Softgrid 4.1 migration towards ConfigMgr with App-V 4.6 Integration : The story of automation , Part 2.

October 22, 2010 at 11:13 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, migration, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, Softgrid, WMI by Kenny Buntinx [MVP]

Yesterday , I have started explaining my little migration project to migrate away from a standalone Softgrid 4.1 infrastrucure towards a fully integrated SCCM2007 SP R2 App-V 4.6 infrastructure . You can read my previous post right here : http://scug.be/blogs/sccm/archive/2010/10/18/softgrid-4-1-migration-towards-configmgr-with-app-v-4-6-integration-the-story-of-automation-part-1.aspx

Below I will discuss the migration scenario once more in a few bullet points to migrate away from the Softgrid 4.1 standalone environment :

  1. Deploy the new app-V 4.6 clients on all workstations and check for inconsistencies (luckily all packages where sequenced with 4.2)  DONE in Part 1
  2. Pull all existing Softgrid 4.2 sequenced packages thru the new App-V 4.6 Sequencer to avoid any complications. DONE in Part 1
  3. Import all packages into ConfigMgr 2007 SP2 R2 DONE in Part 1
  4. Create all necessary collections and create a dynamic membership query with a AD group name.
  5. Create all the necessary advertisements.
  6. Switch over from Softgrid standalone to Configmgr 2007 R2 SP2. (Think about network impact !)

 

So that will leave us to creating all the necessary collections ( remember 400 Pieces ) and their lovely 400 AD Group Memberships as this was how the Softgrid environment worked (User Group Based) before.

You could accomplish this in basically 2 ways , with a Direct or Dynamic collection membership. Both will have different pro’s  & cons and I will try to explain the difference below :

1. Creating a Dynamic collection membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a best case ( not best practice ! ) scenario where  it can take at least a maximum possible latency (In the case below) of = 3hrs 15 minutes

  • AD Replication to happen – 15 minutes.
  • AD Security Group Discovery – 60 minutes (this is a very short setting – default is a day). ( R3 could save you another 55 minutes here with Delta Discovery enabled )

          image

  • As this is a dynamic membership collection , it is bound to a Collection evaluation cycle – 60 minutes (this is a very short setting – default is a day).
  • Configuration Manager Client Policy Refresh – 60 minutes (Default).

2. Creating a Direct collection Membership based on the User Group Resource that will point to an AD Security Groups that contains users in AD for Collection Population.

Assuming there is a worst case scenario where  it can take at least a maximum possible latency (in the case below) of = 60 minutes

  • Configuration Manager Client Policy Refresh – 60 minutes (Default).
  • User may needs to log off and log-on again.

Option nr 1 is not an approach that I’m  in favor off  as it introduces a much higher latency then option nr 2. I can live with the fact that users may need to do a logon/Logoff to receive there applications. As we have decided to go for option nr2 , it is now time to create a script and to do the following :

  1. Create a collection based on the “Virtual app” name that is been extracted out of the manifest.xml found in the folder of the \\<Servername>\VirtualPackageSource\<Package Name> under a allready existing SUB – Collection
  2. When creating the collection , create a direct collection membership with the Application AD Security group Name . (based on the resourceID)

To accomplish step 2 , you will need as prerequisite to turn on AD Security group discovery in your site settings. When done, you could pull out of SQL a *.csv file with all your Security group names and resource id’s as shown below . Please save the file as you will need it in a later phase .

image

Figure 1: This is how SCCM stores their security group information in the SQL db ( ResourceID/SecurityGroup)

Now we start working on the script , as we need the ResourceID to make it work

Below I will post the VBS code to only create 1 collection and link 1 Security Group :


 

Now I need to figure out how to link the ResourceID’s & groups with my softgrid AppID’s & Security Groups ( as shown below )  . However this will not be an easy task as I need to convert a LDAP GUID to a readable security groupname , make the correlation between the previous exported ResourceID/Security group name  and the converted GUID SecurityGroupName/AppID .

image

Figure 2: This is how Softgrid stores their security group information in the SQL db ( AppID/SecurityGroup (GUID))

Stay tuned for Part 3 very soon ….

 

Hope it Helps ,

 

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest