Infrastructure Promises• Modernizing Architecture
− Minimizing infrastructure for remote offices− Consolidating infrastructure for primary sites− Scalability and Data Latency Improvements
− Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possible
− System-generated data (HW Inventory and Status) can be configured to flow to CAS directly− File processing occurs once at the Primary Site and uses replication to reach other sites
(no more reprocessing at each site in the hierarchy)
• Be Trustworthy− Replace cumbersome object replication and cost associated to
troubleshooting− Industry standard SQL replication sub-system simplifies
troubleshooting and reduces operational costs
Site Server Characteristics
Server Purpose Differences from ConfigMgr 2007
Central Administration Site
Recommended location for all administration and reporting for the hierarchy
1. No client data processing2. No clients assigned3. Limited site roles
Primary Site Service clients in well connected network
1. No tiered primaries2. Just add primary for scale out; not
needed for data segmentation, client agent settings, or network bandwidth control
Secondary Site Service clients in remote locations where network control is needed
1. Bundle Proxy MP and DP for install2. Tiered content routing via secondaries3. SQL needed
When do I need a Central Administration Site?• If you have more than one Primary Site and
want them linked together in a single hierarchy
• If you want to off-load reporting and administration from your Primary Site
Migration Consideration: The Central Admin Site must always be installed on new hardware
When do I need a Primary Site?
• To manage any clients
• Add more primary sites for:− Scale (more than 100,000 clients)
− Reduce impact of primary site failure
− Local point of connectivity for administration
− Political reasons
− Content regulation
When do I not need a Primary Site?
• Decentralized administration
• Logical data segmentation
• Client agent settings
• Language
• Content routing for deep hierarchies
When do I need a Secondary Site?
• No local administrator
• If you need to manage upward-flowing WAN traffic− Consider supporting roles like SUP, PXE Service Point,
and State Migration Point, also
• If you need tiered content routing for deep network topologies
When do I need a Distribution Point?
• If you’re not concerned about clients pulling policy or reporting status, inventory, or discovery to their primary site location
• If BITS doesn’t provide enough bandwidth control for your WAN
• If you want to leverage BITS access for clients (including the use of BranchCache™), multicast for OSD, or streaming for App-V
Note: These advanced features are not available on file-share-only DPs
What other options are available for content distribution?• Utilize Distribution Points with throttling and scheduling capabilities
when:− The DP will be remotely located from a primary site− When you want to throttle or schedule downward flowing traffic to that
location
• Utilize Branch DPs when:− Have location with 100 or fewer clients to manage and don’t expect
more than 10 concurrent connections− Are able to identify at least one workstation as a Branch DP – can run
on Win 2008 or client OSes− BITS gives you enough network traffic control for content distribution− You want the download on demand capabilities
• Utilize BranchCache™ when:− You have a distribution point running on Windows Server 2008 R2− Your clients are running a compatible OS
Profile Item Hierarchy Design Impacts
Company Locations One campus in Minneapolis metro area and a few satellite offices
Administrators 1 administrator with other IT responsibilities, limited day-to-day use
System Count Approximately 5,000 clients
Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Infrastructure Goal: Minimize ConfigMgr infrastructure to support the remote office locations.
Customer Profile #1 – 5000 clients“Remote office optimization”
Customer Profile #1 – 5000 clients“Remote office optimization”
ConfigurationManager 2007
Warehouse• Secondary site (485 clients)• Manage WAN• DP
Sales Office• Only 15 clients• Good connectivity• Branch DP or • BranchCache™
District Office• Secondary site (1,500 clients)• Manage WAN• MP, DP, SUP, PMP
Corporate Campus• Primary site (3,000 clients)• Local SQL Server• MP, DP (x2), FSP*, SLP*, SUP,
SMP, RP/RSP
Corporate Campus• Primary site (3,000 clients)• Local SQL Server• MP, DP (x2), FSP*, SLP*, SUP,
RP/RSP
Sales Office• Only 15 clients• Good connectivity• Branch DP or • BranchCache™
District Office• Secondary site (1,500 clients)• Manage upward/downward WAN
traffic• SQL Express• MP, DP, SUP, PMP
Warehouse• DP with throttling and scheduling• (485 clients)• Manage downward flow of Content
over WAN
Customer Profile #1 – 5000 clients“Remote office optimization”
v.Next
ReplicationData Type
Examples Replication Type
Where is data found?
Global Data
Collection Rules, Package Metadata, Software Update Metadata, Deployments
SQL Central Administration Site, All Primary Sites, Secondary sites*
Site Data Collection Membership, HINV, Alert Messages
SQL Central Administration Site, Originating Primary Site
Content Software package installation bits, Patch bits, Boot images
File-based Primary Sites, Secondary Sites, Distribution Points
*Subset of global data only
Conceptual Replication ModelCentral Site(Germany)
Germany(Berlin) Spain(Madrid)
Cordoba
Primary Site
Secondary Site
Global DataAvailable at: CAS & all Primary SitesExamples• Collection rules• Package metadata• Deployments• Security Scopes
Site DataAvailable at: CAS, Replicating PrimaryExamples:• HINV• Status• Collection Membership Results
Global Data subsetExamples• Packages metadata and status• Program metadataSevilla
ContentAvailable where content has been distributed to a DP
Content routing between Secondaries
SQL Replicated Data Types
• Collection Rules• Package Metadata• Program Metadata• Deployments• Configuration Item Metadata• Software Update Metadata • Task Sequence Metadata• Site Control File• System Resource List (site servers)• Site Security Objects (Roles, Scopes, etc.)• Alert Rules
• Collection Membership Results• Alert Messages• Hardware Inventory• Software Inventory & Metering• Asset Intelligence CAL Track Data• Status Messages• Software Distribution Status Details• Status Summary Data• Component and Site Status Summarizers• Client Health Data• Client Health History• Wake On LAN• Quarantine Client Restriction History
Global Data Examples Site Data Examples
Client Agent Settings• Default client agent settings
− Defined for the entire hierarchy− Identifier to not allow customizations
• Custom client agent settings− Collection-based Targeting
− Multiple custom setting objects Multiple collections
− Model behaviors consistent with targeting today− Can override “optional” client agent settings applied to
the hierarchy
• Conflict Resolution that is priority-based• Resultant settings can be an aggregation
of both default & custom setting
Client Agent Settings
Characteristics ConfigMgr 2007 ConfigMgr v.NextGranularity •Site level attribute
•Complex workarounds •Deploy separate sites based on client setting requirements•Set client agent settings with local policy on each client
•Hierarchy wide default
•Customizations associated to one or many collections
Policy Applied •Varies by collection attribute
•Maintenance Windows• Uses additive approach in
conflict• Hard to determine “what’s”
being applied “where”
•Collection Variables• Non-deterministic conflict
resolution• No reporting
•Resultant settings can be an aggregation of both default & custom settings
•Setting Objects are priority based and when conflicts arise, CM resolves based on priority
Display What’s Relevant to Me
• Role-Based Administration enables mapping the organizational roles of administrators directly to built-in security roles− Security role = Contains Permissions (e.g. Read Package)− Security scope = Contains securable objects− Administrator has one or more security roles and security scopes
associated
• Admins only see what they have access to
• Management of security is further simplified by enabling administrative security for the entire hierarchy (Security is global data)
Site Data Segmentation today…France Primary Site
England Primary SiteMeg Collins“Central Admin”
•French collection(s)•Create advertisement for French collection(s)
•English collection(s)•Create advertisement for English collection(s)
Meg wishes to distribute a package to all of her EMEA users in the West region
•Create and distributepackage Vintzel
“English Admin”
Louis“French Admin”
Data Segmentation via RBAC
•French collection(s)•Create advertisement for French collection(s)
•English collection(s)•Create advertisement for English collection(s)
Meg wishes to distribute a package to all of her EMEA users in the West region
Meg Collins“Central Admin”
•Create and distributepackage
France Primary Site
England Primary Site
CentralAdmin Site
Louis“French Admin”
Vintzel“English Admin”
Customer Profile #2
Profile Item Hierarchy Design Impacts
Company Locations Headquarters in ChicagoSubsidiary in London
Administrators 2-4 administrator with other IT responsibilities, limited day to day use
System Count Approx. 25,000 clients
Feature Set Usage Hardware Inventory every 7 days, deploys software and software updates
Infrastructure Goal: Minimize ConfigMgr infrastructure to support unique remote control settings for the HR department and hardware inventory policies for servers.
HR Primary Site• Primary site (300 clients)• Remote Control Disabled• Admin Segmentation
Chicago Central Site• Primary site (~14,700 clients)• Remote Control Enabled
Chicago Campus15,000 clients
London Offices5,000 desktops
500 Servers
London Primary Site• Primary site (5,000 clients)• Standard Inventory Policies for
desktop
London Servers Site• Primary site (500 clients)• Hardware Inventory Policies
unique to Servers• Admin Segmentation
ConfigurationManager 2007
London Primary• Primary site (5,500 clients)• Inventory Class reporting at
Collection level• Admin Segment for Servers
Chicago Campus15,000 clients
London Offices5,000 desktops
500 Servers
Central Admin Site• No Clients• Administration & Reporting for
Hierarchy• Admin segment for HR clients
Chicago Primary Site• Primary site (15,000 clients)• Local SQL Server• HR Collection-based settings for
Remote Control
v.Next
Customer Profile #3“200k Clients”
Profile Item Hierarchy Design ImpactsCompany Locations Global distributed across US, Latin America, Europe and Asia
Administrators 8 - 12 administrator dedicated, packaging personnel, distribution only roles , helpdesk & many customer workflows (high automation)
System Count Greater than 200,000 clients
Feature Set Usage Pretty much the same as previous customer, just increasing scale with more clients, more software distribution, and more OS distributions
Content
CentralAdmin Site
SQL Server Primary 1
Secondary Site
Primary 2DP
Secondary Sites (3)
Branch DP or BranchCache™
Primary 3 DP
Secondary Sites (3)
Branch DP or BranchCache™
Primary 4DP
Primary 5 DP
Secondary SiteSecondary Site
Branch DP or BranchCache™ Link Speed
Fast
Medium
Slow
Local point of connectivity for administration
Fault Tolerance Scale/Perf Content Regulation
Concerned with upward and downward flow of traffic (Client/Content)Concerned with downward flow of content only
Secondary Sites (3)
200k clients
ConfigMgr 2007 vs ConfigMgr.next
Scenario 2007 v.Next
Establish central administration/reporting site for hierarchy
Central primary Reprocess all data from child sites
Central Administration Site – no data processing
Manage different client agent settings
Separate primary Collection-based settings
Provide client and data segmentation*
Separate primary RBAC/Admin Segmentation
Apply throttling and bandwidth control to content distribution
Secondary Site Secondary SiteDPs with throttling and scheduling
Make content available to clients in small remote offices
Standard DPs and Branch DPs
• Standard DPs• Branch DPs• BranchCache
Minimum System Requirements
• 64-bit hardware for all site servers and site system roles• SQL Server 2008 SP1 with CU6 (64-bit)• Windows Server 2008* (64-bit)
• Exceptions as follows:− Standard Distribution Points will support Windows Server 2003
(including 32-bit). Some feature limitations may apply (e.g. BranchCache™).
− Branch Distribution Points will run on ConfigMgr v.Next supported client operating systems (including 32-bit).
* Latest Service Pack
What can I do now to prepare?
• Flatten hierarchy where possible• Plan for Windows Server 2008, SQL 2008, and
64-bit• Start implementing BranchCache™ with
ConfigMgr 2007 SP2• Move from web reporting to SQL Reporting
Services
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.