System Center Configuration Manager 2007 : Configuration Manager Technology and Terminology (part 1)

Site Servers

The site server is a site system role assigned to the server where the Configuration Manager setup program runs. By definition, each ConfigMgr site has at least one site server. This system has the ConfigMgr binary files installed on it, and can have clients assigned to it for management purposes. The site server manages all components belonging to its site, including management points and distribution points.

Site servers are divided out into two types:

• Primary site servers

• Secondary site servers

Although both are types of site servers, there are significant differences between the two, differences you will need to understand to place them properly in your organization. The next sections discuss these differences.

Primary Site Servers

Primary site servers reference a SQL Server installation and store their configurations, client inventories, statuses, and other attributes in a SQL Server site database. SQL Server is typically installed locally, and Microsoft recommends this as a best practice. A local database installation provides the following advantages:

• Simplified management

• Reduced chance of resource contention

• Allows implementing the most secure and simple installation of SQL Server, thus safeguarding the client’s inventory data

Primary site servers can scale to approximately 100,000 clients per server, although political or organizational reasons may mandate more than one site server and a lower client count per site. Primary site servers require a Microsoft Configuration Manager 2007 license for each site.

Every Configuration Manager implementation has a minimum of one primary site, also known as the central site. The central site is the top primary site in the hierarchy. Whether there is one Configuration Manager site or multiple sites, the top of the hierarchy is always the central site. All inventory rolls up the hierarchy, making this site server the central repository for all client configuration data in the enterprise.

Scalability in ConfigMgr 2007 has increased substantially from SMS 2003 to support some of the largest and most complex enterprise environments around the world. Because ConfigMgr has so many unique roles, each of them has its own respective scalability limits due to the type of traffic involved.

Microsoft made public the scalability figures listed in Table 1 at the 2008 Microsoft Management Summit.

To achieve numbers in the ranges listed in Table 2.2, you must perform proper sizing of the ConfigMgr hardware and allocation of ConfigMgr resources. A great difference exists between the types of traffic, such as patch management, application distribution, and OS deployments.

Secondary Site Servers

Given the capabilities of a primary site server, what is the role of a secondary site server?

• A secondary site does not have a SQL Server database.

• A secondary site server can only be a child of a primary site.

• Secondary site servers typically are used to manage a large amount of client data over WAN links.

Here are some examples when you may want to use secondary site servers:

• If you are concerned about network traffic between the clients and the Configuration Manager hierarchy, secondary sites can host a Distribution Point role and then throttle and limit when packages are updated on that DP.

• Let’s say you have a large number of clients at a remote location and desire to cache client inventories and upload them to their primary site server at a more opportune time. This capability requires leveraging the proxy management point to have the secondary site server cache, compress, and then upload the data to the primary, while complying with a rate limit and schedule defined on the server’s address.

You perform secondary site server administration through the parent site or some other site higher in the hierarchy, such as the parent’s parent. In essence, a secondary site server can reduce the load on its parent primary site server, and it is more efficient with network bandwidth usage during peak times over a WAN link.

Site Systems

Site systems are servers, and in some cases workstations, that host roles for the Configuration Manager infrastructure. Site systems include the following:

• Component server— A computer with ConfigMgr software installed on it. A component server is a ConfigMgr server that has had the ConfigMgr setup run on it locally and ConfigMgr software installed.

• Site database server— Required for primary sites only. This is the server running SQL Server and hosting the site database.

• SMS provider— Required for primary sites only. The provider is the WMI layer sitting between the ConfigMgr console and site database.

• Management point— Used for client and policy download. This is a location where Configuration Manager computer and device clients can exchange data with the ConfigMgr site services. ConfigMgr clients and the site server do not communicate directly with each other; all communication is facilitated via the management point. There must be at least one default management point for every ConfigMgr hierarchy.

• Distribution point— A distribution point is a share containing ConfigMgr packages for clients that will download them for installation. DPs are used with software distribution, software updates, and OSD. DPs do not require an additional ConfigMgr license.

• Branch distribution point— A branch distribution point allows a distribution point to be defined as a workstation. This is ideal for remote locations with fewer than 10 workstations, removing the need to install a secondary site server. (New with ConfigMgr 2007.)

• Server locator point— Used when the AD schema is not extended or when managing clients in workgroups or untrusted AD forests. The SLP helps clients find management points when they cannot find that information through AD and informs clients which MP to access to install the client software, completing client site assignment on the intranet.

• Software update point— The software update point (SUP) is assigned to the computer running WSUS, and is only required if using the Software Updates capability. New with ConfigMgr 2007 is its integration with WSUS and thus the SUP. WSUS enables administrators to deploy Microsoft updates to computers running the Windows operating system, leveraging built-in Automatic Updates technology. ConfigMgr now uses this role to distribute various updates to Microsoft client systems.

• State migration point— OSD uses the state migration point when migrating user state and settings from one computer OS load to another as part of operating system image deployment. The SMP can be used in both Refresh PC and Replace PC deployment scenarios. The state migration point requires Internet Information Services (IIS). You can use the state migration point for other functions, such as automating backup of the user’s state to the network.

• Fallback status point— The fallback status point (FSP) is used to help administrators monitor client deployment and identify any problems encountered during installation or assignment. It also helps to identify clients that are unmanaged because they have problems communicating with their MP, which is particularly relevant when operating in native mode. (New with ConfigMgr 2007.)

• Reporting point— Hosts the Report Viewer component that provides web-based reporting functionality. The reporting point is only required if reports are run on a particular primary site.

• PXE service point— Responds to Preboot Execution Environment (PXE) requests from computers requesting operating system deployment. (New with ConfigMgr 2007.)

• Device management point— An extension to the management point or proxy management point. The device management point allows mobile devices to connect to ConfigMgr servers and receive policy and configuration settings.

• Out of Band service point— Used to enable out of band management for clients; can only be installed on primary site servers. (New with ConfigMgr 2007 SP 1.)

• Reporting Services point— Delivers integration with Microsoft SQL Server Reporting Services. (New with ConfigMgr 2007 R2.)

• System Health Validator point— Assigned to the computer running the Network Policy service. Only required if the Network Access Protection feature is being used. (New with ConfigMgr 2007.)

Site systems should always reside in the same AD forest as the site server. Spanning Active Directory forests with Configuration Manager sites is not recommended because you would span the Active Directory security boundary by allowing administration from a different forest.

Although not recommended, it is possible to have the following site systems in a remote forest:

• Server locator point

• Fallback status point

• Distribution point

• Management point

• Software update point

• System Health Validator point

• PXE service points

Site Hierarchy

Site hierarchies exist when there are more than one Configuration Manager site server and the servers have a parent/child relationship defined between them. Hierarchies can be very simple and flat or complex and deep to support an organization’s requirements for systems management.

A parent ConfigMgr site implies there is at least one child site. A parent site can have many children, and those children can have children. Secondary sites cannot have child sites, and the parent of a secondary site is always a primary parent site, because secondary sites do not have their own database.

Only the PMP and DP roles can leverage the sender that the secondary site relies on for communication to the parent primary site.

A common hierarchical model is for a central site to manage servers and a child primary to manage workstations. This architecture provides a structure for the server administrators to manage their systems and the workstation administrators to manage their systems while segregating the management of those systems, the features enabled, schedules, and so on. Figure 1 illustrates an example of a three-tiered hierarchy with two branches, one of which is two-tiered.