SCCM 2012: The new Infrastructure Specifics

October 3, 2011 at 8:26 am in Uncategorized by nsienaert

 

Hi There!

In this post I’ll talk about the infrastructure enhancements in SCCM 2012.

The product team re-engineered the infrastructure components to simplify and flatten the hierarchy.

1. Today with SCCM 2007, child primary sites were often created mostly for security reasons and to differ site settings.

This “tiered” setup of parent and child primary sites is not supported anymore.

So how do we handle security and site settings today?

Security: You don’t need extra primaries anymore to decentralized management. With a new concept which is called RBAC (Role Based Administration Control) we can now assign roles and scopes to SCCM Console users. I’ll talk about RBAC in detail in my next post.

Clients Settings: These settings are not longer site settings only. You can still configure them on site level but now you can configure these client settings also on collections.

2. Secondary sites do still exist. With SCCM 2012 you will probably decide to use Secondary sites if you still want to manage you upward-flowing WAN traffic via a Proxy Management Point. So not much changed here.

New is that each secondary has also a SQL DB installed (can be SQL Express). Global Data will be replicated to this SQL DB. I talk about Global Data later on in this post.

With Secondary site you can also do Content Routing, which means that you can redirect traffic between secondary sites. This can be interesting in a scenarios where the WAN connection between 2 secondary sites is better than a connection between a primary and a secondary site.

3. Distribution Points improved a lot regarding infrastructure capabilities. Another reason to install a secondary site with SCCM 2007 was to control the network traffic as we could throttle and schedule. Now we can do the same on a Distribution Point role similar like we do on the Site Addresses.

image

Probably you will also want a local DP when using multicast and App-V streaming.

4. Branch DPs do not exist anymore. For small branches you can look into BranchCache. Prerequisites to use this:

  •  
    • Clients need to be compatible with BranchCache
      • Windows 7
      • Windows Vista with KB 960568 installed
    • Your DP needs to be Windows 2008 Server R2 to activate the BranchCache role

New capabilities to simplify Infrastructure administration

1. Content Prestaging

Tools that we knew before with SCCM 2007 like Courier Sender, PkgPreLoadOnSite and Manual Prestaging (Branch DP) regarding prestating content is now collected in one tool, extractcontent.exe.

This tool will be used under the hood to create the prestaged content file. (.pkgx)

image

The way how it works is still similar. You send out the media to read the packages in to the remote DP and registration on the primary site server will happen via extractcontent.exe which you can find on the installation media.

image

Additionally there is also conflict detection, so if there are changes between the prestaging and when the media arrives, SCCM knows which delta’s to update.

 

2. Regarding boundaries, Forest Discovery can be done with SCCM 2012. Further domain, sites and IP subnets are still possible as we know them of SCCM 2007.

Untrusted forests can be discovered as well by providing the necessary credentials of course.

Another cool thing is that you can choose to auto-create boundaries.

image

As I mentioned already in previous blogs, boundary groups are another new concept. You can consider them as logical containers to put boundaries in. So far, so good…

The most important thing to know is that these boundary groups will be used for sites assignments and content lookup, so no longer the boundary itself. So don’t forget to specify your boundary groups on your DPs (see previous post)

3. SCCM 2012 has a new replication model to simplify your administration.

We talk about:

  • Global Data which is replicated via SQL all over the hierarchy. (CAS, Primaries and Secondaries). A rule of thumb to know what Global Data is –> everything created by the admin in the SCCM console.

          Examples: Package metadata and collection rules.

  • Site Data which is also replicated via SQL. The rule of thumb is here, everything that is created by the system itself.

           Examples: collection members, HINV, messages

          This data can be found on the CAS and originating primary

  • Content Replication is still file-based.

          Luckily Microsoft did a good job to keep the SQL replication simple and automated a  

          lot under the hood.

          So you don’t need to be a SQL guru at this point but of course as SCCM Admin it’s  

          always interesting to have a good relationship with your DBA.

          Also, diagnostic files (csv format) can be exported easily so your DBA friend can  

          examine them. Knipogende emoticon 

The clever ones under us might have the remark. “OK so everything is SQL replication but why do I still see inboxes and outboxes on my SCCM Server?” Well that is still used for local registration on the Management Point.

 

The new replication model:

       image

So yes, if you create a collection on the US site it might be visible at the Europe site. To keep control about this you can use Collection limiting and RBAC that will help you to fine-tune security.

 

Till next time!

Nico Sienaert

clip_image014_001E83A8