Bloggarkiv

My little System Center book project!

For sometime now I have been occupied with my little book project, it has taken a lot of time from my blogging since it has been completely new territory for my part. But! it has been a unique learning experience and I think that I’ve never been this good a using Word… Ever!

A while back a publisher contacted me and asked if I was interested in writing a book for them, at first I thought nah… don’t have the time and capasity to finish this in time.. But after thinking about it a couple of days I thought when am I going to get this opportunity again ? Therefore I said yes! and fast forward a couple of months ahead and here I am with the finished product.

So allow me to introduce my little book

Configuration Manager 2012 High-availability and Performance Tuning

Microsoft SCCM High Availability and Performance Tuning

 http://www.packtpub.com/microsoft-sccm-high-availability-and-performance-tuning/book

FThis is the first time I’ve ever written anything that was over 10 pages (Yes including school as well) and it has been a unique experience and I wish to thanks the publisher Packt www.packtpub.com who has given me this opportunity.

I also wish to thank my reviewers
Marius Skovli and Dragos Madarasan for good feedback in the review process.

Creating VHD from Configuration Manager

Another fancy feature from within Configuraiton Manager is the ability to create VHDs direcly from the console by using a task sequence. Think of the possibilities of creating golden images by bulding a VHD file and then importing this direcly into SCVMM.

In order to do this process there are a couple of requirements.
* You need a physical computer which runs Hyper-V (Window 8 or 2012 +) (NOTE: Had some trouble running the R2 Configmgr on Hyper-v 2012 R2 so I used 2012 for this guide.
* you need the Configuration Manager console installed on the physical computer
* Should not be the site server

Now first thing we do after installing the R2 console is to go into Software Library –> Operating Systems –> Task Sequences.
Then right-click and choose “Create a new task sequence” –> “Install an existing image package to a virtual hard disk”

1

Next we follow the procedures here and enter the information.
Now after we are done with creating the task sequence we can continue on with creating the VHD. We go into Software Library –> Operating Systems –> Virtual Hard disks, right-click and choose “Create Virtual harddisk”

2

3
Now we have to define which task sequence should be assosiated with the VHD file

4
Now after this is done and you have choosen the correct Distribution point that image building will process

5

Now first of it builds an ISO file with the task sequence and creates a VM in hyper-v.

6

You can see a random VM name appears.
Note: you can view the smsts.log for any errors that might occure during the running of the task sequence inside the VM (Before formatting this is placed on the X: drive)
To troubleshoot the hyper-v server you can view CreateTSMedia.log and DeployToVHD.log which are located under %ProgramFiles(x86)%\Microsoft Configuration Manager\AdminConsole

Remeber that this process creates a local VM instance on that hyper-v server that is spins up and runs the particular task sequence (when it is done it shuts down the VM and removes it from Hyper-V) and you get left with the VHD.

Cloud based distribution points

Well, along time since I’ve managed to blog! Smilefjes But ill give a quick update about the book im writing. Im writing a book about Configuration Manager which is going to cover high-availability and performance tuning, really exiting times! It takes up alot of my time therefore my lack of blogging lately.
Anways, this is something I’ve post poned some while now, which is cloud based distribution points!

Cloud-based distribution points is something that came with Service Pack 1 in System Center. Cloud-based DPs are really much like a regular DP except for the following:

* You cannot use a cloud-based distribution point to host software updates
* You cannot use a cloud-based distribution point for PXE or multi-cast deployments
* You cannot use a cloud-based distribution point during a task sequence that requires a task to Download content locally when needed by running task sequence.
* You cannot use a cloud-based distribution point to offer packages that are setup with run from Distribution Point
* You cannot use a cloud-based distribution point to host virtualized applications
* You cannot set a cloud-based distribtuion point as pull-based or as source distribution point.

Content that is sent from the Configuration Manager to Azure is copied encrypted. In order to setup a Cloud DP you need a couple of things.
First of you need a management certificate which you can use against Azure you can follow my recipe from my previous post.
http://msandbu.wordpress.com/2013/01/09/managing-windows-azure-via-windows-powershell/

You also need to generate a certificate which should be created using the same PKI structure as for the regular Configuration Manager solution. This certificate should be created using the web server template. This certificate should contain a FQDN which your clients should be able to resolve using DNS.
You can read more about the certificate here –> http://technet.microsoft.com/en-us/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clouddp2008_cm2012

After these two prerequsites are in place we can create the distribution point (if you have SP1 the option to create one are under Administration –> Hierachy –> Cloud –>
1

Here we have to enter the subscripbtion ID this we can get from Azure and the management certificate.

2

Next we choose what region and what site this DP should be assosicated with, as well as add a certificate generated by our internal PKI for the DP.
3
Next we configure alerts and thresholds. After this is done we have to change the client policy to allow access to cloud DP

4

And we can se in the monitoring pane that the cloud DP is functional.

5

Under the FQDN enter a name for the server (which resembles the certificate name) this record has to be added the the DNS-zone either internally (if only for internal clients) or on the external zone) the IP-adress of the Distribution Point in Azure is found under cloud services.

image

After this is done, we also have to modify the clients policy settings to allow clients access to the distribution point. If you go into the storage blob and under containers you can see the different packages that have been distributed to the cloud DP.

image

If you want to scale out with more cores to the cloud DP you can go into the cloud service and use the scale function
image

after I have distributed content I can see the package ID under the container in the storage pane.

image

And there we go, will try to write up a follow-up which covers multi cloud DP points.

Pull-based distribution point and rate limiting

One of the awesome features in Configuration Manager SP1 is the ability to define a distribution point as pull based. In essence what it does is that instead of pushing content from a site server to all the distribution points within a site, you define a pull DP and a source DP.

Regular content distribution.
1

Then when you distribute content from a site server to a group of source DPs and the pull-based will get the content from the source DPs, this way you will reduce the load of the site server itself, and you might as well this way more effeciently distribute data. Think of it what if the site server has a low bandwidth connection to DP2 in the branch office but DP1 has a high-bandwidth connection to DP2 ?
This way it allows for more effecient data distribution.

Pull-based distribution

2

You can define a DP as pull-based under the properties of the DP (here we can define which source DPs the DP should use. As you can see you can define multiple source DPs.
image

and please note:
You can’t use a site server DP as pull-based
You can’t use a cloud-based DP as pull-based or as a source
A distribution point set with rate limiting which is then configured as pull-based distribution point will ignore any rate limiting configuration set.

Another nice feature on the DP which im going to cover in another post is cloud-based distribution point and of course rate limiting.

This allows you to define a schedule and bandwidth in % when sending content from a site server to a DP. (Remeber that these settings are only visible for DPs that are not on the site server. When you define rate limiting you have three options.

1: Unlimited
Uses all the available bandwidth (no restrictions)

2: Pulse Mode
Allows you do define that the content is to be split up in chucks in terms of KBs and how often they should be transmitted (with a delay between blocks)

3: Limited to specified maximum transfer rates by hour
Important to note that this options does not register how much bandwidth is available to Configuration Manager. For instance if you set this to 50% for 0 to 1 hours ConfigMgr will send data the first 30 mins then stop sending data the next 30 mins.

ratelimit

Excalibur and Configuration Manager

Now Citrix released a beta build of Excalibur a couple of months ago, which shows the next generation of XenDesktop and XenApp architecture. (Well actually just XenDestkop, since the XenApp architecture is disappearing)
In addition, with this release we have some fancy choices for how to manage the machines within XenDesktop.

Excalibur will add additional WMI classes to all its desktop.
Which are listed here à

http://support.citrix.com/proddocs/topic/xendesktop-ibi/cds-manage-sccm-ibi.html

This allows you to create collections based upon if it’s VDI or Session host based, and even if it is assigned to a user or not.
Now in order to make these attributes available in Configuration Manager we have to add some WMI classes.

Go into Client Settings -> and alter the clients policy -> Go into hardware inventory and choose add classes. And from the list choose Add Hardware inventory class. From there you can browse to a remote computer that is installed as a VDA and in the namespace you can type \root\citrix\desktopinformation

And choose «Citrix_VirtualDesktopInfo»
Then Press OK

This will give you some more attributes on that WMI class

Which you can again use to create collections based on the variables.

Since Excalibur does not have any direct integration with for instance App-V you can now create user-based assignments to delivery groups.
So the user has multiple options of application deliveries.

Either via Software Portal and Configuration or Storefront with Citrix.

Trouble with Application Catalog

Had some trouble with a case today that the application catalog would not start. When we opened the catalog they could not connect to the catalog service and got this error message. According to the error message it could not connect to the application service.

02

If we checked the service with ConfigMgr console we can see that Application Catalog Web Point has status Critical

03

So when we checked the latest events for that components.

04

As we can see here WCF is not activated, so make sure that WCF is installed,

image

So after the component in installed try to reinstall the Application Portal Catalog point and it should work Smile

What’s new in the latest Intune release

The new Intune release that will be an early christmas gift for many has numerous new features including:
image

And now you can connect your on-premise ConfigMgr instance with Intune for more broad device management.

image

Here you have a list of the fully supported mobile devices.

image

Still missing the direct support for Android based phones but I’m guessing that is on the horizon as well Smile
For Windows 8 users, they will get a new Self-service portal in order to get their apps, which is going to be a fully blown “new-gui” app.
 
You can read more about what’s new here –>  http://bit.ly/ZBOdcs

Configuration Manager SP1 instant actions & Orchestrator

With Service Pack 1 there is a lot of new features available for instant actions. ConfigMgr is not happening “real-time” so when you deploy software to a computer it needs to wait for the computer to update its policy before it realizes that a new software is available. With Service Pack 1 you have more options to “speed things up” for instance you can do an remote computer update policy from within ConfigMgr.
Which is pretty similar with what you can with in Windows Server 2012 and Group Policy management where you can do a remote force update policy.

So you can do this on computer level or at collection level.
1

So as you can see we have
“Client Notification –> from here we can choose Update Computer Policy”
Endpoint Protection –> Update definition and full scan on the collection”

You can also do this at computer level, the options available will be reflected upon what component is installed. So if Endpoint protection is not installed you can not force update the definitions or run a full scan.
image

So in this case Endpoint protection is not installed on this computer so we can not update the endpoint. But this new features will allow for administrators to more quickly deploy updates / applications / endpoint definitions to computer.
Just remember that running updates on a large collection might result in a CPU spike on the Management Servers.

Now on the other hand we also have the ability to automate jobs from Orchestrator against Configuration Manager.
Now why would we do this ?
Just pretend we have a runbook that creates multiple virtual machines for a customer, we would want to have a custom computer collection created for that customer were we place all these new computers, where we would deploy baselines based upon what applications that customer wants as well. Might also be that a superuser wishes to deploy a new application that he purchased for his users that he wishes to deploy. Ill give some better examples as we go trough here.
Now to let’s take a look at the activities we have available in Orchestrator.

image

We have
* Deploy program
* Add Collection Rule
* Create Collection
* Perform Client Action
* Get Deployment Status
* Get Collection
* Deploy Task Sequence
* Query ConfigMgr
* Deploy Software Update
* Delete Collection
* Delete Collection rule
* Update Collection Membership
* Deploy Software
* Deploy Application
* Deploy Configuration Baseline

These actions can be used to deploy a runbook for a customer. For instance a superuser can issue a application deployment for its users after the software has been ordered.
Or a new customer can get a new computer collection created for its computers (or for instance a new VMM deployment can get a computer collection created in ConfigMgr and get baselines attached to it)
There are endless options here for deployment. You can also use this to do an instant “update” on the client using the Perform Client Action activity.

End of life System Center 2007 products

With the major release of System Center 2012 and soon to be Service Pack 1.
Microsoft has updated the End-of-life of its former System Center 2007 products.

Configuration Manager 2007 SP2
image

Operations Manager 2007

image

Data Protection Manager 2007

image

Service Manager 2010
image

System Center Virtual Machine Manager

image

And with the release of Windows Server 2012, System Center 2012 with SP1 is the only viable option.

Configuration Manager 2012 Client Communication & Hardware Planning

Now Configuration Manager is a complex beast, when designing a ConfigMgr site you have to plan carefully your network because there is going to be a lot of traffic going back and forth from your servers to your clients, and from your servers to your other servers. So you have to take some considerations on how many clients and how many distribution points you are going to have for your site, also depending on what kind of features you are going to use.

Now before we start with the networking part, let’s review the supported configuration and hardware requirements.

CAS:
25 child primary sites.
400.000 clients

Primary Site:
250 secondary sites.
100,000 clients
10,000 devices running windows embedded
10 Management Points
250 Distribution Point
1 Fallback Status Point
Multiple Application Catalog Website Point

Secondary Site:
5,000 clients
1 Management Point

Management Point:
25,000 clients

Fallback Status Point:
100,000 clients

Distribution Point:
4,000 clients

Software Update Point:
25,000 clients

Application Catalog Website Point:
400,000 clients

Application Catalog Web Service Point:
400,000 clients

And as you can see this can lead up to a VERY complex setup if you have a large setup. Microsoft has also deployed Configuration Manager on their own computers

And Microsoft also have made a good Hardware Requirement for list.

clip_image001
You can read more about it here –> http://bit.ly/S3fRJB

Clients searches for a management point by using the following options in the order specified:

  1. Management point (If specified by agent installation)
  2. Active Directory Domain Services
  3. DNS

Now when an agent connects to a MP it makes a list of all the Management Point which is within the Boundary and if the client has PKI certificate installed it makes a priority list over all
MP’s that has HTTPS enabled.
Now let’s start with the client communication to the servers. There are 3 ports that are the common used
Port 443 HTTPS = Used to communicate with a management point over HTTPS
Port 445 SMB = Used to communicate
Port 80 = Used to contact the Fallback status point
New with SP1! Port 10123 = Client Notification, to start or initiate an malware or policy update/scan
Port 9 UDP = Wake on Lan
You can see more about the port requirements for ConfigMgr here –> http://technet.microsoft.com/en-us/library/hh427328.aspx
Now clients connect to a distribution point either via HTTP or HTTPS using BITS. Now in order to limit the usage of network you have to specify a client setting for BITS.
Here we can define the bandwidth usage and throttling time.

image

You can also specify BITS settings in Group Policy. You need to remember that you have to plan on what features that you are going to use.
If you are using Software Metering, Software Inventory, Baselines & Compliance, Hardware Inventory etc. So there is a lot of feature that can generate a lot of traffic.

Følg

Få nye innlegg levert til din innboks.

Bli med 41 andre følgere