1 / 49

Jason Adams, D.C. Tardy Program Manager Microsoft

Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting. Jason Adams, D.C. Tardy Program Manager Microsoft. UD-B403. Session Objectives And Takeaways. Session Objectives Review Design Principles for Configuration Manager Service Pack 1

Download Presentation

Jason Adams, D.C. Tardy Program Manager Microsoft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting Jason Adams, D.C. Tardy Program Manager Microsoft UD-B403

  2. Session Objectives And Takeaways Session Objectives Review Design Principles for Configuration Manager Service Pack 1 Discuss optimization and improvements for performance in Configuration Manager Service Pack 1 New SP1 infrastructure supports a smaller deployment footprint Fewer sites correlate to a better customer experience

  3. Enabling users to be productive, responsiblyFinding the right balance Controlled access to data with seamless authentication Devices & Experiences Users Want Applications and data across devices, anywhere Empower User Productivity Unified Management Infrastructure Common Identity Access and Information Protection

  4. Unified Device Management Unified Management Infrastructure Empower User Productivity • Device choice • Application self-service • Personalized application Experience • Non-intrusive management • Single management interface • Integrated security and compliance • Improve IT efficiency • Reduced infrastructure complexity +

  5. Simplifying Management Across Platforms Devices & Platforms Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Android Mac OS X • Single admin • console Windows RT Windows Phone 8iOS Android IT

  6. Role Based Administration &Collection Limiting

  7. Administrative Segmentation Security Roles What types of objects can I see and what can I do to them? Example: the “Software Update Manager” role gives rights to read and deploy software updates to specific collections. Security Scopes Which instances can I see and interact with? Collections Which resources can I interact with?

  8. Data Segmentation Configuration Manager 2007 Louis “French Admin” France Primary Site Meg wishes to distribute a package to all of her EMEA users in the West region • French collections • Create advertisement for French collections England Primary Site Meg Collins “Central Admin” Anthony “English Admin” • Create and distribute package • English collections • Create advertisement for English collections

  9. Segmentation with Configuration Manager 2012 Meg wishes to distribute an application to all of her EMEA users in the West region Anthony “English Admin” Louis “French Admin” Central Admin Site Meg Collins “Central Admin” • Create and distribute application • English collection(s) • Create deployment for English collection(s) • French collection(s) • Create deployment for French collection(s)

  10. Collection Limiting • Meg gives Louis permissions to “French Systems” All Systems • Louis • can readFrench Systems and all collections limited to French Systems • cannot see All Systems and English Systems • can modify and deleteFrench Desktops • can create new collections limited to French Systems or French Desktops French Systems English Systems French Desktops French Servers

  11. Demo Role Based Access

  12. Boundary Strategy

  13. Overview • What is a Boundary? • Analysis of boundary types • Recommendations for designing a boundary strategy

  14. What is a Boundary A Boundary is a network location that you want to manage with Configuration Manager. A Boundary is assigned to a Boundary group. A Boundary is used for site assignment and content availability for clients. There are three Boundary types: • AD Site • IP Subnet • IP Range

  15. Analysis: AD Site Boundary Benefits: • Large container – should match known network bottlenecks • No issues with assignment or location requests • Very inexpensive from a performance perspective Problems: • Requires coordination with Active Directory Admins • Dependency on properly configured AD

  16. Analysis: IP Subnet Boundary Benefits: • Least expensive boundary type to run • Should map directly to network topology Problems: • Outside of networking administrators, concept of IP subnet is uncommon • Known issues for assignment if AD sites use supernets • Actual assignment and registration are handled correctly • Confusion of Supernets vs. Subnets • Networks tend to have a large number of subnets

  17. Analysis: IP Range Boundary Benefits: • Easy to understand • No issues with assignment or location requests Problems: • Very SQL intensive to evaluate

  18. Overview Try to design with the fewest boundaries possible Revisit design if you average less than 100 clients per boundary Use fewer sites Use AD Site boundary types when possible Investigate the state of AD Sites. If configured correctly, it is the best match for bandwidth issues If there are going to be a number of boundaries, prefer IP subnet boundary types. Use IP Range boundary types sparingly and only when necessary

  19. Replication Principles

  20. Replication Principles As few sites as possible Replication overhead Increase site count only to support volume of devices Exceptions to this rule Geographic presence Network access accounts Network considerations Site data replication Site data scheduling Proximity

  21. Replication tax

  22. How to avoid the Replication Tax Site Data Global Data • Collection Membership • Alerts • Hardware Inventory • Software Inventory & Metering • Status Messages • General Site Data • Asset Intelligence CAL Track Data • Status Messages • Software Distribution Status Details • Software Updates Replicated Site Data • Software Updates Non-Replicated Site Data • Status Summary Data • Component and Site Status Summarizers • Client Health Data • Client Health History • Quarantine Client Restriction History • Collections • Packages (meta data) • Programs • Deployments • Configuration Items • Software Updates • Task Sequences • OS Images (boot images, driver packages, etc.) • Site Control File • System Resource List (site servers) • Site Security Objects (Roles, Scopes, etc.) • Client Authentication • Client Discovery

  23. How to avoid the Replication Tax • CAS is bottleneck for replication • Global data requires copies throughout hierarchy • Site data requires receiving data from each primary Central Administration Site Primary Site Primary Site

  24. How to avoid the Replication Tax Example: Managing 40,000 systems Central Administration Site 2 1 1 3 2 Stand Alone Primary Primary Site Primary Site

  25. Design PrinciplesAvoid the Replication Tax The Math of Replication

  26. Design PrinciplesAvoid the Replication Tax Lab Observations 400K Patch Tuesday Performance Benches Contains 4 primary sites Simulated Patch Tuesday environment at supported limits Load generates 32 million state messages to be processed 4-Site (Narrow) Lab clears all backlogs within 14 hours 10-Site (Wide) Lab clears all backlogs in 26 hours

  27. SQL Best Practices

  28. Overview Rebuild Indexes Task TempDBFilegroups Updating statistics

  29. Rebuild Indexes Task Improves Speed of Queries Essential in large scale deployments Task must be enabled: Creates Indexes on columns at least 50% unique Drops Indexes on columns less than 50% unique Rebuild existing indexes that meet uniqueness criteria

  30. SQL File Groups File groups give you the ability to create multiple filegroups for SQL TempDB Multiple read write heads can be engaged in parallel Improves performance of queries

  31. Updating Statistics Most commons source of slow performance in production hierarchies. Auto update should always be enabled Sp_updatestats should be used after any SQL maintenance or issue in which SQL has been under load for a prolonged period Caution! Updating statistics is not a trivial task! There is a trade-off between statistics and overall performance, for day-to-day operations SQL should be allowed to manage statistics

  32. Optimizing replication traffic

  33. Optimizing replication traffic Replication traffic reports Research traffic across links Determine which links to optimize site data Replication alerts Degraded versus failed Reasons to change the settings Caveats; sometimes degradation and back to active

  34. Customer profiles

  35. Infrastructure Promises Modernizing Architecture Minimizing infrastructure for remote offices Consolidating infrastructure for primary sites Scalability and Data Latency Improvements Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possible File processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy) System-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directly Be Trustworthy Interactions with SQL DBA are consistent with Configuration Manager 2007 Configuration Manager admin can monitor and troubleshoot new replication approach independently

  36. Infrastructure Decisions Central Administration Site Primary Site Secondary Site Distribution Point Site Database Server

  37. Company Profile Headquarters in Chicago 2-4 administrators with other IT responsibilities, limited day to day use Subsidiary in London 125,000 clients Weekly inventory, deploys software and software updates

  38. When Do I Need a Central Administration Site Headquarters in Chicago More than one primary site in hierarchy More than 100K clients in hierarchy Subsidiary in London

  39. When Do I Need a Primary Site Server Manage Clients - Consolidate Headquarters in Chicago 74,000 clients 1,000 servers • Decentralized administration • Logical data segmentation • Client settings • Language • Content routing for deep hierarchies Scale (100K clients per primary) Reduce impact of primary site failure Subsidiary in London 49,500 clients 500 servers Consolidate Political Reasons Content Regulation Local point of administrative connectivity

  40. When Do I Need a Secondary Site Server Manage Clients - Consolidate Headquarters in Chicago 72,500 clients 1,000 servers • No local administrator for secondary 1,500 clients Optimize Subsidiary in London 49,500 clients 500 servers Consolidate Manage upward flow of WAN traffic Tiered content routing for deep network topologies

  41. BITS not enough control for WAN trafficMulticast for Operating System DeploymentApp-V streaming When Do I Need a Distribution Point Manage Clients - Consolidate Headquarters in Chicago 72,035 clients 1,000 servers Don’t need Distribution Point when: BITS enough over WAN traffic BranchCache™ deployed Distribution point on Windows Server 2008 R2 Clients running compatible operating systems Vista SP2 with KB960568 installed Windows 7 Cloud Distribution Point Fallback For App/SWD Packages when local and remote distribution points unavailable. WU/MU Fallback For Software Updates when local and remote distribution points unavailable. 450 clients Optimize 15 clients Optimize 1,500 clients Optimize Subsidiary in London 49,500 clients 500 servers Consolidate

  42. In Review: Session Objectives And Takeaways Session Objectives: Discuss key areas regarding advanced Configuration Manager infrastructure Discuss advanced Configuration Manager architecture options Key Takeaways Key design principles Performance optimization Customer profile options

  43. People Centric IT Come to Booth 1 in the Expo Hall for your chance to win a Surface RT bundle worth $699 Answer four questions correctly and you’ll be entered in our prize draw. Draw will take place at 4pm on April 10 2013 NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules

  44. Related Content Breakout Sessions UD-B309 Deploying and Configuring Mobile Device Management Infrastructure UD-B310 Deploying and Managing Windows 8 with Configuration Manager 2012 SP1 UD-B317 Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1 UD-B318 Managing Embedded Devices with Configuration Manager 2012 UD-B325 System Center 2012 Configuration Manager SP1 Overview UD-B330 System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management UD-B331 System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1 UD-B332 What’s New with Microsoft Deployment Toolkit 2012 Update 1 UD-B333 What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design UD-B335 Windows Intune Overview UD-B403 Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting

  45. Related Content Instructor-led and Hands-on Labs UD-IL301 Basic Software Distribution UD-IL302 Deploying a Configuration Manager Hierarchy UD-IL303 Deploying Configuration Manager UD-IL304 Deploying Windows 8 to Bare Metal Clients UD-IL306 Implementing Endpoint Protection UD-IL307 Implementing Role-Based Administration UD-IL308 Implementing Settings Management UD-IL309 Introduction to Configuration Manager UD-IL310 Managing Applications UD-IL311 Managing Clients UD-IL312 Managing Content UD-IL313 Managing Microsoft Software Updates UD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012 UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1 UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 Hierarchy UD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1 UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1 UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1 UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1 UD-IL401 Advanced Software Distribution

  46. Evaluation We want to hear from you! Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com. Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

  47. Resources Access MMS Online to view session recordings after the event. http://channel9.msdn.com/Events

More Related