System Center
Deploy Apps and Updates to Your Branch Offices
Steve Rachui
At a Glance:
- Configuring a branch distribution point
- All about boundaries
- Three approaches to provisioning data
Microsoft is set to release its next-generation solution for systems management. Formerly known as Systems Management Server (SMS), the new System Center Configuration Manager 2007
has a good number of new features that are sure to impress. One of these handy features is the branch distribution point (BDP), a new type of distribution point that is specifically designed to meet the needs of small or distributed office settings. At first glance, and compared to other new features, the BDP may appear to be just a minor addition, but don't overlook this feature too quickly.
With previous versions of SMS, server systems were the only supported platforms for hosting distribution points. As a result of this, administrators who needed to provide service to branch offices, which often lack local servers and communicate via slower WAN links, struggled to design and put together an infrastructure that would allow timely and efficient software distribution. This scenario is exactly the need the BDP is designed to address.
The BDP, which is designed to operate on both workstation and server-class systems, is a component made available, though not enabled by default, on every Configuration Manager 2007 client. While every Configuration Manager 2007 client has the code necessary to operate as a BDP, not every client should be configured as such.
Setting Up a BDP
Activating the BDP function on a client is basically the same as configuring any server-based distribution point. You start by configuring a client as a new site system (as shown in Figure 1) and then indicate that it is a branch distribution point (as in Figure 2). This configuration causes the BDP to be listed as an available distribution point for packages, software updates, Operating System Deployment (OSD) images, and so on. Policy will be prepared by the site server and targeted to the selected client that will turn on the BDP function. Once this policy is downloaded, the client will begin acting as a BDP.
.gif)
Figure 1 Configure client as a new site system
.gif)
Figure 2 Configure site system as a branch distribution point
A BDP, or any site system, can be configured to service a particular boundary (formerly called site boundaries in SMS 2003) or a group of boundaries, or it can be configured to operate without being boundary-specific. Boundaries in Configuration Manager 2007 are generally defined by IP subnet or Active Directory® site.
To configure a BDP to service a particular set of boundaries, select the "Enable this site system as a protected site system" option on the site system configuration window and then specify the boundaries that should be served, as shown in Figure 1. Note that this is a required step if you are planning to use the BDP for on-demand content provisioning (which I'll describe in a moment). If this step is omitted, the BDP will essentially function as any standard distribution point.
About Boundaries
Protected boundaries on a BDP only serve to define which clients are able to access content on the BDP; they do not play a role in determining which standard distribution point a BDP can access to download the content it needs. Suppose, for example, there is an environment with a BDP installed on Boundary A. Now suppose that Boundary B contains the only standard distribution point using the Background Intelligent Transfer Service (BITS), and this distribution point is configured to serve only clients in Boundary B. When the BDP attempts to download content, will it succeed? According to the expected rules of protected boundaries, you might think that it would fail. However, in this scenario, the download would succeed, for BDP downloads do not honor any protected boundaries that have been configured on standard distribution points.
BDPs also provide a great deal of flexibility. It is possible to enable a single BDP per branch office location or, if necessary, enable multiple BDPs within a single branch office (boundary). When multiple BDPs are configured to service the same boundaries, they work together somewhat like load balancing to provide content to the clients within those boundaries.
Provisioning Data
Once enabled, a BDP can obtain the content it needs in three different ways: administrator provisioned, on-demand provisioned, and manually provisioned. Regardless of which method you use to obtain content, at least one standard distribution point that is BITS-enabled must be available and provisioned with the content that the BDP will receive. Let's take a look at the three methods that can be used to obtain content.
Administrator Provisioned This is the familiar method of staging content on a distribution point. Using this approach requires an administrator to manually select the BDP as a distribution point. Doing so will cause a policy to be prepared alerting the BDP to download the content being provisioned from a standard BITS-enabled distribution point within the same site during the next policy update cycle.
On-Demand Provisioned This is a new method of staging content and is specific to the BDP. This approach allows content to be downloaded on demand to the BDP when requested by a client. The administrator does not take action to provision the content onto the BDP—meaning the BDP is not selected as a distribution point within the packages node. On-demand provisioning will effectively cause the BDP to be selected as a distribution point when the request for content is made. This happens behind the scenes and is automatic.
On-demand provisioning can only take place if the package is configured to support this option (see Figure 3) and the BDP is protected to ensure that the clients requesting the content are only able to access the BDP and cannot access any standard distribution points that have the content. Note that if multiple BDPs are configured within the same protected boundaries, an on-demand provisioning request to one will result in content being provisioned to all.
.gif)
Figure 3 Enabling
on-demand distribution
of a package
Manually Provisioned As its name implies, this method of staging content requires manual action from the administrator. The package must be configured to indicate that the content will be transferred manually, as shown in Figure 3. The content must then be manually copied to the BDP into the packages folder using a directory structure that would be expected for a typical package.
The BDP will recognize the new package and make it available to requesting clients. Because this method allows content to be transferred to the BDP using removable media, this method is ideal for environments with limited bandwidth between the standard distribution point and the BDP.
You can configure a BDP to store downloaded content on a particular partition; if no partition is specified, the BDP will automatically choose a partition to use. When content is configured to be staged on a BDP or when an on-demand request is processed, the target content is not immediately available on the BDP. Rather, policy is prepared to alert the BDP that content is available for download. At the next policy cycle, the BDP will receive the policy and initiate a BITS download of the content. You can use Group Policy to control with great precision the bandwidth that is used and the schedule for BITS downloads. Note that the distribution point share on the BDP looks just like the share on a standard distribution point—which means the content is not encrypted.
The Right Setup for Your Organization
As mentioned, the BDP role was created for the branch office and is fully functional on workstation systems. However, it's also possible to operate a BDP on a server-class system. The underlying OS will have an impact on the number of connections that can be made to the BDP. Workstations have a limit of 10 simultaneous connections, while servers are not bound by this limit. Thus, depending on the number of simultaneous connections you need to support, you may want to use a server system—or perhaps multiple workstation systems within the branch office. Regardless of the platform you use, there still must be at least one BITS-enabled standard distribution point with the content being requested.
However your infrastructure is configured, the BDP will give you much more control over the flow of software distribution throughout any organization. Built-in support for BITS, which allows for throttling and scheduling of downloads, offers a key advantage for administrators that require more granular control and predictability.
Steve Rachui is a Manageability Support Escalation Engineer in the Product Support Services group at Microsoft. He has supported SMS since version 1.2. Steve can be reached at steverac@microsoft.com.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.