Get the Most from Your Microsoft Configmgr 2012 Migration via 1E


Presentation Description

Whether you are about to migrate to ConfigMgr 2012 or are already there, you should investigate how you can get the most from SCCM. This section highlights key changes in ConfigMgr 2012 as compared with ConfigMgr 2007 and provides an overview of the lessons that 1E has learned in relation to them.


Presentation Transcript

slide 1:


slide 2:

1E.COM THE AUTOMA TED MIGRA TION: AN ANAL YSIS OF OPTIONS Overview ConfgMgr 2012 Migration Options Getting the Most from ConfgMgr 2012 1E Nomad: Enhancing Your ConfgMgr 2012 Infrastructure How Else Can 1E Help 3 4 5 14 19 Contents Share this Abstract This white paper sets out how you can expedite your migration to ConfgMgr 2012. When the migration is done or if you have already migrated it also provides ideas to maximize SCCM 2012’s benefts and to lower your costs. The Authors Several of 1E’s ConfgMgr technical specialists have contributed to this document namely: Shaun Cassells Troy Martin Mike Terrill and Paul Thomsen.

slide 3:

1E.COM 3 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION Microsoft® System Center Confguration Manager 2012 “ConfgMgr” or “SCCM” has been well received by organizations of all types and sizes around the world. Many of the organizations that 1E works with have moved to it are moving to it or have imminent plans to do so. If you are preparing to upgrade or are in the midst of such a project this is the ideal time to expedite your project minimize your costs and maximize the benefts from ConfgMgr. If you’ve already made the move you can build on the lessons you’ve learned to make your ConfgMgr implementation even better. Based on 1E’s many years of experience as Microsoft’s premier ConfgMgr partner this document provides you with a wide variety of ideas and options to maximize the return your organization is getting from your ConfgMgr investment. You can consider implementing these ideas yourself and where appropriate talk with 1E about how we can help. This document suggests options such as: • Use industry best practices when using the key SCCM 2012 features • Keep your ConfgMgr hierarchy as simple as possible especially since SP1’s availability – you can add a Central Administration Site CAS or other primaries later if business developments require them • Flatten your server infrastructure and cut on-going running costs • Consider the Intune integration option so that you can manage consumer-oriented devices in addition to Windows computers as well as Macintosh and Linux • PowerShell support brings a new level of customization and control In 2012 1E consultants took a deep dive into SCCM and published their tips for success. Those original observations proved to be very helpful and popular so we were pleased to update them in 2013 for Service Pack 1 SP1. Later in this document you will fnd updates to the changes that were made in ConfgMgr 2012 R2 and the changed environment ConfgMgr now serves. Overview

slide 4:

1E.COM 4 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION If you are planning to migrate to ConfgMgr 2012 or are in the midst of your project you should consider your migration options. The benefts include: • Minimizing your ConfgMgr server footprint and maximizing reliability and performance • Reducing the deployment timeline by two thirds • Improving your patching and software distribution success Doing the migration with your own staff and just SCCM might be a viable option if you are prepared to delay other projects often by months. You will need time to set up a lab educate the team on the migration process build a design and process test the process in the lab plan for production and then do the actual work of the migration itself. There is also the risk that you will miss lessons that have been learned elsewhere given that this is your frst opportunity to actually do a migration to SCCM 2012. The challenges and risks increase dramatically if your organization is fairly large is very diverse or has other unique characteristics. You should also consider how well the end state will serve your needs. As long time partners of Microsoft 1E is very impressed by the capabilities of ConfgMgr 2012 and is very pleased to specialize in it. However 1E has worked with hundreds of organizations where SCCM could be enhanced to even better serve the organization. Such enhancements are why Microsoft so greatly values its huge partner ecosystem. Therefore it is prudent to take time to consider whether additional software would allow SCCM to work even better for you. Taking time to read this whitepaper is a great frst step. The cost of additional services and software are often a concern and we are pleased to discuss that with you. Our experience has been that the benefts are so dramatic in hard savings that the investment quickly pays for itself. We have the analysts to help you quantify those savings and we have the history to prove that the savings will be realized as planned. Our large support and engineering teams ensure the savings continue to be realized for years long after the investment has paid off. If you see the potential that 1E’s consultants software or partners can help you we encourage you to contact us. We will be pleased to meet at a time and in a format that works well for you to explore the possibilities. Our professional account and technical teams will carefully listen to your challenges and requirements and then explain our solutions to whatever degree you like. If there are better alternatives we will point them out and leave you to them. We are here to help as we have done with so many organizations since 1997. ConfgMgr 2012 Migration Options

slide 5:

1E.COM 5 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION Getting the Most from ConfgMgr 2012 Whether you are about to migrate to ConfgMgr 2012 or are already there you should investigate how you can get the most from SCCM. This section highlights key changes in ConfgMgr 2012 as compared with ConfgMgr 2007 and provides an overview of the lessons that 1E has learned in relation to them. Application Management The deployment of software is the primary function of most ConfgMgr implementations. In ConfgMgr 2007 software distribution was achieved by defning packages and programs and then advertising the programs to collections of clients or users. Different installation types e.g. 32-bit and 64-bit installation could require separate programs. Typically a collection would defne the target for each installation type query-based collections defne the logic that determines which systems should run the program. Those legacy objects are still available in ConfgMgr 2012 and are in fact still required for some of the content required in an operating system deployment task sequence such as boot images OS images driver packages and the ConfgMgr client agent. However ConfgMgr 2012 introduced a completely new alternative approach to software distribution – application management. For application management an application has a number of deployment types each defning the required source fles install and uninstall command lines and user experience e.g. whether a user needs to be logged in similar to the properties of the legacy packages and programs. Deployment types are deployed through a deployment which isn’t all that dissimilar from the concept of an advertisement. The most signifcant difference with SCCM 2012 application management is that the deployment type also defnes the targeting logic which is evaluated on the client each time the Application Deployment Evaluation Cycle occurs. Application management uses the same ‘engine’ as the Compliance Settings so the decision whether to install can be based on values from Windows Management Instrumentation WMI the local registry the return code of a script the result of a Microsoft SQL Server database query or the user either logged on at the time or the primary user of the device. The collections targeted by a deployment can therefore be much more encompassing – now you needn’t panic when you accidentally deploy to All Systems as long as you have the right conditions defned in the Deployment Type requirements. SP1 extended this model by improving the App-V support and adding Windows 8 support. Migrating to ConfgMgr 2012 does not require migrating to application management right away but you should

slide 6:

1E.COM 6 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION consider doing so when time permits in order to take advantage of its benefts: • Applications are state based so if an application is uninstalled from a client it will be reinstalled automatically in order to restore the intended state of the client • The evaluation as to which clients or users receive the application is done on the clients so the workload on the servers is reduced particularly in terms of collection evaluation • Applications can be made available to users in the Application Catalog thus enabling a user-centric service model Site Hierarchy ConfgMgr 2012 should keep the minimalists happy – the architecture is designed for a much fatter hierarchy and in fact a single site ConfgMgr 2012 hierarchy is used by most organizations with less than 100000 clients to manage. An important change in the SCCM 2012 architecture for those organizations that do require multiple sites is the Central Administration Site CAS which is in some ways similar to an SCCM 2007 central site but no clients can be managed directly from the CAS. A key role of the CAS is to coordinate replication of data throughout a hierarchy so it is not required if you are going to manage your entire environment with a single primary site. As of SP1 a standalone site can be attached to a CAS at a later stage. A CAS also enables a failed primary site to be recovered even without a backup. It is worth noting that only primary sites can attach to a CAS and only secondary sites can be attached to these primary sites so effectively your hierarchy will not exceed three tiers for the core sites additional secondary sites can be lower tiers. Even the role of the secondary site is somewhat changed in ConfgMgr 2012. One of the main reasons for deploying secondary sites in ConfgMgr 2007 was to be able to manage network bandwidth for the distribution of content packages updates and OS images. In ConfgMgr 2012 distribution of content to remote distribution points can be scheduled and throttled in the same manner as site-to-site traffc so unless you are concerned about the volume of traffc going back to the primary site inventory status software usage etc. you can do without secondary sites. It’s worth noting that secondary sites require a SQL database in ConfgMgr 2012 however the secondary site installation will install Microsoft SQL Server® Express if a supported version of SQL Server is not installed locally. In ConfgMgr 2012 boundaries are used to identify network locations and are available to all Sites in the hierarchy. Boundaries are then grouped together in boundary groups which can be optionally associated with a particular site for client site assignment. For example each of the LANs in a particular location like a branch offce or a retail store would be added as individual boundaries and these boundaries would

slide 7:

1E.COM 7 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION then be added to a boundary group that identifes that location. The boundary group can then be associated with the primary site that should manage that location. Given all these options you can do a lot to simplify your SCCM hierarchy and therefore simplify operations and increase reliability: • Don’t include a CAS unless you must • Only use secondary sites in locations with a large number of clients and/or if you expect a very large volume of data to be frequently reported up the hierarchy • If you must have multiple primary sites keep the count as low as possible Site-to-Site Replication If you have need for a multi-site ConfgMgr hierarchy you should be aware that site-to-site communication has received a major overhaul in ConfgMgr 2012. Database replication has replaced most of the legacy fle transfer in and out of inboxes content as in packages applications and operating system deployments are still replicated using the fle system. Most changes in any site will be replicated globally to all sites in the hierarchy not just to the parent or child sites. To help monitor and resolve replication issues between the sites there is a Database Replication node in the Monitoring section of the console that shows the status of any links. The Replication Link Analyzer is an additional tool that enables further analysis and remediation of SQL replication issues between sites. SP1 improved replication by giving you more control in terms of what is replicated and when. Administration The administration console was historically a big pain point for ConfgMgr 2007 administrators. Not only was it diffcult to control to allow certain users to only see the features they administer but it also crashed too often. The administration console in ConfgMgr 2012 has been completely redesigned and rewritten from the ground up. It does not use Microsoft Management Console MMC and displays only the features the administrator has rights to. SP1 enhanced the administrative model even further. New PowerShell support extends your administration options so that you can automate ConfgMgr operations even more than in previous versions. The addition of the Client Operations infrastructure allows you to initiate Endpoint Protection and client policy refreshes whenever you require them. Managing Clients Over the Internet The complexities of Native Mode in ConfgMgr 2007 no longer exist in ConfgMgr 2012 as the Mixed and Native Site modes are no more. Instead the various Site system roles within the Site are confgured to support HTTP or HTTPS connections or both.

slide 8:

1E.COM 8 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION Within a Site multiple site systems e.g. management points can be deployed allowing one or more servers situated in a demilitarized zone DMZ to host internet-facing roles using HTTPS with the same roles hosted on an internal server using HTTP. Use of HTTPS still requires public key infrastructure PKI to enrol client and server certifcates mutual authentication is still required however the Site Server Document Signing Certifcate is now created by the site as a self-signed certifcate. By default if a client has a client authentication certifcate issued by a trusted Certifcate Authority CA it will use HTTPS and will be able to communicate with all Site systems that are confgured to support HTTPS. If no such client authentication certifcate exists the client will use a self-signed certifcate and use HTTP to communicate only with site systems that are confgured to support HTTP. New to ConfgMgr 2012 is the possibility for Internet-based clients to evaluate a user-based policy such as application deployments. In order for this to occur either the management point MP and user account must be in the same forest or a trust must exist between the forests in which the MP and the user account reside. In either case any perimeter frewall must allow AD authentication traffc between the MP and a domain controller in the user account’s forest. Exciting SP1 changes include the ability to use cloud-based Azure distribution points and to enable clients to get software updates from Microsoft Update if corporate DPs are not available. ConfgMgr 2012 SP1 and R2 demonstrate Microsoft’s commitment to dramatically improving your internet client management options. The Intune integration is much more robust and a larger variety of clients are supported. With R2 you can also now manage iOS7 settings deploy web application shortcuts and use Windows 8.1 app bundles. Similarly remote connection certifcate VPN Wi-Fi and email profles make it easy for you to enable mobile user support rather than having to implement your own solution. As your users increase their expectations for mobile support and ConfgMgr increasingly enables it you should consider implementing these features in your organization. Scalability A ConfgMgr 2007 hierarchy could support a maximum of 200000 clients 300000 with R3. ConfgMgr 2012 supports up to 400000 clients in a single hierarchy when the database for the Central Administration Site is running SQL Server Enterprise. Each Primary Site can support up to 100000 clients if the database and Primary Site roles are hosted on separate servers. The SP1 database replication options ensure that

slide 9:

1E.COM 9 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION you can fne tune it in even the most challenging environments. As with ConfgMgr 2007 each Management Point MP can support up to 25000 clients. However the concept of a Default Management Point no longer exists in ConfgMgr 2012 and neither does support or necessity for Network Load Balancing NLB an MP. Instead up to four servers can host the MP role and clients manage the load balancing in much the same way as they do with Distribution Points DPs. ConfgMgr 2012 also increases the number of supported DPs per Site from 100 to 250 each supporting up to 4000 clients. At frst you might think that scalability is not an issue for you unless you work for a very large organization. However even medium-sized organizations could have a very large number of clients when you take into account the multiple devices that users often have. So if users typically have a laptop tablet and phone and you manage them all then an organization with 50000 to 100000 users could have some scale concerns. Add in a lot of data-center servers point-of-sale systems robotic control systems or similar options and even current ConfgMgr 2012 scalability is worth taking seriously. Distribution Points There are some notable changes in the role of the distribution point DP in ConfgMgr 2012. The branch distribution point BDP distinction has been dropped in ConfgMgr 2012. Instead there is a single DP role that can be installed on servers 2003 upwards and workstations Vista upwards. Interestingly the DP role is the only site system that is supported on both 32- and 64-bit computers all other site systems require a 64-bit OS. Distribution of content to remote DPs i.e. any DP that is not hosted on the same LAN as a site server can use scheduling and throttling similar to that defned in our old friend the site-to-site address that has survived since the frst version of SMS. By default all content is obtained by clients using HTTP or HTTPS which means that any system including a workstation hosting a DP need Internet Information Server IIS installed. Although there is the option to establish content for specifc packages on a ‘legacy style’ DP share this is in fact necessary if you want to use OS deployment task sequences that obtain content directly from the DP the HTTP/S server must always be present. If you currently use network-attached storage NAS devices to host ConfgMgr 2007 DP shares you are going to need a new strategy for ConfgMgr 2012. The DP role now incorporates the Preboot Execution Environment PXE service as an optional feature if the DP is hosted on a server operating system. Windows Deployment Services WDS is still required for PXE booting in ConfgMgr 2012. Talk to 1E about Nomad which not only eliminates the need for any kind of DP in your remote locations but also enables PXE to be served

slide 10:

1E.COM 10 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION from a workstation. Nomad 2012 integrates seamlessly with the ConfgMgr 2012 operating system deployment OSD process using content stored on local peer workstations to complete a full OS Deployment without impacting the WAN. Confguration Manager 2012 SP1 and R2 also introduced and enhanced a new “pull distribution point” role or pull DPs. The beneft of pull DPs is that they offoad the site-to-DP content distribution workload from the site server to the DPs. They do not provide any beneft in getting the content to the clients and they may in fact complicate that process by adding more “moving parts”. Also new are “cloud DPs” meaning distribution points hosted on Microsoft Azure. These can be useful for clients on the internet but you should pay close attention to their costs. If used they are most appropriate for small critical deployments to a limited number of clients. Users in Control ConfgMgr 2012 has been built with the user in mind. The Software Center installed on all clients provides an interface for the user to manage the installation of software that has been made available to them and to view software that has been installed by ConfgMgr. The Software Center can also give the user control over the ConfgMgr actions that are likely to impact them most. For example a user can defne their working day and software deployments and updates can be confgured to respect these and deploy outside of these hours. 1E Shopping provides a much richer experience with confgurable approval workfow support for system as well as user based deployments optional restriction of deployment if insuffcient licenses exist. It integrates with other service desk systems and enables users to rent applications for a fxed period after which they are automatically put back into the pool for other users to employ further reducing the costs associated with purchasing unnecessary software licences. Note that Shopping allows for quarantine periods required by some specifc software vendors when reallocating licensed software. SP1’s extension of ConfgMgr to the device and Macintosh environments allow organizations to empower their users to use the solutions they want while ensuring IT control for security and similar requirements are maintained. Client Health and Effciency There are a number of features in ConfgMgr 2012 to ensure clients remain healthy operational and effcient. The reality is that once your hierarchy has been deployed for a year or more somewhere between 5 and 15 of your clients will experience issues and may stop communicating with ConfgMgr if you don’t intervene. ConfgMgr 2012 directly addresses this problem with ConfgMgr Client Heath evaluator. This program which runs as a

slide 11:

1E.COM 11 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION scheduled task separate from the ConfgMgr client’s service detects and remediates the most common causes of client failure reporting its activities to ConfgMgr. ConfgMgr 2012 clients can also automatically upgrade themselves to the latest version if it is below the specifed version. You enable this from site settings and you can confgure the maximum number of days before the client must upgrade. In addition to this you have control over how the clients’ installation fles are downloaded or not if the distribution point is on a slow link and they can even have a fall-back source location. Note: Microsoft recommends using this as a catch-all after the bulk of any upgrade has fnished. To protect clients from malware ConfgMgr 2012 has Endpoint Protection fully integrated so no more running two separate infrastructures. The Endpoint Protection client is installed using ConfgMgr 2012 client settings so there is no need to create any packages or programs. Endpoint Protection reports and dashboard are integrated into the ConfgMgr console further simplifying operational tasks. There is even an out-of-the-box security role for the Endpoint Protection Administrator defning all the necessary rights to enable the role to be delegated. And with SP1 you can initiate Endpoint Protection activities when you need them using the new Client Operations feature. Keeping up to date with software updates is an important step for ensuring the health and functionality of a client. A signifcant improvement to management of software updates in ConfgMgr 2012 comes with the Automatic Deployment Rules feature. Administrators can ensure updates are automatically downloaded approved and deployed based on specifc criteria instead of manually carrying out tasks. For example this could be used to automatically deploy all critical updates for Windows 7 or to automatically deploy recent signature defnitions for System Center 2012 Endpoint Protection. If you do not want to deploy automatically the rules can be confgured to retrieve compliance information from client computers for the software updates without deploying them. ConfgMgr 2012 R2 further enhanced software updating by allowing you to specify maintenance windows that are for software updates only. Software distribution and task sequences can be done at other times using other maintenance windows. Power Management introduced in ConfgMgr 2007 R3 is enabled by default in ConfgMgr 2012 and includes some minor enhancements. It continues to enforce the same peak and non-peak power plan settings for turning off the display inducing sleep or hibernate modes controlling battery notifcations and button actions and scheduling desktop computers deliberately not

slide 12:

1E.COM 12 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION laptops to wake from sleep. You can now copy settings from another Collection so you only have to tweak the differences. Also users can now exclude their PC from power management which you can report on and over-ride. NightWatchman Enterprise from 1E flls in the gaps enabling scheduled shutdown and wake-up for all systems over-riding processes that prevent computers from going to sleep and enabling potential application issues when resuming to be addressed as well as providing other key features. Client Confguration In previous versions of ConfgMgr client settings were confgured by site. In ConfgMgr 2012 the default client settings a bit like a ‘profle’ of settings are applied to all clients in the hierarchy. As well as editing the Default Client Settings it is also possible to create your own settings ‘profles’ that can be applied to specifc Collections. For example you may have Installation Permissions confgured globally to allow Administrators and Primary Users to initiate software installations but a custom client setting can be confgured to allow no users to initiate software installation for a group of sensitive computers. The defnition of WMI classes that get reported through Hardware Inventory is now managed through the Client Settings interface in the console. No more editing SMS_DEF.MOF or CONFIGURATION.MOF Microsoft Operations Framework. What is really cool with this interface is that new classes can be added by connecting to WMI on any computer and browsing to the class you want to report on. In addition custom hardware classes may be exported to a MOF fle and imported in the same interface. This allows custom inventory settings to easily be transferred from a lab environment to your production environment. Administrators in Control Central to simplifying ConfgMgr hierarchies is removing the need to have primary sites to manage subsets of clients. With ConfgMgr 2007 you might have created a separate SCCM site to manage datacenter clients another for your clients in Europe and another for the executives’ computers. The same logic could have applied to managing their ConfgMgr objects such as packages task sequences and software update deployments. SCCM 2012 gives you new options to put such controls in place without having to add primary sites. The frst set of such controls are what we’ll call “assignment collections” meaning collections used to defne the clients and users that the administrators can manage and then assigned to them. When setting up administrators in the ConfgMgr console you should specify one or more collections that the administrators can use.

slide 13:

1E.COM 13 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION When those administrators are creating deployments or otherwise managing clients they can then use those collections to target the right clients or users or use collections that are directly or indirectly limited to those assigned collections. Clients or users that are outside those assigned collections are not available to them. The second set of such controls are “security scopes”. Scopes control which ConfgMgr objects the administrators can see in the ConfgMgr objects except for collections and the clients and users in those collections which are limited as above. So scopes control which administrators can see applications packages deployments task sequences sites distribution points software metering rules confguration items and a wide variety of similar objects. When creating such objects they can assign them only to scopes that they are limited to and thus other administrators cannot see the objects they have created unless the other administrators are also assigned to the same scope. The third and fnal set of controls are “security roles” meaning the ConfgMgr permissions that the administrators have. There are a number of predefned sets of permissions roles and you can easily create more. Between these three sets of controls you can ensure that administrators can do only what you intend using only the objects you want to the appropriate set of clients or users. You can be confdent that they won’t do more than intended no matter what site they have access to. However you should also consider whether you need a mechanism to coordinate object creation. For example administrators from multiple scopes may require an Offce 2013 application but the second administrator to have such a need might not be able to see that another administrator has already created one because they are in different scopes. With appropriate coordination the second administrator could ask a senior administrator to add his scope to the already existing application allowing him to see and use it as well.

slide 14:

1E.COM 14 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION 1E Nomad: Enhancing Your ConfgMgr 2012 Infrastructure When planning to migrate to ConfgMgr 2012 too many organizations plan to simply replicate their hierarchy design from previous versions. That means duplicating the entire existing architecture whether it is needed or not. We’d like to show you how you can avoid that waste both in terms of budget and effort. 1E’s SCCM Migration with Nomad is the smartest most cost effective means of migrating to and running Confguration Manager. This package of 1E software and consulting services is built on 1E’s years of experience deploying and supporting Nomad at hundreds of organizations and on our experience helping organizations of all sizes deploy various versions of ConfgMgr. The power of the software combined with the strength of the expertise ensures you get the ultimate migration experience. And if you’ve already done the migration we’ll help you to incorporate the solution into your hierarchy. Either way you are going to reduce costs and have an even more effcient computer management infrastructure. With 1E and Nomad you can dramatically reduce the cost of your SCCM infrastructure by minimizing your SCCM server footprint and actively maximizing reliability and performance. By engaging 1E you can reduce your ConfgMgr 2012 implementation timeline by two thirds while actually improving your patching and software distribution success. Nomad is proven and active across millions of seats including at the world’s largest organizations. It is part of 1E’s suite of products helping around the world to reduce IT complexity and achieve dramatic cost effciencies. Nomad is a sophisticated software distribution solution that acts as an Alternate Content Provider for SCCM. It is a proven and effective tool in delivering automated systems management and is the perfect companion to SCCM 2012. Nomad offers the smartest most reliable and cost effective way to distribute patches upgrades software and Operating Systems across the enterprise. Software Distribution Nomad enables software to be distributed across the enterprise quickly and effciently from patches and upgrades to full Operating System OS Images. In most cases clients can fnd the content they need on other clients that have previously needed it. When that’s not the case the client can smartly download it from a central distribution point as described in the “Bandwidth Effciency” section below. When multiple clients need the content simultaneously that download is done only once by a “master” that is elected for the purpose. The process of establishing Nomad communications is entirely automated. Nomad clients use UDP broadcasts to intelligently elect the master computer for each download on each subnet with the ability to re-elect should the master

slide 15:

1E.COM 15 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION become unavailable. Elections are weighted to ensure that the optimal client is elected as the master. That weighting especially favors clients that already have the needed content but if none have it yet then the software is downloaded from a ConfgMgr distribution point. As the download commences the solution’s peer-to-peer model immediately fans out the content to more local clients enabling fast and effcient distribution across locations and subnets. Nomad’s automated discovery of network topography enables administrators to treat multiple subnets as a single subnet. Nomad has the option to add a central server role ActiveEffciency that automatically maintains a list of subnets at all locations. If a master on a subnet at a location requires content that is available on a Nomad client on another subnet at that location the master can fnd that client via ActiveEffciency and obtain that content directly from it. This eliminates the need for the master to download its copy over the WAN from a central DP. For large content or at locations with especially constrained WAN network links this can be quite benefcial. Operating System deployment OSD especially benefts from Nomad’s strengths. Operating System images themselves are often very large as in gigabytes but at the same time clients will also need a variety of applications device drivers patches and possibly other fles. Furthermore users do not want to be without their computers for long so there is limited time to install all that software let alone download it. Therefore Nomad’s ability to reliably provide the content from the LAN anywhere in your organization is crucial to your OSD success. You will usually want to precache that content so that it is ready for the frst client to be upgraded but Nomad readily accommodates precaching. Nomad also helps with storing user data USMT data and PXE booting as discussed in the “Server Reduction” section. The use of clients for software distribution is how Nomad can deliver those enormous reductions in the server footprint. Server Reduction With Nomad organizations looking to migrate can design an SCCM 2012 infrastructure with the bare minimum of distribution points and secondary sites. Even PXE server roles and state migration points can be eliminated. Often 95 or more of those servers can be eliminated. If you’ve already migrated then you can consider removing the servers reusing them for other purposes in your organization. In some cases the servers used for DPs or even secondary sites are also used for other purposes such as fle serving or print sharing. Therefore removing the need for ConfgMgr does not allow removal of the servers themselves.

slide 16:

1E.COM 16 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION However the fact that you don’t need to deployment and then you don’t need to maintain them is a considerable saving in itself. Not only does Nomad deliver transformative cost savings in terms of capital investment dramatically reducing the server footprint also results in ongoing maintenance cost savings as well as signifcantly reducing the manpower and time needed to deploy SCCM 2012. Because Nomad uses any or all ConfgMgr clients and the master sharing role is dynamically elected any time content is needed any issues with Nomad or the computers Nomad is running on do not prevent Nomad from functioning. Another computer is elected and the process continues. Similarly any changes in the network do not affect Nomad because the primary network activities are local to the subnet – the subnet address and topology do not matter to Nomad and thus can change at any time without adverse effect. If the content is not available on the subnet already then Nomad must be able to contact a distribution point but that DP will be one of a small number of DPs likely in a central and very stable data center. The ConfgMgr PXE functionality is a DP-specifc function and therefore every PXE server is also a DP. However a Windows Server Operating System must be used. Nomad’s PXE option can run on any workstation Operating System such as Windows 7 Windows 8 or even Windows XP. State migration points are useful when migrating users from one computer to another or in some cases when upgrading Operating Systems. However they are another role that must be confgured and maintained and considerable disk space must be provisioned and maintained. Nomad can serve this purpose in a very similar manner to how it delivers content – automatically and dynamically. Many organizations have tried but struggled to use large numbers of secondary sites distribution points or branch distribution points. This has often lead them to come to 1E and Nomad. Secondary sites and distribution points can work well enough in small numbers a dozen or two but as the numbers increase the odds increase even faster than at any given time a DP or site will be broken for a variety of reasons. Therefore your deployments will not be as successful as they should be requiring you to track down those issues and spend time resolving them. This work can be very time consuming and tedious if you have a sizable number of servers. DP and site challenges come in various forms but often include: • Hardware issues including failures full disks or performance limitations • Operating System issues including compatibility issues

slide 17:

1E.COM 17 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION • Networking issues such as IP address changes and subnet changes o Remote SCCM servers are often “protected” to serve local clients only by assigning “boundaries” to those servers. However the networking team may not always remember to coordinate with the ConfgMgr leaving ConfgMgr servers to be assigned the wrong boundaries • Coordination issues – the people responsible for the server may not coordinate with the ConfgMgr team when swapping hardware shutting it down for maintenance moving it etc. • End-of-life-replacement – even though this work is predictable it is still time consuming to arrange Bandwidth Effciency There is a signifcant faw in most bandwidth throttling techniques: they involve setting percentage limits for IT traffc across the network. The problem is that these thresholds are static and result in the enterprise either not using all of the available pipeline or in slowed delivery as different functions compete for bandwidth. With Nomad content is only downloaded to a location once and from then on it is shared locally from peer to peer. Nomad’s intelligent bandwidth monitoring and usage management reacts in real-time to the existing traffc. It eliminates the competition between IT and business traffc without the need for scheduling or delaying IT tasks until close of business. As Nomad is downloading it will monitor for latency in the downloading. If any is detected then that is evidence that there is contention on the network links somewhere between the master and the central DP that it is downloading matter. Access to routers is not needed and the topology of the network does not matter – it is suffcient that Nomad sees latency. In that case it will immediately reduce its download rate allowing the other traffc to take priority on the WAN. When the latency disappears Nomad will carefully increase its download rate until it is downloading as fast as the WAN will support. In this way the WAN is providing maximum beneft at all times either to the other business traffc as the frst priority or to Nomad. Remote Locations Nomad is the most reliable way of distributing software across WANs even to poorly-connected and remote locations eliminating the need to establish distribution points everywhere. Nomad establishes a peer-to-peer network for distribution of software patches and OS images from SCCM. So whether the challenge is setting up a new location or bringing an isolated site into your network with Nomad delivery is easy. Nomad’s intelligent bandwidth monitoring and utilization ensures 100 percent reliable content delivery even where the network quality is poor such

slide 18:

1E.COM 18 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION as locations connected via satellite. If you happen to need to update the software on an off-shore oil platform you can stand down the helicopter and rely on Nomad instead. 1E has even done this for Operating System deployments. It took a while for the downloads to complete but the critical business traffc continued uninterrupted over the satellite link. The upgrades then proceeded quickly using the local copies of the content. Improved Security Security and compliance are quite rightly signifcant concerns for the enterprise. Nomad integrates with and builds on the inherent security provided by SCCM 2012 introducing no additional risk to individual PCs or to the network. It is not just about not adding risk though – Nomad actively reduces it. The effcient distribution of content enables IT to distribute patches and upgrades during the day rather than having to wait until end-of-day. That keeps your computers’ security up-to-date at all times. That distinction is especially critical for zero-day exploits but also for computers that aren’t online afterhours such as laptops.

slide 19:

1E.COM 19 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION How Else Can 1E Help Nomad and 1E’s consulting services including those of our partners are central to a successful ConfgMgr 2012 migration but 1E is pleased to offer even more options and has solution to address the following concerns: • Will you provide all the same software packages from ConfgMgr 2012 as you did with ConfgMgr 2007 If not then which packages should be migrated • Do your users here in 2014 have the same expectations as the users had when you deployed ConfgMgr 2007 We often fnd that users are much more likely now to seek out software that will make them more productive and do not understand why that cannot be an almost instantaneous experience. • When you have made the investment in the ConfgMgr 2012 migration is your organization getting new added value that demonstrates to the business that the project was truly a step forward • Are the client computers as available for computer management as much as they were when you implemented SCCM 2007 AppClarity Inevitably some software packages that were useful years ago for business needs at that time are not so useful now. But which software is that Of the software in this case which is the least used When migrating packages it seems prudent to start with the packages that are deployed and used mostly widely then those that are deployed widely and fairly well used and fnally those that are not deployed widely nor widely used. Packages for software that is not used at all should not be migrated no matter how widely they were previously deployed. You or your SCCM administrators can run reports to identify what software is deployed and how widely but determining how well used it is can be challenging. Enabling software meter rules results in often overwhelming data if done on a large scale and takes weeks or months to collect. Any other form of software usage data is hard to relate to specifc software products. And with or without usage data the reports will be very long listing tens of thousands of unique software titles most of which will be extremely obscure. 1E’s AppClarity addresses these challenges by importing relevant data from ConfgMgr applying sophisticated normalization algorithms and presenting the results in user-friendly reports that will give you the information you require. You can dive as deeply as needed into the data but the summarized form will be suffcient for most migration purposes. Having identifed the most used software in your organization you can consider which packages should be migrated to SCCM 2012 as legacy packages or converted to applications.

slide 20:

1E.COM 20 ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION Your software asset management or licensing team will also beneft from AppClarity in that they can import their licensing data and readily identify license compliance issues. They can even address compliance issues in many cases by using AppClarity to automatically de-install software where it is not being used bringing it into compliance. Shopping Microsoft has anticipated the rise of user expectations for app stores by including an Application Catalog in ConfgMgr 2012. However the Application Catalog is a minimal solution lacking key features such as: • Offering both applications and legacy packages the latter are not offered • Active Directory security groups changes • Resource requests such as for computers or offce supplies – only ConfgMgr objects can be offered • A robust approval workfow • Easy integration with ticketing systems or other infrastructure • Rental of applications legacy packages or security group changes ensuring they are removed after the user has used them for project-oriented work • Extensive customization to brand the web site in the same fashion as your other intranet sites • License management 1E Shopping offers these and many other features in a very modern web design that your users will fnd to be a pleasure to use. The experience is consistent with what they have with their consumer devices refecting well on your IT organization. NightWatchman One of 1E’s most popular products is our industry leading power management solution NightWatchman. Windows and ConfgMgr have power management features but real-world complexities often prevent them from enforcing power management when they should. Reporting on the savings realized is minimal. Integrating NightWatchman in your ConfgMgr 2012 infrastructure will allow your organization to maximize power savings and minimize its greenhouse gas impact. The facilities and sustainability teams in your organization will highly value the added value that ConfgMgr 2012 brings to the organization when partnered with NightWatchman.

slide 21:

1E.COM ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRA TION © Copyright 2014 1E. All rights reserved. The information contained herein is subject to change without notice. 1E shall not be liable for technical or editorial errors or omissions contained herein. About 1E 1E is the pioneer and global leader in effcient IT solutions. 1E’s mission is to identify unused IT help remove it and optimize everything else. 1E effcient IT solutions help reduce servers network bandwidth constraints software licenses and energy consumption. Contact us UK HQ: +44 20 8326 3880 US: +1 866 592 4214 India: +91 120 402 4000 Share this WakeUp Where power management is effective you might fnd that you cannot manage computers after-hours because they are in a low power state. To minimize this issue you should use a Wake-on-LAN WOL solution. ConfgMgr includes WOL options including a new WOL proxy feature but technical constraints mean that these options only work in limited circumstances. Both Nomad and NightWatchman include WakeUp a full-featured WOL solution that does not have technical constraints. You can use WakeUp to maximize the effectiveness of ConfgMgr 2012’s features. Either automatically or at SCCM administrator discretion you can use the ConfgMgr console to wake computers for patch management We trust this white paper has raised ideas that will make your experience with ConfgMgr 2012 even better. If you would like to discuss those ideas further please contact us at the numbers below.

authorStream Live Help