Managing a Windows Server 2003 Environment - SMS and MOM

Michael KleefIT Pro EvangelistMicrosoft Pty Ltdhttp://blogs.msdn.com/mkleef

Agenda• Process Guidance• SMS 2003• MOM 2005• DSI• Q&A

• Microsoft Solutions for Management– www.microsoft.com/msm

• Provides you with a solution “blueprint” for end-to-end operation of business-critical production systems using Microsoft technology– Envision, Plan, Build, Deploy, Test, and Operate

• Solution Accelerators

Solution Accelerators

Operations Management Service Monitoring

Change and Configuration Management Patch Management Desktop Deployment Server Deployment

• Four step process to assess, identify, evaluate & plan, and deploy patches to their environments

• Provides best practices for implementing technology to distribute patches

• Provides best practices using SMS2003 for critical patching in a 24 hour period

• Guidelines for operational tasks required for effective patch management

• Downloadable from TechNet

Patch Management Solution Accelerator

Configuration M

anagement

Subscription

Baselining

Change Request

Change Classification

Change Authorization

Change Development

Quarantine Quarantine

Relevance

Identification

Change Review

-Rol

l-

Plan Release

Release Development

Acceptance Testing

Roll-Out Planning

Roll-Out Preparation

Release Deployment

Setup Activities

Change Initiation

Change Management

Change Management

Release Management

Setup Activities

Change Initiation

Change Management

Change Management

Release Management

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msm/smf/default.asp

Demo:

• Windows Update Services

SMS 2003

SMS 2003 Capabilities

Application Application DeploymentDeployment

AssetAssetManagementManagement

SecuritySecurityPatchPatch

ManagementManagement

LeveragingLeveragingWindows Windows

Management Management ServicesServices

Support forSupport forthe Mobile the Mobile WorkforceWorkforce

Microsoft Internal Success• Over 108,000 Clients Deployed• Over 5,500 Servers Managed around the world• Over 400 locations• The tool used by Microsoft to ensure compliance of

security patches across Microsoft• Using SMS 2003 OTG can obtain:

– Accuracy of patching• 97% compliance within 4 hours• 100% accountability

– Scalability & Performance• 5,500+ managed Windows servers • within 7 hours.

– Software distributions since July 2003• 350,000 installations/configurations

SMS 2003 Performance• Significant performance improvements in key areas:

Feature SMS 2.0 SMS 2003

Inventory Performance Full Inventory

Delta Inventory

AD Discovery

Clients per Site

25/min25/min 140/min140/min 5 times 5 times fasterfaster

32/min32/min 225/min225/min7 times 7 times fasterfaster

31/min31/min 150/min150/min 5 times 5 times fasterfaster

2K per 2K per CAPCAP

25K per 25K per MPMP

12 times 12 times moremore

SMS 2003High-level changes – Client and Platform Support Changes

• No Windows 95 or earlier support

• No Windows ME or Windows XP Home

• No NetWare support

• NEW! Support for PocketPC

– Architecture• No more logon points

• No SQL Server 6.5 support

• NEW! Management Point

– For config of Advanced clients

• NEW! Advanced Client

– Uses BITS to drizzle packages to clients

• Active Directory Integration

• Software Inventory

SMS 2003Key Functions

• Management Point• Reporting Point• Distribution Point• Client Access Point• Server Locator Point

Management ComponentsClient matrixFeature Desktop Client Advanced Client

Inventory (HW/SW)

Mobile aware inventory

Basic SW Distribution

Mobile-aware SW Distribution

Remote Control

Metering

Platforms Windows 98, Windows NT 4, Windows 2000 and later

Windows 2000 and later

Installation Client push, logon script, manual, pre-stage

Client push, logon script, manual, GP,

pre-stage

SMS 2003 Install & Config Tips

• Ensure you understand the pre-requisites!– IIS 6.0 installed– SQL 2000 with SP3a installed– BITS, WebDAV and ASP.NET enabled– Accounts need to have appropriate permissions to

complete install (Active Directory)– Sites (in site boundary definitions) must have

TCP/IP addresses assigned to them

BITS DownloadsBackground Intelligent Transfer Service

• Component of the Windows operating system– SMS will deploy BITS to clients if not already installed

• Used for the following types of data– Policy downloads – Large policy assignments (>50K)– Data uploads– Package content download

• Local and Remote wherever BITS is available

SMS 2003Preparing Active Directory

• Integration points– Discovery of user, group, and computer accounts– Publishing Server Locator Point and Management Point– Publishing of roaming boundaries

• If you are moving to Active Directory, – Recommended prior to SMS 2003 deployment– Simplifies administration of SMS 2003– Collapse domains if required

• Permit schema extensions– Small amount of GC impact (few classes)– Very small Domain NC impact (System Container)

• Configure Active Directory sites– SMS can use Active Directory sites for site boundaries

Load

Recommended Hardware

Inventory 5x week Software Distribution 10 pkgs/week

1Ghz 512 MB RAM

SMS Hardware Sizing Small Secondary Site: 50-100 Clients

• At Small sites - processing, memory and disk IO are not big issues (unless box is running other workloads)

• It’s better to have an SMS site sharing a server with other workload than connect to a dedicated site server over a slow speed link

Load Recommended Hardware

Inventory 5x week Software Distribution 10 pkgs/week

Dual 1 Ghz 512MB – 1GBRAM Minimum of 3 disks Recommended - 11 disk

SMS Hardware Sizing Medium Primary Site: 1,000-5,000 clients

• Memory needs grow with number of clients• Disk IO starts to become possible bottleneck• Processing capacity requirements increase as inventory

and package frequency increases• Disk Layout

– Raid 1 – OS/SQL Exec– Raid 5 SMS Directory– Raid 5 SMS data– Raid 1 SMS Log