Summary of Changes in SCCM 2012

Summary of Changes in SCCM 2012

 Application Model

  1. Added intelligence – enforcement, requirements and dependencies
  2. Unified experience – multiple profiles per application

 Infrastructure

  1. Simplified Infrastructure
  2. Intelligent Replication – replicate once. Control bandwidth between site server and DP.

Operations

  1. Automate Action – DCM Remediation, Application Enforcement
  2. Improved Awareness – Alerts, reporting and scope
  3. RBAC

Infrastructure and Design

–          How to design a new infrastructure for a new environment?

–          Multiple MP per site server. You can failover to another MP.  You don’t have to have a NLB configuration.

–          Where do I need site server and site system roles?

Where to start – Infrastructure and Design

–          Central Administration Site (CAS) – new site server term in SCCM 2012.

–          Typical model of central primary with two child primaries replaced with CAs and two primaries

–          New Perspective

  1. Multiple MP’s
  2. Multiple SCCM Providers
  3. Clustered DB
  4. Settings segregation

Primary Sites

–          No segregation for servers and desktops

–          Add multiple roles to increase scalability

–          You can create client profile settings that have unique client agent settings defined, e.g. desktop, servers, mobile, etc.

–          If there are a few thousand clients in a remote location, this is something to consider in the overall design. 

When to add additional primaries

–          Clients still access MP’s, but will SS still suffice

–          Global – 1 per continent to start

–          Political – scope from RBAC must address requirements around data segration. Are there any requirements that each country maintain its own data?

Primary Sites

–          What is the network topology?

–          DP’s can be throttled and scheduled must like a SS in SCCM 2007.

–          Untrusted domain

–          Any of the forests that you have must be two way trusts. You can drop a site role in the untrusted environment (MP, DP, etc.). But you can’t have a primary site there in the untrusted domain managing that environment.

–          IBCM – this is another way to get around the un-trusted domain limitation

Previously

–          Object and instructions flow down.

–          Status, state and inventory flow up

SCCM 2012

–          Single admin point

–          Content processed at any level is replicated throughout the hierarchy

–          Focus design on network preservation and server consolidation along with server consolidation.

–          If client policy will not impact the network, will a throttled DP suffice?

AD Trust Requirements

–          Two way trust required between forest. 

–          site roles can reside in an un-trusted forest, but not a primary

–          Mitigation

–          Primaries remain in trusted environment

–          Additional roles can be placed in un-trusted environment

IBCM

–          There is no native node or mixed mode. You can specify per site system role, which one uses HTTPS. Per device you can specific which machines require HTTPS to communicate to a site system role that is configured with the HTTPS.

–          You need to create certificates but in development of site system role you specify the certificate and it does it for you without having to go into ISS and binding the ports for SSL to the IIS pool.

Hardware Consideration

–          Reduced disk I/O due to file processing on each server. Focus on what SQL needs as SQL Replication is being used to replicate between the site servers.

–          Increased SQL Activity (SQL Lob, DB, temp db, etc.)

Other Consideration

–          BranchCache > Distributed + Hosted. When Windows 7 and Windows server 2008 R2 both have branch cache turned on, WWS discovery request is done to determine if anyone else on the subnet has the file content with the hash from a local windows 7 machine. In doing so, you don’t have to buy WAS to do this.  When you have more then one Windows 7 devices at remote location with branch cache you will have better network.

–          Windows 7 Wake-up

  • Can wake it self up without WOL requirement, perform queries for policy, and then go back to sleep.

Migration

  1. Polish old infrastructure
  2. Spin up new infrastructure
  3. Attach to old infrastructure and migrate objects
  4. Upgrade clients with assignment to new infrastructure
    1. Objects continue to migrate on schedule
    2. Decommission old infrastructure

Q: Will SCCM 2007 client talk to SCCM 2012 client?  The answer is no.

Tools to Assist

–          Migration tools provides initial consumption of objects, scheduled synchronization during transition.

–          Allows for side by side operation without loss of DP Content

Preparation

–          Flatten collections. No longer used as folders to organize other collections.

–          Include, exclude provides greater flexibility

–          Limiting provides functional object security

–          Packages to UNC versus local source path

–          Ensure SCCM 2007 SP2 is deployed

–          Flatten hierarchy

No In Place Upgrade

–          Requires idle servers or hosted environment

–          Round Robin is the recommended approach to do the migration.

Round Robin/Rebound Method

–          Goal is to free up servers so that the new SCCM infrastructure can be stood up and migrated over.

–          Purchase new CAS server hardware and start to migrate SCCM 2007 and decommission the SS.

–          Free up one server initially.

–          Compress current servies onto fewer servers

–          Existing environment services reduced, yet functional

–          Use newly available resources for SCCM 2012 primary site

–          Migrate services from SCCM 2007 to SCCM 2012

–          Migrate clients to SCCM 2012 with reduced services

–          Decommission SCCM 2007 server and allocate additional resources to SCCM 2012.

Maintenance and Operations

Application Model

–          Enterprise administration has changed from desktop to mobile devices to mobile users

–          Users and business unit roles and profiles

–          Application profiles across multiple platforms

–          Application dependency, behaviors, uninstall and requirements

–          Business unit requirements and client behavior profile

–          System Configuration Requirements, behavior and enforcement

Security Rights

–          There is the ability to retain the intent of the SCCM 2007 Security Rights to SCCM 2012.

–          You cannot configure the failover MP.

–          NOIDMIF is supported in SCCM 2012.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=