locked
SCCM 2012 Design Consideration / Advice RRS feed

  • Question

  • I have been tasked with a SCCM 2012 Design.  We will be starting a fresh so I want to get this design right the first time and looking to you all on advice / Considerations I need to look at.  Any help/feedback is appreciated.

    Company Layout:
    1 Main Office (Corporate Headquarters)
    15+ Remote Locations with T1 Connections back to Main Office
    3 Remote Locations with 100MB Connection to Main Office
    2 Remote Locations with 10MB Connection to Main Office
    2 Remote Locations with T3 Connections back to Main Office
    300+ Remote Sales Rep (Work From home, coffee shops, etc...)
    Approxamitly 3500 Clients throughout the organization

    What we want to accomplish with SCCM:
    Hardware/Software Inventory
    Computer Imaging & Users State Migration
    Deploy Packages / Applications
    Application Portal (Self Service)
    Windows/Software Updates (Even to Remote Sales Reps)
    Manage Mobile Devices

    What are your thoughts on the design?  Do we run SQL on the CAS/Primary Site Servers or do we run it on a separate server? 

    Main Office = CAS (Probably Don't need), & Primary Site, & a Distribution Point for Internet Based Clients.
    Primary Site Roles:
    Site Server
    Component Server
    SMS Provider
    Site System
    Site Database Server
    Application Catalog Web Service Point
    Application Catalog Website Point
    Distribution Point
    Management Point
    Software Update Point
    State Migration Point
    Fallback Status Point

    Remote Offices do I do all Secondary Sites or Mix and match DP or do I make some of them Primary Sites?
    Secondary Site Roles:
    Site Server
    Component Server
    SMS Provider
    Site System
    Site Database Server
    Management Point
    Distribution Point
    Software Update Service
    State Migration Point
    Fallback Status Point

    Also do you agree with the specs I am thinking for each server role?

    CAS
    8 cores (Intel Xeon 5504 or comparable CPU) 
    32 GB of RAM 
    500 GB of disk space 

    Primary
    4 cores (Intel Xeon 5140 or comparable CPU)
    16 GB of RAM
    500 GB of hard disk space 

    Secondary Site
    4 cores (Intel Xeon 5140 or comparable CPU)
    8 GB of RAM
    200 GB of hard disk space

    Distribution Points
    2 cores (Intel Xeon 5140 or comparable CPU)
    8 GB of RAM
    200 GB of hard disk space 
    Friday, October 18, 2013 8:23 PM

Answers

  • Definitely do not need a CAS. Do not do a CAS.

    Without knowing the number of clients at each location, hard to say if the remote sites need a just a DP or a full secondary site.

    For IBCM, you need more than a DP, you will also need a SUP and MP. These are typically co-located on a single site system separate from the site server and within the DMZ.

    SQL co-located on your primary site server is much preferred for simplicity and security. Just make sure that the IOPS are available in your storage.

    Secondary sites cannot have SMS Providers, Site DBs, or FSPs and are not site systems. Also, placing a SUP at a secondary is not needed either. Secondary sites will have a local instance of SQL Express.

    For the primary site, as mentioned, IOPS are critical. Thus, simply listing 500GB of free space is not sufficient. You need to plan the storage in more detail.

    Mobile Device Management requires an Intune subscription connected to ConfigMgr using the Intune Connector -- unless you are talking about WinMo 5/6, WinCE, or Symbian devices.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Joyce L Tuesday, October 29, 2013 2:22 PM
    Friday, October 18, 2013 10:27 PM

All replies

  • Definitely do not need a CAS. Do not do a CAS.

    Without knowing the number of clients at each location, hard to say if the remote sites need a just a DP or a full secondary site.

    For IBCM, you need more than a DP, you will also need a SUP and MP. These are typically co-located on a single site system separate from the site server and within the DMZ.

    SQL co-located on your primary site server is much preferred for simplicity and security. Just make sure that the IOPS are available in your storage.

    Secondary sites cannot have SMS Providers, Site DBs, or FSPs and are not site systems. Also, placing a SUP at a secondary is not needed either. Secondary sites will have a local instance of SQL Express.

    For the primary site, as mentioned, IOPS are critical. Thus, simply listing 500GB of free space is not sufficient. You need to plan the storage in more detail.

    Mobile Device Management requires an Intune subscription connected to ConfigMgr using the Intune Connector -- unless you are talking about WinMo 5/6, WinCE, or Symbian devices.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Joyce L Tuesday, October 29, 2013 2:22 PM
    Friday, October 18, 2013 10:27 PM
  • More information about the number of users at each site would be helpful but I concur with Jason.  Since we have pretty good bandwidth management with DPs now, I find it difficult to justify secondary sites for your scenario unless there is something you haven't told us (fan-out WAN topology or hub/spoke?).  

    Also, consider BranchCache for smaller locations as long as you don't need to do OSD.

    Saturday, October 19, 2013 2:12 AM
  • Based on that you'll have a total of approx. 3500 clients in your organization I do not see the immediate requirements of secondary sites but if you have sites with approx. 500 users a secondary site is a good idea.

    IOPS is the most important thing when looking at hardware requirements for a site server due to it being SQL intensive. And it is actually only the database file storage that requires high IOPS. Due to that measuring IOPS is more of an art than science I cant give you any numbers but SSD drives is nice to have :)

    Based on your list of hardware I guess you've found http://technet.microsoft.com/en-us/library/hh846235.aspx and http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientNumbers

    As you wrote and that other has written, do not use a CAS for this scenario.

    If you can pull of some SSDs I would say something like

    120 GB non-SSD for OS (remember, that pagefile needs some room too!)
    80 GB non-SSD for Program Files
    64 GB SSD for Database's
    64 GB non-SSD for logs
    500 GB non-SSD for Content Source
    500 GB non-SSD for Content Library

    Figures above is an estimate for your Primary Site Server based on the information you've given. I can not guarantee these figures due to forum post. The point of this post is to show you where you need SSD/lots of IOPS for good performance.

    I usually recommend you to run your system as virtual machines due to the fact that you can use snapshots while performing upgrades and other maintenance tasks.


    Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

    Saturday, October 19, 2013 6:48 AM
  • The remote sites I mention above a couple of them have approx 300-700 Devices and other have 50-100... Should I just do them all as Secondary Sites or what is the best way to determine Secondary Site vs DP?
    Monday, October 21, 2013 11:35 AM
  • Okay Here is what I have so far... Questions I have:

    Can someone help explain the IBCM process for me so I can update the drawing?

    Also I have that server labeled Primary Site Server, but the more I research it looks like I need a MP & DP servers only?

    How does the internal side look?

    Thanks!

    Monday, October 21, 2013 8:43 PM
  • Secondary vs. DP is a subjective call based on two factors: client count and available bandwidth. More clients and/or less bandwidths means secondary site, less clients and/or more bandwidth means DP. Both use a server OS so there's really no cost difference, just some added complexity for a secondary site. Without knowing the bandwidth, no way for me to be able to say one way or the other.

    As for IBCM, correct, it's no a primary site server, it's simply a site system that typically hosts an MP, DP, and SUP. The App Catalog Website Point is also applicable.

    Are you planning on managing legacy mobile devices or Mac OSX? If not, the Enrollment Proxy Point is not needed -- it's not applicable to IBCM anyway to my knowledge.

    Also, the FSP must be on a separate site system so that clients can communicate with it via HTTP.


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Felyjos Thursday, May 15, 2014 5:30 PM
    Wednesday, October 23, 2013 7:18 PM
  • Hi cfreeman21,

    I came across a similar situation where I was tasked to design SCCM 2012 for approximately 3500 clients through out the organization. This would be a fresh implementation of SCCM 2012 and all other versions of 2012(SQL, windows server)

    Your drawing is detail and explains a lot. Hoping that you have implemented successfully, can you please share the complete design steps in detail ?

    Thanks in Advance!!

    Wednesday, July 30, 2014 10:44 PM
  • This is what we currently have... At this time we are not using IBCM.

    Thursday, July 31, 2014 1:31 PM
  • I came across a similar situation where I was tasked to design SCCM 2012 for approximately 3500 clients through out the organization.


    You should consider co-locating SQL on the site server.

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, July 31, 2014 1:40 PM
  • Not only that (which I'd agree with - co-locate ConfigMgr and SQL for smaller sites like this), but I don't believe that most people would recommend putting Configuration Manager and the OS on the same drive. Different partitions (on separate physical drives) is usually recommended.

    However, for only 3,500 clients, you are likely fine. Just a best practice to keep ConfigMgr on its own drive and put nothing else on the OS drive.


    Wally Mead

    Thursday, July 31, 2014 3:33 PM
  • Thanks Wally, Torsten and cfreeman21

    If I co-locate ConfigMgr and SQL on the site server, what would be my new hardware specs be ?

    I have a couple of hundred users(less than 500) at different remote locations(two). Do I need a secondary site or I can have a DP do my job ?

    Please explain.

    Thanks in Advance! 

    Thursday, July 31, 2014 4:08 PM
  • A DP should be sufficient, but you did not mention the available WAN bandwidth. A secondary site should be used if you worry about traffic from the remote site to the headquarter.
    The hardware of the SQL server should handle that small amount; just add extra disks for ConfigMgr. Don't worry too much about the hardware: 3.5k is not very much.

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, July 31, 2014 4:12 PM
  • Sorry My diagram doesn't reflect the recommendation mentioned above we do have the OS and Config Manger on different Drives.

    Thanks!

    We have a few sites with around 400'ish machines and debated about Secondary Site but the DP is working great and the amount of traffic on the WAN really is minimal IMO.

    Thursday, July 31, 2014 4:19 PM
  • I still dont have the WAN bandwidth. I would know more details about the project next week. 

    Thanks!


    Thursday, July 31, 2014 9:28 PM
  • Hi,

    I'm designing on the similar lines of cfreeman21 except that my management wanted a remote SQL server.

    Primary Site Roles:

    Site Server

    Component server

    Site System

    Application Catalog Webservice/Website points

    Management Point

    Software Update Point

    Fallback Status Point

    Asset Intelligence Sync Point

    State Migration Point

    Distribution point

    All clients are local so I'm going with one primary site, management point and DP.

    I have few questions though:

    -Currently all the servers are managed with WSUS. Going forward after I configure SUP, how can I manage server updates ? (Server Device Collections or I have to manage through WSUS?)

    -There is no firewall currently setup and the servers can communicate, do I still have open ports for SQL Replication ?

    -Using only 2 partitions C:(Installation Files) and D:(content library + OS). Is this recommended ?

    Thanks in Advance!!

    Monday, August 11, 2014 4:02 PM
  • Keep SQL locally if possible (depending on the number of clients though).

    You cannot use the underlying WSUS of a SUP to deploy updates outside of ConfigMgr. So either use a separate WSUS or manage them using ConfigMgr (recommended).

    You have to create the firewall exceptions if you don't like that ConfigMgr complains about the ports not being opened if I recall correctly.

    No. See the following table http://technet.microsoft.com/en-us/library/hh846235.aspx#BKMK_ReqDiskSpace


    Torsten Meringer | http://www.mssccmfaq.de

    Monday, August 11, 2014 4:17 PM
  • Can you recommend me on the partitions ? 5000 clients all local.

    Thanks!

    Monday, August 11, 2014 5:17 PM
  • I already responded to partition question back on 7/31, and would expect that recommendation to still stand.

    Wally Mead

    Monday, August 11, 2014 5:26 PM
  • Considering that CM is installed to a different drive, will 3 partitions do my job C:(OS) D:(CM) E:(Content) ?

    Please advice.

    Thanks

    Monday, August 11, 2014 5:32 PM
  • If you want a best practice, then everything is on a different drive, including SQL Server. But for a smaller environment, all can work on a single drive, just not ideal. The big thing in that environment is to ensure that the drive never fills up, especially if on the same drive with the OS.

    So best is a unique drive for each function (OS, ConfigMgr, Content, SQL, DB, Logs, etc.). But as stated, it works with all on a single one also.


    Wally Mead

    Monday, August 11, 2014 5:39 PM
  • 

    I got an error during the prerequisite check of the SCCM 2012 console install. DEDICATED SQL SERVER INSTANCE

    Since we are using a remote SQL server I had to go with the defaults(read somewhere since it cannot accept network paths) during Database Information.

    Got the following errors from the setup.log :

    CWmiRegistry::WmiOpen: Failed to read key SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile on xxxxxxx.xxxx.xxxx.com Configuration Manager Setup 8/12/2014 10:41:05 AM 2112 (0x0840)

    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x8004100e Configuration Manager Setup 8/12/2014 10:41:21 AM 2112 (0x0840)

    Please help!

    -I've added the site server install account and the site server as local admins in remote SQL server

    -SQL ports open

    Am I miising anything else ?

    Thanks!!!


    Tuesday, August 12, 2014 7:13 PM
  • Normally when you see errors related to not being able to access something, it means that administrative rights are not granted, or firewall ports are not open (defaults would be 1433 and 4022 but you may very well be using custom ports).

    Wally Mead

    Tuesday, August 12, 2014 8:02 PM
  • I'd co-lomatervehdys the SQL to the same server like mentioned here already many times... On the sizing part, check this excelent post by Johan http://www.deploymentresearch.com/Research/tabid/62/EntryId/115/Sizing-your-ConfigMgr-2012-R2-Primary-Site-Server.aspx
    Tuesday, August 12, 2014 8:48 PM