OS deployment. SCCM's OS-deployment capabilities add up
to a dramatically enhanced version of the SMS 2003 feature pack add-on and solution
accelerator. These new core functions are based on OS deployment technologies
in Windows Server 2008 and Windows Vista. Using the OS deployment tools, you
can build a reference machine and capture a single image of it for deployment
to an entire enterprise. SCCM supports such deployment scenarios as bare-metal
installations, in-place upgrades, and machine-to-machine migrations.
Software update management. SCCM leverages Windows Server
Update Services (WSUS) as the underlying technology for updates and patches.
However, you'll use the SCCM interface to wield enhanced control over the approval
and application of updates. Additionally, SCCM's update-management features
give you a means with which to deploy updates from third-party and internal
software providers and—for the purpose of compliance—allow for
tracking and reporting of updates applied throughout your enterprise.
Remote tools. The ability to remotely control managed
systems has been a long-standing, useful SMS feature for troubleshooting and
providing end-user support. Microsoft has revamped SCCM's remote tools so that,
by using Vista's RDP protocol, they realize the benefits of improved performance,
security, and richer collaboration technologies. SCCM also still supports Remote
Desktop and Remote Assistance.
Desired configuration management. Every IT organization
recognizes the benefits of standardizing systems and configurations. SCCM's
desired configuration management component—previously an SMS 2003 solution
accelerator, now enhanced and integrated into SCCM—lets you define a
model for the configuration of a certain class of system. SCCM will then monitor
managed systems for compliance according to that definition.
Network access protection. Microsoft's Network Access
Protection (NAP) is an entirely new feature in SCCM. In simple terms, NAP is
a tool for monitoring your network for noncompliant, potentially vulnerable
systems, and proactively correcting any potential compliance problems before
permitting such systems network access. However, NAP implementation requires
Windows Server 2008 to be running Network Policy Server. NPS policies measure
system compliance, and SCCM's NAP performs any required remediation.
Internet-based client management. Although SMS has traditionally
managed many types of clients—including desktops, laptops, and servers—the
ability to manage portions of the client population connected via the Internet
has been lacking. SCCM has incorporated secure Internet-based management capabilities
into the core feature set. Using public key infrastructure (PKI), clients can
securely participate in traditional software deployments, inventory schedules,
and other SCCM functions while connected only via the Internet.
What You Need to Know
Now, you're probably wondering what else you need to know before taking the
SCCM plunge—either as a new deployment or as an upgrade to an existing
SMS installation. For new deployments, the first thing you need to consider
is the size and complexity of your environment, and whether you require and
can benefit from SCCM's extensive management capabilities. If you read my beta
review of System Center Essentials (see the Learning Path), you might remember
that tool's limit of 30 servers and 500 client systems. Those numbers also serve
as a reasonable point at which implementing SCCM starts to make sense: If you
have fewer than 500 systems, you might not benefit from the robust, complex
beast that is SCCM. If you have an existing SMS implementation, an upgrade to
SCCM should be on your radar at release time. After you make the decision to
move to SCCM, you'll want to spend some time on two preparatory steps, involving
PKI and site system roles.
PKI. Of primary concern, if you
don't have an existing PKI implementation, you'll need to learn
about the technology and deploy
PKI to support SCCM's advanced
security features. PKI is a requirement for
native-mode deployments (i.e., full deployments of SCCM clients and required servers)
because the system uses a site server signing
certificate to sign all SCCM policies. Through
this infrastructure, site systems and managed
clients establish mutual trust.
Site system roles. Your next area of study is
site system roles. SCCM offers numerous new
roles and dispenses with or renames a few old
ones. Although adding new roles might seem
to contradict the goals of the simplicity pillar,
Microsoft has designed the roles to help you
better manage and maintain your SCCM infrastructure and managed systems.
As you see in Figure 2, the SCCM 2007 system
roles are primary site server, site database server, Configuration Manager console, branch office distribution point, fallback status point, management point,
PXE service point, reporting point, server locator point, software update point,
state migration point, and system health validator. Note that not
all roles are necessary, and each role doesn't need to reside on a dedicated
server. In fact, for very small implementations, it's feasible—but not
recommended—that all required roles reside on one server. Your determination
of appropriate roles and supporting hardware will be a factor of your environment's
workload and security requirements. You can find many planning aids for SCCM
deployment in Microsoft's Configuration Manager Documentation Library (see the
Learning Path), which can help you come up with the right mix of roles and hardware.
Two new roles of note are branch office distribution point and fallback status
point. A branch office distribution point (which replaces the old secondary
site role) can be a Vista or XP system. This system can hold software applications
and updates for distribution to a branch office. SCCM utilizes BITS technology
to initially populate and apply delta changes to software on branch office distribution
points. SCCM uses the fallback status point as a catchall for communications
from managed systems that have somehow become orphaned from their intended management
point. This system role is instrumental in discovering and fixing client-reporting
problems in your fleet.
Installation Considerations
You'll want to become familiar with the various installation options available
to you, depending on your current situation. If you're installing a brand-new
SCCM 2007 site, you have two options—simple setup and custom setup—
although the simple setup isn't very useful unless you're deploying for test
purposes. SCCM's Setup Wizard checks for prerequisites (as Figure
3 shows), helps you mitigate any software deficiencies, then walks you through
the process of specifying site and managed system parameters. If you already
know exactly how you want to deploy SCCM, you can streamline this process by
using the scripted installation option.
Aubrey August 04, 2008 (Article Rating: