You are browsing the archive for SCCM2007.

SCE 2010: Part 2: Comparison & Thoughts

5:56 pm in Uncategorized by mikeresseler

Hey All,

In my previous post (link) I described in short what System Center Essentials 2010 is.  In this post, we are going to dive a little deeper and compare SCE 2010 with Operations Manager, Configuration Manager and Virtual Machine Manager.

While Operations Manager, Configuration Manager and Virtual Machine Manager are three different products, with three different consoles, SCE combines them all in one product, one console.  But, SCE is built for midsize businesses, meaning that it doesn’t contain all the functionality of it’s three ‘big brothers’.  Here’s the comparison

SCE 2010 versus Operations Manager

image

The table above shows the differences.

  • Monitoring of Windows Servers, Clients, Hardware, Software and Services (both)
    • The big difference is the way Essentials monitor network devices.
  • Management packs with expert knowledge (both)
    • As stated previously, Essentials will use the same management packs as Operations Manager so no differences there
  • Agentless Exception Monitoring (AEM) (both)
  • Add monitoring wizard (both)
  • Reporting (both)
    • 1st difference, Essentials doesn’t have a data warehouse.  In Operations Manager, you can retrieve data for one year and it works with an operational database and a data warehouse database.  Essentials only has one database and contains 40 days of data max.
    • Although there are many reports built in in the product, you can’t do authoring.  Operations Manager gives you flexibility if you want to create your own reports but essentials doesn’t have that possibility
  • Branch Office Monitoring (both)
    • As already said, Essentials is a one box solution, so if you are monitoring servers or clients in a branch office, then everything needs to go over the wire, while Operations Manager gives you the flexibility to place gateways, multiple MS servers.
  • Role Based Security (only OpsMgr)
    • If you want to work with Essentials, you need to be a local admin on the SCE server or a domain admin.  End-of-story.  Operations Manager gives you the flexibility of working with different roles, where you can give limited access to certain users.  SCE doesn’t
  • Connector framework (only OpsMgr)
    • Operations Manager has a connector framework allowing you to connect the system to other tools (helpdesk systems, other Management Groups…)  SCE doesn’t.
  • Audit Collection Services (only OpsMgr)
    • Operations Manager has something called Audit Collection Services (ACS).  With ACS, you have the possibility to do audit tracking on security, and save this to a special database for compliance reasons.  SCE doesn’t have this
  • Web Console (only OpsMgr)
    • Operations Manager gives you a webconsole where you can log on and do almost everything that you can do with the installed console.  SCE doesn’t have this.  If you want to work with SCE, you need to have access to a console.
  • Cross Platform support (only OpsMgr)
    • Operations Manager can monitor non-windows environments such as Red Hat Enterprise Linux for example.  SCE can’t

SCE 2010 versus Configuration Manager

image

  • Patch Management (Microsoft and Third Party) (both)
    • Although the table doesn’t say so, but there is a difference between SCE and SCCM.  SCCM has much more flexibility then SCE.  But everything that you can deploy as a patch with SCCM can be deployed with SCE.
  • Software Distribution (both)
    • SCCM is much more flexible and allows you to do advanced packaging.  SCE is about deploying MSI and EXE with some parameters but in the end, it is only capable of doing basic software distribution.
  • Hardware and Software Inventory (both)
    • SCE collects quite a lot but can’t be extended.  If you need additional inventory then you can use SCCM that can be extended through the use of MOF files
  • Branch office updates and software distribution (both)
    • Again, don’t forget that essentials is one box, so software distribution and patches are flying over the wire.  Ok, it is using BITS, but still, keep that in mind when choosing a solution.  SCCM can work with distribution points remotely
  • Operating System Deployment (only ConfigMgr)
  • Desired Configuration Management (only ConfigMgr)
  • Wake on LAN (only ConfigMgr)
  • NAP integration (only ConfigMgr)

SCE 2010 versus Virtual Machine Manager and Hyper-V console

image

In this table, there is the comparison with Virtual Machine Manager but also with the Hyper-V console

  • Templates (Essentials and VMM)
  • VM Cloning (Essentials and VMM)
  • Candidate Identification (Essentials and VMM)
  • Physical to Virtual Conversion (Essentials and VMM)
  • Virtual to Virtual Conversion (Essentials and VMM)
  • Migration across physical machines (Essentials and VMM)
  • Virtualization Reports (Essentials and VMM)
  • Monitoring VMs (Essentials and VMM)
  • PRO tips (Essentials and VMM)
  • Library (Essentials and VMM)
  • Provisioning (All three)
  • VM Configuration and properties (All three)
  • VM State (All three)
  • Checkpoints (Snapshots) (All three)
  • 64 bit guest OS (All three)
  • Hardware Assisted Virtualization (All three)
  • Live Thumbnail (All three)
  • Synthetic Network Support (All three)
  • Import VM (multiple VHD + snapshot (Hyper-V console and VMM)
  • Configure advanced network settings (Hyper-V console and VMM)
  • Inspect Disk (Hyper-V console and VMM)
  • Export VM (Hyper-V console)
  • VMWare Management (VMM)
  • Self-service console (VMM)

 

Thoughts

So above is the comparison of SCE with the three tools (OpsMgr, ConfigMgr and Virtual Machine Manager).  I don’t want to compare it with the Hyper-V console since this is a management console which is free. 

If you have a mid-sized company (meaning around 50 servers or less and 500 desktops or less) you now need to make a decision.  Will I go for the SCE solution, that has less features or do I have to go for the full-blown solution with all the three products.  The answer to that is (as always) not simple.  For each feature that is noted above, you are going to check if you really, really need it.  If you really need it, and it is not included in SCE… well then go for the full suite.  If you don’t need it, consider SCE for a moment.  But what if the company is growing?  And what if it outnumbers the 50 servers and 500 desktops.  For the new version I don’t know if it will be possible, but with SCE 2007 you could buy an upgrade path to the full solutions, and it costs you nothing extra, meaning that you already paid for SCE and pay additional the price for OpsMgr and ConfigMgr minus the price for SCE.  So no loss there.  Again, I don’t have information yet about pricing for SCE so I don’t know if they will keep that option.

Now let’s look at a few different features that are not the same in essentials.  I will just ask some questions that can help you in deciding.  The answer is not to be given by me, but should be taken by the company.

Differences between OpsMgr and SCE 2010

– Network monitoring.  Both products don’t have a “great” way to monitor network devices.  If you need this, then the solution won’t be to upgrade to Operations Manager but to look at 3rd party add-ons for OpsMgr and SCE.

– Reporting: As said, OpsMgr allows you to author and has a data warehouse.  So the questions you need to ask yourself are: Do I really need to author reports or am I happy with the reports (over 60) out of the box?  And for how long do I want to keep my data?  1 year, or the maximum of 40 days in SCE.  Both questions are crucial for deciding.  Do you really want (or obliged to) to keep your performance data for a server for 1 year?  Do I really want to retrieve an alert from a year ago?

– Branch office monitoring: This can be a tricky one.  How is the connection to your main office?  Still using dial-up? SCE might be not a good option.  Having a very slow WAN link which is already overused for other things?  Maybe SCE not a good option.  On the other hand, can I deploy additional OpsMgr roles to that branch office?  Do I have a (virtual) server overthere that can do the trick?

– Role based security: Important one!  Who needs access to the console?  Does it need to be limited for some users?  Then SCE is not an option.  Do you have just a few admins that all have the same rights?  Then nobody cares…

– Connector framework: Are you going to connect your monitoring solution to an external solution?  Then SCE is not an option anymore.  If you want the alerts (for example) to appear immediately in a helpdesk system then you need to consider Operations Manager (and check that your solution has the possibility to connect).  If this is not important, well, another feature gone :-)

–  ACS: Do you need to audit your security?  And if you’re not having a solution in place then ACS can help you.  But then you need OpsMgr.  Otherwise, the options remain open.

– Web console: Do you need to be able to view alerts, performance and other items through a webconsole, then you have OpsMgr that does the trick.  On the other hand, this mostly means that you also need Role Based Security.  If your admins have a console locally installed (We call these consoles the Outlook for Admins) or pushed through RDS or Citrix then they can also access it anywhere.  Make sure that you check with your admins whether they really need it or if it is just something “nice” to have.

– Cross Platform Management:  Do you need to monitor non-windows environments?  Are they supported by the cross-platform agents from OpsMgr?  Are there third-party add-ons that can deliver the same functionality?  Make sure you know these answers before deciding

Differences between ConfigMgr and SCE 2010

– Patch management: How much do you want to automate in the patch management?  If you want to automate the entire patch management process, including installing and rebooting of your servers then SCCM is the way to go.  But if you don’t want to do that, and if you are perfectly happy with doing the user patch management almost fully automated (meaning just approve certain updates where you don’t have an Auto-rule for) and the server patch management more manually, then the both products can do the same.  (But keep in mind that the way to handle the patch management is quite different in SCCM)

– Hardware and Software inventory:  Simple question, what do you want to know from your hardware and software.  If you don’t need to know some really really specific items where you need to adjust MOF files or write your own WMI queries, then SCE will do the job.  You need to know more, go for SCCM.  It all depends how important that data is.

– Branch office updates and software distribution: Check above, think about the connection bandwidth again.  Don’t forget that it uses bits and will download its updates during the day when traffic is low but still, this can be crucial for the decision

– Operating System Deployment: Do you need Operating System Deployment?  Yes? SCE doesn’t have this.  But wait, before you shout SCCM!  Do you need zero-touch deployment, meaning don’t touch anything, boot the computer through wake-on-lan or intel vPro or is a light-touch deployment (meaning press F12 in the lightest case) enough?  If the LTI choice is enough, then bing MDT 2010 asap.  (And put it on the same server as SCE ;-))

– Desired Configuration Management: Do you want DCM?  With this you can create baselines (for example: Windows Server 2008 R2, IIS, Powershell enabled, HIT driver version x, Latest patches, AV version x etc…) and do you want a tool that checks if all is OK (you can do the same for your workstations) then go for SCCM.  If you are not interested then this is another feature that you don’t need.  (By the way, this is a very nice feature, but takes time to deploy, but still very nice feature ;-))

– Wake on Lan: SCCM has it.  SCE doesn’t.  SCCM can use wake-on-lan for its purposes.  If you want this, then go for SCCM, but, first ask you network team if they allow it (you can’t believe how many network people start shooting the moment I drop the words Wake on Lan… Welcome to the real world gentleman.  Wake-on-lan is great to have, and not every workstation has Intel vPro. :-))

– NAP integration: SCCM has NAP integration.  With the right policies this is a great feature.  Imagine that a workstation is denied through NAP and quarantined to a separate Vlan.  At that moment, SCCM can be used to automatically push all the requirements.  User disabled Anti-Virus?  Don’t think so.  User doesn’t have the latest patches… You guessed it.  If you need this, then SCCM is the tool.  If not (because you use NAP but update a quarantined workstation another way) then we loose another feature to choose from :-)

Differences between Virtual Machine Manager and SCE 2010

Before I start, one important statement.  I said I’m not going to compare the hyper-v console with SCE 2010, but you do need to keep in mind that some features that can’t be done by SCE but only with Hyper-V require more work.  It’s much easier to do this from VMM then by doing it through the Hyper-V console.  Why?  Well, you need to know on which host the virtual server is residing.  But if you have a limited set of hyper-v hosts, then this is still perfectly possible.  If you have a lot of hyper-v hosts, then start considering Virtual Machine Manager,  but then again, you probably are over the 50 server limit…

– VMWare management:  You need to manage also virtual servers running on ESX?  Use virtual machine manager.  It connects through your Virtual Center and you can do everything which virtual center can.

– Self-service provisioning:  This is a fantastic feature if you have people that need to be able to create their own servers or if you want certain people to be able to restart their own servers and follow the boot process.  This is quite often used in development environments where the developers have their own environments (and infrastructure guys don’t want to restart every five seconds a server that is blocked by a bad code or wrong formed SQL query)  But again, do you need this in your environment? 

Conclusion

Before taking a decision about what tool to use, make sure that you look at all the questions.  SCE is a very powerful tool that has the advantage of one console, but lacks features compared to its big brothers.  It is also a one server solution so flexibility is limited.  You can’t separate roles on different servers.  If you have doubt if one server is capable of managing 50 servers and 500 desktops, I can guarantee you it doesn’t.  Size it well enough and it won’t be a problem.  But think about the features, because that should conclude whether you need SCE or the others…

Just my 2 cents,

Cheers

Mike

SCCM: Dell released the Dell Deployment Pack for ConfigMgr (Server Deployment)

6:48 am in Uncategorized by mikeresseler

Hey All,

Just read in interesting mail.  Dell has released a new tool called the Dell Deployment Pack

From the site:

What is the Dell Deployment Pack? The Dell Deployment Pack (DDP) is an easy-to-use graphical user interface (GUI)-based tool that integrates directly into the Microsoft® System Center Configuration Manager (SCCM) 2007 (ConfigMgr) console. It eliminates the need for command-line tools and scripts normally used in the Dell™ OpenMange™ Deployment Toolkit (DTK) software. To configure and deploy your Dell systems, you need to select configuration options and commands on the GUI using drop-down lists and check boxes (see "Using The Dell Deployment Pack"). These selections make your system deployment an easy, automated task.

 

Using the ConfigMgr Task Sequence Editor, you can do the following with the Dell Deployment Pack:

  • Configure your system’s Baseboard Management Controller (BMC), Dell Remote Access Controller (DRAC), Redundant Array of Independent Disks (RAID), and BIOS. You can configure BIOS and RAID using .ini files. You can configure your system settings using the GUI or command-line interface (CLI) options. You can also configure RAID using the Array Builder wizard.
  • Create a Dell-specific boot image that will be used in the OS deployment.
  • Create and apply driver installation packages for specific Dell systems.
System Requirements:

 

The Dell Deployment Pack 1.0 supports the following Dell PowerEdge™ systems:
PowerEdge 800, 830, 840, 850, 860, 1850, 1855, 2800, 2850, 6800, 6850, 1900, 1950, 1955, 2900, 2970, 6950, SC1435, 2950, T105, R200, R900, R805, M600, M605, T605, R300, T300, R805, PV0100, PV0500, PV0600, NX1950, M805, M905, and R905.

 

Supported Operating Systems

  • Microsoft Windows Server® 2003, Small Business Server (SP2, R2)
  • Microsoft Windows Server 2003 x86, x86_64 Edition SP2 and SP2 R2
  • Microsoft Windows Server 2008 Standard and Enterprise Editions (x86) and (x86_64)
  • Microsoft Windows® Small Business Server 2008 x64 (64 bit Edition)
  • Microsoft Windows Essential Business Server 2008 x64 (64 bit Edition)

     

    On the same site, they give a lot more information. Sounds good, will have to talk to my boss to get some free time to play with this… 😉

     

    Cheers,

    Mike

  • SCCM: Troubleshooting Guide for Deploying Intel vPro Technology with MS SCCM 2007

    11:00 am in Uncategorized by mikeresseler

    Hey All,

    Received from Steve Davies from Intel

    For those who need help troubleshooting Intel(R) vPro with Microsoft(R) SCCM, the first revision of the Deploying Intel vPro Technology and Microsoft System Center Configuration Manager Troubleshooting Guide is now publically available on the Intel vPro Expert Center at http://communities.intel.com/thread/2988

    It assumes familiarity with normal Microsoft configuration tools such as Microsoft Management Console (MMC), and gathers together tips that have been successfully used in deployments in multiple geographies over a 7-month period

    The guide can be used as a detailed aide-memoire when planning for a deployment and/or can be used to systematically validate and debug deployment projects

    There will be further public revisions over time and an up-to-the-minute internal version will also be maintained

    Constructive feedback or new tips are always welcome

    For all of you who are working with the vPro Technology and SCCM 2007, this is a must-have guide in your administrators library.

    Cheers,

    Mike

    SCCM 2007: Task Sequence Variables cont’d

    1:41 pm in Uncategorized by mikeresseler

    As said in my earlier post, I was going to give some more information about Task Sequence Variables.

    First, the theory:

    A Variable is text based, both the name and the value
    The name value limit is 256, the value limit is 4000 (Anybody ever had an issue with this ‘limitation’????)
    They are set through the console on collections or computers (see later on screenshots)
    They are used to initialize task sequence variables at the start of an task sequence run (For setting configurations, for checking on conditions…)
    They are encrypted when sent to the client (Important to know for the security freaks among us)
    They are stored in the configuration manager database.

    Now, the examples:

    Alright, as said, you can place these variables on collections or computers.  Let’s start with collections:
    Right click on the wanted collection and choose Modify Collection Settings

     image

    Now, go to the Collection Variables tab and press the New button

    image

    Here you can fill in a variable name (e.g. Domain)
    The Do not diplay this value in the ConfigMgr Console is off, but when you mark this, it allows you to store information that is not visible in the configuration manager console (such as a password for example)
    And in the Value I’ve added a value.

    Nice, now I have created a variable, but what can I do with it?

    Now I can use this variable in my task sequence to get the correct information>

    Example:

    image

    Now the computer will be joined into the domain TestDomain.

    This is one way of using a variable, which allows you to create 1 task sequence and deploy it to computers that will reside in different domains, and I’m sure that you can come up with more examples, but you can use variables also in other items inside your task sequence such as Testing in conditions on Task Sequence groups and steps.

    Cheers,

    Mike

    PS: More to come on variables

    SCCM 2007: Task Sequence Variables

    11:40 am in Uncategorized by mikeresseler

    Lately, I’ve been receiving a lot of requests about “advanced” Task Sequencing in System Center Configuration Manager 2007.  Although the standard tasks you can enter are already powerful, and many companies start with this for their OS deployments, it seems that they all want a little bit more after a while.  (If you have tasted the meal….)

    One of the ways to get more control is by using task sequence variables.  By default, there are already quite a few variables you can use that are predefined in the system.  The first question that comes up when I mention those is:  Where can I get a list of these variables.

    Well, Microsoft has provided us with a list:  http://technet.microsoft.com/en-us/library/bb632442.aspx

    Make sure you check this out when you start using these variables.  More about variables, and using your own defined variables will come later on.

    Cheers,

    Mike