Need help with SCCM 2012 Deployment Strategy RRS feed

  • Question

  • Our goal with SCCM is to take over our current Imaging Process, Remote Installations, Software Inventory, and Patch Management.

    Our Data Center;
       1000Mbps backbone with 30Mbps going out to our satellite sites
       VMWare 5.0 Update 1 with 8 hosts in a cluster for High Availability
       Compellent ISCI SAN for Storage

    Our Satellite Sites (~34 total);
       100/1000Mbps connectivity internally at satellite site
       An Domain Controller (buil-dc1) at each running Windows 2008 R2 SP1
       An Application Server (buil-ap1) at each running Windows 2008 R2 (with IIS)

    ~8000 Workstations but we want to plan this project for growth. (the most any site currently has is around 600 machines and the majority have around 100-150).

    I have attached a quick picture of our District Network Topology (we are currently in a project to get fiber between our Data Center and Satellite Sites that should be complete within the year).

    I was going to submit a network topology but some reason I cannot post links/images. If needed I can send you a link via a PM.

    From what I have found so far we are going to sandbox a setup as follows (all running Windows 2008 R2 SP1 and available updates);

    1 Primary Server also running Management Point and Software Update Point (VM)
    1 SQL Server (VM running SQL Server 2008 R2 SP2)*
    3 Distribution Points (VMs at the Data Center Level)**

    *In other projects we usually like to keep the SQL and Management pieces separate for disc IO but I wasn't sure if we really need to from the documentation of 50k clients if on-box.
    **I'm thinking an overall 3 Distribution Points to account for our 8k client base and allow room to grow.

    Some of the questions I have are;

    What do all of the roles do and are all of them needed? (such as application catalog, enrollment point)
    Would it be beneficial to have Distribution Points local at our Satellite Sites? (to save bandwidth pushing Windows 7 images/software or with our upcoming Fiber project would we be better of to just push images/larger packages over the WAN)
    What does a Secondary Site really give for features? (do they take the place of Distribution Points if we put Secondary Sites at each Satellite Site)

    Any information, clarification, or direction is appreciated.

    Tuesday, October 16, 2012 6:14 PM

All replies

  • I am a co-worker with Vanyun and this is a network diagram of our infrstructure.

    Tuesday, October 16, 2012 6:22 PM
  • 1) Not not all roles are needed. ConfigMgr is a product with many features and most features have one or more roles. The Application is used if you want to have a software portal where end-users can shop for software.

    2) Yes, either a local DP or one of the alternate content providers like Nomad from 1E or OneSite from Adaptiva

    3) You do not need a secondary site with that bandwidth.

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Tuesday, October 16, 2012 6:44 PM
  • We now have our Primary Site (dist-sccm1) and a Secondary Site (elsc-ss1) up and running from their base installs. We are trying to do a Client Push to 1 imported computer (located in the AD ELSC site) to test on. We also have a Boundary created using the AD site ELSC. The computer imported ok using the Machine Name and MAC Address, however, upon trying to push the client the client log shows;

    "MP 'dist-sccm1.xxxxx.abc' didn't return DP locations for client package with the expected version..."

    Upon looking at our Administration > Servers and Site System Roles it shows both the Primary and Secondary sites with 6 roles (which includes the Distribution Point role). But looking into Monitoring > Distribution Status > Content Status I see that both show the package (Configuration Manager Client Package) is still "In Progress". I have verifed that both servers have the files in their InstallDir\client but for some reason I'm not getting passed this point.

    Initially only our secondary site server had the DP role but in testing we added it to the primary as well. I have also tried rebooting the servers with no changes. From google'ing around it almost seems this has come up at least since May 2012 and is a known issue with packages getting stuck at "in progress" but we are hoping it was resolved since we don't really want to start rolling something new out that will not give us anything better than are other software delivery tool that doesn't work (I mean why would we really want to install 2 things that don't do 1 thing we want).

    Tuesday, October 23, 2012 6:33 PM
  • Just redistribute the package to the DP and monitor distmgr.log.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, October 23, 2012 7:52 PM
  • Hi Vanyun, it sounds like you are well on your well to building out your core infrastructure.  I would like to go further with Kent's #2 point on his post.  I have had great success using Adaptiva OneSite to augment what a typical ConfigMgr environment would look like.  To give you an example, I deployed a 60,000+ client environment with over 2,400 locations using only a few servers that resided in the datacenter.  There are many features with this product that I found extremely beneficial.  Some of these features included:

    • Peer-to-peer PXE (no need for PXE-enabled DPs)
    • Peer-to-peer content distribution (no need for remote DPs)
    • Additional compression and STUNNING WAN utilization capabilities (did not impact line-of-business activities during peak loads)

    The cost of the software was less expensive than the server/OS/additional licensing for 3rd party products that a traditional ConfigMgr environment would look like.  Installation was a snap (installed on one of the ConfigMgr servers in the datacenter) and we were up and running.  If you would like to learn more, please do not hesitate to ask.  I would be glad to answer any of your questions and assist in any way that I can.

    Tuesday, October 23, 2012 10:58 PM