
>>System Center Configuration Manager current branch 1602, released March 11, 2016.
Role: System Center 2012 Configuration Manager uses site system roles to support operations at each site. With SCCM we have many features. In-order to use those features, it is required to enable these roles.
Site: Site is the foundation of SCCM from which devices and users can be managed in your enterprise. A site is a 3 name character Eg: IND and it cannot be changed at a later stage. It needs a reinstall if a change is required. This site is either a Central Administration Site or a Primary Site and is installed the very first time you install SCCM. Computers that host the Configuration Manager site are named site servers, and computers that host the other site system roles are named site system servers. The site server is also a site system server.
In other words, the site server is the computer on which you install Configuration Manager, and it hosts services required for Configuration Manager. A site system is any computer running a supported version of Microsoft Windows that hosts one or more site system roles.
Site system servers within the same site communicate with each other by using certain protocols like server message block (SMB), HTTP, or HTTPS, depending on the site configuration selections that you make.
Central Administration Site: A central administration site is suitable for large-scale deployments and provides a central point of administration and the flexibility to support devices that are distributed across a global network infrastructure. When you install a central administration site, you must also install at least one primary site to manage users and devices. With this design, you can install additional primary sites to manage more devices and to control network bandwidth when devices are in different geographical locations. You can also install another type of site that is named a secondary site. Secondary sites extend a primary site to manage a few devices that have a slow network connection to the primary site. However, System Center 2012 Configuration Manager does not support detaching primary site from a central administration site. Therefore, in the future if you no longer need the overhead of multiple primary sites or the central administration site, you must maintain the configurations, or consider reinstalling your hierarchy as a stand-alone primary site, from scratch. You could consider using Migration to move data from your existing hierarchy to a new stand-alone primary site hierarchy.
CAS supports upto 25 Primary sites and upto 400,000 clients.
For central administration sites, you can deploy site system roles that are useful for hierarchy-wide monitoring, such as the reporting services point. You can also deploy site system roles that provide services to the whole hierarchy, such as the Endpoint Protection point. Some roles, such as the software update point, must be installed in the central administration site, but you can also install them in primary and secondary sites. In this scenario, the software update point in the central administration site provides the other software update points with a central location to synchronize software updates.
Since a CAS is intended for administration purposes only, not all site system roles are available, including Management Points.
CAS sites contain data collected from the entire hierarchy and also participate in database replication.
Primary Site: A primary site is suitable for smaller deployments and it has fewer options to accommodate any future growth of your enterprise. If you do not install a central administration site, the first site that you install is a stand-alone primary site. By default, you cannot install additional primary sites that can communicate with one another. However, you can still install one or more secondary sites to extend this primary site when you have to manage a few devices that have a slow network connection to the primary site.
For primary sites, you must have site system roles for client communication, such as management points and software update points.
Note: If you have installed a stand-alone primary site and you wish to have a site expansion for your design i.e you later decide to use a central administration site design, Configuration Manager SP1 lets you do this. Therefore you must need to upgrade the site to Configuration Manager SP1.
Primary site supports upto 250 secondary sites and upto 100,000 clients.
Primary site can have only a CAS as a parent and Secondary sites as a child.Primary sites also participate in database replication.
Secondary Site: Manages clients in remote locations where network bandwidth control is required. Secondary site is a mediator or forwarder, it gathers the information like inventory, system status info, etc. from clients and sends to parent site. Secondary sites must be attached to a primary site, and you cannot move them to a different parent site without uninstalling them, and then re-installing them as a child site below the new primary site. Secondary sites automatically install SQL Server Express during site installation if a local instance of SQL Server is not available. Secondary sites cannot have sites beneath them in the hierarchy. For secondary sites, you can install a limited set of site system roles. Additionally, if content distribution to a remote network location is your main concern, you might decide to install distribution points from a primary site instead of installing a secondary site.
Each primary and secondary site can only support up to 250 DPs.
DRS (Database Replication Services) is only performed between the parent primary site and the child secondary site
Create Site System Server: Gives an option to create site system server (install specific role on a different computer).
Create Secondary Site: Gives the option to create secondary site.
Active Directory Schema Extension: Extending the Active Directory schema is optional for Configuration Manager. However, by extending the schema you can use all Configuration Manager features and functionality with the least amount of administrative overhead. Extending the schema is an irreversible action. With Active Directory Schema Extension you can publish site information to Active Directory Domain Services. The Active Directory schema extensions for System Center 2012 Configuration Manager are unchanged from those used by Configuration Manager 2007.
If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for System Center 2012 Configuration Manager or System Center 2012 Configuration Manager SP1.
Having SCCM extend Active Directory Schema is only part of the equation as multiple actions will be taken thereafter.
1) SCCM Active Directory Schema Extension: Using the ExtADSch.exe, contained in the SCCM media.
2) Creation of the System Management Container in Active Directory: Manually create the System Management Container that will be used by ConfigMgr to publish information using ADSIEdit.
3) Set Security Permissions on the System Management Container: Manually grant Full Control permissions for the ConfigMgr computer account so that it will be able to write information within the container.
4) Enable Active Directory publishing for ConfigMgr Site: Using administration tab in Configuration Manager console.
Check the MS article below for understanding the functionality of extending AD Schema and the workaround.
Console:
The Configuration Manager console is a 32-bit program that can run on a 32-bit version of Windows and on a 64-bit version of Windows. By default, the Configuration Manager console limits search results to 1,000 items. You can change this value by using the Search tab. In the Options group. click Search Settings and then change the Search Results value in the Search Settings dialog box.
Collections:
In System Center 2012 Configuration Manager, all collections must be limited to the membership of another collection. When you create a collection, you must specify a limiting collection. A collection is always a subset of its limiting collection.
System Center 2012 Configuration Manager includes two new collection rules, the Include Collections rule and the Exclude Collections rule that allow you to include or exclude the membership of specified collections.
All Unknown Computers collection include:
A computer where the Configuration Manager client is not installed.
A computer that is not imported into Configuration Manager.
A computer that is not discovered by Configuration Manager.
Differences between 2007 and 2012:
1) System Center 2012 Configuration Manager introduces changes to both primary and secondary sites while the central administration site is new site type. The central administration site replaces the primary site referred to as a central site as the top-level site of a multi-primary site hierarchy. This site does not directly manage clients but does coordinate a shared database across your hierarchy, and it is designed to provide centralized reporting and configurations for your entire hierarchy.
2) Active Directory Forest discovery is a new discovery method in System Center 2012 Configuration Manager that allows you to discover network locations from multiple Active Directory forests.
3) Clients can now communicate with more than one management point in site in System Center 2012 Configuration Manager.
4) Software update groups are new in System Center 2012 Configuration Manager and replace update lists that were used in Configuration Manager 2007.
5) In Configuration Manager 2007, superseded software updates are automatically expired during full software updates synchronization. In System Center 2012 Configuration Manager, you can choose to automatically expire superseded software updates during software updates synchronization just as it is in Configuration Manager 2007. Or, you can specify a number of months before a superseded software update is expired.
6) A secondary site in Configuration Manager 2007 has no site database but In System Center 2012 Configuration Manager, secondary sites require either SQL Server, or SQL Server Express to support database replication with their parent primary site.
Role Limitations:
Configuration Manager supports some site system roles only at specific sites in a hierarchy, and some site system roles have other limitations as to where and when you can install them. When Configuration Manager does not support the installation of a site system role, it is not listed in the wizard.
For example, the Endpoint Protection point cannot be installed in a secondary site, or in a primary site if you have a central administration site. So if you have a central administration site, you will not see the Endpoint Protection point listed if you run the Add Site System Roles Wizard on a primary site.
Also, you cannot add a second management point to a secondary site, and you cannot add a management point or distribution point to a central administration site.
High Availability in Config manager:
When clients cannot contact the site, they cache data to be submitted until they can contact the site.
Additionally, clients that cannot contact the site continue to operate by using the last known schedules and cached information, such as a previously downloaded application that they must run or install, until they can contact the site and receive new policies.
The site monitors its site systems and clients for periodic status updates, and can generate alerts when these fail to register.
Built-in reports provide insight to ongoing operations as well as historical operations and trends.
You can install multiple instances of each site system role, and for best performance, deploy one of each on the same site system computer.
Migration:
When you migrate a Configuration Manager 2007 package to System Center 2012 Configuration Manager, it remains a package after migration.
If you want to deploy the software and packages that migrate from your Configuration Manager 2007 hierarchy by using the new application model, you can use Microsoft System Center Configuration Manager Package Conversion Manager to convert them into System Center 2012 Configuration Manager applications.
When a collection migrates, Configuration Manager also migrates collection settings, which includes maintenance windows and collection variables.
You can migrate most objects from Configuration Manager 2007 to System Center 2012 Configuration Manager, including the following:
Advertisements
Boundaries
Collections
Configuration baselines and configuration items
Operating system deployment boot images, driver packages, drivers, images, and packages
Software distribution packages
Software metering rules
Software update deployment packages and templates
Software update deployments
Software update lists
Task sequences
Virtual application packages
Prestaging in Config manager:
You can prestage content to add the content files to the content library on a site server or distribution point before you distribute the content. Because the content files are already in the content library, they are not transferred over the network when you distribute the content. You can prestage content files for applications and packages.
In the Configuration Manager console, you select the content that you want to prestage, and then use the Create Prestaged Content File Wizard to create a compressed prestaged content file that contains the files and associated metadata for the content. Then, you can manually import the content at a site server or distribution point.
When you import the prestaged content file on a site server, the content files are added to the content library on the site server, and then registered in the site server database.
When you import the prestaged content file on a distribution point, the content files are added to the content library on the distribution point, and a status message is sent to the site server that informs the site that the content is available on the distribution point.
You can optionally configure the distribution point as prestaged to help manage content distribution.
Then, when you distribute content you can choose whether you want to always prestage the content on the distribution point, prestage the initial content for the package and then use the standard content distribution process when there are updates to the content, or always use the standard content distribution process for the content in the package.
Notes:
1) Scenarios, such as the deployment of a script that runs on a client computer but that does not install software, are more suited to using a package and program rather than an application.
2) System Center 2012 Configuration Manager periodically checks that the state of the application is the same as its purpose. For example, if an application’s deployment type is specified as Required, Configuration Manager reinstalls the application if it has been removed.
To make a deployment optional, configure the deployment purpose as Available in the applications deployment type.
3) You could deploy an application to the All Desktop and Server Clients collection, but include a requirement rule that specifies that the application should be installed only on computers that run Windows 8.
Software updates already have this requirements capability built in, so you do not need to configure this yourself.
requirements are evaluated by the client at deployment time, whereas query-based collections are evaluated periodically and often depend on the results of hardware inventory collection that might run only once a week.
4) You can manually add software updates to a software update group or software updates can be automatically added to a new or existing software update group by using an automatic deployment rule.
You can create automatic deployment rules to automatically approve and deploy software updates that meet specified search criteria.
The software update group icons are different in the following scenarios:
a) When a software update group contains at least one expired software update, the icon for that software update group contains a black X.
b) When a software update group contains no expired software updates, but at least one superseded software update, the icon for that software update group contains a yellow star.
c) When a software update group has no expired or superseded software updates, the icon for that software update group contains a green arrow.
5) The compliance percentage (Compliance %) is calculated by taking the number of users or devices with a deployment state of Success added to the number of devices with a deployment state of Requirements Not Met and then dividing this total by the number of users or devices that the deployment was sent to.
6) Multicast is a network optimization method that you can use in your System Center 2012 Configuration Manager environment where multiple clients are likely to download the same operating system image at the same time.
No comments:
Post a Comment