SCCM 2007 Desired Configuration Management (July 19, 2007)

  • Article

Chat Topic: SCCM 2007 Desired Configuration Management
Date: Thursday, July 19, 2007

**Please note:****Portions of this transcript have been edited for clarity

Experts:
Badri Narayanan, Jeffrey Sutherland, David Hoelschr, Brent Dunsire, Rick Duong , Dan Conley

Newsgroup:
https://connect.microsoft.com/messageboards/community.aspx?SiteID=16?
https://www.microsoft.com/technet/sms/2007/evaluate/default.mspx

Dan Conley [MSFT] (Moderator):
Hello everyone and welcome to the TechNet Chat on SCCM 2007 Desired Configuration Management feature. Today we have the DCM Feature team with us and available to answer your questions.

I would also like to give a special welcome to our MVP's that are also joining us!

When asking questions, please remember to ensure that the "expert" button is toggled so our experts can see and reply to your question.

Thanks,

-Dan-

Sart of Chat

Badri [MSFT] (Expert):
Q: I am getting an iexplore.exe error message - and then all open applications are shut down. Does anyone know what can be done to fix this problem? I am also getting a message from time to time saying that I am low on virtual memory.
A: does this happen when you are using DCM as part of SCCM 2007?

Rick Duong [MSFT] (Expert):
Q: In SMS 2003, I have to create a deep pyramid of collections in order to sort out various types of hardware to monitor with DCM. Will there be any logic in SCCM DCM that will allow me to collapse these collections?
A: In SCCM 2007, Collections will allow you to monitor compliance for DCM baselines. Thus you can create a collection to populate machines that are compliance for a baseline that you have created.

Badri [MSFT] (Expert):
Q: What is Desired Configuration Management feature (briefly please)?
A: Check out https://www.microsoft.com/technet/prodtechnol/sms/smsv4/smsv4_help/6ffe5c59-3858-49c5-83cb-16f63823187c.mspx?mfr=true for an overview of DCM and the features that it supports

Badri [MSFT] (Expert):
Q: What features are expected to be in the released SCCM 2007 DCM product set?
A: Check out https://www.microsoft.com/technet/prodtechnol/sms/smsv4/smsv4_help/6ffe5c59-3858-49c5-83cb-16f63823187c.mspx?mfr=true

Dan Conley [MSFT] (Moderator):
Q: BTW https://www.microsoft.com/technet/prodtechnol/sms/smsv4/smsv4_help/c8b54f1c-cb9c-4c78-a8fe-ee0da5d0b561.mspx has a link to "download SCCM Configuration Packs" -- link is https://go.microsoft.com/fwlink/?LinkID=71837 but it's not a public page. Help?
A: For now, the page isn't live, it will after product RTM. To get the beta version of the configuration packs you will need to log onto the https://connect.microsoft.com. The same places where you will go to get the RC1 build of SCCM.

Jeffrey [MSFT] (Expert):
Q: How will DCM in SCCM differ from the implementation in SMS 2003?
A: There are substantial differences between the DCM Solution Accelerator and DCM in 2007.

1. The authoring, scheduling and evaluation are all built in.
a. No need for a separate UI
b. CIs and baselines are assigned like any other object directly to collections
c. The evaluation engine is built in to the client agent
2. We use a new state messaging infrastructure for sending compliance data to the server (no dependency on Hardware Inventory)
3. We are now built on Service Modeling Language (SML), which means the solution is built on developing industry standard for modeling systems.
4. We have very rich type management allowing you to group configuration items together into configuration baselines as well as re-use configuration items through parent/child CIs.
5. Microsoft is focused on building a CI knowledge ecosystem where you will be able to find CIs authored by "experts" including Microsoft product teams and MSIT as well as links to other software vendors and solution providers who have built CIs

Badri [MSFT] (Expert):
Q: How will DCM interact with SCOM?
A: There is no native integration with SCOM yet. However DCM does raise compliance events (NT events in the event log) on various changes in the compliance state. SCOM rules can be created around these events.

Rick Duong [MSFT] (Expert):
Q: Will you be providing any examples of "how to create collections based on DCM audit failures" ? That would help!
A: There is documentation on how to create collections for both compliance and non-compliance computers in the baseline. Specifically, in the UI you can select the state of compliance or non-compliance for the collection you want to create.

Jeffrey [MSFT] (Expert):
Q: Which DCM templates are you planning on shipping with SCCM 2007 RTM?
A: We are working to provide configuration items for a number of Microsoft products, including:

Microsoft IT best practices for:
SQL 2000
SQL 2005
Exchange 2003
Exchange 2007
Windows Server 2003 AD, DNS, DHCP, WINS
SharePoint 2003
SharePoint 2007

And best practices from Microsoft product teams for:
ConfigMgr
Operations Manager
Virtual Machine Manager
SharePoint
SQL 2005

Badri [MSFT] (Expert):
Q: Follow up on Q10: Will I have to custom create these or will these be picked up by the SCCM MP?
A: No. These will have to be custom created. We're hoping that creating this will be a community effort and once created can be shared between the community

Jeffrey [MSFT] (Expert):
Q: Will there be templates for NIST or SOX standards provided?
A: Microsoft is working with a company named Braebion to develop a set of configuration items and baselines to aid in regulatory compliance. Stay tuned for future announcements on this effort.

Jeffrey [MSFT] (Expert):
Q: Which DCM templates are you planning on shipping with SCCM 2007 RTM?
A: I forgot to mention that we are carrying-forward/re-imagining our vulnerability assessment scan tool that shipped in SMS 2003 R2 as DCM configuration items for SCCM 2007.

Jeffrey [MSFT] (Expert):
Q: What is the value add for companies that have invested heavily in OpsMgr (and Q6's management packs) to deploy DCM with SCCM?
A: I'm not familiar with the Q6 management packs. However, DCM and SCOM have a number of complementary features which will enable rich, better-together solutions. As mentioned by Badri in an earlier answer, DCM will raise Windows events that can be captured by SCOM management packs. DCM also provides scalability for large IT organizations which enable configuration monitoring of desktops. Finally, DCM can be used in concert with other features of SCCM to automate full end-to-end configuration management.

Badri [MSFT] (Expert):
Q: What's the relationship between the scheduling of the DCM client agent and the State message reporting cycle in the Computer Client Agent?
A: The DCM client agent evaluates compliance on schedules configured by an administrator. The result of the compliance is reported in state message. State messages are also generated by other agents in SCCM client. These state messages are stored on the client and then forwarded to the server. The state message reporting cycle determines how frequently this forwarding happens

Badri [MSFT] (Expert):
Q: What's the relationship between the scheduling of the DCM client agent and the State message reporting cycle in the Computer Client Agent?
A: From a performance point of view on the server, it is better to process state messages in bulk. Therefore the larger the reporting cycle, the more messages are batched together and the more efficient the server processing. However this will add latency to your data availability on the server and reports

Dan Conley [MSFT] (Moderator):
Is anyone currently using the DCM Solution for SMS 2003? If you are, have you authored your own Configuration Items (formally known as DCM templates)?

David Hoelschr[MSFT] (Expert):
Q: For each of the DCM templates released, will there be corresponding SCCM 2007 web reports to measure & report on compliance with the template?
A: There is a standard set of web reports that detail the compliance of any DCM baseline or configuration item. There are currently no plans to provide reports that apply to a specific baseline or configuration item.

Jeffrey [MSFT] (Expert):
Q: I am trying to use DCM 2003 for NIC settings compliance.
A: We are developing a tool to enable conversion from the DCM Solution XML to DCM 2007 configuration items. If you'd be willing to share your DCM Solution XML with me, I'd be interested to use it as part of our conversion tool testing and validation. If you are so willing, can you send me a private message?

Badri [MSFT] (Expert):
Q: How should we pursue tuning the state message reporting to optimize availability with acceptable performance levels?
A: The defaults that we have (along with the right hardware) should work well with client populations of around 200K.

Badri [MSFT] (Expert):
Q: Q15 - Follow-up, that should not be too difficult for us to create a new report for a specific baseline as needed though, correct? In other words, this info will be exposed in Views?
A: We do have views that expose compliance data for baselines, configuration items etc. So yes it should be possible to create custom reports

Jeffrey [MSFT] (Expert):
Q: what is the timeframe for implementing DCM set functionality to correct out of compliance systems? what are the challenges with this today?
A: With SCCM 2007, you can combine DCM with other features (e.g. software distribution) by building query-based collections from DCM compliance results and targeting programs to the collection. We are investigating how to natively extend DCM into the area of "Set" in future releases.

Jeffrey [MSFT] (Expert):
Q: I've worked with the earliest version of the SMS 2003 release to make (or, try to make!) templates in that environment...
A: Thanks Ed. Have you had a chance to try out the authoring experience in DCM 2007 beta 2? Any better success?

Dan Conley [MSFT] (Moderator):
Thanks for attending everyone! Please don't forget we have another SCCM chat on Native Mode and Internet Based Client Management next week on the 24th. You can see the full chat schedule here: https://www.microsoft.com/communities/chats/default.mspx