none
where to put Site System Roles

    Question

  • Hello all,

    I am currently in the design phase of sccm 2012.

    Our environment will have a Primary site and a secondary site based on windows 2012.  Each Primary Site will have a seperate windows 2012 server for the database (sql 2012).

    Ideally, where should I put the Site system roles? On other windows 2012 server(s)? Am I missing roles?

    Application Catalog website point
    Asset Intelligence synchronization point
    Endpoint Protection point
    Enrollment point
    Enrollment proxy point
    Fallback status point
    Management point
    Out of band service point
    Software update point
    State migration point
    Reporting services point
    Distribution point
    Windows Intune connector

    Friday, September 13, 2013 6:14 PM

All replies

  • Planning Where to Install Sites System Roles in the Hierarchy: http://technet.microsoft.com/en-us/library/gg712282.aspx#Plan_Where_to_Install_Sites

    Not every role is required; e.g., if you won't be using Intune, you don't need the role.

    Why are you choosing to use a non-collocated SQL instance?

    You said "Each Primary". Is that just a typo?

    Actual role placement depends upon a lot of factors like client count, connectivity, and HA requirements to name a few.

    Why are you choosing to use a secondary site?


    Jason | http://blog.configmgrftw.com

    Friday, September 13, 2013 6:56 PM
    Moderator
  • I just wanted to get a pretty good idea of where to put each role. I'm sure I won't use all of the roles. Typo.  Just one Primary site. I will have the primary site in NC and the Secondary (Child) site in San Diego with multiple t3 connections betrween. I have 10 GB Network cards on the servers (8 core and 32GB Memory).  Just trying to prevent unneccassary  traffic between NC and SD.

    Thanks,

    Mark

    Friday, September 13, 2013 7:25 PM
  • If you provide more info, as requested by Jason, we may provide more accurate help...

    How many clients in each site?

    If you have a small Primary Site, you may be better off with SQL Server hosted on the Primary Site server. Unless if there is a political decision to have it remotely.


    - Distribution point - heavy I/O (you can have multiple in Primary and Secondary Site for redundancy - as required)
    - Management point (you can have multiple in the Primary Site for redundancy, one in Secondary Site)
    - Fallback status point - for client agent installation information (one in Primary Site). ccmsetyp.exe command line must specify FSP FQDN
    - Reporting services point (one in Primary Site - if using reporting)
    - Software update point (one in the Primary Site may be sufficient, one in Secondary Site if required - if distributing software updates)


    Do you need these?
    Asset Intelligence synchronization point
    Application Catalog website point - If deploying applications to users

    Endpoint Protection point - if using Endpoint Protection
    Enrollment point - if supporting mobile Devices
    Enrollment proxy point - if supporting mobile Devices
    Windows Intune connector - if supporting mobile Devices
    Out of band service point - if using Intel vPro chip set and Intel AMT
    State migration point - if using OSD (save user settings)

    Secondary site is good if you need to control upwards traffic or have a local MP and/or SUP... If possible, use DPs instead.
    From Kent Agerlunds new Book "SCCM 2012 - Mastering the fundamentals" he recommends installing a secondary site at remote locations if one of the following statements is true:

    - The Remote locations have more than 500 and fewer than 5000 clients
    - you need to compress traffic going to the site
    - you need to control the upward flowing traffic
    - you need a local management point
    - you need a local SUP

    http://social.technet.microsoft.com/Forums/en-US/e79e3f4d-0518-467c-8d7f-81cbb964b6c7/secondary-site-vs-distribution-point

    Monday, September 16, 2013 12:25 PM
  • We are supporting only Servers, Desktop support will have a seperate SCCM 2012. Out current sccm 2007 environment also has us seperate from desktop.  Desktop uses alot more site roles than we do, need different client settings and I didn't want to weigh down our server with more clients and all of the site roles, we don't currently use.  I was hoping to limit traffic between sites.

    Charlotte 1573 clients (Primary Site)

    San Diego 1158 clients (secondary site)

    Texas 585 clients and growing (secondary site or just DP point?)

    With these numbers, I would think SQL database would be on a seperate server in Charlotte.

    Secondary site with SQL Express or full SQL?

    Asset Intelligence synchronization point        Maybe, but currently not used in 2007
    Application Catalog website point - If deploying applications to users      NO

    Endpoint Protection point - if using Endpoint Protection YES (currently useing Mcafee)
    Enrollment point - if supporting mobile Devices     NO
    Enrollment proxy point - if supporting mobile Devices     NO
    Windows Intune connector - if supporting mobile Devices   NO
    Out of band service point - if using Intel vPro chip set and Intel AMT    YES
    State migration point - if using OSD (save user settings)  YES, needed for servers?

    Secondary site is good if you need to control upwards traffic or have a local MP and/or SUP... If possible, use DPs instead.
    From Kent Agerlunds new Book "SCCM 2012 - Mastering the fundamentals" he recommends installing a secondary site at remote locations if one of the following statements is true:

    - The Remote locations have more than 500 and fewer than 5000 clients
    - you need to compress traffic going to the site
    - you need to control the upward flowing traffic
    - you need a local management point
    - you need a local SUP

    If there is any more information from me, please just ask.

    Thanks for your help,

    Mark

    Monday, September 16, 2013 2:17 PM
  • Hi Mark,

    With SCCM 2012, you can have different client settings for Workstations and Servers! Unlike 2007, you no longer need separate sites for that reason. Also, Role Based Administration is a great change that helps having workstations and servers in the same hierarchy, but managed by different groups.

    It's easier to manage one Hierarchy than two :)

    It's totally up to you to figure out if you want different hierarchies (in a lab). I would suggest finding reasons not to use the same hierarchy... Meaning that if you cannot find any, you should manage workstations and server on the same hierarchy.

    In my case, Servers and Workstations are managed by different groups, and I can separate most settings. There are only a few things that cannot be delegated, and they should be done by a Full Administrator.

    With the provided information, I would suggest (just a high level idea):

    Primary Site:

    - 1 primary site server with a local SQL Standard DB on the site server (no need for remote SQL unless the server hardware is limited). Relocate system roles to other systems before relocating SQL Server (unless if mandated).

    also, Endpoint Protection point on the Primary Site server

    ...I have 4,000 clients on my PS and my SQL is local (32GB RAM, 16 cores, VM)...

    - plus 1-2 additional site systems, with MP on each, DP on each

    - SUP and RSP on the primary site server (easier) or on a site system

    - FSP on one site system (not on the primary site server)

    If the PS is too busy, and you can't give it more resources, relocate system roles, add DB replica to the MP (there's a good blog from Kent/?), you can fine tune the number files for the DB (including the TempDB).

    Secondary Site for San Diego:

    - 1,158 systems justifies a secondary site with local SQL Express

    - MP and DP on the site server

    - SUP on the site server may be justified

    - State migration point if required

    Secondary Site for Texas:

    - 585 systems could justify a secondary site with local SQL Express, especially if growing

    - MP and DP on the site server

    - SUP on the site server may be justified?

    - State migration point if required

    _____________

    Endpoint Protection point can go on a site system or on the Primary Site server (minimal load).

    If using OSD with PXE, it's just an option (checkbox) on the DP for PXE...

    Out of band service point: not sure, as I don't use it.

    IMPORTANT:

    This is just my opinion and I'm sure that it could different if I knew everything about your environment, but it should be a good start point.

    Hopefully, someone else will comment and agree/disagree with my suggestions :)

    Monday, September 16, 2013 2:55 PM
  • Another vote here for:

    1)  A local DB on the Primary

    2)  Use the 1 Primary for desktops and servers. (no need to separate in CM2012)

    3)  2 Secondaries 


    Monday, September 16, 2013 4:02 PM
  • Thanks for all of the suggestions.  What settings would be shared between Server and Desktop, If I had just one sccm 2012 system?

    Thanks,

    Mark

    Monday, September 16, 2013 4:26 PM
  • Depends on your needs. The Default Settings are configured when you install the primary site. Then you can look them over and when the same setting requires a different value for workstations/servers, you move the values of that category to a custom settings (user or device).

    You can have multiple Settings and prioritize them (deployed to a collection). The one with the lowest priority wins (when the same setting is on multiple setting "groups").

    Example, for Computer Restart settings, I use "15 minutes" for temporary notification and "5 minutes" for countdown interval for servers (when patching and there are active RDP connections - less waiting), while I keep the default for 90/15 minutes for workstations...

    On SP1, most settings available in the Default Settings "group" are available as Custom settings...

    - Custom Device Settings: Same as the Default Client Settings, except no User Settings under "Mobile Devices" and "User and Device Affinity".

    - Custom User Settings: Only User Settings under "Cloud", "Mobile Devices" and "User and Device Affinity".

    You should really build a lab environment to ensure these suggestions work for you.

    Also, you'll need to get familiar with the Role Based Administration, so that you can delegate permissions to the Workstation and Server admins.

    For other stuff like software updates, you can have different update packages for workstations/servers, applications and software packages you use the role based administration with scopes.

    http://blogs.technet.com/b/configmgrteam/archive/2011/09/23/introducing-role-based-administration-in-system-center-2012-configuration-manager.aspx

    http://blogs.technet.com/b/hhoy/archive/2012/03/07/role-based-administration-in-system-center-2012-configuration-manager.aspx

    Monday, September 16, 2013 4:47 PM
  • * If We have Enterprise Licenses for SQL, why not use the full version of SQL 2012, apposed to SQL Express at Secondary sites?

    * What are the disadvantages of putting the SQL DB on another site server in the same area, say Charlotte, apposed to on the Primary site, under a vsphere environment?

    Thanks again,

    Mark

    Monday, September 16, 2013 7:33 PM
  • Because an enterprise license doesn't mean you get as many installations as you want for no additional charge -- you still pay per installation. Also, there's simply no need to, secondary sites run perfectly fine using SQL Express and install it during their own installation. If you used a separate installation of SQL Server, there is some additional leg-work, overhead, and complexity involved.

    Disadvantages include complexity, security, and possible performance. Complexity is obvious, security because now everything has to go over the network. Performance for the same reason, it's no longer local -- this one (performance) has many factors though for which this is just one.

    Finally, I recommend you bring in a consultant on this (yes I'm a consultant). Installing something as large as ConfigMgr is no trivial task. Designing, installing, and configuring it correctly and in a manner that is best for your environment is even more complex. Basically, you've already engaged a consultant by asking for help here in the forums so the fact that you need help is already a given.


    Jason | http://blog.configmgrftw.com

    Monday, September 16, 2013 7:52 PM
    Moderator