UD-B404 Migration best practices from System Center 2007 to 2012
Transcript of UD-B404 Migration best practices from System Center 2007 to 2012
Migration best practices from System Center 2007 to 2012Laszlo RuboczkiCEO and lead architectRUBEDI LTD
UD-B404
Who am I?
Laszlo Ruboczki
CEO and lead architect at RUBEDI ConsultingWorking with Microsoft technologies for more than 15 years. Specialized for IT operation and implementation support using System Center products
Agenda• Overview of new features which have an impact on
the migration• Design considerations• Prerequisite steps before start the migration• Migration process• Decommission of SCCM 2007
At this session we will not…• discuss all the new features of SCCM 2012 SP1• dig deep into the details of supporting 3rd party
platforms• learn the SCCM 2012 migration basics• develop your migration plan
Overview of new features which have an impact on the migrationReasons why we are moving to the new version of SCCM.
Capacity of SCCM 2012 SP1• SCCM 2012 in number of supported clients which
increased since last version• 400,000 per hierarchy• 100,000 per primary site• 25,000 per management point• 25,000 per software update point• 5,000 per secondary site
• Other objects:• 400,000 clients per Application Catalog Web components (50,000 for the best
performance)• 10,000 packages and applications per distribution point
More than 30%
increase
Not supported operating systems in SCCM 2012 SP1
• Windows Server 2003 Service Pack 1 and below• Windows Vista Service Pack 1 and below• Windows XP x86 Service Pack 2 and below• Windows XP x64 Service Pack 1 and below• Windows Server 2008 Service Pack 1 and below• Windows Itanium Server
Increase the level of Service Pack to the supported levelIMPACT
Migration design considerations
Migration Process
• Migrate the required objects• Check the functionality of the
migrated objects• Migrate clients in pilot• Perform bulk migration of
clients• Decommission the old SCCM
MIGRATE
• Install SCCM 2012 (ensure the required HW resources)
• Use the latest recommended OS and SQL level (2012)
• Perform the smoke and performance test on the new environment
BUILD
• Discover existing environment
• Level up SCCM 2007 SP2• Select objects to be migrated• Design the new hierarchy
PLAN
PLAN for site boundaries
Consideration SCCM 2007 SCCM 2012
Security boundaries - delegation New site Role Based Access Control
Site-wide settings New site Client settings
PXE with DP Secondary site Distribution point
Manage computers in other AD forests New site Client Push installation
In most cases only one SCCM 2012 site server is enoughIMPACT
Supported hierarchy in SCCM 2012 SP1• You can specify parent site for a primary site anytime (it was
limited before Service Pack 1)• Not necessary to install a primary or secondary site in every
domain or forest• SCCM 2012 supports agents in untrusted forest and domains• Impact of Pull Distribution Points
Supported upgrade paths from SCCM 2007
• No in-place upgrade path for SCCM 2007 to SCCM 2012
• Only side-by-side upgrade is supported (content migration only)
• Built-in tools and features supports the migration
Prerequisite steps before start the migration
Active Directory Schema Extension
...if you previously extended the schema for SCCM 2007 SP2...
BUT add the new SCCM 2012 server object with FULL admin right to the System Management OU in ALL concerning Active Directory domains
NOT NEEDED
Server side
• Build the new SCCM 2012 environment
• Ensure the required HW resources• 16 GB RAM is REALLY recommended
• Ensure the required software components• OS: Windows Server 2012• SQL: SQL Server 2012 with Service
Pack 1
Client side• Install BITS 2.5 to all system where applicable• Migrate the service pack level of the clients to the supported
level of SCCM 2012• Disable Group Policies configuring SCCM agent
• Change WSUS configuration Group Policies to the new WSUS server
Computer Configuration/Administrative Templates/Configuration Manager 2007/Configuration Manager 2007 Client/Configure Configuration Manager 2007 Client Deployment SettingsComputer Configuration/Administrative Templates/Configuration Manager 2007/Configuration Manager 2007 Client/Configure Configuration Manager 2007 Site Assignment
Computer Configuration/Administrative Templates/Windows Components/Windows Update/Specify intranet Microsoft update service location
Set the intranet update service for detecting updates: <FQDN of new WSUS server>Set the intranet statistics server: <FQDN of new WSUS server>
Delete the unnecessary registry settings on clients*
The following registry keys must be deleted from the computers which has been configured by Configure Configuration Manager 2007 Site Assignment group policy• HKLM\Software\Microsoft\SMS\MobileClient\GPRequestedSiteAssignmentCode• HKLM\Software\Microsoft\SMS\MobileClient\
GPSiteAssignmentRetryInterval(Min)• HKLM\Software\Microsoft\SMS\MobileClient\
GPSiteAssignmentRetryDuration(Hour)
*...only when you have managed the SCCM agent assignments with group policy
If you do not delete the keys referenced above, the newly installed SCCM 2012 clients will not be able to locate the
new SCCM 2012 Management PointIMPACT
DelSCCMSiteAssigmentValues.ps1$ErrorActionPreference = "SilentlyContinue"$file = Get-Content $PSScriptRoot\machines.txt foreach ($computername in $file){ $PingStatus = Gwmi Win32_PingStatus -Filter "Address = '$computername'" | Select-Object StatusCode If ($PingStatus.StatusCode -eq 0) { $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername ) $regKey= $reg.OpenSubKey("SOFTWARE\\Microsoft\\SMS\\Mobile Client",$true) $regKey.DeleteValue("GPRequestedSiteAssignmentCode") $regKey.DeleteValue("GPSiteAssignmentRetryInterval(Min)") $regKey.DeleteValue("GPSiteAssignmentRetryDuration(Hour)") Write-Host "Registry keys has been deleted from $computername" } else { Write-Host "$computername unreachable" } }
Communicate with the end users
In a fancy newsletter with the expected changes in their life
…a chance to use Publisher
Communicate with the end usersSoftware Center
No more: Control Panel \ Programs \ Get Programs
Communicate with the end users
Software Catalog
*requires Silverlight
Migration process
Use migration functionality of SCCM 2012• Built-in solution• Automates the boring
manual processes• Rebuild WSUS instead of
migrate the content of existing software updates
Source hierarchy configuration• Connect to every content source (primary site
servers) in the SCCM 2007 hierarchy started by the root-level primary parent site
• The first gathering will be the baseline of the migration, changes will be checked in every 4 hours PS1
PS2-1
BS2-1
BS2-2
PS2-2
PS3-1
Top level
Tier 1
Tier 2
PS1
SCCM 2007 SCCM 2012
Migration jobs
Capabilities of Migrate JobsObjects that can be migrated
Objects that cannot be migrated• Collections
• Advertisements• Boundaries• Software
distribution packages
• Virtual application packages
• Software metering rules
• Software Updates:• Deployments • Deployment packages• Templates• Software update lists
• Queries• Security rights and instances for the
site and objects• Configuration Manager 2007 reports
from SQL Server Reporting Services• Configuration Manager 2007 web
reports• Client inventory and history data• AMT client provisioning information• Files in the client cache
• Asset Intelligence customizations
• Operating System Deployment: • Boot images • Driver packages• Drivers• Images• Packages• Task sequences
• Desired Configuration Management: • Configuration baselines • Configuration items
Changes in collections
• Redesign your collections• Collections can be migrated but with limitations:• End of collections: only User or Device collections• Collections can mixed by using Include and Exclude Collections• End of linked collections (or subcollections)
Migration of collections – Example 1Consolidation of collections from different sites:
SITE
Collection
Linked Collection 1
Linked Collection 2
SITE (Folder)
Collection (Folder)
Linked Collection 1
Linked Collection 2
EMPTY!
Migration of collections – Example 2Consolidation of linked collections from members in all of them:
C1
LC1
LC2
C1 (Folder)
C1
LC1
LC2
C1 includes members of LC1 and LC2
Creating new collections
New collections maybe created because of the following
reasons:• Scope the client settings
• Scope the security roles (RBSA)
• Scope for firewall policies
• Scope for antimalware policies
CreateCollections.ps1Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'CD SRV:\$csv_content = import-csv $PSScriptRoot\collections.csvforeach ($Collections in $csv_content){New-CMDeviceCollection -Name $Collections.Name -LimitingCollectionName $Collections.LimitingCollectionName -Comment $Collections.Comment -RefreshType $Collections.RefreshType}
Shared Distribution Points• Can be used during the migration while the two SCCM
co-exists• It cannot be updated during it is shared• It is RECOMMENDED to create a new Distribution Point
to SCCM 2012 immediately to avoid the possible administration overhead of the shared and finalized DP
• Suggested workaround instead of using Shared Distribution Point
Migrate WSUS• Migrate only Software Update Lists, if needed (will be
converted to Update Groups)
• Migration of Custom Updates are not supported, contents in SCUP must be published again
Migrate WSUSDeployment behavoiur of Maintenance Window configuration has changed(no more „dummy” maintenance windows)
Migrate custom hardware inventoryAny custom SCCM 2007-based MOF file can be used in SCCM 2012
No re-authoring is required, MOF can be imported
DEMO
Migrate OSD• Boot image has been changed in SCCM 2012 SP1• WinPE4 instead of WinPE3• Driver migration not recommended• Task sequences including MDT or any other 3rd party
solution tasks will not be migrated• Old version of the boot images cannot be changed
(unable to add or remove drivers)
Use Powershell instead of MDT in the futureIMPACT
Changes caused by WinPE 4• New driver model (Windows 8 / 2012)• You cannot add the same drivers to boot image which were used in
SCCM 2007• Most of the drivers published these days are included in WinPE 4
• Probably you may not have to use additional specific driver when booting WinPE4
• Please use the latest driver packages published by the vendors and use the drivers published to WinPE4, Windows 8 or Windows Server 2012
Auto Apply Drivers issueThe following Task Sequences may not work properly in case of installation of pre-Windows 8 or Windows Server 2012 OS deployment in SCCM 2012 SP1• Auto Apply Drivers• Apply Driver Package
SymptomDriver installation is failing during „Setup Windows and ConfigMgr” task.
IBS CallBack_AddDriverPackageIntoDriverStore:Failed to install the driver package
Inject drivers to the operating system imageWorkaround
DEMO
Driver injection process (Windows 8 / 2012)1. Dism /Get-ImageInfo /ImageFile:<path to .wim file>\boot.wim
2. Dism /Mount-Image /ImageFile:<path to .wim file>\
boot.wim /Index:1 /MountDir:<path to mount folder>
3. Dism /Image :<path to mount folder> /Add-Driver
/Driver:<path to folder contains driver files> /Recurse
/ForceUnsigned
4. Dism /Unmount-Image /MountDir:<path to mount folder>
/Commit Use /Get-WimInfo /Mount-Wim /Unmount-Wim /WimFile switches in case of Windows 7 and Windows Server 2008 R2Note
Client migrationIn-place upgrade is supportedSilverlight is installed by default BUT can be skipped • (both in manual and push agent installation processes)
Silverlight.exe is required only when application catalog will be used
Ccmsetup.exe /mp:<FQDN of management point /skipprereq:silverlight.exe
Installation parameters
Client migration propertiesThe following properties will be migrated on clients:• Client variables• Inventory• State• Execution history• Re-run status• GUID
Client migration processInstalled from package• Automatically created and distributed during SCCM 2012 server setup• Deselect „Enable this distribution point for prestaged content” on DP where
the SCCM client package is locatedPre-requisites• BITS 2.5 (SCCM agent install will not be started without BITS)• .NET 3.0 or higher (.NET 4 will be installed if it does not exist)
Push install• SLP parameters can be used but this role has been integrated into MP• Do not forget to use the SMSSITECODE and SMSMP properties• The following command line switches can be used also in properties of Client
Push Installation in SCCM 2012 SP1• /forcereboot /skipprereq /logon /BITSPriority /downloadtimeout /forceinstall
Forefront Protection PoliciesThe FEP policies used in SCCM 2007 can be exported and re-imported in SCCM 2012
Some of them are recommended by default in SCCM 2012
Decommission of SCCM 2007
Clean up the environmentClean up the migration data on SCCM 2012 servers
Delete SCCM 2007 secondary sites first
Disconnect the SCCM 2007 parent sites from each other started by the bottom of the hierarchy
Delete all objects from System\System Management container in the Active Directory started by
• SMS-<old SCCM 2007 site codes>• SMS-Site-<old SCCM 2007 site codes>• SMS-MP-<old SCCM 2007 site codes>• SMS-SLP-<old SCCM 2007 site codes>
Summarizing the considerationsRedesign the hierarchy, remove unnecessary sites and site components
Avoid to migrate the unused\not needed objects and packages
Use the new features instead of existing solutions (servicing, applications)
Remove the obstacles from agent installation
Communicate the changes in user experience to end-users
Perform the migration is small batches
Clean up the Active Directory and all related objects after decommission of SCCM 2007
Thank you!
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.