...Because someone's gotta tell the story...


To return to the main Blog List, click Full Blog Listing.


Active Directory
System Center

Smart SCCM Planning, or can I run Setup.exe?

Wednesday, November 10, 2010 in System Center (Views: 2320)
I have met a lot of people that have come to expect a piece of software to be as simple as running Setup, and it's ready and configured for you, just the way you want. Unfortunately, Configuration Manager takes a fair amount of configuration on its own. Below, I've outlined some notes on how you can plan and deploy an effective SCCM solution in general. Of course, there are many things to consider, such as site placement, what roles you want to use, how you want clients configured, and so forth.

I am really doing this blog as more of a brain and note dump for my own education, but figured someone out in cyberspace could benefit from my take on this information as well. But, let's get into the meat of this:

First, I can't stress enough how testing is important to your SMS environment. No matter what you do, be sure to test, so that you can understand the changes being made to your environment before you implement it.

So, before scoping out the actual environment, there are a few things to look over first, what is called "Pre-Planning". Pre-Planning consists of a few steps:

1. Look at and document your existing environment
• You really can't manage what you don't have, or don't know you have. This should be an important part of any deployment as it helps trim down risks and surprises.

2.Look at your needs and identify objectives
• What is it that you're trying to accomplish by implementing SMS/SCCM into your environment?
• Understand SCCM's features and how they can work for you.
• What you don't understand, research and find out.

3.Put together a test lab
• I can't stress this one enough. Before making any changes or even implementing the environment, set up a lab.
• I would recommend virtualizing this lab, and self-containing it to a virtual internal network.
• Try keeping this lab as consistent as possible with your proposed production environment. If you have a 3 tier hierarchy, then do the same for your lab.

Let's go into a little more detail on the 3 points from above:

Look at and document your existing environment

Understanding your network, clients, topologies, and history will most likely greatly influence how you deploy SCCM. As much as it's a pain to document every little thing, there's a lot to consider before deployment. Here are some of the things to look for:

• History: Did you try SCCM, or SMS previously? Did you try any other products in the past? Do you currently use anything now?
• Sites: Where are the sites you are managing, and are we managing more than just English versions of Windows? Also, another thing to consider is time differences. This will come up big during things like software deployment schedules.
• Org Chart: How is your company managed and how do you want to segment the responsibility for managing those systems? Is it based on location or organization?
• The Network: What kind of bandwidth do you have between sites, and how many users do you have at these sites? What kind of utilization is your network getting prior to any changes? Don't forget to document your subnets, and make sure AD Sites and Services is updated accordingly with all your sites. Pay attention to AD Sites, they will come up big for you later.
• Clients: How many clients are at each location, and what OS are they running? Are they still on Windows 2000, Windows 7? Or are they all just mixed versions of Windows?
• Servers: Where are your servers located and what functionality do they provide (GC, DHCP, DNS, etc). Don't forget to document the server OS version and the AD domain and forest functional levels.
• Security: Understand who you want managing your environment and the security groups you have in place. Take this opportunity to insure IT security by looking over shared folders and planning locations to store your data, such as packages and software updates.
• The IT Folks: Plan out what role (if any) that your IT people will play in managing SCCM.
Look at your needs and identify objectives

There are several SCCM Features that apply directly to business needs. So, what I am going to do is list the business requirement, and the associated feature.

• Configuration Management

Hardware and Software inventory tracking for auditing and reporting
• Hardware Inventory
• Software Inventory
• Reporting
• Possibly Asset Intelligence

Access to view information stored in SCCM about computers, installed software, advertisements, collections, packages, etc.
• Reporting

Find clients automatically that are domain joined and add them to SCCM
• Active Directory Discovery (System and optionally Group)
• Client Push Installation (Optional)

Create computer groups so that you can manage computers together
• Sites
• Collections
• Site Boundaries

Deployment and management of software releases
• Software Distribution
• Reporting

Run scripts on client computers (and rerun on a schedule)
• Software Distribution
• Advertisements
• Reporting

Report usage of software on installed computers and amount of time spent in applications. Also meter how many copies of softtware installed versus how many licenses you have, and how many are using it.
• Software Metering
• Software Inventory
• Reporting

Bandwidth consolidation and compression for clients on slow links or larger sites
• Child Sites
• Secondary Sites

Computer management over the internet without VPN
• Native Mode (Required for IBCM)
• Internet Based Client Management

Remote control tools for helpdesk, user shadowing, and tools to diagnose computer problems
• Remote Tools
• Hardware and Software Inventory
• Reporting

Install Windows Client and Server OS on new or existing computers
• OS Deployment

Install Windows Client or Server OS and migrate old user data
• OS Deployment - User State

Find computers that are out of compliance ("configuration drift"), and audit machines to keep them in compliance
• Desired Configuration Management
Keep computers up to date with software updates or patches
• Software Updates
• Software Distribution

Prevent computers from accessing the network until they pass a configuration baseline (installed patches, etc)
• Network Access Protection

Save money on electricity by waking up computers to install software, patches, or management
• Wake On LAN

Keep it SMART

SMART is an acronym that relates to the Microsoft Solution Framework best practices. All requirements should be:

Results Oriented
Time Specific

Speaking of SMART, keep an eye not just on the hard costs of servers, software and training, but also the soft costs, such as leaning curve, but how much time you plan on using for research and developing your labs and production environment.

One other thing to consider is how much effort you'll be putting into the project and how much detail you will be putting in to system management. Will you need to hire a full time person, or is this just another application that's going to live in your network?

Put together a test lab

I can't stress enough how important labs are. Some recommendations I would make for this:

• Do not use your production environment for testing, isolate the lab. Use a different domain, and not your production one (you can always restore a DC to the isolated lab).
• Mirror your lab as closely to your production environment as possible. If you don't, there's no sense in testing a real "apples to apples" comparison, it's just a play lab.
• If you implement your lab in production, make sure to use different boundaries and site codes - but again, I highly recommend not using production at all.
• Try your best to keep similar configurations for hardware between test and production. I know that most labs are running the old equipment, as testing is a necessary evil. However, you may want to introduce hardware into test before going production.
• If possible, and in the case of slow links, set up throttling on your switches so you can see how clients and servers respond to slow links (especially).
The lab is where you can do all of your configuration and testing from designing the entire SCCM environment to planning, deployment, security, and backup/restore. I would get comfortable with this at minimum before going into production.

Of course, one thing you want to make sure of is that once your lab is configured, that you do your best to maintain and keep it up to speed with your production environment.

Sounds like we've landed at a cliffhanger for a part 2. :) But, this is only the Pre-Planning phase. I will be back in a later blog to discuss more of the planning.


Related Blogs You May Be Interested In:

To leave a comment, please log in and/or register.