locked
Greenfield deployment of SCCM 2012 - A few questions RRS feed

  • Question

  • Dear SCCM 2012 experts,

    I have recently evaluated SCCM 2012 and with the help of tutorials tried out different features.
    Now I have a few more questions before I recommend that we introduce SCCM 2012 into our production environment.

    Let me just give you a short background info of what we have right now:

    1 Main Office site and 3 remote sites (only maybe 10 users per site), with all relevant servers running 2008R2 SP1.

    Software deployment:
    GPO MSI based
    GPO startup scripts

    The source files for all installations are on replicated DFS shares, so that remote offices have a fast connection to the data.

    WSUS:
    In the main office, we have a WSUS server that uses MS Update as source.
    The remote sites use the main site WSUS server as update source.
    Clients are configured via GPO to use the local update server.

    PXE:
    One WDS server that serves a variety of unattended setups.



    Our difficulty with our current setup is primarily the distribution of software that is notoriously difficulto to deploy via GPO, namely EXE bootstrappers, and software with lots of prereqs, such as Visual Studio 2010 for example.
    With SCCM, I see that I can easily integrate scripted setups as well as dependencies on prerequisites.



    I would suppose that with remote sites, the following setup would be appropriate (but feel free to correct me if I'm wrong):
    Primary Site at Main Office with SQL Server 2008R2 Ent.
    Secondary subsites at remote offices (for distribution/reporting points) (With SQL Server express).


    For a possible SCCM 2012 deployment, I would first like to only migrate our software installations. That is, leave WSUS and WDS alone for now, since what we have is working and SCCM seems very convoluted, especially for software updates).
    However, I would have to install the secondary sites on the same servers that are currently running WSUS due to limited hardware available at the remote sites.

    1. So my first question here is can I install a SCCM 2012 secondary site on the same machine as WSUS (they have to share the SQL Server Express as well as IIS).
    As long as I don't configure SCCM for software updates, will it leave WSUS alone?

    2. In my test environment, I had to enable the "Allow clients to connect anonymously" checkmark for the distribution point for things to work.
    Is there a way around this (since that doesn't seem safe I suppose).

    3. Is there a way to configure business hours for all clients?
    I don't want the SCCM Client to restart workstations during business hours, but rather wait for the user to do the normal shutdown when they leave.

    4. In my test environment, I had trouble with client's inventory when they were shut off. They wouldn't report inventory after that for a long time, even though I set the interval to only 10 minutes to push things along.
    The default inventory times, discovery times for AD, etc, seem to be very long even for a production environment (7 days for example). What would be good values for discoveries, device collection updates, and inventory tasks?
    I'm asking this because employees may be waiting for a software for a long time before they get it with these discovery times.

    5. If I were to upgrade an application, for example from version 2.0 to 3.0, would it be best to advertise an uninstall for 2.0 and then an install for 3.0?
    Previously, with GPO deployment, it would remove managed software, and then install the new one. However, with SCCM, wouldn't I run into problems because the processing is less synchronous?
    I mean, with the discovery times in question 4, wouldn't it be possible for a user to have neither appplication available for a while?

    6. This one seems to be easy, but I'll ask just to be sure. Let's say the primary server crashes (or all of SCCM). In that time, I assume, the only problem until restore is that no software deployments can be made, and configurations cannot be changed, correct?



    I apologize for the long post, and thank you in advance for your answers.





    Thursday, May 31, 2012 11:07 AM

Answers

  • #1: I would not set up a secondary site at a remote office if there are only 10 clients. A sender-enabled DP would be enough.
    #2: that's not needed. Double check the IIS config according to the official docs
    #3: yes, this can be done. See http://www.mssccmfaq.de/2012/03/26/software-center-business-hours-auslesen-setzen/ for an example
    #4: it depends. *Delta* discovery is set to 10min per default and *fast collection evaluation* to every 5min.
    #5: you should have a look at the supersendence functionality of the new application model. It allows you to upgrade/replace an app.
    #6: correct

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, May 31, 2012 11:38 AM
  • All DPs in 2012 are sender-enabled.

    It doesn't matter where you install your DP, it's a DP.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, May 31, 2012 4:19 PM
  • Backwards for your first statement although its more or less a single step.

    Nope, shouldn't interfere at all.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 1, 2012 9:34 PM

All replies

  • #1: I would not set up a secondary site at a remote office if there are only 10 clients. A sender-enabled DP would be enough.
    #2: that's not needed. Double check the IIS config according to the official docs
    #3: yes, this can be done. See http://www.mssccmfaq.de/2012/03/26/software-center-business-hours-auslesen-setzen/ for an example
    #4: it depends. *Delta* discovery is set to 10min per default and *fast collection evaluation* to every 5min.
    #5: you should have a look at the supersendence functionality of the new application model. It allows you to upgrade/replace an app.
    #6: correct

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, May 31, 2012 11:38 AM
  • Thank you for your quick answer!

    I have a few follow up questions.

    I researched sender-enabled DP. Is that the branch distribution point? Because I found that it is no longer supported in SCCM2012. Or do you mean something else?

    Would I be able to use that in the same way as a regular DP?

    Maybe I'm under a complete misapprehension, but I if I understand correctly, I can install such a distribution point on the remote WSUS/Update server and administer it from the primary site just like any other distribution point, correct?

    As for #2, could you point me into the right direction as to which IIS settings are relevant here?

    Thursday, May 31, 2012 1:33 PM
  • All DPs in 2012 are sender-enabled.

    It doesn't matter where you install your DP, it's a DP.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, May 31, 2012 4:19 PM
  • Ok, so just to clarify

    On the remote server that is currently hosting also WSUS, I would install only the DP role for SCCM2012 and then add it as a server in the hierarchy as a DP?

    EDIT:

    If I install the DP on the current remote WSUS Server, will it interfere with that installation? I am not currently planning on migrating WSUS to SCCM, maybe in the future.

    I just wish to ascertain that the DP install will not break WSUS because that already uses the default website.

    • Edited by namezero111111 Friday, June 1, 2012 10:17 AM I'll rephrase so it might be clearer:
    Friday, June 1, 2012 8:16 AM
  • Backwards for your first statement although its more or less a single step.

    Nope, shouldn't interfere at all.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 1, 2012 9:34 PM