locked
Is the SCCM 2012 R2 client and the SCEP client SQL Cluster Aware? RRS feed

  • Question

  • My DBA is asking me this question and wants to know prior to installing the SCCM client on his DB servers.

    Thanks


    Wednesday, February 17, 2016 7:49 PM

Answers

All replies

  • I am kind of confuse about what you are asking.

    The client is install on the OS and manage the OS. The SCCM client doesn't care or as nothing to do with the SQL cluster.

    So those machine to the client would simply act as normal machine. SCCM will see them as 2 servers. 


    Wednesday, February 17, 2016 7:57 PM
  • Hi,

    what do you mean?

    The Client itself is not interested in Clusters....it is installed on a Server...

    I think you are talking about updates?!

    you have to manage your updates to be deployed in different maintenance Windows for your nodes.

    -> So it depends on your config....

    Regards

    Eric


    Microsoft MVP Cloud and Datacenter Management
    Microsoft Partner Technical Solutions Professional (P-TSP)
    --
    www.ericberg.de
    @ericberg_de
    --
    MCSE: Enterprise Devices and Apps | MCSE: Private Cloud | MCSE: Server Infrastructure | MCSE: Desktop Infrastructure

    Wednesday, February 17, 2016 8:00 PM
  • Okay, the DBA cleared this up better for me.

    I have a 2-node SQL Failover Cluster that is highly sensitive (critical workloads), that presently has no A/V Client.  I need SCCM on the (physical) Cluster Nodes.  We don’t care about CAU (Cluster Aware Updating) as we are not using this feature, so we really don’t care.  Configuration Manager, once we have it on the cluster nodes, will be able to update the Cluster Nodes with patches.  That isn’t the concern. The concern is specifically with the Endpoint Protection client that is installed with SCCM.  Real-time Antivirus clients and Cluster Nodes can get scary.  What we need to do is protect the nodes from the AV client as much as possible, keeping both the Real-time scanner and Manual scans OUT of sensitive files/folders. 

    Perhaps we can’t have the SCEP component at all..?  Is that an option?  

    The DBA read this article and wants to make sure that SCEP itself is cluster-aware:

    https://support.microsoft.com/en-us/kb/250355

    Thanks

    Wednesday, February 17, 2016 8:08 PM
  • Hi,

    it is still not clear to me...what is the Problem. You can enroll the ConfigMgr Agent without activated SCEP...so there will be no AV at all. (Client Settings)

    More Information can be found here:

    https://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_EndpointProtectionDeviceSettings

    https://technet.microsoft.com/en-us/library/gg682109.aspx

    Otherwise you can activate SCEP and configure process, filetype, file and Folder exclusions...

    Have a look here: http://blogs.technet.com/b/systemcenterpfe/archive/2012/11/29/system-center-2012-configuration-manager-antivirus-exclusions.aspx

    So it is up to you what the sccm Agent does.


    Microsoft MVP Cloud and Datacenter Management
    Microsoft Partner Technical Solutions Professional (P-TSP)
    --
    www.ericberg.de
    @ericberg_de
    --
    MCSE: Enterprise Devices and Apps | MCSE: Private Cloud | MCSE: Server Infrastructure | MCSE: Desktop Infrastructure

    Wednesday, February 17, 2016 10:36 PM
  • What do you mean "it is still not clear"? 

    Is SCEP aware of Cluster Services, or isn't it?

    How is this not clear?

    It directly states in this article here: https://support.microsoft.com/en-us/kb/250355

    You can run antivirus software on a SQL Server cluster. However, you must make sure that the antivirus software is cluster-aware. 

    So, again, is SCEP aware of cluster services or not, or do I have to contact Microsoft directly to get this answered?

    It seems like a pretty straight forward question. 

    I am not certain what is unclear about it. 

    Thanks

    Thursday, February 18, 2016 8:13 PM
  • The short answer is: No, SCCM and SCEP are not cluster aware.

    You would need to ensure you create an Anti-malware Policy for the cluster to turn off the Real-time Protection and make sure you exclude the Cluster folders.  You would also need to create the standard exclusions for the SQL files, process and any other process or files you don't want to touch.  You can look at the SQL policy and adapt the folders on your new policy to match. 


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com

    Thursday, February 18, 2016 8:54 PM
  • Thank you Matt. 

    I do have an SQL server template that I can use for this.


    Thursday, February 18, 2016 10:22 PM