SCCM - System Center Configuration Manager

Softgrid 4.1 migration towards ConfigMgr with App-V 4.6 Integration : The story of automation , Part 2.

Yesterday , I have started explaining my little migration project to migrate away from a standalone Softgrid 4.1 infrastrucure towards a fully integrated SCCM2007 SP R2 App-V 4.6 infrastructure . You can read my previous post right here : http://scug.be/blogs/sccm/archive/2010/10/18/softgrid-4-1-migration-towards-configmgr-with-app-v-4-6-integration-the-story-of-automation-part-1.aspx

Below I will discuss the migration scenario once more in a few bullet points to migrate away from the Softgrid 4.1 standalone environment :

1. Deploy the new app-V 4.6 clients on all workstations and check for inconsistencies (luckily all packages where sequenced with 4.2)  DONE in Part 1
2. Pull all existing Softgrid 4.2 sequenced packages thru the new App-V 4.6 Sequencer to avoid any complications. DONE in Part 1
3. Import all packages into ConfigMgr 2007 SP2 R2 DONE in Part 1
4. Create all necessary collections and create a dynamic membership query with a AD group name.
5. Create all the necessary advertisements.
6. Switch over from Softgrid standalone to Configmgr 2007 R2 SP2. (Think about network impact !)

So that will leave us to creating all the necessary collections ( remember 400 Pieces ) and their lovely 400 AD Group Memberships as this was how the Softgrid environment worked (User Group Based) before.

You could accomplish this in basically 2 ways , with a Direct or Dynamic collection membership. Both will have different pro’s  & cons and I will try to explain the difference below :

1. Creating a Dynamic collection membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a best case ( not best practice ! ) scenario where  it can take at least a maximum possible latency (In the case below) of = 3hrs 15 minutes

• AD Replication to happen – 15 minutes.
• AD Security Group Discovery – 60 minutes (this is a very short setting – default is a day). ( R3 could save you another 55 minutes here with Delta Discovery enabled )

         

• As this is a dynamic membership collection , it is bound to a Collection evaluation cycle - 60 minutes (this is a very short setting – default is a day).
• Configuration Manager Client Policy Refresh – 60 minutes (Default).

2. Creating a Direct collection Membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a worst case scenario where  it can take at least a maximum possible latency (in the case below) of = 60 minutes

• Configuration Manager Client Policy Refresh – 60 minutes (Default).
• User may needs to log off and log-on again.

Option nr 1 is not an approach that I’m  in favor off  as it introduces a much higher latency then option nr 2. I can live with the fact that users may need to do a logon/Logoff to receive there applications. As we have decided to go for option nr2 , it is now time to create a script and to do the following :

1. Create a collection based on the “Virtual app” name that is been extracted out of the manifest.xml found in the folder of the \\<Servername>\VirtualPackageSource\<Package Name> under a allready existing SUB - Collection
2. When creating the collection , create a direct collection membership with the Application AD Security group Name . (based on the resourceID)

To accomplish step 2 , you will need as prerequisite to turn on AD Security group discovery in your site settings. When done, you could pull out of SQL a *.csv file with all your Security group names and resource id’s as shown below . Please save the file as you will need it in a later phase .

Figure 1: This is how SCCM stores their security group information in the SQL db ( ResourceID/SecurityGroup)

Now we start working on the script , as we need the ResourceID to make it work

Below I will post the VBS code to only create 1 collection and link 1 Security Group :

   1: ' Set up a connection to the local provider.

   2: Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")

   3: Set swbemconnection= swbemLocator.ConnectServer(".", "root\sms")

   4: Set providerLoc = swbemconnection.InstancesOf("SMS_ProviderLocation")

   5:  

   6: For Each Location In providerLoc

   7:     If location.ProviderForLocalSite = True Then

   8:         Set swbemconnection = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)

   9:         Exit For

  10:     End If

  11: Next

  12:  

  13: Call CreateStaticCollection(swbemconnection, "ICT00056", "Test Collection", "Your comments here", true, "SMS_R_UserGroup", "9006")

  14:  

  15:  

  16: Sub CreateStaticCollection(connection, existingParentCollectionID, newCollectionName, newCollectionComment, ownedByThisSite, resourceClassName, resourceID)

  17:  

  18:     ' Create the collection.

  19:     Set newCollection = connection.Get("SMS_Collection").SpawnInstance_

  20:     newCollection.Comment = newCollectionComment

  21:     newCollection.Name = newCollectionName

  22:     newCollection.OwnedByThisSite = ownedByThisSite

  23:     

  24:     ' Save the new collection and save the collection path for later.

  25:     Set collectionPath = newCollection.Put_    

  26:     

  27:    ' Define to what collection the new collection is subordinate.

  28:    ' IMPORTANT: If you do not specify the relationship, the new collection will not be visible in the console. 

  29:     Set newSubCollectToSubCollect = connection.Get("SMS_CollectToSubCollect").SpawnInstance_

  30:     newSubCollectToSubCollect.parentCollectionID = existingParentCollectionID

  31:     newSubCollectToSubCollect.subCollectionID = CStr(collectionPath.Keys("CollectionID"))

  32:     

  33:     ' Save the subcollection information.

  34:     newSubCollectToSubCollect.Put_

  35:         

  36:     ' Create the direct rule.

  37:     Set newDirectRule = connection.Get("SMS_CollectionRuleDirect").SpawnInstance_

  38:     newDirectRule.ResourceClassName = resourceClassName

  39:     newDirectRule.ResourceID = resourceID

  40:     

  41:     ' Add the new query rule to a variable.

  42:     Set newCollectionRule = newDirectRule

  43:     

  44:     ' Get the collection.

  45:     Set newCollection = connection.Get(collectionPath.RelPath)

  46:     

  47:     ' Add the rules to the collection.

  48:     newCollection.AddMembershipRule newCollectionRule

  49:  

  50:     ' Call RequestRefresh to initiate the collection evaluator. 

  51:     newCollection.RequestRefresh False

  52:     

  53: End Sub

  54:  

  55:  

Now I need to figure out how to link the ResourceID’s & groups with my softgrid AppID’s & Security Groups ( as shown below )  . However this will not be an easy task as I need to convert a LDAP GUID to a readable security groupname , make the correlation between the previous exported ResourceID/Security group name  and the converted GUID SecurityGroupName/AppID .

Figure 2: This is how Softgrid stores their security group information in the SQL db ( AppID/SecurityGroup (GUID))

Stay tuned for Part 3 very soon ….

Hope it Helps ,

Kenny Buntinx