490 likes | 653 Views
Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting. Jason Adams, D.C. Tardy Program Manager Microsoft. UD-B403. Session Objectives And Takeaways. Session Objectives Review Design Principles for Configuration Manager Service Pack 1
E N D
Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting Jason Adams, D.C. Tardy Program Manager Microsoft UD-B403
Session Objectives And Takeaways Session Objectives Review Design Principles for Configuration Manager Service Pack 1 Discuss optimization and improvements for performance in Configuration Manager Service Pack 1 New SP1 infrastructure supports a smaller deployment footprint Fewer sites correlate to a better customer experience
Enabling users to be productive, responsiblyFinding the right balance Controlled access to data with seamless authentication Devices & Experiences Users Want Applications and data across devices, anywhere Empower User Productivity Unified Management Infrastructure Common Identity Access and Information Protection
Unified Device Management Unified Management Infrastructure Empower User Productivity • Device choice • Application self-service • Personalized application Experience • Non-intrusive management • Single management interface • Integrated security and compliance • Improve IT efficiency • Reduced infrastructure complexity +
Simplifying Management Across Platforms Devices & Platforms Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Android Mac OS X • Single admin • console Windows RT Windows Phone 8iOS Android IT
Administrative Segmentation Security Roles What types of objects can I see and what can I do to them? Example: the “Software Update Manager” role gives rights to read and deploy software updates to specific collections. Security Scopes Which instances can I see and interact with? Collections Which resources can I interact with?
Data Segmentation Configuration Manager 2007 Louis “French Admin” France Primary Site Meg wishes to distribute a package to all of her EMEA users in the West region • French collections • Create advertisement for French collections England Primary Site Meg Collins “Central Admin” Anthony “English Admin” • Create and distribute package • English collections • Create advertisement for English collections
Segmentation with Configuration Manager 2012 Meg wishes to distribute an application to all of her EMEA users in the West region Anthony “English Admin” Louis “French Admin” Central Admin Site Meg Collins “Central Admin” • Create and distribute application • English collection(s) • Create deployment for English collection(s) • French collection(s) • Create deployment for French collection(s)
Collection Limiting • Meg gives Louis permissions to “French Systems” All Systems • Louis • can readFrench Systems and all collections limited to French Systems • cannot see All Systems and English Systems • can modify and deleteFrench Desktops • can create new collections limited to French Systems or French Desktops French Systems English Systems French Desktops French Servers
Demo Role Based Access
Overview • What is a Boundary? • Analysis of boundary types • Recommendations for designing a boundary strategy
What is a Boundary A Boundary is a network location that you want to manage with Configuration Manager. A Boundary is assigned to a Boundary group. A Boundary is used for site assignment and content availability for clients. There are three Boundary types: • AD Site • IP Subnet • IP Range
Analysis: AD Site Boundary Benefits: • Large container – should match known network bottlenecks • No issues with assignment or location requests • Very inexpensive from a performance perspective Problems: • Requires coordination with Active Directory Admins • Dependency on properly configured AD
Analysis: IP Subnet Boundary Benefits: • Least expensive boundary type to run • Should map directly to network topology Problems: • Outside of networking administrators, concept of IP subnet is uncommon • Known issues for assignment if AD sites use supernets • Actual assignment and registration are handled correctly • Confusion of Supernets vs. Subnets • Networks tend to have a large number of subnets
Analysis: IP Range Boundary Benefits: • Easy to understand • No issues with assignment or location requests Problems: • Very SQL intensive to evaluate
Overview Try to design with the fewest boundaries possible Revisit design if you average less than 100 clients per boundary Use fewer sites Use AD Site boundary types when possible Investigate the state of AD Sites. If configured correctly, it is the best match for bandwidth issues If there are going to be a number of boundaries, prefer IP subnet boundary types. Use IP Range boundary types sparingly and only when necessary
Replication Principles As few sites as possible Replication overhead Increase site count only to support volume of devices Exceptions to this rule Geographic presence Network access accounts Network considerations Site data replication Site data scheduling Proximity
How to avoid the Replication Tax Site Data Global Data • Collection Membership • Alerts • Hardware Inventory • Software Inventory & Metering • Status Messages • General Site Data • Asset Intelligence CAL Track Data • Status Messages • Software Distribution Status Details • Software Updates Replicated Site Data • Software Updates Non-Replicated Site Data • Status Summary Data • Component and Site Status Summarizers • Client Health Data • Client Health History • Quarantine Client Restriction History • Collections • Packages (meta data) • Programs • Deployments • Configuration Items • Software Updates • Task Sequences • OS Images (boot images, driver packages, etc.) • Site Control File • System Resource List (site servers) • Site Security Objects (Roles, Scopes, etc.) • Client Authentication • Client Discovery
How to avoid the Replication Tax • CAS is bottleneck for replication • Global data requires copies throughout hierarchy • Site data requires receiving data from each primary Central Administration Site Primary Site Primary Site
How to avoid the Replication Tax Example: Managing 40,000 systems Central Administration Site 2 1 1 3 2 Stand Alone Primary Primary Site Primary Site
Design PrinciplesAvoid the Replication Tax The Math of Replication
Design PrinciplesAvoid the Replication Tax Lab Observations 400K Patch Tuesday Performance Benches Contains 4 primary sites Simulated Patch Tuesday environment at supported limits Load generates 32 million state messages to be processed 4-Site (Narrow) Lab clears all backlogs within 14 hours 10-Site (Wide) Lab clears all backlogs in 26 hours
Overview Rebuild Indexes Task TempDBFilegroups Updating statistics
Rebuild Indexes Task Improves Speed of Queries Essential in large scale deployments Task must be enabled: Creates Indexes on columns at least 50% unique Drops Indexes on columns less than 50% unique Rebuild existing indexes that meet uniqueness criteria
SQL File Groups File groups give you the ability to create multiple filegroups for SQL TempDB Multiple read write heads can be engaged in parallel Improves performance of queries
Updating Statistics Most commons source of slow performance in production hierarchies. Auto update should always be enabled Sp_updatestats should be used after any SQL maintenance or issue in which SQL has been under load for a prolonged period Caution! Updating statistics is not a trivial task! There is a trade-off between statistics and overall performance, for day-to-day operations SQL should be allowed to manage statistics
Optimizing replication traffic Replication traffic reports Research traffic across links Determine which links to optimize site data Replication alerts Degraded versus failed Reasons to change the settings Caveats; sometimes degradation and back to active
Infrastructure Promises Modernizing Architecture Minimizing infrastructure for remote offices Consolidating infrastructure for primary sites Scalability and Data Latency Improvements Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possible File processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy) System-generated data (HW Inventory and Status) can be configured to flow to the Central Administration Site directly Be Trustworthy Interactions with SQL DBA are consistent with Configuration Manager 2007 Configuration Manager admin can monitor and troubleshoot new replication approach independently
Infrastructure Decisions Central Administration Site Primary Site Secondary Site Distribution Point Site Database Server
Company Profile Headquarters in Chicago 2-4 administrators with other IT responsibilities, limited day to day use Subsidiary in London 125,000 clients Weekly inventory, deploys software and software updates
When Do I Need a Central Administration Site Headquarters in Chicago More than one primary site in hierarchy More than 100K clients in hierarchy Subsidiary in London
When Do I Need a Primary Site Server Manage Clients - Consolidate Headquarters in Chicago 74,000 clients 1,000 servers • Decentralized administration • Logical data segmentation • Client settings • Language • Content routing for deep hierarchies Scale (100K clients per primary) Reduce impact of primary site failure Subsidiary in London 49,500 clients 500 servers Consolidate Political Reasons Content Regulation Local point of administrative connectivity
When Do I Need a Secondary Site Server Manage Clients - Consolidate Headquarters in Chicago 72,500 clients 1,000 servers • No local administrator for secondary 1,500 clients Optimize Subsidiary in London 49,500 clients 500 servers Consolidate Manage upward flow of WAN traffic Tiered content routing for deep network topologies
BITS not enough control for WAN trafficMulticast for Operating System DeploymentApp-V streaming When Do I Need a Distribution Point Manage Clients - Consolidate Headquarters in Chicago 72,035 clients 1,000 servers Don’t need Distribution Point when: BITS enough over WAN traffic BranchCache™ deployed Distribution point on Windows Server 2008 R2 Clients running compatible operating systems Vista SP2 with KB960568 installed Windows 7 Cloud Distribution Point Fallback For App/SWD Packages when local and remote distribution points unavailable. WU/MU Fallback For Software Updates when local and remote distribution points unavailable. 450 clients Optimize 15 clients Optimize 1,500 clients Optimize Subsidiary in London 49,500 clients 500 servers Consolidate
In Review: Session Objectives And Takeaways Session Objectives: Discuss key areas regarding advanced Configuration Manager infrastructure Discuss advanced Configuration Manager architecture options Key Takeaways Key design principles Performance optimization Customer profile options
People Centric IT Come to Booth 1 in the Expo Hall for your chance to win a Surface RT bundle worth $699 Answer four questions correctly and you’ll be entered in our prize draw. Draw will take place at 4pm on April 10 2013 NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules
Related Content Breakout Sessions UD-B309 Deploying and Configuring Mobile Device Management Infrastructure UD-B310 Deploying and Managing Windows 8 with Configuration Manager 2012 SP1 UD-B317 Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1 UD-B318 Managing Embedded Devices with Configuration Manager 2012 UD-B325 System Center 2012 Configuration Manager SP1 Overview UD-B330 System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management UD-B331 System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1 UD-B332 What’s New with Microsoft Deployment Toolkit 2012 Update 1 UD-B333 What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design UD-B335 Windows Intune Overview UD-B403 Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting
Related Content Instructor-led and Hands-on Labs UD-IL301 Basic Software Distribution UD-IL302 Deploying a Configuration Manager Hierarchy UD-IL303 Deploying Configuration Manager UD-IL304 Deploying Windows 8 to Bare Metal Clients UD-IL306 Implementing Endpoint Protection UD-IL307 Implementing Role-Based Administration UD-IL308 Implementing Settings Management UD-IL309 Introduction to Configuration Manager UD-IL310 Managing Applications UD-IL311 Managing Clients UD-IL312 Managing Content UD-IL313 Managing Microsoft Software Updates UD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012 UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1 UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 Hierarchy UD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1 UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1 UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1 UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1 UD-IL401 Advanced Software Distribution
Evaluation We want to hear from you! Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com. Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
Resources Access MMS Online to view session recordings after the event. http://channel9.msdn.com/Events