Deploying System Center Configuration Manager 2007 (June 29, 2007)
Chat Topic: Q&A with the System Center Configuration Manager 2007 Deployment Feature team
Date: Friday, June 29, 2007
**Please note:****Portions of this transcript have been edited for clarity
Experts:
Stan White, Miho Urabe, Na Li, Brent Dunsire, Jeff Nordum, Ryan Anderson, Dan Conley
Newsgroup:
https://connect.microsoft.com/messageboards/community.aspx?SiteID=16?
https://www.microsoft.com/technet/sms/2007/evaluate/default.mspx
Dan Conley [MSFT] (Moderator):
Hello everyone, Welcome to the Q&A with the System Center Configuration Manager 2007 Deployment team web chat.
Dan Conley [MSFT] (Moderator):
Everyone, we have the Deployment Feature (SCCM Server and Client deployment) team with us in this chat, therefore that should be the focus of the questions. We have other chats scheduled with a focus on the other features. Please refer to the chat schedule for those dates. I will also post them at the end of the chat.
Start of Chat
Dan Conley [MSFT] (Moderator):
Q: How important is the use of MSI in best taking advantage of SCCM? We desire to use SCCM to deploy an enterprise web solution (windows services, web sites, database components)
A: Can you please clarify you scenario?
Stan White [MSFT] (Expert):
Q: If one knows SMS management is it easy to move to SCCM?
A: Many of the existing features of SMS 2003 are the same or very similar. Software updates management is different but if you are an SMS 2003 user you will be in familiar territory
Stan White [MSFT] (Expert):
Q: Will the AD schema updates in SCCM 2007 RC1 be the same as those in SCCM 2007 RTM?
A: The schema has not changed since Beta1 (Beta1 actually)
Stan White [MSFT] (Expert):
Q: Will there be guidance available about network performance for Wan sites and when to choose/consider primary sites or secondary sites based upon bandwidth requirements ?
A: Yes. Branch distribution points will assist with smaller sites and reduce the need for secondary sites as well. The primary/secondary decision will be mostly the same as SMS 2003 outside the BDP addition
Miho Urabe [MSFT] (Expert):
Q: Will a Capacity Planner and be available for the new release?
A: You mean "available"? If so, it won't be in SCCM 2007.
Dan Conley [MSFT] (Moderator):
Q: will the BDD functions be more streamlined.. LTI and ZTI currently are not backwards compatible and not user friendly
A: That is a great question for the OSD (Operating Systems Deployment) feature chat. The OSD team will be present then, and will be able to address that.
Stan White [MSFT] (Expert):
Q: If I move from Beta to RC then to RTM what is the likelihood that client redeployments will be required? If they are needed, do you think they will be needed for each product release?
A: You will need to move to RTM in order to have support, only TAP customers are supported in production. In addition, there may be compatibility issues between versions - so... yes
Miho Urabe [MSFT] (Expert):
Q: Have the AD schema updates in SCCM 2007 RC/RTM different from those in SCCM 2007 B2?
A: I do not think it was updated between B2 and RC.
Stan White [MSFT] (Expert):
Q: What is new about the BITS 2.5 that SCCM is using?
A: It supports native mode - SSL communications
Miho Urabe [MSFT] (Expert):
Q: Will there be support for .MSP?
A: For client, yes, but for site server, there won't be MSP support.
Brent Dunsire [MSFT] (Expert):
Q: For Remote support -specifically remote control, is this transitioning to purely remote assistance driven by clients?
A: RDP and RA will both be available
Stan White [MSFT] (Expert):
Q: Can you explain how we could deploy the advanced client to Internet (or VPN) connected clients? What firewall rules would be required?
A: The client cannot be deployed OVER the internet, but can be installed from local source on a client - with the correct command lines and certificates already deployed. Or install on the corporate network
Dan Conley [MSFT] (Moderator):
Q: (regarding MSI-based deployment) - to what extent do you recommend the use of MSI to deploy server applications as opposed to other options, given SCCM2007? It appears to be hard to write MSIs for such things
A: SCCM's software deployment feature will allow you to deploy MSI and non MSI based applications. From an SCCM point of view, there isn't any specific advantage to using one over the other.
Stan White [MSFT] (Expert):
Q: Is there any client-side BITS control in the new client?
A: There are no specific settings available in the UI, no
Na (Expert):
Q: Will you be able to leverage BITS from a DP?
A: Yes, you can choose to use BITS or SMB for downloading from DP. There is a setting on DP property page for it.
Miho Urabe [MSFT] (Expert):
Q: Will reporting be more user-friendly. What I mean by user friendly is more out of the box dynamic reports instead of relying on creating custom reports
A: It is still creating custom reports, however the user experience was improved and you can view on Admin UI console, too.
Brent Dunsire [MSFT] (Expert):
Q: What are the best practice recommendations for number of users per location when considering Branch Deployment, vs. PDP, versus secondary site?
A: we expect BDP to support up to 100 clients (still in testing). Secondary site support will be per SMS2003.BDP is dependent on OS concurrent license requirements.
Stan White [MSFT] (Expert):
Q: Does SCCM have a license management option not just reporting
A: No, we do not have an enforcement mode
Jeff [MSFT] (Expert):
Q: In moving to SCCM from 2003, is there an easy upgrade path for side by side upgrade rather than upgrade existing central sites?
A: Upgrade best practice is top level down, upgrading each tier before moving down level
Dan Conley [MSFT] (Moderator):
Q: Will there be a 'Migration/Upgrade Guide' for transitioning from SMS 2k3 to SCCM or will a clean, parallel install be the preferred upgrade path?
A: There is guidance in the core documentation for using either path (upgrade or Parallel). Both are supported and should be considered depending each deployments requirements.
Brent Dunsire [MSFT] (Expert):
Q: Is it also possible to use network load balancers for redundancy/scalability of management points and if yes are also site aware load balanced management points instead of use NLB ?
A: No, we only support using Microsoft's NLB for both MP and SLP site roles.
Na (Expert):
Q: SCCM 2007 will reportedly use the x64 Windows Server OS, will it support an SQL Server 2005 running on a server cluster?
A: yes
Na (Expert):
Q: Has enforcement been added back to Software Metering?
A: No
Dan Conley [MSFT] (Moderator):
Q: will SCCM be supported in a cluster
A: SCCM will support hosting the SQL database on a failover cluster. None of the site server’s roles will be supported on a cluster.
Stan White [MSFT] (Expert):
Q: Is it also possible to use network load balancers for redundancy/scalability of management points and if yes are also site aware load balanced management points instead of use NLB ?
A: For management points and we only support WNLB for IIS load balancing.
Stan White [MSFT] (Expert):
Q: Will you be able to target users and groups with OSD in CM07, and not only Computers as it is SMS 2003 OSD FP?
A: This would be a great question for the upcoming OSD chat or the beta newsgroups
Miho Urabe [MSFT] (Expert):
Q: are there any limitations or restrictions on site systems on x64 platform. I cannot get a MP to work on an x64 server
A: Server components run in WOW64, but they should work fine.
Brent Dunsire [MSFT] (Expert):
Q: If you are using a Windows XP SP2 workstation as a DP, will you be able to leverage BITS during the distribution process from your primary site? If so, will you be required to install IIS on the workstation client?
A: The BDP will use Bits for download from a regular DP. Clients will then pull from the BDP using SMB
Miho Urabe [MSFT] (Expert):
Q: If looking to do an in place upgrade, are there any guidelines for the modification of an SMS 2k3 infrastructure to make the transition 'smoother', i.e., the removal of ITMU, implementation of WSUS, etc.?
A: I would run setup.exe /prereq to review warnings and errors first.
Na (Expert):
Q: If you are using a Windows XP SP2 workstation as a DP, will you be able to leverage BITS during the distribution process from your primary site? If so, will you be required to install IIS on the workstation client?
A: You can only install BDP on XP SP2 platform. BDP pulls down from DP using BITS, but downloading form BDP uses SMB. You don't need to install IIS on client.
Dan Conley [MSFT] (Moderator):
Q: What are the plans for SoftGrid Integration with SCCM
A: Yes, there are plans for SCCM and SoftGrid integration. But this won't be a feature at SCCM RTM.
Stan White [MSFT] (Expert):
Q: If looking to do an in place upgrade, are there any guidelines for the modification of an SMS 2k3 infrastructure to make the transition 'smoother', i.e., the removal of ITMU, implementation of WSUS, etc.?
A: Yes, we have documentation on this in terms of prerequisites. You can also run setup /prepreq /pri .... anytime without installing a site - use as a planning tool and also run setup /testdbupgrade on a copy of the database
Na (Expert):
Q: Is BITS 2.5 required for XP SCCM advanced clients to use download and execute? If yes, will it be installed as part of the SCCM client install?
A: Yes and yes
Brent Dunsire [MSFT] (Expert):
Q: are any features planned that integrate with VMM? (I plan to effect deployments to VMM-created VMs using SCCM)
A: Unknown at this time.
Miho Urabe [MSFT] (Expert):
Q: i recently purchased 50 CAL for my company and I don’t know how to deploy it, any help?
A: I would read Deployment Guide first.
Brent Dunsire [MSFT] (Expert):
Q: What's the recommendation for using a fallback site server?
A: Do you failback status point?
Dan Conley [MSFT] (Moderator):
Q: Will SCCM have the ability to collect software inventory on SoftGrid applications deployed to clients?
A: The exact SoftGrid/SCCM integration plans are still being worked out, so I am not sure if that functionality will be included at this time.
Brent Dunsire [MSFT] (Expert):
Q: What is the expected LAN traffic per hour/client? Are there any guides for the various agent and the size of packets it generates?
A: This data is still being gathered at this time.
Jeff [MSFT] (Expert):
Q: --But if I go to my server and try to access the https://<server>/certsrv , Under the Certificate Template section, ConfigMgr Site Server Signing Certificate for the Certificate Template is not getting displayed . Do I need to do anything else
A: This is would be a great question for the chat topic "System Center Configuration Manager 2007 Internet Based Client Management and Native Mode" scheduled on July 24th
Brent Dunsire [MSFT] (Expert):
Q: What are the recommended techniques to provide high availability so that SCCM can be deployed over two active-active datacenters. So if one datacenter fails the users don't experience problems.
A: At present we don't have guidance for this scenario at this time.
Dan Conley [MSFT] (Moderator):
Q: Does the SMS 2003 XP advanced client support BITS 2.5? In other words, can I install BITS 2.5 now on my SMS 2003 clients?
A: Yes, you can.
Stan White [MSFT] (Expert):
Q: What does the NAP integration provide in SCCM ?
A: Config Mgr provides an agent on the client and server side that plugs into the Windows Server 2008 infrastructure. Although Windows Server 2008 is not released yet, ConfigMgr is ready for NAP but cannot fully support Windows Server 2008 in production for site roles until our SP1
Dan Conley [MSFT] (Moderator):
Q: Will you be able to use network load balancing appliances to point clients to package distribution points?
A: No. This isn't supported.
Jeff [MSFT] (Expert):
Q: I am trying to install the SCCM Beta 2 in the Native mode. Followed the Step-By-Step Guide to Deploying the PKI Certificates Required for Configuration Manager Native Mode and created a document signing certificate as per the TechNet guide But --
A: Good question for chat on July 24th
Stan White [MSFT] (Expert):
Q: will SCCM support multicast for application distribution or OSD deployment?
A: No
Brent Dunsire [MSFT] (Expert):
Q: What is the DB size per client? Will SCCM require more space per client than SMS 2003? If so, at what ratio?
A: This is likely to increase due to the additional functionality provided by SCCM, data on this is still being gathered.
Jeff [MSFT] (Expert):
Q: any plans to integrate a web based admin console that is supported by MS?
A: No plans for web bases admin console for ConfigMgr 2007
Miho Urabe [MSFT] (Expert):
Q: any plans to integrate a web based admin console that is supported by MS?
A: For 2007, no. For next version, we are still investigating and not decided yet.
Dan Conley [MSFT] (Moderator):
Q: Is the port configuration for the SCCM client the same for Windows Firewall in XP and Vista as the SMS 2003 client?
A: No. the port requirements have changed from SMS 2003 to SCCM. Those exact requirements are included in the core documentation.
Brent Dunsire [MSFT] (Expert):
Q: Yes, Failback status point
A: We expect these to be deployed at each Primary Site Location
Stan White [MSFT] (Expert):
Q: How many client connections will a Windows XP SP2 BDP be limited to?
A: It depends on the operating system limit for concurrent connections
Na (Expert):
Q: How many client connections will a Windows XP SP2 BDP be limited to?
A: There is an OS feature, 10 (I think) concurrent SMB sessions for XP
Stan White [MSFT] (Expert):
Q: Further to my MP on x64, has this actually been tested? I have heard that the ISAPI DLLs are 64bit whereas the application (ccmexec.exe) is 32bit. When I install the MP on x64, the install completes but the MP returns '%1 is not a valid win32 app'
A: 64 bit site roles are fully supported and tested in 07
Brent Dunsire [MSFT] (Expert):
Q: does that mean deploying two servers at each primary site location? one for the primary server and one for the failback site server?
A: Not quite, the FSP is designed to receive messages from clients that are unable to communicate with any other site role (eg. MP) , these are essentially SOS messages from the client. This role is NOT a Site Server "Failback" server.
Ryan Anderson [MSFT] (Expert):
Q: Further to my MP on x64, has this actually been tested? I have heard that the ISAPI DLLs are 64bit whereas the application (ccmexec.exe) is 32bit. When I install the MP on x64, the install completes but the MP returns '%1 is not a valid win32 app'
A: This has been tested. 64bit servers are fully supported.
Dan Conley [MSFT] (Moderator):
Q: is SCCM deployment functionality impacted by SML in any way?
A: DCM leverages SML, Server Deployment does not.
Stan White [MSFT] (Expert):
Q: will SCCM2007 have a build in license management piece
A: We have software metering (monitoring only) and asset intelligence (formerly AssetMetrix)
Stan White [MSFT] (Expert):
Q: Will SCCM 2007 be fully supported if deployed on VMware either ESX or GSX?
A: Only on Microsoft Virtual Server
Ryan Anderson [MSFT] (Expert):
Q: Once you hit the max connections for a XP workstation BDP (10) will the systems automatically attempt to connect to another local BDP (assuming it exists)
A: The client will look for the content elsewhere like any other content request.
Brent Dunsire [MSFT] (Expert):
Q: What is the best practice for deploying the client agents in a very large environment ( +40 000 clients ) ?
A: Firstly test the process you will use to deploy the clients, then stage the deployments over time so as not to overwhelm the SCCM infrastructure. Using best practices -> Design, Pilot, Deploy.
Dan Conley [MSFT] (Moderator):
Q: Any enhancements to DCM in SCCM 2007?
A: The DCM feature is being introduced as a fully integrated feature with SCCM 2007. (DCM for SMS 2003 was a solution accelerator add-on). If you have more specific questions about DCM, please join us for the DCM chat on July 19th.
Na (Expert):
Q: Will the SCCM client be able to do "clean" in-place upgrades of the SMS 2003 Advanced client? Or do you recommend first removing all remnants of the SMS 2003 Advanced client from the target computers?
A: Yes we support client upgrade from 2003.
Ryan Anderson [MSFT] (Expert):
Q: Will there be a new toolkit for SCCM ? Or what is the recommendation regarding that ?
A: There will not be a new toolkit. Our goal is to work the existing tools/functionality into product and/or on the CD.
Brent Dunsire [MSFT] (Expert):
Q: Can the Capacity Planner (Excel spreadsheet based) for SMS 2003 be used for SCCM 2007 or will there be a new one available for 2007?
A: Plans in this area are still being finalized.
Miho Urabe [MSFT] (Expert):
Q: Metering in the Beta version added a number of apps automatically running in my environment, but it didn't add all exe's discovered in the inventory process, just what appeared to be active processes. How is it gathering? Is it a 1 time dump or continuous?
A: The metering monitor process list therefore you observed only active processes were metered.
Ryan Anderson [MSFT] (Expert):
Q: Will you be able to transition your customized MOF files from SMS2003 or will they be a new format?
A: Just as you would with a prior SMS upgrade, you would backup your existing and then modify the then add your changes after upgrade. The format should be the same though.
Jeff [MSFT] (Expert):
Q: Will SCCM allow support of WINS enabled domains, ala SLP? Or, has WINS support been eliminated?
A: WINS will still be supported
Miho Urabe [MSFT] (Expert):
Q: Is SMS 2003 Toolkit 2 fully compatible with SCCM?
A: It is per individual tool and we have not tested yet.
Jeff [MSFT] (Expert):
Q: Is SCCM fully supported with IPv6 ?
A: Yes
Miho Urabe [MSFT] (Expert):
Q: Will mof updates process be changed in 2007
A: yes, we are looking into proving the experience.
Ryan Anderson [MSFT] (Expert):
Q: Is SMS 2003 Toolkit 2 fully compatible with SCCM?
A: They will not be supported, but several of the tools still function. We should include most functionality of the toolkit with the product.
Dan Conley [MSFT] (Moderator):
Q: just like john asked With SCCM, is there a way to force quicker software deployments, rather than have to wait for the client to check in, etc?
A: No. like SMS, SCCM is still a "pull based" model, meaning clients pull their policy from the MP. The only way to make that happen more often is to change your policy retrieval interval, which will impact your performance and the number of clients you can support per management point.
Brent Dunsire [MSFT] (Expert):
Q: (Follow-up Q.) my connection was dropped, sorry if I missed the answer to this question already. Since the recommendation for deploying a failback site role with every primary site server, does that mean each primary site will have two physical servers?
A: Not quite, the FSP is designed to receive messages from clients that are unable to communicate with any other site role (eg. MP), these are essentially SOS messages from the client. This role is NOT a Site Server "Failback" server
Jeff [MSFT] (Expert):
Q: A couple of months ago it was still unsure if SCCM needed changes in order to successfully deploy Vista with SP1, so a path to support it was mentioned. Is this still the case, or will SCCM deploy Vista with SP1 out of the box?
A: Please ask the question in the OSD chat scheduled for July 10th
Dan Conley [MSFT] (Moderator):
Q: if you want to do internet client management your site roles have to be placed in a perimeter network but they still need to be placed on a AD member? Doesn’t that pose security issues? can bastion hosts been used with SSL and certificates to communicate
A: This is a great question for the Native Mode and Internet based Client Management Chat that will happen on July 24th.
Stan White [MSFT] (Expert):
Q: or just an added role to the primary site server itself?
A: You can use an FSP at a higher level if you do reporting there, or at each site. And yes you can combine roles such as FSP and SLP, etc.
Brent Dunsire [MSFT] (Expert):
Q: If you are using Windows XP SP2 BDP and your site hits the 10 connection ceiling, will mandatory packages fail (timeout) if they are pushed to a protected site client, or will they queue up and proceed when a connection becomes available?
A: Remember this is concurrent connections, not connections total. Clients will go into retry (same as they do for regular DPs) and then try another DP.
Stan White [MSFT] (Expert):
Q: If you have an SMS 2003 site and SCCM site coexisting in the same AD (the SMS 2003 site is NOT a child of the SCCM site), I'm assuming that you would NOW no longer be able to use SITECODE=AUTO in... you would have to set the SITECODE=<SCCM site code>.
A: AUTO will be unpredictable in overlapping boundaries no matter the site version. We recommend using a specific site code AND avoiding overlapping boundaries
Dan Conley [MSFT] (Moderator):
Q: Is there a 3rd party add-on for SMS to enable quicker software deployments?
A: Not that I am aware of, but this is a great question for the community newsgroup.
Dan Conley [MSFT] (Moderator):
Q: Will SQL mirroring been supported for high availability of the SCCM database ?
A: No. We will support SQL Failover clustering for high availability of the SQL Database.
Stan White [MSFT] (Expert):
Q: are there links or whitepaper that talk about FSP setup and design configuration that we could leverage
A: We cover that in the core documentation
Ryan Anderson [MSFT] (Expert):
Q: Will SQL mirroring been supported for high availability of the SCCM database?
A: We support the SQL database on a cluster, but we do not support SQL database mirroring
Stan White [MSFT] (Expert):
Q: are there any improvements or changes in the backup/recovery, system restore feature in SCCM from sms2003?
A: Yes. We leverage VSS such that the down time during backup is greatly minimized. We are also improving the repair wizard to recover new types of objects
Stan White [MSFT] (Expert):
Q: What roles will be "supported" for Windows Server 2008 in the RTM of SCCM
A: None at this time
Dan Conley [MSFT] (Moderator):
Thanks for attending this chat everyone. Don't forget to attend the other SCCM chats in the next few weeks (DCM, SUM, OSD and Native Mode/IBCM). You can find the full TechNet chat schedule here: https://www.microsoft.com/technet/community/chats/default.mspx