How to Get the Most from Your Microsoft Configmgr 2012 Migration via 1E

7/25/2019 How to Get the Most from Your Microsoft Configmgr 2012 Migration via 1E

http://slidepdf.com/reader/full/how-to-get-the-most-from-your-microsoft-configmgr-2012-migration-via-1e 1/211E.COM

WHITE PAPER

HOW TO GET THEMOST FROM

YOUR MICROSOFTCONFIGMGR 2012MIGRATION

CCM201


http://slidepdf.com/reader/full/how-to-get-the-most-from-your-microsoft-configmgr-2012-migration-via-1e 2/211E.COM

THE AUTOMATED MIGRATION: AN ANALYSIS OF OPTIONS

Overview

CongMgr 2012 Migration Options

Getting the Most from CongMgr 2012

1E Nomad: Enhancing Your CongMgr 2012 Infrastructure

How Else Can 1E Help

3

4

5

14

19

Contents

Share this

Abstract

This white paper sets out how you can

expedite your migration to CongMgr

2012. When the migration is done, or if

you have already migrated, it also

provides ideas to maximize SCCM 2012’s

benets and to lower your costs.

The Authors

Several of 1E’s CongMgr technical

specialists have contributed to this

document, namely: Shaun Cassells, Troy

Martin, Mike Terrill, and Paul Thomsen.


http://slidepdf.com/reader/full/how-to-get-the-most-from-your-microsoft-configmgr-2012-migration-via-1e 3/211E.COM 3

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Microsoft® System Center Conguration Manager 2012 (“CongMgr” or “SCCM”) has

been well received by organizations of all types and sizes around the world. Many of

the organizations that 1E works with have moved to it, are moving to it, or have

imminent plans to do so. If you are preparing to upgrade or are in the midst of such a

project, this is the ideal time to expedite your project, minimize your costs, and

maximize the benets from CongMgr. If you’ve already made the move, you can build

on the lessons you’ve learned to make your CongMgr implementation even better.

Based on 1E’s many years of experience as Microsoft’s premier CongMgr partner, this

document provides you with a wide variety of ideas and options to maximize the

return your organization is getting from your CongMgr investment. You can consider

implementing these ideas yourself, and where appropriate talk with 1E about how we

can help.

This document suggests options such as:

• Use industry best practices when using the key SCCM 2012 features

• Keep your CongMgr hierarchy as simple as possible (especially since SP1’s

availability) – you can add a Central Administration Site (CAS) or other primaries later

if business developments require them

• Flatten your server infrastructure and cut on-going running costs

• Consider the Intune integration option so that you can manage consumer-oriented

devices in addition to Windows computers (as well as Macintosh and Linux)

• PowerShell support brings a new level of customization and control

In 2012 1E consultants took a deep dive into SCCM and published their tips for success.

Those original observations proved to be very helpful and popular so we were pleased

to update them in 2013 for Service Pack 1 (SP1). Later in this document you will nd

updates to the changes that were made in CongMgr 2012 R2 and the changed

environment CongMgr now serves.

Overview




If you are planning to migrate to

CongMgr 2012 or are in the midst of your

project, you should consider your

migration options. The benets include:

• Minimizing your CongMgr server

footprint and maximizing reliability

and performance

• Reducing the deployment timeline by

two thirds

• Improving your patching and software

distribution success

Doing the migration with your own staff

and just SCCM might be a viable option if

you are prepared to delay other projects,

often by months. You will need time to

set up a lab, educate the team on the

migration process, build a design and

process, test the process in the lab, plan

for production, and then do the actual

work of the migration itself. There is also

the risk that you will miss lessons that

have been learned elsewhere, given that

this is your rst opportunity to actually do

a migration to SCCM 2012. The challenges

and risks increase dramatically if your

organization is fairly large, is very diverse,

or has other unique characteristics.

You should also consider how well the

end state will serve your needs. As long

time partners of Microsoft, 1E is very

impressed by the capabilities of

CongMgr 2012 and is very pleased to

specialize in it . However, 1E has worked

with hundreds of organizations where

SCCM could be enhanced to even betterserve the organization. Such

enhancements are why Microsoft so

greatly values its huge partner

ecosystem. Therefore it is prudent to take

time to consider whether additional

software would allow SCCM to work even

better for you. Taking time to read this

whitepaper is a great rst step.

The cost of additional services and

software are often a concern and we are

pleased to discuss that with you. Our

experience has been that the benets are

so dramatic, in hard savings, that the

investment quickly pays for itself. We

have the analysts to help you quantifythose savings and we have the history to

prove that the savings will be realized as

planned. Our large support and

engineering teams ensure the savings

continue to be realized for years, long

after the investment has paid off.

If you see the potential that 1E’s

consultants, software, or partners can

help you, we encourage you to contact

us. We will be pleased to meet at a time

and in a format that works well for you to

explore the possibilities. Our professional

account and technical teams will

carefully listen to your challenges and

requirements and then explain our

solutions to whatever degree you like. If

there are better alternatives we will point

them out and leave you to them. We are

here to help, as we have done with so

many organizations since 1997.

CongMgr 2012 Migration Options




Getting the Most from CongMgr 2012

Whether you are about to migrate to

CongMgr 2012 or are already there, you

should investigate how you can get the

most from SCCM. This section highlights

key changes in CongMgr 2012 as

compared with CongMgr 2007 and

provides an overview of the lessons that

1E has learned in relation to them.

Application Management

The deployment of software is the

primary function of most CongMgr

implementations. In CongMgr 2007,software distribution was achieved by

dening packages and programs and

then advertising the programs to

collections of clients or users.

Different installation types (e.g. 32-bit

and 64-bit installation) could require

separate programs. Typically, a collection

would dene the target for each

installation type (query-based

collections dene the logic that

determines which systems should run

the program).

Those legacy objects are still available in

CongMgr 2012, and are in fact still

required for some of the content required

in an operating system deployment task

sequence (such as boot images, OS

images, driver packages and the

CongMgr client agent). However

CongMgr 2012 introduced a completely

new alternative approach to software

distribution – application management.

For application management, an

application has a number of deployment

types, each dening the required source

les, install and uninstall command lines

and user experience (e.g. whether a user

needs to be logged in), similar to the

properties of the legacy packages and

programs. Deployment types are

deployed through a deployment, which

isn’t all that dissimilar from the concept

of an advertisement.

The most signicant difference with

SCCM 2012 application management is

that the deployment type also denes

the targeting logic, which is evaluated onthe client each time the Application

Deployment Evaluation Cycle occurs.

Application management uses the same

‘engine’ as the Compliance Settings, so

the decision whether to install can be

based on values from Windows

Management Instrumentation (WMI), the

local registry, the return code of a script,

the result of a Microsoft SQL Server

database query, or the user (either

logged on at the time, or the primary user

of the device).

The collections targeted by a

deployment can therefore be much more

encompassing – now you needn’t panic

when you accidentally deploy to All

Systems (as long as you have the right

conditions dened in the Deployment

Type requirements).

SP1 extended this model by improving

the App-V support and adding Windows

8 support.

Migrating to CongMgr 2012 does not

require migrating to application

management right away, but you should




consider doing so when time permits in

order to take advantage of its benets:

• Applications are state based, so if an

application is uninstalled from a client,

it will be reinstalled automatically in

order to restore the intended state of

the client

• The evaluation as to which clients or

users receive the application is done

on the clients, so the workload on the

servers is reduced (particularly in

terms of collection evaluation)• Applications can be made available to

users in the Application Catalog, thus

enabling a user-centric service model

Site Hierarchy

CongMgr 2012 should keep the

minimalists happy – the architecture is

designed for a much atter hierarchy,

and in fact, a single site CongMgr 2012

hierarchy is used by most organizations

with less than 100,000 clients to manage.

An important change in the SCCM 2012

architecture for those organizations that

do require multiple sites is the Central

Administration Site (CAS), which is in

some ways similar to an SCCM 2007

central site, but no clients can be

managed directly from the CAS.

A key role of the CAS is to coordinate

replication of data throughout a

hierarchy, so it is not required if you are

going to manage your entire

environment with a single primary site.

As of SP1, a standalone site can beattached to a CAS at a later stage. A CAS

also enables a failed primary site to be

recovered even without a backup. It is

worth noting that only primary sites can

attach to a CAS, and only secondary sites

can be attached to these primary sites, so

effectively your hierarchy will not exceed

three tiers for the core sites (additional

secondary sites can be lower tiers).

Even the role of the secondary site is

somewhat changed in CongMgr 2012.

One of the main reasons for deploying

secondary sites in CongMgr 2007 was to

be able to manage network bandwidth

for the distribution of content (packages,updates and OS images).

In CongMgr 2012, distribution of

content to remote distribution points can

be scheduled and throttled in the same

manner as site-to-site trafc, so unless

you are concerned about the volume of

trafc going back to the primary site

(inventory, status, software usage, etc.)

you can do without secondary sites. It ’s

worth noting that secondary sites require

a SQL database in CongMgr 2012,

however the secondary site installation

will install Microsoft SQL Server® Express

if a supported version of SQL Server is not

installed locally.

In CongMgr 2012, boundaries are used

to identify network locations and are

available to all Sites in the hierarchy.

Boundaries are then grouped together in

boundary groups, which can be

optionally associated with a particular

site for client site assignment. For

example, each of the LANs in a particularlocation, like a branch ofce or a retail

store, would be added as individual

boundaries, and these boundaries would




then be added to a boundary group that

identies that location. The boundary

group can then be associated with the

primary site that should manage that

location.

Given all these options, you can do a lot to

simplify your SCCM hierarchy and

therefore simplify operations and

increase reliability:

• Don’t include a CAS unless you must

• Only use secondary sites in locationswith a large number of clients and/or if

you expect a very large volume of data

to be frequently reported up the

hierarchy

• If you must have multiple primary

sites, keep the count as low as possible

Site-to-Site Replication

If you have need for a multi-site

CongMgr hierarchy, you should be

aware that site-to-site communication

has received a major overhaul in

CongMgr 2012. Database replication has

replaced most of the legacy le transfer

in and out of inboxes (content as in

packages, applications and operating

system deployments are still replicated

using the le system).

Most changes in any site will be

replicated globally to all sites in the

hierarchy, not just to the parent or child

sites. To help monitor and resolve

replication issues between the sites there

is a Database Replication node in theMonitoring section of the console that

shows the status of any links. The

Replication Link Analyzer is an additional

tool that enables further analysis and

remediation of SQL replication issues

between sites.

SP1 improved replication by giving you

more control in terms of what is

replicated and when.

Administration

The administration console was

historically a big pain point for CongMgr

2007 administrators. Not only was it

difcult to control (to allow certain users

to only see the features they administer)but it also crashed too often. The

administration console in CongMgr 2012

has been completely redesigned and

rewritten from the ground up. It does not

use Microsoft Management Console

(MMC), and displays only the features the

administrator has rights to.

SP1 enhanced the administrative model

even further. New PowerShell support

extends your administration options so

that you can automate CongMgr

operations even more than in previous

versions. The addition of the Client

Operations infrastructure allows you to

initiate Endpoint Protection and client

policy refreshes whenever you require

them.

Managing Clients Over the Internet

The complexities of Native Mode in

CongMgr 2007 no longer exist in

CongMgr 2012 as the Mixed and Native

Site modes are no more. Instead, the

various Site system roles within the Siteare congured to support HTTP or HTTPS

connections (or both).




Within a Site, multiple site systems (e.g.

management points) can be deployed,

allowing one or more servers situated in a

demilitarized zone (DMZ) to host

internet-facing roles using HTTPS, with

the same roles hosted on an internal

server using HTTP.

Use of HTTPS still requires public key

infrastructure (PKI) to enrol client and

server certicates (mutual authentication

is still required), however the Site Server

Document Signing Certicate is nowcreated by the site as a self-signed

certicate.

By default, if a client has a client

authentication certicate issued by a

trusted Certicate Authority (CA) it will

use HTTPS and will be able to

communicate with all Site systems that

are congured to support HTTPS. If no

such client authentication certicate

exists, the client will use a self-signed

certicate and use HTTP to communicate

only with site systems that are congured

to support HTTP.

New to CongMgr 2012 is the possibility

for Internet-based clients to evaluate a

user-based policy (such as application

deployments). In order for this to occur,

either the management point (MP) and

user account must be in the same forest,

or a trust must exist between the forests

in which the MP and the user account

reside. In either case, any perimeter

rewall must allow AD authenticationtrafc between the MP and a domain

controller in the user account’s forest.

Exciting SP1 changes include the ability

to use cloud-based (Azure) distribution

points and to enable clients to get

software updates from Microsoft Update

if corporate DPs are not available.

CongMgr 2012 SP1 and R2 demonstrate

Microsoft’s commitment to dramatically

improving your internet client

management options. The Intune

integration is much more robust and a

larger variety of clients are supported.

With R2 you can also now manage iOS7settings, deploy web application

shortcuts, and use Windows 8.1 app

bundles.

Similarly, remote connection, certicate,

VPN, Wi-Fi, and email proles make it

easy for you to enable mobile user

support, rather than having to implement

your own solution.

As your users increase their expectations

for mobile support, and CongMgr

increasingly enables it, you should

consider implementing these features in

your organization.

Scalability

A CongMgr 2007 hierarchy could

support a maximum of 200,000 clients

(300,000 with R3). CongMgr 2012

supports up to 400,000 clients in a single

hierarchy when the database for the

Central Administration Site is running

SQL Server Enterprise. Each Primary Site

can support up to 100,000 clients if thedatabase and Primary Site roles are

hosted on separate servers. The SP1

database replication options ensure that




you can ne tune it in even the most

challenging environments.

As with CongMgr 2007, each

Management Point (MP) can support up to

25,000 clients. However, the concept of a

Default Management Point no longer exists

in CongMgr 2012, and neither does

support (or necessity) for Network Load

Balancing (NLB) an MP. Instead, up to four

servers can host the MP role and clients

manage the load balancing in much the

same way as they do with DistributionPoints (DPs). CongMgr 2012 also increases

the number of supported DPs per Site from

100 to 250, each supporting up to 4,000

clients.

At rst you might think that scalability is

not an issue for you, unless you work for a

very large organization. However, even

medium-sized organizations could have a

very large number of clients when you take

into account the multiple devices that

users often have. So if users typically have a

laptop, tablet, and phone, and you manage

them all, then an organization with 50,000

to 100,000 users could have some scale

concerns. Add in a lot of data-center

servers, point-of-sale systems, robotic

control systems, or similar options and

even current CongMgr 2012 scalability is

worth taking seriously.

Distribution Points

There are some notable changes in the role

of the distribution point (DP) in CongMgr2012. The branch distribution point (BDP)

distinction has been dropped in CongMgr

2012. Instead, there is a single DP role that

can be installed on servers (2003 upwards)

and workstations (Vista upwards).

Interestingly, the DP role is the only site

system that is supported on both 32- and

64-bit computers; all other site systems

require a 64-bit OS. Distribution of content

to remote DPs (i.e. any DP that is not hosted

on the same LAN as a site server) can use

scheduling and throttling similar to that

dened in our old friend, the site-to-site

address, that has survived since the rst

version of SMS.

By default all content is obtained by clients

using HTTP (or HTTPS), which means that

any system (including a workstation)

hosting a DP need Internet Information

Server (IIS) installed.

Although there is the option to establish

content for specic packages on a ‘legacy

style’ DP share (this is in fact necessary if

you want to use OS deployment task

sequences that obtain content directly

from the DP), the HTTP/S server must

always be present. If you currently use

network-attached storage (NAS) devices to

host CongMgr 2007 DP shares, you are

going to need a new strategy for CongMgr

2012.

The DP role now incorporates the Preboot

Execution Environment (PXE) service as an

optional feature if the DP is hosted on a

server operating system. Windows

Deployment Services (WDS) is still required

for PXE booting in CongMgr 2012. Talk to1E about Nomad, which not only eliminates

the need for any kind of DP in your remote

locations but also enables PXE to be served




from a workstation. Nomad 2012

integrates seamlessly with the CongMgr

2012 operating system deployment (OSD)

process, using content stored on local

peer workstations to complete a full OS

Deployment without impacting the WAN.

Conguration Manager 2012 SP1 and R2

also introduced and enhanced a new “pull

distribution point” role, or pull DPs. The

benet of pull DPs is that they ofoad the

site-to-DP content distribution workload

from the site server to the DPs. They donot provide any benet in getting the

content to the clients and they may in

fact complicate that process by adding

more “moving parts”.

Also new are “cloud DPs”, meaning

distribution points hosted on Microsoft

Azure. These can be useful for clients on

the internet but you should pay close

attention to their costs. If used, they are

most appropriate for small critical

deployments to a limited number of

clients.

Users in Control

CongMgr 2012 has been built with the

user in mind. The Software Center,

installed on all clients, provides an

interface for the user to manage the

installation of software that has been

made available to them and to view

software that has been installed by

CongMgr. The Software Center can also

give the user control over the CongMgr

actions that are likely to impact themmost. For example, a user can dene their

working day and software deployments

and updates can be congured to respect

these and deploy outside of these hours.

1E Shopping provides a much richer

experience with congurable approval

workow, support for system as well as

user based deployments, optional

restriction of deployment if insufcient

licenses exist.

It integrates with other service desk

systems and enables users to rent

applications for a xed period after which

they are automatically put back into the

pool for other users to employ, further

reducing the costs associated withpurchasing unnecessary software

licences.

Note that Shopping allows for quarantine

periods required by some specic

software vendors when reallocating

licensed software.

SP1’s extension of CongMgr to the

device and Macintosh environments

allow organizations to empower their

users to use the solutions they want while

ensuring IT control for security and similar

requirements are maintained.

Client Health and Efciency

There are a number of features in

CongMgr 2012 to ensure clients remain

healthy, operational and efcient. The

reality is that once your hierarchy has

been deployed for a year or more,

somewhere between 5% and 15% of your

clients will experience issues and may

stop communicating with CongMgr if

you don’t intervene.

CongMgr 2012 directly addresses this

problem with CongMgr Client Heath

evaluator. This program (which runs as a




scheduled task separate from the

CongMgr client’s service) detects and

remediates the most common causes of

client failure, reporting its activities to

CongMgr.

CongMgr 2012 clients can also

automatically upgrade themselves to the

latest version if it is below the specied

version. You enable this from site settings

and you can congure the maximum

number of days before the client must

upgrade. In addition to this you havecontrol over how the clients’ installation

les are downloaded or not if the

distribution point is on a slow link, and

they can even have a fall-back source

location. (Note: Microsoft recommends

using this as a catch-all after the bulk of

any upgrade has nished.)

To protect clients from malware,

CongMgr 2012 has Endpoint Protection

fully integrated, so no more running two

separate infrastructures. The Endpoint

Protection client is installed using

CongMgr 2012 client settings, so there is

no need to create any packages or

programs.

Endpoint Protection reports and

dashboard are integrated into the

CongMgr console further simplifying

operational tasks. There is even an

out-of-the-box security role for the

Endpoint Protection Administrator,

dening all the necessary rights to enable

the role to be delegated. And with SP1you can initiate Endpoint Protection

activities when you need them using the

new Client Operations feature.

Keeping up to date with software

updates is an important step for ensuring

the health and functionality of a client. A

signicant improvement to management

of software updates in CongMgr 2012

comes with the Automatic Deployment

Rules feature. Administrators can ensure

updates are automatically downloaded,

approved and deployed based on specic

criteria, instead of manually carrying out

tasks. For example, this could be used to

automatically deploy all critical updates

for Windows 7, or to automatically deployrecent signature denitions for System

Center 2012 Endpoint Protection.

If you do not want to deploy

automatically, the rules can be

congured to retrieve compliance

information from client computers for the

software updates without deploying

them.

CongMgr 2012 R2 further enhanced

software updating by allowing you to

specify maintenance windows that are

for software updates only. Software

distribution and task sequences can be

done at other times using other

maintenance windows.

Power Management, introduced in

CongMgr 2007 R3, is enabled by default

in CongMgr 2012 and includes some

minor enhancements. It continues to

enforce the same peak and non-peak

power plan settings for turning off the

display, inducing sleep or hibernatemodes, controlling battery notications

and button actions and scheduling

desktop computers (deliberately not




laptops) to wake from sleep. You can now

copy settings from another Collection so

you only have to tweak the differences.

Also, users can now exclude their PC from

power management which you can

report on and over-ride. NightWatchman

Enterprise from 1E lls in the gaps,

enabling scheduled shutdown and

wake-up for all systems, over-riding

processes that prevent computers from

going to sleep and enabling potential

application issues when resuming, to beaddressed, as well as providing other key

features.

Client Conguration

In previous versions of CongMgr, client

settings were congured by site. In

CongMgr 2012, the default client

settings (a bit like a ‘prole’ of settings)

are applied to all clients in the hierarchy.

As well as editing the Default Client

Settings, it is also possible to create your

own settings ‘proles’ that can be applied

to specic Collections. For example, you

may have Installation Permissions

congured globally to allow

Administrators and Primary Users to

initiate software installations, but a

custom client setting can be congured

to allow no users to initiate software

installation for a group of sensitive

computers.

The denition of WMI classes that get

reported through Hardware Inventory isnow managed through the Client

Settings interface in the console. No

more editing SMS_DEF.MOF or

CONFIGURATION.MOF (Microsoft

Operations Framework). What is really

cool with this interface is that new classes

can be added by connecting to WMI on

any computer and browsing to the class

you want to report on. In addition,

custom hardware classes may be

exported to a MOF le and imported in

the same interface. This allows custom

inventory settings to easily be transferred

from a lab environment to your

production environment.

Administrators in Control

Central to simplifying CongMgr

hierarchies is removing the need to have

primary sites to manage subsets of

clients. With CongMgr 2007 you might

have created a separate SCCM site to

manage datacenter clients, another for

your clients in Europe, and another for

the executives’ computers.

The same logic could have applied to

managing their CongMgr objects, such

as packages, task sequences, and

software update deployments. SCCM

2012 gives you new options to put such

controls in place without having to add

primary sites.

The rst set of such controls are what

we’ll call “assignment collections”,

meaning collections used to dene the

clients and users that the administrators

can manage, and then assigned to them.

When setting up administrators in the

CongMgr console you should specifyone or more collections that the

administrators can use.




When those administrators are creating

deployments or otherwise managing

clients they can then use those

collections to target the right clients or

users, or use collections that are directly

or indirectly limited to those assigned

collections. Clients or users that are

outside those assigned collections are

not available to them.

The second set of such controls are

“security scopes”. Scopes control which

CongMgr objects the administrators cansee in the CongMgr objects (except for

collections and the clients and users in

those collections, which are limited as

above). So scopes control which

administrators can see applications,

packages, deployments, task sequences,

sites, distribution points, software

metering rules, conguration items, and a

wide variety of similar objects.

When creating such objects they can

assign them only to scopes that they are

limited to, and thus other administrators

cannot see the objects they have created

unless the other administrators are also

assigned to the same scope.

The third and nal set of controls are

“security roles”, meaning the CongMgr

permissions that the administrators have.

There are a number of predened sets of

permissions (roles) and you can easily

create more.

Between these three sets of controls you

can ensure that administrators can do

only what you intend, using only the

objects you want, to the appropriate set

of clients or users. You can be condent

that they won’t do more than intended,

no matter what site they have access to.

However, you should also consider

whether you need a mechanism to

coordinate object creation. For example,

administrators from multiple scopes may

require an Ofce 2013 application, but thesecond administrator to have such a need

might not be able to see that another

administrator has already created one

because they are in different scopes.

With appropriate coordination the

second administrator could ask a senior

administrator to add his scope to the

already existing application, allowing him

to see and use it as well.


http://slidepdf.com/reader/full/how-to-get-the-most-from-your-microsoft-configmgr-2012-migration-via-1e 14/21




become unavailable. Elections are

weighted to ensure that the optimal

client is elected as the master. That

weighting especially favors clients that

already have the needed content, but if

none have it yet then the software is

downloaded from a CongMgr

distribution point. As the download

commences, the solution’s peer-to-peer

model immediately fans out the content

to more local clients, enabling fast and

efcient distribution across locations and

subnets.

Nomad’s automated discovery of

network topography enables

administrators to treat multiple subnets

as a single subnet. Nomad has the option

to add a central server role

(ActiveEfciency) that automatically

maintains a list of subnets at all locations.

If a master on a subnet at a location

requires content that is available on a

Nomad client on another subnet at that

location, the master can nd that client

via ActiveEfciency and obtain that

content directly from it. This eliminates

the need for the master to download its

copy over the WAN from a central DP. For

large content or at locations with

especially constrained WAN network

links, this can be quite benecial.

Operating System deployment (OSD)

especially benets from Nomad’s

strengths. Operating System images

themselves are often very large, as ingigabytes, but at the same time clients

will also need a variety of applications,

device drivers, patches, and possibly

other les. Furthermore, users do not

want to be without their computers for

long, so there is limited time to install all

that software let alone download it.

Therefore Nomad’s ability to reliably

provide the content from the LAN

anywhere in your organization is crucial

to your OSD success. You will usually

want to precache that content so that it is

ready for the rst client to be upgraded,

but Nomad readily accommodates

precaching. Nomad also helps withstoring user data (USMT data) and PXE

booting as discussed in the “Server

Reduction” section.

The use of clients for software

distribution is how Nomad can deliver

those enormous reductions in the server

footprint.

Server Reduction

With Nomad, organizations looking to

migrate can design an SCCM 2012

infrastructure with the bare minimum of

distribution points and secondary sites.

Even PXE server roles and state migration

points can be eliminated. Often 95% or

more of those servers can be eliminated.

If you’ve already migrated then you can

consider removing the servers, reusing

them for other purposes in your

organization.

In some cases the servers used for DPs or

even secondary sites are also used for

other purposes, such as le serving orprint sharing. Therefore removing the

need for CongMgr does not allow

removal of the servers themselves.




However, the fact that you don’t need to

deployment, and then you don’t need to

maintain them, is a considerable saving in

itself.

Not only does Nomad deliver

transformative cost savings in terms of

capital investment; dramatically reducing

the server footprint also results in

ongoing maintenance cost savings as

well as signicantly reducing the

manpower and time needed to deploy

SCCM 2012.

Because Nomad uses any or all

CongMgr clients and the master

(sharing) role is dynamically elected any

time content is needed, any issues with

Nomad or the computers Nomad is

running on do not prevent Nomad from

functioning. Another computer is elected

and the process continues.

Similarly, any changes in the network do

not affect Nomad because the primary

network activities are local to the subnet

– the subnet address and topology do not

matter to Nomad and thus can change at

any time without adverse effect. If the

content is not available on the subnet

already then Nomad must be able to

contact a distribution point, but that DP

will be one of a small number of DPs,

likely in a central and very stable data

center.

The CongMgr PXE functionality is a

DP-specic function and therefore everyPXE server is also a DP. However, a

Windows Server Operating System must

be used. Nomad’s PXE option can run on

any workstation Operating System such

as Windows 7, Windows 8, or even

Windows XP.

State migration points are useful when

migrating users from one computer to

another or in some cases when upgrading

Operating Systems. However, they are

another role that must be congured and

maintained and considerable disk space

must be provisioned and maintained.

Nomad can serve this purpose in a very

similar manner to how it delivers content– automatically and dynamically.

Many organizations have tried but

struggled to use large numbers of

secondary sites, distribution points, or

branch distribution points. This has often

lead them to come to 1E and Nomad.

Secondary sites and distribution points

can work well enough in small numbers (a

dozen or two), but as the numbers

increase the odds increase even faster

than at any given time a DP or site will be

broken for a variety of reasons.

Therefore your deployments will not be

as successful as they should be, requiring

you to track down those issues and spend

time resolving them. This work can be

very time consuming, and tedious, if you

have a sizable number of servers.

DP and site challenges come in various

forms but often include:

• Hardware issues, including failures, fulldisks, or performance limitations

• Operating System issues, including

compatibility issues




• Networking issues such as IP address

changes and subnet changes

o Remote SCCM servers are often

“protected” to serve local clients

only by assigning “boundaries” to

those servers. However, the

networking team may not always

remember to coordinate with the

CongMgr, leaving CongMgr

servers to be assigned the wrong

boundaries

• Coordination issues – the peopleresponsible for the server may not

coordinate with the CongMgr team

when swapping hardware, shutting it

down for maintenance, moving it, etc.

• End-of-life-replacement – even

though this work is predictable, it is

still time consuming to arrange

Bandwidth Efciency

There is a signicant aw in most

bandwidth throttling techniques: they

involve setting percentage limits for IT

trafc across the network. The problem is

that these thresholds are static and result

in the enterprise either not using all of the

available pipeline, or in slowed delivery as

different functions compete for

bandwidth. With Nomad, content is only

downloaded to a location once and from

then on it is shared locally from peer to

peer.

Nomad’s intelligent bandwidth

monitoring and usage management

reacts in real-time to the existing trafc.It eliminates the competition between IT

and business trafc without the need for

scheduling or delaying IT tasks until close

of business. As Nomad is downloading it

will monitor for latency in the

downloading.

If any is detected then that is evidence

that there is contention on the network

links somewhere between the master

and the central DP that it is downloading

matter. Access to routers is not needed

and the topology of the network does not

matter – it is sufcient that Nomad sees

latency. In that case it will immediately

reduce its download rate, allowing theother trafc to take priority on the WAN.

When the latency disappears Nomad will

carefully increase its download rate until

it is downloading as fast as the WAN will

support. In this way the WAN is providing

maximum benet at all times, either to

the other business trafc (as the rst

priority) or to Nomad.

Remote Locations

Nomad is the most reliable way of

distributing software across WANs, even

to poorly-connected and remote

locations, eliminating the need to

establish distribution points everywhere.

Nomad establishes a peer-to-peer

network for distribution of software,

patches, and OS images from SCCM. So

whether the challenge is setting up a new

location or bringing an isolated site into

your network, with Nomad delivery is

easy.

Nomad’s intelligent bandwidthmonitoring and utilization ensures 100

percent reliable content delivery even

where the network quality is poor, such




as locations connected via satellite. If you

happen to need to update the software

on an off-shore oil platform you can stand

down the helicopter and rely on Nomad

instead.

1E has even done this for Operating

System deployments. It took a while for

the downloads to complete but the

critical business trafc continued

uninterrupted over the satellite link. The

upgrades then proceeded quickly using

the local copies of the content.

Improved Security

Security and compliance are quite rightly

signicant concerns for the enterprise.

Nomad integrates with and builds on the

inherent security provided by SCCM 2012,

introducing no additional risk to

individual PCs or to the network.

It is not just about not adding risk though

– Nomad actively reduces it. The efcient

distribution of content enables IT to

distribute patches and upgrades during

the day, rather than having to wait until

end-of-day. That keeps your computers’

security up-to-date at all times. That

distinction is especially critical for

zero-day exploits but also for computers

that aren’t online afterhours, such as

laptops.




How Else Can 1E Help?

Nomad and 1E’s consulting services (including those of our partners) are central to a

successful CongMgr 2012 migration but 1E is pleased to offer even more options and

has solution to address the following concerns:

• Will you provide all the same software packages from CongMgr 2012 as you did with

CongMgr 2007? If not, then which packages should be migrated?

• Do your users here in 2014 have the same expectations as the users had when you

deployed CongMgr 2007? We often nd that users are much more likely now to

seek out software that will make them more productive and do not understand why

that cannot be an almost instantaneous experience.

• When you have made the investment in the CongMgr 2012 migration is your

organization getting new added value that demonstrates to the business that the

project was truly a step forward?• Are the client computers as available for computer management as much as they

were when you implemented SCCM 2007?

AppClarity

Inevitably some software packages that were useful years ago for business needs at

that time are not so useful now. But which software is that? Of the software in this

case, which is the least used? When migrating packages it seems prudent to start with

the packages that are deployed and used mostly widely, then those that are deployed

widely and fairly well used, and nally those that are not deployed widely nor widely

used. Packages for software that is not used at all should not be migrated no matter

how widely they were previously deployed.

You (or your SCCM administrators) can run reports to identify what software is

deployed and how widely, but determining how well used it is can be challenging.

Enabling software meter rules results in often overwhelming data if done on a large

scale and takes weeks or months to collect. Any other form of software usage data is

hard to relate to specic software products. And with or without usage data, the

reports will be very long, listing tens of thousands of unique software titles, most of

which will be extremely obscure.

1E’s AppClarity addresses these challenges by importing relevant data from

CongMgr, applying sophisticated normalization algorithms, and presenting the

results in user-friendly reports that will give you the information you require. You can

dive as deeply as needed into the data but the summarized form will be sufcient for

most migration purposes. Having identied the most used software in yourorganization, you can consider which packages should be migrated to SCCM 2012 as

legacy packages or converted to applications.




Your software asset management or licensing team will also benet from AppClarity

in that they can import their licensing data and readily identify license compliance

issues. They can even address compliance issues in many cases by using AppClarity

to automatically de-install software where it is not being used, bringing it into

compliance.

Shopping

Microsoft has anticipated the rise of user expectations for app stores by including an

Application Catalog in CongMgr 2012. However, the Application Catalog is a minimal

solution lacking key features such as:

• Offering both applications and legacy packages (the latter are not offered)

• Active Directory security groups changes• Resource requests, such as for computers or ofce supplies – only CongMgr

objects can be offered

• A robust approval workow

• Easy integration with ticketing systems or other infrastructure

• Rental of applications, legacy packages, or security group changes, ensuring they

are removed after the user has used them for project-oriented work

• Extensive customization to brand the web site in the same fashion as your other

intranet sites

• License management

1E Shopping offers these and many other features in a very modern web design that

your users will nd to be a pleasure to use. The experience is consistent with what

they have with their consumer devices, reecting well on your IT organization.

NightWatchman

One of 1E’s most popular products is our industry leading power management

solution, NightWatchman. Windows and CongMgr have power management

features but real-world complexities often prevent them from enforcing power

management when they should. Reporting on the savings realized is minimal.

Integrating NightWatchman in your CongMgr 2012 infrastructure will al low your

organization to maximize power savings and minimize its greenhouse gas impact.

The facilities and sustainability teams in your organization will highly value the added

value that CongMgr 2012 brings to the organization when partnered with

NightWatchman.


http://slidepdf.com/reader/full/how-to-get-the-most-from-your-microsoft-configmgr-2012-migration-via-1e 21/21


About 1E

1E is the pioneer and global leader in

efcient IT solutions. 1E’s mission is to

identify unused IT, help remove it and

optimize everything else. 1E efcient IT

solutions help reduce servers, network

bandwidth constraints, software licenses

and energy consumption.

Contact us

UK (HQ): +44 20 8326 3880

US: +1 866 592 4214

India: +91 120 402 4000

[email protected]

Share this

WakeUp

Where power management is effective you might nd that you cannot manage

computers after-hours because they are in a low power state. To minimize this issue

you should use a Wake-on-LAN (WOL) solution. CongMgr includes WOL options,

including a new WOL proxy feature, but technical constraints mean that these options

only work in limited circumstances.

Both Nomad and NightWatchman include WakeUp, a full-featured WOL solution that

does not have technical constraints. You can use WakeUp to maximize the

effectiveness of CongMgr 2012’s features. Either automatically or at SCCM

administrator discretion you can use the CongMgr console to wake computers for

patch management,

We trust this white paper has raised ideas that will make your experience with

CongMgr 2012 even better. If you would like to discuss those ideas further, please

contact us at the numbers below.

How to Get the Most from Your Microsoft Configmgr 2012 Migration via 1E

Documents

Transcript of How to Get the Most from Your Microsoft Configmgr 2012 Migration via 1E