Planning Site Boundaries and Roaming Boundaries

  • Article

Because the boundaries of an SMS site are defined by IP subnet or Active Directory site name, most SMS sites are mapped to your physical network topology.

Planning site boundaries involves deciding which resources and subnets to include in each site. Each SMS client is assigned to a single SMS site. Legacy Clients must exist within the site boundaries as defined. If this condition is not met, the Legacy Client software might be removed from client computers. Advanced Clients, however, are explicitly assigned to a site according to the site code. This assignment is independent of site boundaries. Multisite client assignments are not supported in SMS 2003.

One method of gathering information about resources in your organization is to initiate discovery in SMS without initiating client installation. For more information, see the "Initiating Discovery Without Initiating Client Installation" section in Chapter 10, "Planning Your SMS Deployment and Configuration."

On This Page

Supernetting
Site-wide Settings
Roaming Boundaries for Advanced Clients
Client Management Needs
Active Directory Considerations
Windows NT Domain Requirements
Naming SMS Sites

Supernetting

Classless interdomain routing (CIDR) uses a single IP address to designate many unique IP addresses. CIDR is also called supernetting. Supernetted IP subnets are not supported as SMS 2003 site boundaries. To take advantage of any subnet grouping technologies in SMS, such as supernetting, you must use Active Directory site names for your site boundaries instead of IP subnets. For information about supernetting, see the Windows 2000 Resource Kit.

The subnets included in your site boundaries should be connected with reliable links so that all resources in the site have a fast connection to all other site resources. As a rule, if two subnets are separated by a slow link, do not include them both in the same site. Instead, create a separate SMS site at each physical location. If the physical location contains many users, contains users with very different needs, or has more than one group manages the computers, you might split a single physical location into more than one SMS site.

Computers must be members of a domain to be included in SMS site boundaries. Workgroup computers are not supported in SMS.

Because site boundaries generally reflect the layout of your enterprise, use the network diagram you created in the pre-planning phase when considering where to set your site boundaries. Your diagram identifies the number and types of users on each local area network (LAN) and WAN. Evaluate how to build the existing subnets into the separate sites based on link speed. Also, consider the location of the domains in your site, because you can enable resource discovery by domain, which is a reliable way to find all computers while using little overhead.

If a client is located within the site boundaries or roaming boundaries of its assigned site, it accesses available software package files locally. Otherwise, the client accesses the content as if it were remotely connected (that is, using the download and run method of software installation instead of run from network method). For more information, see the "Roaming Boundaries for Advanced Clients" section later in this chapter.

Site-wide Settings

When you plan your site boundaries, consider the fact that the site settings you configure for client agents, components, discovery methods, installation methods, and other features apply to all of the clients you assign to that site.

Note:

  • In some cases, you might want some clients within a site to have configurations that are different from other clients in the site. For example, you might want the Remote Tools Agent to require user permission on desktop computers only and not on your servers. With an Active Directory Group Policy or registry modification, the user permission setting can be overridden for the servers in your site. For more information, see the "Clients with Special Configurations" section in Chapter 4, "Understanding SMS Clients."

Roaming Boundaries for Advanced Clients

Roaming boundary planning is an important component of site design because the roaming boundaries you specify designate how software is distributed to Advanced Clients.

SMS site boundaries determine which resources the SMS site manages. Roaming boundaries enable SMS software distribution to Advanced Clients. For this reason, plan to define roaming boundaries in SMS sites where Advanced Clients need to access advertised programs. Roaming boundaries are also used in the site assignment of Advanced Clients and to configure protected distribution points.

If a client roams to a location that has no roaming boundaries defined, that client reverts to its assigned site's management point and distribution point. In this scenario, the client treats the distribution point as a remote distribution point.

Avoid creating overlapping roaming boundaries. If an Advanced Client is within the roaming boundaries of more than one site, the client might not communicate with the correct site.

Important:

  • In an Active Directory environment, each SMS site server publishes its list of roaming boundaries in Active Directory. To obtain the full benefits of Advanced Client roaming, you must have Active Directory deployed - and the Active Directory schema extended for SMS - in your site. This allows your Advanced Clients to perform global roaming. In the absence of Active Directory, your SMS clients are limited to regional roaming. For more information about roaming, see Chapter 2, "Understanding SMS Sites," and Chapter 4, "Understanding SMS Clients."

When you plan your site and hierarchy design, it is important to understand how roaming boundaries differ from site boundaries:

  • Site boundaries are composed of IP subnets and/or Active Directory site names and define which resources the site manages.

  • Roaming boundaries are used by Advanced Clients to access distribution points that can provide them with advertised software packages.

  • Roaming boundaries are similar to SMS site boundaries because they can be defined by IP subnets and Active Directory sites. However, you can also use IP address ranges to define roaming boundaries. This is beneficial to SMS clients that connect to the network by way of remote access or a virtual private network.

  • By default, site boundaries are included in the site's roaming boundaries.

For more information about site boundaries and roaming boundaries, see Chapter 2, "Understanding SMS Sites."

Note:

  • When determining your site boundaries, consider the location of your client access points (CAPs), distribution points, management points, and server locator point relative to the clients that will use them. Be sure that stationary clients can access these site systems using fast, reliable links. For information about creating CAPs, distribution points, management points, and server locator points as site systems, see the "Assigning Site System Roles" section later in this chapter.

Client Management Needs

When designing your SMS hierarchy, remember client management needs, because you will use SMS to service and manage client computers. SMS clients interact with the following SMS servers:

  • Client access points

  • Management points

  • Distribution points

  • Server locator points

You must establish management points for site communications with Advanced Clients and CAPs for site communications with Legacy Clients. You can also include a server locator point in your hierarchy design to help clients find CAPs. Consider using a server locator point for determining assigned site codes for Advanced Clients if Active Directory is not enabled. Install the server locator point only in a primary site. Plan to make distribution points available to your sites for storing software packages to be distributed to clients.

It is recommended that you do not deploy clients to locations that do not have locally available site servers, CAPs (for Legacy Clients only), and distribution points. SMS requires a fast, reliable link for all processes that interact between CAPs, distribution points, and site servers. Customers who must deploy a small number of SMS clients in a site without a local site server must understand the performance risks involved.

Number of clients assigned to an SMS site

There are several different factors that affect the maximum number of clients that can be managed by a site. These include SMS site server hardware specifications, site server load signatures, and the number and types of SMS features enabled. Scheduled intervals for SMS tasks to be performed on clients (such as inventory and software distribution and the amount of inventory that you configure SMS to collect) are also factors.

For information about determining the number of clients you can assign to one SMS site, see Chapter 9, "Capacity Planning for SMS Component Servers."

Client types

The type of client you install in each site affects the location of your CAPs and management points.

Advanced Client The Advanced Client is the preferred SMS 2003 client. It is designed for computers running Windows 2000 and later. Deploy the Advanced Client where possible. Some considerations for the Advanced Client when designing your sites are as follows:

  • If you have Advanced Clients reporting to a site, you must make a management point available to those clients.

  • Advanced Clients are assigned to primary sites, not to secondary sites.

  • An Advanced Client is assigned to only one site.

  • For regional roaming, the Advanced Client benefits from the use of local distribution points, even if the client is not assigned to the local site. However, in the case of global roaming, the client can use only local distribution points, which requires Active Directory. Be aware of limitations across forests and other considerations, which are described later in this chapter.

  • In particular, the Background Intelligent Transfer Service (BITS)-enabled transfer of packages, transfer of inventory, and updates of clients mean that software distribution and client upgrades do not have an adverse effect on the clients at remote locations.

  • With BITS enabled, the Advanced Client is able to send and receive files in any situation in which an HTTP link can be established. This includes using a virtual private network. Also, BITS can handle priority requests. For example, if BITS has started transferring a large Microsoft Office XP package, but SMS generates a delta inventory, the inventory momentarily interrupts the package download so that it can be uploaded.

  • The use of the Advanced Client through a proxy server that performs network address translation is not supported.

  • If Active Directory is not available, or if you do not plan to extend the Active Directory schema for SMS, establish a server locator point at a primary site in your hierarchy. This enables your Advanced Clients to use automatic site assignment.

Figure 8.3 shows two Advanced Client laptops traveling away from their assigned site servers in Chicago and New York to Milan. Note that these laptops still communicate with the management points at their assigned sites, but they receive software distributions from the local SMS site.

Figure 8.3 Legacy Client and Advanced Client management with management points and client access points

cpig_008_002c

Legacy Client The Legacy Client is designed for computers that are required to run Microsoft Windows NT® 4.0 or Microsoft Windows 98. Some site design considerations are as follows:

  • Because Legacy Clients are managed by CAPs, you must plan to install a CAP in each site that has Legacy Clients.

  • You can install a server locator point at a primary site in the hierarchy to help your Legacy Clients locate CAPs.

Common client activity cycles

Most client activity depends on the SMS components you enable and the intervals of time you set for running those components. As a result, the impact of client activity generated by SMS can vary greatly.

When designing your sites, take into consideration the following feature-related client activity cycles:

  • Heartbeat Discovery

  • Hardware and software inventory

  • Polling for new advertisements (software distribution)

  • Running an advertisement (software distribution)

  • Status reporting, configuration verification, and client software updating

For an overview of SMS client activity cycles and how your clients are affected by the values you set, see Chapter 4, "Understanding SMS Clients."

Active Directory Considerations

Because Active Directory sites are based on physical network segments, the recommended method of defining your SMS site boundaries is to base them on your Active Directory sites. This allows SMS administrators to split or combine IP boundaries based on logical, not physical, criteria. One advantage to using Active Directory sites as SMS sites is that subnet changes or additions made within an Active Directory site do not require additional configuration in SMS 2003. Subnet changes are automatically reflected within your Active Directory site boundaries for SMS. Remember that Active Directory discovery methods can only be used to discover clients whose site boundaries are defined by Active Directory site names.

Be aware that a single SMS site cannot span multiple Active Directory forests, although it can span multiple domains within a single forest. All SMS site systems must be in the same Active Directory forest as the SMS site server. For general information about multiple forest considerations, download the white paper at https://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/mtfstwp.mspx. Be aware of limitations across forests and considerations in the following areas when you design your SMS hierarchy:

  • Communications within an SMS site

  • Site-to-site communications

  • Client communications

  • Secure key exchange

Communications within an SMS site

Communication between an SMS site server and its site systems is not supported across forests. This includes communications between the SMS site server to the SMS site database server. Plan your hierarchy design so that all SMS site servers, including the SMS site database server, and all site systems and SMS clients are within the same forest.

Site-to-site communications

Site-to-site communications have limitations across forests. A child primary site in one forest can attach to a parent in a different forest. A child secondary site cannot attach to a parent in a different forest. Data is sent up the hierarchy from a child primary site to its parent site. For site-to-site communications to work, the SMS addresses at the sending site must have access to the receiving site and vice-versa. If one or more of the forests is running in Windows 2000 Active Directory mixed mode or if Windows Server 2003 Active Directory is using the interim domain functional level, you must specify user accounts as addresses for site-to-site communications to work.

Windows Server 2003 and site communications

Communications across forests work in SMS if the following conditions are met:

  • You are using the Microsoft Windows Server(tm) 2003 family

  • The forest functional level is set to Windows Server 2003

  • SMS is running in advanced security mode

  • The forests are configured with a transitive trust

The forest functional level can be set to Windows Server 2003 only if all of your domain controllers are running an operating system in the Windows Server 2003 family. If the forest functional level is set to Windows Server 2003, then creating additional accounts is not required for SMS site-to-site communications to work. For more information about forest functional levels, see the Windows Server 2003 family documentation.

Client roaming across Active Directory forests

Without Active Directory, client roaming is limited to regional roaming (roaming to lower level sites in the SMS hierarchy). With Active Directory, Advanced Clients can perform global roaming within the forest of their assigned site (roaming to higher level sites or sibling sites across the hierarchy).

If the SMS hierarchy is distributed among multiple Active Directory forests, the Advanced Client cannot roam outside the forest that contains the client's assigned site unless WINS is enabled. In this scenario, WINS is required for the client to locate the resident management point. If WINS is enabled, roaming Advanced Clients are able to communicate with resident management points to receive distribution point location information. For information about roaming, see Chapter 2, "Understanding SMS Sites."

Secure key exchange

Another limitation across forests is that there is no secure key exchange by way of Active Directory across forests. For more information about domain trusts, forest trusts, and key exchange, see Chapter 5, "Understanding SMS Security."

Windows NT Domain Requirements

If you plan to have SMS 2003 sites in Windows NT 4.0 domains in your environment, be sure that all of the SMS components are contained within a Windows NT domain and WINS is enabled for the domain. Although an SMS site cannot be distributed among multiple Windows NT domains, the SMS hierarchy can. The support for SMS in Windows NT domains is similar to that of Active Directory forests. Global roaming, however, is not supported across Windows NT domains. Regional roaming requires WINS.

Naming SMS Sites

It is a good practice to develop a logical site code and naming convention strategy. With consistent naming conventions, administrators can use the site codes to locate the parent-child relationships within the hierarchy. This is also useful for support and recovery issues. Do not use the same SMS site code in more than one location in your enterprise.

Important:

  • SMS site codes cannot be changed after they are created. Be sure to carefully plan your site codes and site names before deploying the SMS hierarchy. It is important to follow your organization's naming convention policy when designing your SMS hierarchy. You should avoid using extended characters in site code names.

If you are using Active Directory, your Active Directory site names must use only valid characters. The Active Directory naming convention requires that Active Directory site names are legal Domain Name System (DNS) names. Otherwise, SMS will not recognize those Active Directory sites. Only use the standard characters A-Z, a-z, 0-9, and the hyphen (-) in site names. For more information about creating Active Directory sites, see the Windows 2000 Server Deployment Planning Guide.

Important:

  • Do not use MS-DOS directory names that are not valid for your SMS site codes, such as AUX, PRN, NUL, or CON. Although you might not encounter problems during the SMS site installation, you can experience problems later if the SMS site code is used as a folder name.
For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.