Configuration Manager 2012 Real World Deployment Experience

I am starting new blog series on my Configuration Manager 2012 for sharing early deployment observations and learning of Configuration Manager 2012 at Microsoft, which is the largest Configuration Manager 2012 deployment to date. My goal is to help you get ready for Configuration Manager 2012 deployment. I am very interested in your feedback and what specific areas around our deployment experience at that you would be interested in hearing about.

In this blog, I am going to share how we designed our Configuration Manager 2012 hierarchy.

Let’s first go through key facts for our hierarchy design at Microsoft.

CM12_Figure1

      

The key desktop management services where we use Configuration Manager are listed below:

· Hardware and Software Asset Reporting

· Software Metering

· Software Deployment

· Software Update Management aka Patch Management

· Operating System Deployment

· Application Virtualization Deployment (App-V)

· Malware Protection (Forefront)

· Power Management

· Mobile Device Management

At Microsoft, our administration model for all systems is centralized administration, so all deployment and reporting is done from a central site. Before I share with you our new hierarchy design for Configuration Manager 2012, it is important for us to review our Configuration Manager 2007 hierarchy, as it will help in understanding some of key benefits you will able to achieve through new features of Configuration Manager 2012.

CM12_Figure2

Figure 2: Configuration Manager 2007 hierarchy at Microsoft (Before state)

 

As you see in figure 2, we had 5 Configuration Manager 2007 primary sites aligned with regional locations. The first thing we decided was to deploy new Configuration Manager 2012 hierarchy in parallel to the above hierarchy because, as most of you might be already aware, Configuration Manager 2012 is not supported for in-place upgrade from Configuration Manager 2007. To start, we deployed Central Administration Site (CAS) and 3 child primary sites in phase 1. We decided to move all our machines reporting to Corporate headquarters (Redmond) and North and South America to Configuration Manager 2012 in a phase 1, which accounts for almost 50% of total machines managed in Configuration Manager 2007. During all client moves, we always ensured minimum service interruptions to end users along with meeting our standard service level agreements (SLA) for our services such as monthly patching SLA, and client health SLA.

Below is our Configuration Manager 2012 hierarchy as of today. We are making progress to add 2 more child primary site and moving clients from others regions such as Asia and Europe.

CM12_Figure3 

Figure 3: Configuration Manager 2012 hierarchy at Microsoft (Current state)

In figure 3, you will notice we have a total of 4 site systems hosted on physical servers, which include the CAS and all primary SQL servers, whereas the rest of the site systems are hosted on virtual servers.

The second thing you will notice is that we don’t have remote SQL server for CAS site, which differs from our use of remote SQL server for central site in Configuration Manager 2007. In Configuration Manager 2012, all client data is processed at the primary site level and is replicated to the CAS site through global and site data replication. The central administration site is only used for administration and reporting purposes. We did a comparison of the average processor utilization between Configuration Manager 2007 central site and Configuration Manager 2012 central administration site and found that CAS is ~20-30% less utilized than Configuration Manager 2007 SQL server.

The third major change you will see in figure 3 is that for the North and South America primary site, we had only 3 secondary sites. Compare this to the 35 secondary sites we used in Configuration Manager 2007 (refer figure 2). This is only possible because the distribution point sites system role in Configuration Manage 2012 can have scheduling and throttling settings for content distribution, which was only available for secondary site roles in Configuration Manager 2007.

The fourth benefit we had was for management point roles, as we used a new feature MPlist to allow us to have multiple management points without need of Network Load Balancing (NLB).

The fifth benefit we’re seeing from an infrastructure perspective is that we don’t need a dedicated primary site for site-level client settings.  By this, I mean in Configuration Manager 2007, we had a limited service site to offer only patching services to one of our internal customers – labs. It was business critical requirement that there be no Configuration Manager admin accidentally deploys software to that group. To meet this requirement in Configuration Manager 2007, we used a have a separate primary with the setting software distribution to client disabled.  In Configuration Manager 2012, we can combine the right Role Based Administration and Client Agent Settings to be confident we can meet this business requirement. As a result, we will be able to collapse the limited service primary site.  We will write more about RBA later on.

There are so many things to share about Configuration Manager 2012. One of my colleagues blogged already on mobile device management in MSIT here: https://blogs.technet.com/b/system_center_in_action/archive/2011/09/02/configuration-manager-2012-exchange-connector-implementation-in-microsoft-it.aspx. We will continue to share our story, and the next blog post will focus on our experience migrating clients from Configuration Manager 2007. Please share your comments and questions! .

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included samples is subject to the terms specified in the Terms of Use

Comments

  • Anonymous
    November 01, 2011
    Good diagrams... :-)

  • Anonymous
    November 01, 2011
    It would have been real useful if you follow some logical flow which is missing now. Anyways good efforts to attempt to share MS BP

  • Anonymous
    November 07, 2011
    Its really helpful .

  • Anonymous
    November 29, 2011
    Shitanshu Nice overview

  • Anonymous
    March 01, 2012
    Thank you Shitanshu... It will help us if you put your hardware configuration as well for reference. I am aware, its going to depend on clients features, frequency, reporting etc, etc but still it helps.

  • Anonymous
    April 16, 2012
    Saravanan R, Please check out new blog which has all hardware details - blogs.msdn.com/.../configuration-manager-2012-hardware-configuration-used-in-microsoft-it.aspx

  • Anonymous
    May 10, 2012
    Are there requirements for minimal network throughput between CAS, Primary and SS?

  • Anonymous
    May 13, 2012
    Thank you Shitanshu. Could you please also give a little more detail about the domains for all servers CAS, PS, SS. is it possible to keep same domain for CAS and one PS while other PSs and SSs will be in separate domain. can I still administer the whole hierarchy from the CAS. if you could please refer you domain in this blog, i hope it will clear me. Thanks

  • Anonymous
    May 13, 2012
    refer your* domain e.g microsoft or any dummy name.

  • Anonymous
    May 29, 2012
    The comment has been removed

  • Anonymous
    May 29, 2012
    Please read How are you covering these clients? Is it with some other DPs?

  • Anonymous
    July 15, 2012
    my accout is blocked what should I do drashidsr@hotmail.com

  • Anonymous
    December 31, 2012
    When it comes to stuff like this and getting more info on the products available, reporting software is a really useful resource. For more info go to www.reportingsoftware.info

  • Anonymous
    January 25, 2013
    Great infographic! I look forward to your blog series! www.reportingsoftware.info/.../reporting-software-whats-the-inside-scoop

  • Anonymous
    March 26, 2013
    great job man! thanks for article, I was looking for this!

  • Anonymous
    April 18, 2013
    Nice and informative.....thanks for sharing....

  • Anonymous
    June 27, 2013
    Thank you for this information.  As we are in the testing phase of rolling out Config Mgr 2012 SP1, I've been given a less technical role with a focus on roles, process and implementation strategies.  Is there information that speaks to these areas in more detail than the case studies Microsoft has provided?

  • Anonymous
    September 11, 2013
    New Job Opening - CAS Deployment Lead/Manager ijobs39 at gmail dot com