sccM 2012 How to get tHe Most froM

Transcription

white paper
How to get the
Most from
Your microsoft
configMGR 2012
migration
SCCM
2012
1e.com
How to get the Most from Your microsoft configMGR 2012 migration
Contents
Share this
1e.com
3
Overview
4
ConfigMgr 2012 Migration Options
5
Getting the Most from ConfigMgr 2012
14
Nomad: Enhancing Your ConfigMgr 2012 Infrastructure
19
How Else Can 1E Help
Abstract
This white paper sets out how you can
expedite your migration to ConfigMgr
2012. When the migration is done, or if
you have already migrated, it also
provides ideas to maximize SCCM 2012’s
benefits and to lower your costs.
The Authors
Several of 1E’s ConfigMgr technical
specialists have contributed to this
document, namely: Shaun Cassells, Troy
Martin, Mike Terrill, and Paul Thomsen.
Overview
Microsoft® System Center Configuration Manager 2012 (“ConfigMgr” or “SCCM”) has
been well received by organizations of all types and sizes around the world. Many of
the organizations that 1E works with have moved to it, are moving to it, or have
imminent plans to do so. If you are preparing to upgrade or are in the midst of such a
project, this is the ideal time to expedite your project, minimize your costs, and
maximize the benefits from ConfigMgr. If you’ve already made the move, you can build
on the lessons you’ve learned to make your ConfigMgr implementation even better.
This document provides you with a wide variety of ideas and options to maximize the
return your organization is getting from your ConfigMgr investment.
This document suggests options such as:
•Use industry best practices when using the key SCCM 2012 features
•Keep your ConfigMgr hierarchy as simple as possible (especially since
SP1’s availability)
•Flatten your server infrastructure and cut on-going running costs
•Consider the Intune integration option so that you can manage
consumer-oriented devices
•PowerShell support brings a new level of customization and control
In 2012 1E consultants took a deep dive into SCCM and published their tips for success.
This is the second update of those observations.
1e.com
3
ConfigMgr 2012 Migration Options
If you are planning to migrate to
ConfigMgr 2012 or are in the midst of
your project, you should consider your
migration options.
The benefits include:
•Minimizing your ConfigMgr server
footprint and maximizing reliability
and performance
•Reducing the deployment timeline
by two thirds
•Improving your patching and
software distribution success
Doing the migration with your own staff
and just SCCM might be a viable option if
you are prepared to delay other projects,
often by months. You will need time to
set up a lab, educate the team on the
migration process, build a design and
process, test the process in the lab, plan
for production, and then do the actual
work of the migration itself.
There is also the risk that you will miss
lessons that have been learned
elsewhere, given that this is your first
opportunity to actually do a migration to
SCCM 2012. The challenges and risks
increase dramatically if your organization
is fairly large, is very diverse, or has other
unique characteristics.
You should also consider how well the
end state will serve your needs. As long
time partners of Microsoft, 1E is very
impressed by the capabilities of
ConfigMgr 2012 and is very pleased to
specialize in it. However, 1E has worked
with hundreds of organizations where
SCCM could be enhanced to even
1e.com
4
better serve the organization. Such
enhancements are why Microsoft so
greatly values its huge partner
ecosystem. Therefore it is prudent to
take time to consider whether additional
software would allow SCCM to work
even better for you. Taking time to read
this whitepaper is a great first step.
The cost of additional services and
software are often a concern and we are
pleased to discuss that with you. Our
experience has been that the benefits are
so dramatic, in hard savings, that the
investment quickly pays for itself.
We have the analysts to help you quantify
those savings and we have the history to
prove that the savings will be realized as
planned. Our large support and
engineering teams ensure the savings
continue to be realized for years, long
after the investment has paid off.
If you see the potential that 1E’s
consultants, software, or partners can
help you, we encourage you to contact
us. We will be pleased to meet at a time
and in a format that works well for you to
explore the possibilities.
Our professional account and technical
teams will carefully listen to your
challenges and requirements and then
explain our solutions to whatever degree
you like. If there are better alternatives
we will point them out and leave you to
them. We are here to help, as we have
done with so many organizations since
1997.
Getting the Most from ConfigMgr 2012
Whether you are about to migrate to
ConfigMgr 2012 or are already there, you
should investigate how you can get the
most from SCCM. This section highlights
key changes in ConfigMgr 2012 as
compared with ConfigMgr 2007 and
provides an overview of the lessons that
1E has learned in relation to them.
Application Management
The deployment of software is the
primary function of most ConfigMgr
implementations. In ConfigMgr 2007,
software distribution was achieved by
defining packages and programs and
then advertising the programs to
collections of clients or users.
Different installation types (e.g. 32-bit
and 64-bit installation) could require
separate programs. Typically, a collection
would define the target for each
installation type (query-based
collections define the logic that
determines which systems should run
the program).
Those legacy objects are still available in
ConfigMgr 2012, and are in fact still
required for some of the content required
in an operating system deployment task
sequence (such as boot images, OS
images, driver packages and the
ConfigMgr client agent). However
ConfigMgr 2012 introduced a completely
new alternative approach to software
distribution – application management.
For application management, an
application has a number of deployment
types, each defining the required source
files, install and uninstall command lines
and user experience (e.g. whether a user
1e.com
5
needs to be logged in), similar to the
properties of the legacy packages and
programs. Deployment types are
deployed through a deployment, which
isn’t all that dissimilar from the concept
of an advertisement.
The most significant difference with
SCCM 2012 application management is
that the deployment type also defines
the targeting logic, which is evaluated on
the client each time the Application
Deployment Evaluation Cycle occurs.
Application management uses the same
‘engine’ as the Compliance Settings, so
the decision whether to install can be
based on values from Windows
Management Instrumentation (WMI), the
local registry, the return code of a script,
the result of a Microsoft SQL Server
database query, or the user (either
logged on at the time, or the primary user
of the device).
The collections targeted by a
deployment can therefore be much more
encompassing – now you needn’t panic
when you accidentally deploy to All
Systems (as long as you have the right
conditions defined in the Deployment
Type requirements).
SP1 extended this model by improving
the App-V support and adding Windows
8 support.
Migrating to ConfigMgr 2012 does not
require migrating to application
management right away, but you should
consider doing so when time permits in
order to take advantage of its benefits:
•Applications are state based, so if an
application is uninstalled from a client,
it will be reinstalled automatically in
order to restore the intended state of
the client
•The evaluation as to which clients or
users receive the application is done
on the clients, so the workload on the
servers is reduced (particularly in
terms of collection evaluation)
•Applications can be made available to
users in the Application Catalog, thus
enabling a user-centric service model
Site Hierarchy
ConfigMgr 2012 should keep the
minimalists happy – the architecture is
designed for a much flatter hierarchy,
and in fact, a single site ConfigMgr 2012
hierarchy is used by most organizations
with less than 100,000 clients to manage.
An important change in the SCCM 2012
architecture for those organizations that
do require multiple sites is the Central
Administration Site (CAS), which is in
some ways similar to an SCCM 2007
central site, but no clients can be
managed directly from the CAS.
A key role of the CAS is to coordinate
replication of data throughout a
hierarchy, so it is not required if you are
going to manage your entire
environment with a single primary site.
As of SP1, a standalone site can be
attached to a CAS at a later stage. A CAS
also enables a failed primary site to be
recovered even without a backup. It is
worth noting that only primary sites can
attach to a CAS, and only secondary sites
can be attached to these primary sites, so
effectively your hierarchy will not exceed
three tiers for the core sites (additional
secondary sites can be lower tiers).
1e.com
6
Even the role of the secondary site is
somewhat changed in ConfigMgr 2012.
One of the main reasons for deploying
secondary sites in ConfigMgr 2007 was to
be able to manage network bandwidth
for the distribution of content (packages,
updates and OS images).
In ConfigMgr 2012, distribution of
content to remote distribution points can
be scheduled and throttled in the same
manner as site-to-site traffic, so unless
you are concerned about the volume of
traffic going back to the primary site
(inventory, status, software usage, etc.)
you can do without secondary sites. It’s
worth noting that secondary sites require
a SQL database in ConfigMgr 2012,
however the secondary site installation
will install Microsoft SQL Server® Express
if a supported version of SQL Server is not
installed locally.
In ConfigMgr 2012, boundaries are used
to identify network locations and are
available to all Sites in the hierarchy.
Boundaries are then grouped together
in boundary groups, which can be
optionally associated with a particular
site for client site assignment. For
example, each of the LANs in a particular
location, like a branch office or a retail
store, would be added as individual
boundaries, and these boundaries
would then be added to a boundary
group that identifies that location. The
boundary group can then be associated
with the primary site that should
manage that location.
Given all these options, you can do a lot
to simplify your SCCM hierarchy and
therefore simplify operations and
increase reliability:
•Don’t include a CAS unless you must
•Only use secondary sites in locations
with a large number of clients
and/or if you expect a very large
volume of data to be frequently
reported up the hierarchy
•If you must have multiple primary
sites, keep the count as low as possible
difficult to control (to allow certain users
to only see the features they administer)
but it also crashed too often. The
administration console in ConfigMgr 2012
has been completely redesigned and
rewritten from the ground up. It does not
use Microsoft Management Console
(MMC), and displays only the features the
administrator has rights to.
Site-to-Site Replication
If you have need for a multi-site
ConfigMgr hierarchy, you should be
aware that site-to-site communication
has received a major overhaul in
ConfigMgr 2012. Database replication has
replaced most of the legacy file transfer
in and out of inboxes (content as in
packages, applications and operating
system deployments are still replicated
using the file system).
SP1 enhanced the administrative
model even further. New PowerShell
support extends your administration
options so that you can automate
ConfigMgr operations even more than
in previous versions. The addition of
the Client Operations infrastructure
allows you to initiate Endpoint
Protection and client policy refreshes
whenever you require them.
Most changes in any site will be
replicated globally to all sites in the
hierarchy, not just to the parent or child
sites. To help monitor and resolve
replication issues between the sites
there is a Database Replication node in
the Monitoring section of the console
that shows the status of any links. The
Replication Link Analyzer is an additional
tool that enables further analysis and
remediation of SQL replication issues
between sites.
SP1 improved replication by giving you
more control in terms of what is
replicated and when.
Administration
The administration console was
historically a big pain point for ConfigMgr
2007 administrators. Not only was it
1e.com
7
Managing Clients Over the Internet
The complexities of Native Mode in
ConfigMgr 2007 no longer exist in
ConfigMgr 2012 as the Mixed and Native
Site modes are no more. Instead, the
various Site system roles within the Site
are configured to support HTTP or HTTPS
connections (or both).
Within a Site, multiple site systems (e.g.
management points) can be deployed,
allowing one or more servers situated in a
demilitarized zone (DMZ) to host
internet-facing roles using HTTPS, with
the same roles hosted on an internal
server using HTTP.
Use of HTTPS still requires public key
infrastructure (PKI) to enrol client and
server certificates (mutual
authentication is still required),
however the Site Server Document
Signing Certificate is now created by
the site as a self-signed certificate.
By default, if a client has a client
authentication certificate issued by a
trusted Certificate Authority (CA) it will
use HTTPS and will be able to
communicate with all Site systems that
are configured to support HTTPS. If no
such client authentication certificate
exists, the client will use a self-signed
certificate and use HTTP to communicate
only with site systems that are
configured to support HTTP.
New to ConfigMgr 2012 is the possibility
for Internet-based clients to evaluate a
user-based policy (such as application
deployments). In order for this to occur,
either the management point (MP) and
user account must be in the same forest,
or a trust must exist between the forests
in which the MP and the user account
reside. In either case, any perimeter
firewall must allow AD authentication
traffic between the MP and a domain
controller in the user account’s forest.
Exciting SP1 changes include the ability
to use cloud-based (Azure) distribution
points and to enable clients to get
software updates from Microsoft Update
if corporate DPs are not available.
ConfigMgr 2012 SP1 and R2
demonstrate Microsoft’s commitment
to dramatically improving your internet
client management options. The
Intune integration is much more robust
and a larger variety of clients are
supported. With R2 you can also now
manage iOS7 settings, deploy web
application shortcuts, and use
1e.com
8
Windows 8.1 app bundles.
Similarly, remote connection, certificate,
VPN, Wi-Fi, and email profiles make it
easy for you to enable mobile user
support, rather than having to
implement your own solution.
As your users increase their
expectations for mobile support, and
ConfigMgr increasingly enables it, you
should consider implementing these
features in your organization.
Scalability
A ConfigMgr 2007 hierarchy could
support a maximum of 200,000 clients
(300,000 with R3). ConfigMgr 2012
supports up to 400,000 clients in a single
hierarchy when the database for the
Central Administration Site is running
SQL Server Enterprise. Each Primary Site
can support up to 100,000 clients if the
database and Primary Site roles are
hosted on separate servers. The SP1
database replication options ensure that
you can fine tune it in even the most
challenging environments.
As with ConfigMgr 2007, each
Management Point (MP) can support up
to 25,000 clients. However, the concept
of a Default Management Point no longer
exists in ConfigMgr 2012, and neither
does support (or necessity) for Network
Load Balancing (NLB) an MP. Instead, up
to four servers can host the MP role and
clients manage the load balancing in
much the same way as they do with
Distribution Points (DPs). ConfigMgr 2012
also increases the number of supported
DPs per Site from 100 to 250, each
supporting up to 4,000 clients.
At first you might think that scalability is
not an issue for you, unless you work for
a very large organization. However, even
medium-sized organizations could have
a very large number of clients when you
take into account the multiple devices
that users often have. So if users
typically have a laptop, tablet, and
phone, and you manage them all, then
an organization with 50,000 to 100,000
users could have some scale concerns.
Add in a lot of data-center servers,
point-of-sale systems, robotic control
systems, or similar options and even
current ConfigMgr 2012 scalability is
worth taking seriously.
Distribution Points
There are some notable changes in the
role of the distribution point (DP) in
ConfigMgr 2012. The branch distribution
point (BDP) distinction has been
dropped in ConfigMgr 2012. Instead,
there is a single DP role that can be
installed on servers (2003 upwards) and
workstations (Vista upwards).
Interestingly, the DP role is the only site
system that is supported on both 32- and
64-bit computers; all other site systems
require a 64-bit OS. Distribution of
content to remote DPs (i.e. any DP that is
not hosted on the same LAN as a site
server) can use scheduling and throttling
similar to that defined in our old friend,
the site-to-site address, that has survived
since the first version of SMS.
By default all content is obtained by
clients using HTTP (or HTTPS), which
means that any system (including a
workstation) hosting a DP need Internet
Information Server (IIS) installed.
Although there is the option to establish
content for specific packages on a ‘legacy
style’ DP share (this is in fact necessary if
you want to use OS deployment task
sequences that obtain content directly
from the DP), the HTTP/S server must
always be present. If you currently use
network-attached storage (NAS) devices
to host ConfigMgr 2007 DP shares, you
are going to need a new strategy for
ConfigMgr 2012.
The DP role now incorporates the
Preboot Execution Environment (PXE)
service as an optional feature if the DP
is hosted on a server operating system.
Windows Deployment Services (WDS)
is still required for PXE booting in
ConfigMgr 2012.
Talk to 1E about Nomad, which not only
eliminates the need for any kind of DP in
your remote locations but also enables
PXE to be served from a workstation.
Nomad eliminates the need
to establish a distribution
point at every site
1e.com
9
Nomad 2012 integrates seamlessly with
the ConfigMgr 2012 operating system
deployment (OSD) process, using
content stored on local peer
workstations to complete a full
OS Deployment without impacting
the WAN.
Configuration Manager 2012 SP1 and
R2 also introduced and enhanced a
new “pull distribution point” role, or
pull DPs. The benefit of pull DPs is that
they offload the site-to-DP content
distribution workload from the site
server to the DPs. They do not provide
any benefit in getting the content to
the clients and they may in fact
complicate that process by adding
more “moving parts”.
Also new are “cloud DPs”, meaning
distribution points hosted on Microsoft
Azure. These can be useful for clients
on the internet but you should pay
close attention to their costs. If used,
they are most appropriate for small
critical deployments to a limited
number of clients.
Users in Control
ConfigMgr 2012 has been built with the
user in mind. The Software Center,
installed on all clients, provides an
interface for the user to manage the
installation of software that has been
made available to them and to view
software that has been installed by
ConfigMgr. The Software Center can also
give the user control over the ConfigMgr
actions that are likely to impact them
most. For example, a user can define
their working day and software
deployments and updates can be
configured to respect these and deploy
outside of these hours.
1E Shopping provides a much richer
experience with configurable approval
workflow, support for system as well as
user based deployments, optional
restriction of deployment if insufficient
licenses exist.
It integrates with other service desk
systems and enables users to rent
applications for a fixed period after
which they are automatically put back
into the pool for other users to employ,
further reducing the costs associated
with purchasing unnecessary
software licences.
Note that Shopping allows for quarantine
periods required by some specific
software vendors when reallocating
licensed software.
SP1’s extension of ConfigMgr to the
device and Macintosh environments
allow organizations to empower their
Shopping enables
user-based OS deployments
1e.com
10
users to use the solutions they want
while ensuring IT control for security and
similar requirements are maintained.
installed using ConfigMgr 2012 client
settings, so there is no need to create
any packages or programs.
Client Health and Efficiency
There are a number of features in
ConfigMgr 2012 to ensure clients remain
healthy, operational and efficient. The
reality is that once your hierarchy has
been deployed for a year or more,
somewhere between 5% and 15% of your
clients will experience issues and may
stop communicating with ConfigMgr if
you don’t intervene.
Endpoint Protection reports and
dashboard are integrated into the
ConfigMgr console further simplifying
operational tasks. There is even an
out-of-the-box security role for the
Endpoint Protection Administrator,
defining all the necessary rights to enable
the role to be delegated. And with SP1
you can initiate Endpoint Protection
activities when you need them using the
new Client Operations feature.
ConfigMgr 2012 directly addresses this
problem with ConfigMgr Client Heath
evaluator. This program (which runs as a
scheduled task separate from the
ConfigMgr client’s service) detects and
remediates the most common causes
of client failure, reporting its activities
to ConfigMgr.
ConfigMgr 2012 clients can also
automatically upgrade themselves to the
latest version if it is below the specified
version. You enable this from site settings
and you can configure the maximum
number of days before the client must
upgrade. In addition to this you have
control over how the clients’ installation
files are downloaded or not if the
distribution point is on a slow link, and
they can even have a fall-back source
location. (Note: Microsoft recommends
using this as a catch-all after the bulk of
any upgrade has finished.)
To protect clients from malware,
ConfigMgr 2012 has Endpoint
Protection fully integrated, so no more
running two separate infrastructures.
The Endpoint Protection client is
1e.com
11
Keeping up to date with software
updates is an important step for ensuring
the health and functionality of a client. A
significant improvement to management
of software updates in ConfigMgr 2012
comes with the Automatic Deployment
Rules feature. Administrators can ensure
updates are automatically downloaded,
approved and deployed based on
specific criteria, instead of manually
carrying out tasks. For example, this
could be used to automatically deploy all
critical updates for Windows 7, or to
automatically deploy recent signature
definitions for System Center 2012
Endpoint Protection.
If you do not want to deploy
automatically, the rules can be
configured to retrieve compliance
information from client computers for
the software updates without
deploying them.
ConfigMgr 2012 R2 further enhanced
software updating by allowing you to
specify maintenance windows that are
for software updates only. Software
distribution and task sequences can be
done at other times using other
maintenance windows.
Power Management, introduced in
ConfigMgr 2007 R3, is enabled by default
in ConfigMgr 2012 and includes some
minor enhancements. It continues to
enforce the same peak and non-peak
power plan settings for turning off the
display, inducing sleep or hibernate
modes, controlling battery notifications
and button actions and scheduling
desktop computers (deliberately not
laptops) to wake from sleep. You can now
copy settings from another Collection so
you only have to tweak the differences.
Also, users can now exclude their PC
from power management which you
can report on and over-ride.
NightWatchman Enterprise from 1E fills
in the gaps, enabling scheduled
shutdown and wake-up for all systems,
over-riding processes that prevent
computers from going to sleep and
enabling potential application issues
when resuming, to be addressed, as
well as providing other key features.
Client Configuration
In previous versions of ConfigMgr, client
settings were configured by site. In
ConfigMgr 2012, the default client
settings (a bit like a ‘profile’ of settings)
are applied to all clients in the hierarchy.
As well as editing the Default Client
Settings, it is also possible to create
your own settings ‘profiles’ that can be
applied to specific Collections. For
example, you may have Installation
Permissions configured globally to
allow Administrators and Primary
1e.com
12
Users to initiate software installations,
but a custom client setting can be
configured to allow no users to initiate
software installation for a group of
sensitive computers.
The definition of WMI classes that get
reported through Hardware Inventory is
now managed through the Client
Settings interface in the console. No
more editing SMS_DEF.MOF or
CONFIGURATION.MOF (Microsoft
Operations Framework).
What is really cool with this interface is
that new classes can be added by
connecting to WMI on any computer and
browsing to the class you want to report
on. In addition, custom hardware classes
may be exported to a MOF file and
imported in the same interface. This
allows custom inventory settings to
easily be transferred from a lab
environment to your production
environment.
Administrators in Control
Central to simplifying ConfigMgr
hierarchies is removing the need to have
primary sites to manage subsets of
clients. With ConfigMgr 2007 you might
have created a separate SCCM site to
manage datacenter clients, another for
your clients in Europe, and another for
the executives’ computers.
The same logic could have applied to
managing their ConfigMgr objects, such
as packages, task sequences, and
software update deployments. SCCM
2012 gives you new options to put such
controls in place without having to add
primary sites.
The first set of such controls are what
we’ll call “assignment collections”,
meaning collections used to define the
clients and users that the administrators
can manage, and then assigned to them.
When setting up administrators in the
ConfigMgr console you should specify
one or more collections that the
administrators can use.
When those administrators are creating
deployments or otherwise managing
clients they can then use those
collections to target the right clients or
users, or use collections that are directly
or indirectly limited to those assigned
collections. Clients or users that are
outside those assigned collections are
not available to them.
The second set of such controls are
“security scopes”. Scopes control which
ConfigMgr objects the administrators
can see in the ConfigMgr objects
(except for collections and the clients
and users in those collections, which
are limited as above). So scopes control
which administrators can see
applications, packages, deployments,
task sequences, sites, distribution
points, software metering rules,
configuration items, and a wide variety
of similar objects.
When creating such objects they can
assign them only to scopes that they
are limited to, and thus other
administrators cannot see the objects
they have created unless the other
administrators are also assigned to the
same scope.
1e.com
13
The third and final set of controls are
“security roles”, meaning the ConfigMgr
permissions that the administrators
have. There are a number of predefined
sets of permissions (roles) and you can
easily create more.
Between these three sets of controls
you can ensure that administrators can
do only what you intend, using only the
objects you want, to the appropriate set
of clients or users. You can be confident
that they won’t do more than intended,
no matter what site they have access to.
However, you should also consider
whether you need a mechanism to
coordinate object creation. For
example, administrators from multiple
scopes may require an Office 2013
application, but the second
administrator to have such a need
might not be able to see that another
administrator has already created one
because they are in different scopes.
With appropriate coordination the
second administrator could ask a senior
administrator to add his scope to the
already existing application, allowing
him to see and use it as well.
1E Nomad: Enhancing Your ConfigMgr 2012
Infrastructure
When planning to migrate to ConfigMgr
2012 too many organizations plan to
simply replicate their hierarchy design
from previous versions. That means
duplicating the entire existing
architecture whether it is needed or
not. We’d like to show you how you can
avoid that waste, both in terms of
budget and effort.
1E’s SCCM Migration with Nomad is the
smartest, most cost effective means of
migrating to and running Configuration
Manager. This package of 1E software
and consulting services is built on 1E’s
years of experience deploying and
supporting Nomad at hundreds of
organizations, and on our experience
helping organizations of all sizes deploy
various versions of ConfigMgr.
The power of the software combined
with the strength of the expertise
ensures you get the ultimate
migration experience. And if you’ve
already done the migration we’ll help
you to incorporate the solution into
your hierarchy. Either way you are
going to reduce costs and have an
1e.com
14
even more efficient computer
management infrastructure.
With 1E and Nomad you can dramatically
reduce the cost of your SCCM
infrastructure by minimizing your SCCM
server footprint and actively maximizing
reliability and performance. By engaging
1E you can reduce your ConfigMgr 2012
implementation timeline by two thirds
while actually improving your patching
and software distribution success.
Nomad is proven and active across
millions of seats including at the world’s
largest organizations. It is part of 1E’s
suite of products helping around the
world to reduce IT complexity and
achieve dramatic cost efficiencies.
Nomad is a sophisticated software
distribution solution that acts as an
Alternate Content Provider for SCCM. It is
a proven and effective tool in delivering
automated systems management and is
the perfect companion to SCCM 2012.
Nomad offers the smartest, most reliable
and cost effective way to distribute
patches, upgrades, software and
Operating Systems across the enterprise.
Software Distribution
Nomad enables software to be
distributed across the enterprise quickly
and efficiently, from patches and
upgrades to full Operating System (OS)
Images. In most cases clients can find the
content they need on other clients that
have previously needed it.
When that’s not the case the client can
smartly download it from a central
distribution point, as described in the
“Bandwidth Efficiency” section below.
When multiple clients need the content
simultaneously that download is done
only once by a “master” that is elected
for the purpose.
The process of establishing Nomad
communications is entirely automated.
Nomad clients use UDP broadcasts to
intelligently elect the master computer
for each download on each subnet, with
the ability to re-elect should the master
become unavailable.
Elections are weighted to ensure that the
optimal client is elected as the master.
That weighting especially favors clients
that already have the needed content,
but if none have it yet then the software
is downloaded from a ConfigMgr
distribution point.
As the download commences, the
solution’s peer-to-peer model
immediately fans out the content to
more local clients, enabling fast and
efficient distribution across locations
and subnets.
Nomad’s automated discovery of
network topography enables
administrators to treat multiple subnets
as a single subnet. Nomad has the option
to add a central server role
(ActiveEfficiency) that automatically
maintains a list of subnets at all locations.
If a master on a subnet at a location
requires content that is available on a
Nomad client on another subnet at that
location, the master can find that client
via ActiveEfficiency and obtain that
content directly from it. This eliminates
the need for the master to download its
copy over the WAN from a central DP. For
large content or at locations with
especially constrained WAN network
links, this can be quite beneficial.
Operating System deployment (OSD)
especially benefits from Nomad’s
strengths. Operating System images
themselves are often very large, as in
gigabytes, but at the same time clients
will also need a variety of applications,
device drivers, patches, and possibly
other files. Furthermore, users do not
want to be without their computers for
Nomad’s peer-to-peer model
immediately fans out the
content to more local clients,
enabling fast and efficient
distribution across locations
and subnets
1e.com
15
long, so there is limited time to install all
that software let alone download it.
Therefore Nomad’s ability to reliably
provide the content from the LAN
anywhere in your organization is crucial
to your OSD success. You will usually
want to precache that content so that it is
ready for the first client to be upgraded,
but Nomad readily accommodates
precaching. Nomad also helps with
storing user data (USMT data) and PXE
booting as discussed in the “Server
Reduction” section.
The use of clients for software
distribution is how Nomad can deliver
those enormous reductions in the
server footprint.
Server Reduction
With Nomad, organizations looking to
migrate can design an SCCM 2012
infrastructure with the bare minimum
of distribution points and secondary
sites. Even PXE server roles and state
migration points can be eliminated.
Often 95% or more of those servers can
be eliminated. If you’ve already
migrated then you can consider
removing the servers, reusing them for
other purposes in your organization.
In some cases the servers used for DPs
or even secondary sites are also used for
other purposes, such as file serving or
print sharing. Therefore removing the
need for ConfigMgr does not allow
removal of the servers themselves.
However, the fact that you don’t need
to deployment, and then you don’t
need to maintain them, is a
considerable saving in itself.
Not only does Nomad deliver
transformative cost savings in terms of
capital investment; dramatically
reducing the server footprint also
results in ongoing maintenance cost
savings as well as significantly reducing
the manpower and time needed to
deploy SCCM 2012.
Because Nomad uses any or all
ConfigMgr clients and the master
(sharing) role is dynamically elected any
time content is needed, any issues with
Nomad or the computers Nomad is
running on do not prevent Nomad from
functioning. Another computer is elected
and the process continues.
Similarly, any changes in the network do
not affect Nomad because the primary
network activities are local to the subnet
– the subnet address and topology do
not matter to Nomad and thus can
change at any time without adverse
effect. If the content is not available on
With Nomad, organizations
looking to migrate can design
an SCCM 2012 infrastructure
with the bare minimum of
distribution points and
secondary sites
1e.com
16
the subnet already then Nomad must be
able to contact a distribution point, but
that DP will be one of a small number of
DPs, likely in a central and very stable
data center.
The ConfigMgr PXE functionality is a
DP-specific function and therefore every
PXE server is also a DP. However, a
Windows Server Operating System must
be used. Nomad’s PXE option can run on
any workstation Operating System such
as Windows 7, Windows 8, or even
Windows XP.
State migration points are useful when
migrating users from one computer to
another or in some cases when
upgrading Operating Systems. However,
they are another role that must be
configured and maintained and
considerable disk space must be
provisioned and maintained. Nomad can
serve this purpose in a very similar
manner to how it delivers content –
automatically and dynamically.
Many organizations have tried but
struggled to use large numbers of
secondary sites, distribution points, or
branch distribution points. This has often
lead them to come to 1E and Nomad.
Secondary sites and distribution points
can work well enough in small numbers
(a dozen or two), but as the numbers
increase the odds increase even faster
than at any given time a DP or site will
be broken for a variety of reasons.
Therefore your deployments will not be
as successful as they should be, requiring
1e.com
17
you to track down those issues and
spend time resolving them. This work can
be very time consuming, and tedious, if
you have a sizable number of servers.
DP and site challenges come in various
forms but often include:
•Hardware issues, including failures,
full disks, or performance limitations
•Operating System issues, including
compatibility issues
•Networking issues such as IP address
changes and subnet changes
o Remote SCCM servers are often
“protected” to serve local clients
only by assigning “boundaries” to
those servers. However, the
networking team may not always
remember to coordinate with the
ConfigMgr, leaving ConfigMgr
servers to be assigned the wrong
boundaries
•Coordination issues – the people
responsible for the server may not
coordinate with the ConfigMgr team
when swapping hardware, shutting it
down for maintenance, moving it, etc.
•End-of-life-replacement – even
though this work is predictable, it is
still time consuming to arrange
Bandwidth Efficiency
There is a significant flaw in most
bandwidth throttling techniques: they
involve setting percentage limits for IT
traffic across the network. The problem
is that these thresholds are static and
result in the enterprise either not using
all of the available pipeline, or in slowed
delivery as different functions
compete for bandwidth. With Nomad,
content is only downloaded to a
location once and from then on it is
shared locally from peer to peer.
Nomad’s intelligent bandwidth
monitoring and usage management
reacts in real-time to the existing traffic.
It eliminates the competition between
IT and business traffic without the need
for scheduling or delaying IT tasks until
close of business. As Nomad is
downloading it will monitor for
latency in the downloading.
If any is detected then that is evidence
that there is contention on the network
links somewhere between the master
and the central DP that it is
downloading matter. Access to routers
is not needed and the topology of the
network does not matter – it is
sufficient that Nomad sees latency. In
that case it will immediately reduce its
download rate, allowing the other
traffic to take priority on the WAN.
When the latency disappears Nomad
will carefully increase its download rate
until it is downloading as fast as the
WAN will support. In this way the
WAN is providing maximum benefit
at all times, either to the other
business traffic (as the first priority)
or to Nomad.
Remote Locations
Nomad is the most reliable way of
distributing software across WANs, even
to poorly-connected and remote
locations, eliminating the need to
establish distribution points
everywhere. Nomad establishes a
peer-to-peer network for distribution of
software, patches, and OS images from
SCCM. So whether the challenge is
setting up a new location or bringing an
isolated site into your network, with
Nomad delivery is easy.
Nomad’s intelligent bandwidth
monitoring and utilization ensures 100
percent reliable content delivery even
where the network quality is poor, such
as locations connected via satellite. If you
happen to need to update the software
on an off-shore oil platform you can
stand down the helicopter and rely on
Nomad instead.
1E has even done this for Operating
System deployments. It took a while for
Intelligent bandwidth
throttling ensures that Nomad
only utilizes all of the network’s
available capacity whilst
ensuring business traffic is
never compromised
1e.com
18
the downloads to complete but the
critical business traffic continued
uninterrupted over the satellite link. The
upgrades then proceeded quickly using
the local copies of the content.
Improved Security
Security and compliance are quite
rightly significant concerns for the
enterprise. Nomad integrates with and
builds on the inherent security provided
by SCCM 2012, introducing no additional
risk to individual PCs or to the network.
1e.com
19
It is not just about not adding risk
though – Nomad actively reduces it.
The efficient distribution of content
enables IT to distribute patches and
upgrades during the day, rather than
having to wait until end-of-day. That
keeps your computers’ security
up-to-date at all times. That
distinction is especially critical for
zero-day exploits but also for
computers that aren’t online after
hours, such as laptops.
How Else Can 1E Help?
Nomad and 1E’s consulting services (including those of our partners) are central to a
successful ConfigMgr 2012 migration but 1E is pleased to offer even more options and
has solution to address the following concerns:
•Will you provide all the same software packages from ConfigMgr 2012 as you did
with ConfigMgr 2007? If not, then which packages should be migrated?
•Do your users here in 2014 have the same expectations as the users had when you
deployed ConfigMgr 2007? We often find that users are much more likely now to
seek out software that will make them more productive and do not understand
why that cannot be an almost instantaneous experience.
•When you have made the investment in the ConfigMgr 2012 migration is your
organization getting new added value that demonstrates to the business that the
project was truly a step forward?
•Are the client computers as available for computer management as much as they
were when you implemented SCCM 2007?
AppClarity
Inevitably some software packages that were useful years ago for business needs at
that time are not so useful now. But which software is that? Of the software in this
case, which is the least used? When migrating packages it seems prudent to start
with the packages that are deployed and used mostly widely, then those that are
deployed widely and fairly well used, and finally those that are not deployed widely
nor widely used. Packages for software that is not used at all should not be migrated
no matter how widely they were previously deployed.
You (or your SCCM administrators) can run reports to identify what software is
deployed and how widely, but determining how well used it is can be challenging.
Enabling software meter rules results in often overwhelming data if done on a large
scale and takes weeks or months to collect. Any other form of software usage data is
hard to relate to specific software products. And with or without usage data, the
reports will be very long, listing tens of thousands of unique software titles, most of
which will be extremely obscure.
1E’s AppClarity addresses these challenges by importing relevant data from
ConfigMgr, applying sophisticated normalization algorithms, and presenting the
results in user-friendly reports that will give you the information you require. You can
dive as deeply as needed into the data but the summarized form will be sufficient for
most migration purposes. Having identified the most used software in your
organization, you can consider which packages should be migrated to SCCM 2012 as
legacy packages or converted to applications.
Your software asset management or licensing team will also benefit from
AppClarity in that they can import their licensing data and readily identify license
compliance issues. They can even address compliance issues in many cases by
using AppClarity to automatically de-install software where it is not being used,
bringing it into compliance.
1e.com
20
Shopping
Microsoft has anticipated the rise of user expectations for app stores by including an
Application Catalog in ConfigMgr 2012. However, the Application Catalog is a minimal
solution lacking key features such as:
•Offering both applications and legacy packages (the latter are not offered)
•Active Directory security groups changes
•Resource requests, such as for computers or office supplies – only ConfigMgr
objects can be offered
•A robust approval workflow
•Easy integration with ticketing systems or other infrastructure
•Rental of applications, legacy packages, or security group changes, ensuring
they are removed after the user has used them for project-oriented work
•Extensive customization to brand the web site in the same fashion as your other
intranet sites
•License management
1E Shopping offers these and many other features in a very modern web design that
your users will find to be a pleasure to use. The experience is consistent with what they
have with their consumer devices, reflecting well on your IT organization.
NightWatchman
One of 1E’s most popular products is our industry leading power management
solution, NightWatchman. Windows and ConfigMgr have power management
features but real-world complexities often prevent them from enforcing power
management when they should. Reporting on the savings realized is minimal.
Integrating NightWatchman in your ConfigMgr 2012 infrastructure will allow your
organization to maximize power savings and minimize its greenhouse gas impact. The
facilities and sustainability teams in your organization will highly value the added value
that ConfigMgr 2012 brings to the organization when partnered with NightWatchman.
1e.com
21
WakeUp
Where power management is effective you might find that you cannot manage
computers after-hours because they are in a low power state. To minimize this issue
you should use a Wake-on-LAN (WOL) solution. ConfigMgr includes WOL options,
including a new WOL proxy feature, but technical constraints mean that these options
only work in limited circumstances.
Both Nomad and NightWatchman include WakeUp, a full-featured WOL solution
that does not have technical constraints. You can use WakeUp to maximize the
effectiveness of ConfigMgr 2012’s features. Either automatically or at SCCM
administrator discretion you can use the ConfigMgr console to wake computers
for patch management,
We trust this white paper has raised ideas that will make your
experience with ConfigMgr 2012 even better. If you would like to
discuss those ideas further, please contact us at the numbers below.
Share this
1e.com
About 1E
1E is the pioneer and global leader in
efficient IT solutions. 1E’s mission is to
identify unused IT, help remove it and
optimize everything else. 1E efficient IT
solutions help reduce servers, network
bandwidth constraints, software licenses
and energy consumption.
Contact us
UK (HQ): +44 20 8326 3880
US: +1 866 592 4214
India: +91 120 402 4000
[email protected]
© Copyright 2014 1E. All rights reserved. The information contained herein is subject to change without notice.
1E shall not be liable for technical or editorial errors or omissions contained herein.

sccM 2012 How to get tHe Most froM

Transcription

Similar documents

Print Details - East Coast Yacht Sales

95 $159 - Bransfords Discount Tackle Shop

Document 6444837

santa cruz nomad carbon

beneficios de fotografías aéreas con aviones no tripulados.

Men`s FASHION Magazine profiles

konfig - Auto-Trol Technology