jason adams, d.c. tardy program manager microsoft

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and TroubleshootingJason Adams, D.C. TardyProgram ManagerMicrosoft

UD-B403


Session Objectives And TakeawaysSession Objectives Review Design Principles for Configuration Manager Service Pack 1Discuss optimization and improvements for performance in Configuration Manager Service Pack 1

New SP1 infrastructure supports a smaller deployment footprintFewer sites correlate to a better customer experience

Enabling users to be productive, responsiblyFinding the right balanceDevices & Experiences Users Want

Applications and data across devices, anywhere

Empower User Productivity

Unified Management Infrastructure

Common IdentityAccess and Information Protection

Controlled access to data with seamless authentication


Unified Device Management

• Single management interface• Integrated security and

compliance• Improve IT efficiency• Reduced infrastructure complexity

Unified Management Infrastructure

+

Empower User Productivity

• Device choice• Application self-service• Personalized application

Experience• Non-intrusive management


Simplifying Management Across Platforms

Devices & Platforms

IT

Single adminconsole

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

AndroidMac OS X

Windows RT Windows Phone 8

iOSAndroid

Role Based Administration &Collection Limiting


Administrative Segmentation

Security Roles What types of objects can I see and what can I do to them? Example: the “Software Update Manager” role gives rights to read and deploy software updates to specific collections.

Security ScopesWhich instances can I see and interact with?

CollectionsWhich resources can I interact with?


Data Segmentation Configuration Manager 2007

France Primary Site

England Primary SiteMeg Collins“Central Admin”

•French collections•Create advertisement for French collections

•English collections•Create advertisement for English collections

Meg wishes to distribute a package to all of her EMEA users in the West region

•Create and distribute package Anthony“English Admin”

Louis“French Admin”


Segmentation with Configuration Manager 2012

•French collection(s)•Create deployment for French collection(s)•English collection(s)•Create deployment for English collection(s)

Meg wishes to distribute an application to all of her EMEA users in the West region

Meg Collins“Central Admin”

•Create and distribute application

CentralAdmin Site

Louis“French Admin”

Anthony“English Admin”


Collection Limiting

All Systems

French Systems

French Desktops

French Servers

English Systems

• Meg gives Louis permissions to “French Systems”

Louis • can read French Systems and all

collections limited to French Systems

• cannot see All Systems and English Systems

• can modify and delete French Desktops

• can create new collections limited to French Systems or French Desktops


Demo

Role Based Access

Boundary Strategy


Overview

• What is a Boundary?• Analysis of boundary types• Recommendations for designing a

boundary strategy


What is a Boundary

A Boundary is a network location that you want to manage with Configuration Manager.A Boundary is assigned to a Boundary group.A Boundary is used for site assignment and content availability for clients.There are three Boundary types:1. AD Site2. IP Subnet3. IP Range


Analysis: AD Site Boundary

Benefits:• Large container – should match known

network bottlenecks• No issues with assignment or location

requests• Very inexpensive from a performance

perspectiveProblems:• Requires coordination with Active

Directory Admins• Dependency on properly configured AD


Analysis: IP Subnet Boundary

Benefits:• Least expensive boundary type to run• Should map directly to network topologyProblems:• Outside of networking administrators, concept of IP

subnet is uncommon• Known issues for assignment if AD sites use supernets

• Actual assignment and registration are handled correctly

• Confusion of Supernets vs. Subnets• Networks tend to have a large number of subnets


Analysis: IP Range Boundary

Benefits:• Easy to understand• No issues with assignment or location

requestsProblems:• Very SQL intensive to evaluate


Overview

Try to design with the fewest boundaries possibleRevisit design if you average less than 100 clients per boundary

Use fewer sitesUse AD Site boundary types when possible

Investigate the state of AD Sites. If configured correctly, it is the best match for bandwidth issues

If there are going to be a number of boundaries, prefer IP subnet boundary types.Use IP Range boundary types sparingly and only when necessary

Replication Principles


Replication PrinciplesAs few sites as possibleReplication overheadIncrease site count only to support volume of devicesExceptions to this rule

Geographic presenceNetwork access accounts

Network considerationsSite data replicationSite data schedulingProximity

Replication tax


How to avoid the Replication Tax

• Collections• Packages (meta data)• Programs• Deployments• Configuration Items• Software Updates• Task Sequences• OS Images (boot images, driver packages,

etc.)• Site Control File• System Resource List (site servers)• Site Security Objects (Roles, Scopes, etc.)• Client Authentication• Client Discovery

• Collection Membership• Alerts• Hardware Inventory• Software Inventory & Metering• Status Messages• General Site Data

• Asset Intelligence CAL Track Data• Status Messages• Software Distribution Status Details• Software Updates Replicated Site Data• Software Updates Non-Replicated Site Data• Status Summary Data• Component and Site Status Summarizers• Client Health Data• Client Health History• Quarantine Client Restriction History

Global DataSite Data


How to avoid the Replication Tax

• CAS is bottleneck for replication

• Global data requires copies throughout hierarchy

• Site data requires receiving data from each primary

Central Administration

Site

Primary Site Primary Site


How to avoid the Replication TaxExample: Managing 40,000 systems

Central Administration

Site

Primary Site Primary Site 1

2 3

1 2Stand Alone

Primary

Sites Sends Copies

1 0 1

2 1 2

3 2 3

… … …

10 9 10

Sites Sends Copies

1 0 1

2 1 2

3 2 3

Sites Sends Copies

1 0 1

2 1 2

Sites Sends Copies

1 0 1

Sites Sends Copies


Design PrinciplesAvoid the Replication Tax

The Math of Replication

Number of sites

Copies in hierarchy

Sends from CAS for global data

Receptions to CAS for site data

1 (SAP) 1 0 (No CAS) 0 (No CAS)

2 2 2 1

3 3 3 1

4 4 4 1

… … … …

10 10 10 1


Design PrinciplesAvoid the Replication Tax

Lab Observations400K Patch Tuesday Performance BenchesContains 4 primary sitesSimulated Patch Tuesday environment at supported limitsLoad generates 32 million state messages to be processed

4-Site (Narrow)Lab clears all backlogs within 14 hours

10-Site (Wide)Lab clears all backlogs in 26 hours

SQL Best Practices


OverviewRebuild Indexes TaskTempDB FilegroupsUpdating statistics


Rebuild Indexes TaskImproves Speed of QueriesEssential in large scale deploymentsTask must be enabled:• Creates Indexes on columns at least 50% unique• Drops Indexes on columns less than 50% unique• Rebuild existing indexes that meet uniqueness

criteria


SQL File GroupsFile groups give you the ability to create multiple filegroups for SQL TempDBMultiple read write heads can be engaged in parallelImproves performance of queries

Role Memory CPU cores

DB Disk arrays

TempDB filegroups

DB size

CAS DB 96GB 16 4 8 150%Primary DB 48GB 12 3 2-4 150%


Updating StatisticsMost commons source of slow performance in production hierarchies.Auto update should always be enabledSp_updatestats should be used after any SQL maintenance or issue in which SQL has been under load for a prolonged periodCaution! Updating statistics is not a trivial task! There is a trade-off between statistics and overall performance, for day-to-day operations SQL should be allowed to manage statistics

Optimizing replication traffic


Optimizing replication trafficReplication traffic reportsResearch traffic across linksDetermine which links to optimize site data

Replication alertsDegraded versus failedReasons to change the settingsCaveats; sometimes degradation and back to active


Customer profiles


Infrastructure PromisesModernizing ArchitectureMinimizing infrastructure for remote officesConsolidating infrastructure for primary sitesScalability and Data Latency Improvements

Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possibleFile processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)System-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directly

Be TrustworthyInteractions with SQL DBA are consistent with Configuration Manager 2007Configuration Manager admin can monitor and troubleshoot new replication approach independently


Infrastructure DecisionsCentral Administration Site

Primary Site

Secondary Site

Distribution Point

Site Database Server


Company ProfileHeadquarters in Chicago

Subsidiary in London

2-4 administrators with other IT responsibilities, limited day to day use

125,000 clients

Weekly inventory, deploys software and software updates


When Do I Need a Central Administration Site

Headquarters in Chicago

More than one primary site in hierarchyMore than 100K clients in hierarchy

CAS

Primary

Secondary

DP



When Do I Need a Primary Site Server74,000 clients 1,000 servers

49,500 clients 500 serversConsolidate

Manage Clients - Consolidate

Scale (100K clients per primary) Reduce impact of primary site failure

Political ReasonsContent RegulationLocal point of administrative connectivity

• Decentralized administration

• Logical data segmentation

• Client settings

• Language

• Content routing for deep hierarchies


CAS

Primary

Secondary

DP



When Do I Need a Secondary Site Server72,500 clients

1,000 servers




Manage upward flow of WAN trafficTiered content routing for deep network topologies

• No local administrator for secondary

1,500 clientsOptimize

CAS

Primary

Secondary

DP



When Do I Need a Distribution Point

BITS not enough control for WAN trafficMulticast for Operating System DeploymentApp-V streaming

72,035 clients 1,000 servers




Don’t need Distribution Point when:

BITS enough over WAN trafficBranchCache™ deployed

Distribution point on Windows Server 2008 R2Clients running compatible operating systems

Vista SP2 with KB960568 installed

Windows 7450 clients Optimize

15 clients Optimize

CAS

Primary

Secondary

DP

1,500 clientsOptimize Subsidiary in London

Cloud Distribution Point Fallback For App/SWD Packages when local and remote distribution points unavailable.

WU/MU Fallback For Software Updates when local and remote distribution points unavailable.


In Review: Session Objectives And TakeawaysSession Objectives: Discuss key areas regarding advanced Configuration Manager infrastructure Discuss advanced Configuration Manager architecture options

Key TakeawaysKey design principlesPerformance optimizationCustomer profile options


People Centric ITCome to Booth 1 in the Expo Hall for your chance

to win a Surface RT bundle worth $699

Answer four questions correctly and you’ll be entered in our prize draw.

Draw will take place at 4pm on April 10 2013

NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules


Related ContentBreakout Sessions

UD-B309 Deploying and Configuring Mobile Device Management Infrastructure

UD-B310 Deploying and Managing Windows 8 with Configuration Manager 2012 SP1

UD-B317 Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1

UD-B318 Managing Embedded Devices with Configuration Manager 2012

UD-B325 System Center 2012 Configuration Manager SP1 Overview

UD-B330 System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management

UD-B331 System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1

UD-B332 What’s New with Microsoft Deployment Toolkit 2012 Update 1

UD-B333 What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design

UD-B335 Windows Intune Overview

UD-B403 Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting


Related ContentInstructor-led and Hands-on Labs

UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution


Evaluation

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

We want to hear from you!


Resources

http://channel9.msdn.com/Events

Access MMS Online to view session recordings after the event.

jason adams, d.c. tardy program manager microsoft

Documents

configuration manager

product names

informational purposes

market conditions

new sp1 infrastructure

windows vista

system center

advanced topics