I've been looking for short notes that facilitate quick understanding
knowledge on SCCM 2007. I finally put my efforts to bring a short notes on SCCM
2007 to help those who are already familiar with Systems Management Server
(SMS) 2003 and who wish to quickly develop understanding knowledge on
'Microsoft System Center Configuration Manager 2007'.
Microsoft SCCM -2007
(ConfigMgr) provides a comprehensive solution for change and configuration
management for the Microsoft platform, enabling organizations to provide
relevant software and updates to users quickly and cost-effectively, Allows IT
staff to monitor and manage the hardware & software in a modern distributed
environment.
SCCM 2007 Features
·
HW/SW Inventory
·
Software Distribution
·
Software Update
·
Software Metering
·
Operating System Deployment (Image capture/deployment, User
State Migration, Task sequence)
·
Manage site accounts tool (MSAC)
·
Asset Intelligence Remote tools
NAP Works with Windows Server 2008 operating system Network Policy Server to restrict computers from accessing the network if they do not meet specified requirements The System Center Family, The products included under the System Center umbrella address the challenges of managing information technology in organizations of different sizes.
What's New
·
Branch distribution point
·
Desired configuration management
·
Wake On LAN
·
Network Access Protection (NAP)
In addition to SCCM 2007, the
System Center products include: System Center Operations Manager 2007 -Allows
IT staff to monitor and manage the hardware and software in a modern software
distributed environment. System Center code name “Service Desk” When it
released, “Service Desk” is expected to provide implementations of fundamental
IT Service Management processes, including incident management, problem
management, and change management.
System Center Data Protection Manager 2006 Provides data backup
and restore for Windows file servers. System Center Essentials 2007 Provides
tools for less-specialized IT staff in smaller organizations to manage their
environments more effectively with the three most important management
functions: monitoring distributed systems, automating software updates and
installing applications. System Center Virtual Machine Manager Helps management
staff with the process of consolidating applications onto virtualized servers.
System Center Capacity Planner 2006 Capacity Planner is a tool for determining
what hardware resources will be required to run an application, such as
Exchange Server 2003, to meet specific performance and availability goals.
For more information about Microsoft System Center,
SCCM Sites
A site consists of a site
server, site system roles, clients, and resources. A site always requires
access to a Microsoft SQL Server database. There are several types of SCCM 2007
sites. A SCCM 2007 site uses boundaries to determine the clients belonging to
the site. Multiple sites can be configured into site hierarchies and connected
such that you can manage bandwidth utilization between sites. A SCCM 2007 site
is identified by the three-character code and the friendly site name configured
during Setup and types of sites as follows.
Primary Sites-A primary site stores SCCM 2007 data for itself and all the sites beneath it in a SQL Server database.
Secondary Site-A
secondary site has no SCCM 2007 site database. It is attached to and reports to
a primary site. The secondary site is managed by a SCCM 2007 administrator
running a Configuration Manager 2007 console that is connected to the primary
site. The secondary site forwards the information it gathers from Configuration
Manager 2007 clients, such as computer inventory data and Configuration Manager
2007 system status information, to its parent site. The primary site then
stores the data of both the primary and secondary sites in the SCCM 2007 site
database. The advantages of using secondary sites are that they require no
additional SCCM 2007 server license and do not require the overhead of
maintaining an additional database. Secondary sites are managed from the
primary site it is connected to, so they are frequently used in sites with no
local administrator present. The disadvantage of secondary sites is that they
must be attached to a primary site and cannot be moved to a different primary
site without deleting and recreating the site. Also, secondary sites cannot
have sites beneath them in the hierarchy.
Parent Site-A parent site is a primary site that has
one ore more sites attached to it in the hierarchy. Only a primary site can
have child sites. A secondary site is always a child site. A parent site
contains pertinent information about its lower level sites, such as computer
inventory data and SCCM 2007 system status information, and can control many
operations at the child sites.
Child Sites-A child site is a site that is attached to
a site above it in the hierarchy. The site it reports to is its parent site. A
child site can have only one parent site. SCCM 2007 copies all the data that is
collected at a child site to its parent site. A child site is either a primary
site or a secondary site.
Central Site -A
central site has no parent site. Typically, a central site has child and
grandchild sites and aggregates all of their client information to provide
centralized management and reporting. A site with no parent and no child site
is still called a central site although it is also referred to as a standalone
site. A central site to collect all of the site information for centralized
management.
Site Systems
Each site contains one site
server and one or more site systems. The site server is the computer where you
install SCCM 2007 and it hosts services required for SCCM 2007. A site system is
any computer running a supported version of Windows® or a shared folder that
hosts one or more site system roles. A site system role is a function required
to use SCCM 2007 or to use a feature of SCCM 2007. Multiple site roles can be
combined on a single site system, including running all site roles on the site
server, but this is usually appropriate only for very small and simple
environments.
Site System Roles
·
Management Point- The
site system role that serves as the primary point of contact between SCCM 2007
clients and the Configuration Manager 2007 site server.
·
Server locator Point -A
site system role that locates management points for SCCM 2007 clients.
·
Distribution Point-A site
system role that stores packages for clients to install. Software Update
Point-A site system role assigned to a computer running Microsoft Windows
Server Update Services (WSUS).
·
Reporting Point-A site
system role hosts the Report Viewer component for Web-based reporting
functionality.
·
Fallback Status Point -
A site system role that gathers state messages from clients that cannot install
properly, cannot assign to a Configuration Manager 2007 site, or cannot
communicate securely with their assigned management point.
·
PXE Service Point-A site
system role that has been configured to respond to and initiate operating
system deployments from computers whose network interface card is configured to
allow PXE boot requests. User
·
State Migration Point-A site
system role that stores user state data while a computer is being migrated to a
new operating system.
How Site communicates?
Clients communicate with site
systems hosting site system roles. Site systems communicate with the site
server and with the site database. If there are multiple sites connected in a
hierarchy, the sites communicate with their parent, child, or sometimes
grandchild sites. Site Boundaries, SCCM 2007 uses boundaries to determine when
clients and site systems are in the site and outside of the site. Boundaries
can be IP subnets, IP address ranges, IPv6 prefixes, and Active Directory
sites. Two sites should never share the same boundaries. Assigning the same IP
subnet, IP address range, IPv6 prefix or Active Directory site to two different
sites makes it difficult to determine which clients should be managed in the
site.
Inter-Site Communication When you have a separate sites, SCCM
2007 uses senders to connect the two sites. Senders have sender addresses that
help them locate the other site. When sending data between sites, senders
provide fault tolerance and bandwidth management.
Intra-site Communications They
use either server message block (SMB), HTTP, or HTTPS, depending on various
site configuration choices you make. Because all of these communications are
unmanaged, that is, they happen at any time with no consideration for bandwidth
consumption, it is beneficial to make sure these site elements have fast
communication channels.
Discovery Methods
·
Active Directory System Discovery -Discovers
details about the computer
·
Active Directory System Group Discovery -
Discovers details such as organizational unit, global groups, universal groups,
and nested groups.
·
Active Directory User Discovery-Retrieves Active
Directory User Discovery
·
Active Directory Security Group Discovery-Discovers
security groups created in Active Directory.
·
Heartbeat Discovery-Refresh
Configuration Manager client computer discovery data in the site database.
·
Network Discovery-Searches
the network for resources that meet a specific profile, From router's ARP
cache, SNMP agent and DHCP Each discovery method creates data discovery records
(DDRs) for resources and sends them to the site database, even if the
discovered resource is not capable of being a SCCM 2007 client.
Active Directory User Discovery and Active Directory Security
Group Discovery allow you to target software distribution packages to users and
groups instead of computers.
Client Installation
SCCM 2007 provides several options for installing the client software.
The following table lists the client computer installation methods.
Client Installation
SCCM 2007 provides several options for installing the client software.
The following table lists the client computer installation methods.
·
Software update point installation -Uses
the Automatic Update configuration of a client to direct the client computer to
a WSUS computer configured as a SCCM 2007 software update point.
·
Client push installation -Uses
an account with administrative rights to access the client computers and
install the SCCM 2007 client software.
·
Manual client installation -A
user with administrative rights can install the client software by running
CCMSetup on the client computer. A variety of switches modify the installation
options.
·
Group Policy installation -Uses
Group Policy software installation to install CCMSetup.msi.
·
Imaging -The client
software can be added to an image, including images created and deployed with
SCCM 2007 operating system deployment.
·
Software Distribution -Existing clients can be upgraded or
redeployed using SCCM 2007 software distribution.
Mobile devices use different installation methods Client
Assignment Clients must be assigned to a site before they can be managed by
that site. Clients can be assigned to a site during installation or after
installation. Assigning a client involves either telling it a specific site
code to use, or configuring the client to automatically assign to a site based
on boundaries. If the client is not assigned to any site during the client
installation phase, the client installation phase completes, but the client
cannot be managed by SCCM 2007.
Clients cannot be assigned to secondary sites; they are always
assigned to the parent primary site, but can reside in the boundaries of the
secondary site, taking advantage of any proxy management points and
distribution points at the secondary site. This is because clients communicate
with management points and management points must communicate with a site
database. Secondary sites do not have their own site database, They use the
site database at their parent primary site. Authenticating Clients Before SCCM
2007 trusts a client, it requires some manner of authentication. In mixed mode,
clients must be approved, either by manually approving each client or by
automatically approving all clients or all clients in a trusted Windows domain.
In native mode, clients must be issued client authentication certificates prior
to installing the SCCM 2007 client software.
Blocking
Clients- If a client computer is no longer trusted, the Configuration
Manager administrator can block the client in the SCCM 2007 console.
Client Agents
Client agents are SCCM 2007 components that run on top of the base client components.
Computer Client Agent Properties-Configures how often client computers retrieve the policy that gives them the rest of their configuration settings.
Device Client Agent Properties-Configures all of the properties specific to mobile device clients. Hardware Inventory Client Agent-Enables and configures the agent that collects a wide variety of information about the client computer.
Software Inventory Client Agent-Enables and configures which files Configuration Manager inventories and collects.
Advertised Programs Client Agent-Enables and configures the software distribution feature.
Desired Configuration Management Client Agent-Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them
Remote Tools Client Agent-Enables Configuration Manager remote control
Network Access Protection Client Agent-Enables Configuration Manager Network Access Protection
Client Agents
Client agents are SCCM 2007 components that run on top of the base client components.
Computer Client Agent Properties-Configures how often client computers retrieve the policy that gives them the rest of their configuration settings.
Device Client Agent Properties-Configures all of the properties specific to mobile device clients. Hardware Inventory Client Agent-Enables and configures the agent that collects a wide variety of information about the client computer.
Software Inventory Client Agent-Enables and configures which files Configuration Manager inventories and collects.
Advertised Programs Client Agent-Enables and configures the software distribution feature.
Desired Configuration Management Client Agent-Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them
Remote Tools Client Agent-Enables Configuration Manager remote control
Network Access Protection Client Agent-Enables Configuration Manager Network Access Protection
Software Updates Client Agent-Enables the agent that scans for and installs software updates on client computers.
Administrator Console
You can run the console from the site server or install
additional consoles on your desktop or help desk computers to facilitate
management. One console can manage many sites or many consoles can manage a
single site. The SCCM 2007 console runs as a Microsoft Management Console (MMC)
snap-in, although you must run SCCM 2007 Setup on the computer so that the
snap-in is available.
Collections
Collections represent groups of resources and can consist not
only of computers, but also of Microsoft Windows users and user groups as well
as other discovered resources. Collections provide you with the means to
organize resources into easily manageable units, enabling you to create an
organized structure that logically represents the kinds of tasks that you want
to perform.
Inventory
Hardware inventory gives you system information Software
inventoried file types and versions present on client computers Queries It uses
WBEM query language (WQL) to query the site database. Query results are
returned in the SCCM 2007 console, where they can be exported using the MMC
export list feature.
Reporting
Reporting is a supporting feature to many other SCCM 2007
features. Reports are returned in Web pages in the browser. With reporting you
can create reports that show the inventory you have collected or the software
updates successfully deployed. You can also create dashboards, which combine
several different views of information. Several pre-created reports are
available to support common reporting scenarios. For more information about the
reports provided for each feature, see the feature documentation.
Software
Distribution
Software distribution allows you to push just about anything to
a client computer. Packages in software distribution can contain source files
to deploy software applications and commands called programs that tell the
client what executable file to run. A single package can contain multiple
programs, each configured to run differently. Packages can also contain command
lines to run files already present on the client, without actually containing
additional source files.
Software
updates
The software updates feature provides a set of tools and resources
that can help manage the complex task of tracking and applying software updates
to client computers in the enterprise. Software updates in SCCM 2007 requires a
Windows Server Update Services (WSUS) server to be installed and uses that to
scan the client computers for applicable software updates. The administrator
views which updates are needed in the environment and creates packages and
deployments containing the source files for the software updates. Clients then
install the software updates from distribution points and report their status
back to the site database.
Software Metering
Software metering enables you to collect and report software
program usage data. The data provided by these reports can be used by many
groups within the organization such as IT and corporate purchasing. Software
metering in SCCM 2007 supports the following scenarios: Identify which software
applications are being used, and who is using them. Identify the number of
concurrent usages of a specified software application. Identify actual software
license requirements. Identify redundant software application installations.
Identify unused software applications which could be relocated.
Operating System Deployment
Operating system deployment enables you to install new operating
systems and software onto a computer. You can use operating system deployment
to install operating system images to new or existing computers as well as to
computers with no connection your SCCM 2007 site. By using task sequences and
the driver catalog operating system deployment streamlines new computer
installations by allowing you to install software using one dynamic image that
can be installed on different types of computers and configurations. Operating
system deployment provides the following solutions for deploying operating
system images to computers: Provide a secure operating system deployment
environment. Assist with managing the cost of deploying images by allowing one
image to work with different computer hardware configurations. Assist with unifying
deployment strategies to help provide a solid deployment foundation for future
operating system deployment methods.
Desired Configuration Management
Desired configuration management enables you to define
configuration standards and policies, and audit compliance throughout the
enterprise against those defined configurations. Best practices configurations
can be used from Microsoft and vendors in the form of Microsoft System Center
SCCM 2007 Configuration Packs. These Configuration Packs can then be refined to
meet customized business requirements. Additionally, desired configuration
management supports an authoring environment for customized configurations.
This feature is designed to provide data for use by many groups within the
organization, including IT and corporate security.
Mobile
Device Management
Mobile devices are supported as SCCM 2007 clients. For documentation purposes, mobile clients are treated as a separate feature. Mobile clients can run a subset of SCCM 2007 features such as inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.
Remote Tools
Mobile devices are supported as SCCM 2007 clients. For documentation purposes, mobile clients are treated as a separate feature. Mobile clients can run a subset of SCCM 2007 features such as inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.
Remote Tools
Remote tools in SCCM 2007 includes the remote control feature
which allows an operator with sufficient access rights the ability to remotely
administer client computers in the SCCM 2007 site hierarchy.
Network Access Protection
Network Access Protection (NAP) is a policy enforcement platform
built into the Windows Vista and Windows Server® 2008 operating systems that
helps you to better protect network assets by enforcing compliance with system
health requirements. You can configure DHCP Enforcement, VPN Enforcement,
802.1X Enforcement, IPSec Enforcement, or all four, depending on your network
needs.
Asset Intelligence
Tracking IT asset & reporting -Is an inventory monitoring capability of SCCM 2007
Wake On LAN
The Wake On LAN feature helps to achieve a higher success rate
for scheduled SCCM 2007 activities, reducing associated network traffic during
business hours, and helps organizations to conserve power by not requiring
computers to be left on for maintenance outside business hours. Wake On LAN in
SCCM 2007 supports the following scenarios:
Sending
a wake-up transmission prior to the configured deadline for a software update
deployment. Sending a wake-up transmission prior to the configured schedule of
a mandatory advertisement, which can be for software distribution or a task
sequence.
Security Modes
Security Modes
There are two security modes in SCCM 2007.Native mode is the
recommended site configuration for new SCCM 2007 sites because it offers a
higher level of security by integrating with a public key infrastructure (PKI)
to help protect client-to-server communication. PKIs can help companies meet their
security and business requirements, but they must be carefully designed and
implemented to meet the current and future needs. Installing a PKI solely to
support SCCM 2007 operations could fulfill certain short term goals but could
hamper a more extensive PKI rollout to support other applications at a later
time. If your organization already has a well-designed, industry-standard PKI,
SCCM 2007 should be able to use certificates from the existing PKI.
Backup and Recovery
Like any enterprise software, your site should be backed up to
provide recoverability in case of unexpected events. Backing up a SCCM 2007
site involves backing up the database, the file system, and the registry all at
the same point in time - backing up just one of these elements is not
sufficient to restore a working site. SCCM 2007 uses the Volume Shadow Copy
Service (VSS) to take small, frequent snapshots of the necessary components,
making it easier to restore a failed site. The Site Repair Wizard walks you
through the necessary steps to complete the site recovery.
No comments:
Post a Comment