advanced infrastructures in system center configuration manager 2012 r2 jason sandys @jasonsandys...
TRANSCRIPT
Advanced InfrastructuresIn System Center Configuration Manager 2012 R2
Jason [email protected]
Wally Mead@wally_meadwww.cireson.com
Best practices are guidelines allowing
newbies to NOT think about everything.
@damienkatz
1 != 2
2007 != 2012
ConfigMgr 2007 != ConfigMgr 2012
ConfigrMgr 2007 Sites != ConfigMgr 2012 Sites
To CAS or Not to CAS
Central Administration Sites
The Good
• Lots of managed clients
• Distributed Content
The Bad
• Does not provide high availability, redundancy, or site resiliency
The Ugly
• SQL Replication
• Administrative Latency
CAS Scenarios
More than 100,000 managed Windows* clients
CAS
Geographically separated locations No CAS. Use secondary sites (if needed) and remote distribution points
Internal politics and whining Be the technical expert!
* See http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientNumbers
Remote Location
Fringe Scenario 1: Multiple locations, each with 10,000+ managed Windows clients
Secondary Site 2Secondary Site 1Primary Site
Fringe Scenario 2: Remote Content Creators
DP2
DP1
Primary Site
Fringe Scenario 2: Remote Content Creators
Primary Site 2
Primary Site 1
CAS
Nation B
Nation A
Fringe Scenario 3: National Politics
Primary Site 2
Primary Site 1
CAS
Distributed Views:• Some/most client
data not replicated to CAS
• Console and Reports dynamically query DB at primary site for info as needed
Remote Locations
Secondary Sites
YesProvide location aware,local site roles
Schedule and throttle client to (primary site) MPcommunication
No
Are resilient Manage clients
A managed client must be able to communicate with an MP in its assigned primary site.
Primary Site
Remote Location: Option 1, No Remote Infrastructure
MP
DP
WSUS
Content
*
* State & Status Messages, Hardware and Software Inventory
Update Catalog
Primary Site
Remote Location: Option 2, Remote DP only
MP
DP WSUS
DPPrimary Site Server
*
* State & Status Messages, Hardware and Software Inventory
Primary Site
Seco
nd
ary
Sit
e
Remote Location: Option 3, Remote Secondary
MP
DP WSUS
MP
DP
WSUS
Primary SiteServer
* Registration
*
The Choice: DP vs Secondary Site
DPSecondary Site
Clients
Available Bandwidth
Site Role Placement and Client Location
Multiple (Client Facing) Site Roles Within a Single Primary Site
Yes
High Availability Cross-forest
No*
Remote locations Segregated Networks
* The “No’s” on this slide are only applicable to MPs
High Availability -- Not
CAS
Primary Site 1 Primary Site 2
High Availability
MP DP WSUS
Primary Site Server
MP DP WSUS
Client Selection (within a Primary Site)
•Respects HTTPS/HTTP, forests, and domains•Random•3 failures leads to failoverMP• Respects HTTPS/HTTP, boundaries, subnets,
and fallback• Random within boundary group• 8-hour failover
DP• First installed• Respects forests• 3 failures leads to failover – no automatic
failback
SUP
Management Point Location Times
At client agent startup
Network change detected
Every 25 hours
DMZs and Segregated Networks
Segregated Network: Option 1
Primary Site
MP
DP
WSUS
Content
*
* State & Status Messages, Hardware and Software Inventory
Update Catalog
TCP 80/443
TCP 80/443
TCP 8530/8531(80/443)
Secondary Sites are not Gateways
Primary Site
Seco
nd
ary
Sit
e
MP
DP WSUS
MP
DP
WSUS
Primary SiteServer
* Registration
* MP*
Requires R2 CU3
Primary Site
Dom
ain
or
Fore
st B
Dom
ain
or
Fore
st A
Segregated Network: Option 2a
DB
DP WSUS
MP
DP
WSUS
Primary SiteServer
MP
Primary Site
Segregated Network: Option 2b
DB
DP WSUS
MP
DP
WSUS
Primary SiteServer
MP
Multiple Hierarchies
Multiple Hierarchies
Yes
Test, Dev, Lab Legal or National Politics
No
Administrative segregation Client segregation
EvaluationsPlease provide session feedback by clicking the Eval button in the scheduler app. One lucky winner will get a free ticket to the next MMS!
Platinum Sponsors
Gold Sponsors
Visit all of our sponsors in the expo area and online!