Roaming and Roaming Boundaries
Some SMS Advanced Client computers are mobile, moving from one network segment to another. For example, roaming occurs when you remove a laptop from its network connection at work and plug it into a dial-up connection (or other Internet service provider connection) in your home or elsewhere. Roaming also occurs when you unplug your laptop from its network connection in your office, walk down the hallway to a conference room, and connect the laptop to your organization's wireless network using a wireless network card.
Roaming is the ability to move a computer running the SMS Advanced Client from one IP subnet or Active Directory site to another. Roaming always involves an IP address change on the client.
Advanced Clients configured for auto-assignment are assigned to SMS sites based on the site's roaming boundary configuration. You can also manually assign the Advanced Client to an SMS site, regardless of boundaries.
Using roaming boundaries, an SMS Advanced Client computer can move from one location to another in the organization and still be managed by SMS. Even when a client computer roams, it might need to receive software packages from SMS. Roaming boundaries enable SMS to provide software distribution to roaming Advanced Clients. Roaming boundaries are also used to configure protected distribution points. Access to a protected distribution point is restricted to only Advanced Clients that are in a specified set of boundaries configured by the SMS administrator.
Roaming boundaries are specified by IP subnet, IP address range, and/or Active Directory site name. An SMS site's roaming boundary configuration controls Advanced Client access to its distribution points. By default, SMS site boundaries are also configured as local roaming boundaries.
Important:
- Do not configure roaming boundaries to overlap one another. If an Advanced Client is within the roaming boundaries of more than one SMS site, the client might not communicate with the correct site. If a client roams to a location that has no roaming boundaries defined, then that client reverts to its assigned site's management point and distribution point. In this scenario, the client treats the distribution point as a remote distribution point. For more information about remote distribution points, see the "How roaming works for software distribution" section later in this chapter.
Management points and roaming Advanced Clients
To understand how Advanced Clients interact with management points while roaming, you should be familiar with the following terms:
Assigned management point The default management point of the site that the Advanced Client is assigned to. Client data (including status, hardware inventory, and software inventory) is always sent to the assigned management point unless a proxy management point is available.
Resident management point The default management point for the roaming boundaries of the site where the Advanced Client is currently located, whether the client is roaming. When the client is in its assigned site, the site default management point is the client's resident management point. As the client roams, the management point it uses as its resident management point is dependent on the roaming boundaries the client is in.
Proxy management point A secondary site management point that is servicing the Advanced Clients that are in its roaming boundaries and are assigned to its parent primary site.
The Advanced Client sends package source location requests to its resident management point. All other requests and data, including Advanced Client policy requests, inventory data, and status messages, are sent to the proxy management point if one exists or to the assigned management point if a proxy management point does not exist. Except for Advanced Client policy, all messages passed between the management point and the Advanced Client are compressed.
The proxy management point passes inventory data and status messages to the secondary site server. The secondary site server then replicates the data to the primary site. Because the senders throttle site-to-site communications, this proxy method increases bandwidth usage efficiency. For Advanced Client policy and package source location requests, the proxy management point bypasses the secondary site sender and directly accesses the SMS site database or a replicated SQL Server database.
For more information about proxy management points, see the "Management points at secondary sites" section in Chapter 8, "Designing Your SMS Sites and Hierarchy."
Note:
- To reduce network traffic to the SMS site database server, implement SQL Server database replication. For more information, see the "Planning for SQL Server Database Replication" section in Chapter 10, "Planning Your SMS Deployment and Configuration."
How roaming works for software distribution
Advanced Clients are assigned only to primary sites, not to secondary sites. When an Advanced Client needs access to an advertised program, it uses Active Directory to locate its resident management point. If the client is still in its assigned site, then its assigned management point serves as its resident management point. The client sends package source location requests to the resident management point. The resident management point determines which distribution points are available to the client. It also determines whether the distribution points are in the local roaming boundaries or remote roaming boundaries of the site associated with the roaming boundary the client is in. This location helps determine how the Advanced Client accesses the distribution points in that site. For more information about local and remote roaming boundaries, see the "Roaming to local roaming boundaries and remote roaming boundaries" section later in this chapter.
The other determining factor for how Advanced Clients access advertised programs on distribution points in roaming boundaries is how the program advertisement is configured. When the Advanced Client receives a program advertisement, and a distribution point is available locally to the client (that is, the client is in a local roaming boundary), the Advanced Client performs one of the following actions:
Runs the package directly from the distribution point
Downloads the package before running it
When the Advanced Client receives a program advertisement, and a distribution point is not available locally to the client (that is, the client is in a remote roaming boundary), the Advanced Client performs one of the following actions:
Does not run
Downloads from a remote distribution point before running
Runs directly from a remote distribution point
If the SMS package is not available in the site associated with the roaming boundaries that the client is in, the client reverts to its assigned site to make a package source location request to its assigned management point. The management point then provides the locations of the distribution points that are available. If the package source files are available locally, but are not accessible, the client does not revert to its assigned site. This functionality protects the WAN from unplanned traffic if a distribution point fails. If the package is available and the advertisement is configured to download before running, the client downloads the package in its entirety before running the package.
Roaming to local roaming boundaries and remote roaming boundaries
When configuring roaming boundaries, the SMS administrator specifies whether a roaming boundary is a local roaming boundary or a remote roaming boundary. This determines whether the Advanced Client treats distribution points in the site as being locally available for each roaming boundary that is configured.
For example, you might want SMS clients in one roaming boundary to download SMS packages before installing them. In other roaming boundaries, you might want SMS clients to run the package installation program over the network. The latter scenario is more common if the client is well-connected to the SMS site associated with the roaming boundaries in which it resides. The terms local and remote are designed to be used by the SMS administrator as a way to label well-connected and not well-connected network segments, respectively. If the SMS administrator defines the roaming boundaries in this way, then the following definitions apply:
Local roaming boundary A roaming boundary in which the site distribution points are locally available to the Advanced Client and software packages are available to that client over a well-connected link. Advertisements sent to Advanced Clients specify whether the Advanced Client downloads the package source files from the locally available distribution point before running the program.
Remote roaming boundary A roaming boundary in which the site distribution points are not locally available to the Advanced Client. Advertisements sent to Advanced Clients specify whether the client downloads the software program from a remote distribution before running it, runs the package from a remote distribution point, or does nothing and waits until a distribution point becomes available locally.
Note:
A distribution point in remote roaming boundaries is considered to be not locally available to the client. In other words, the distribution point is a remote distribution point. If you configure your remote roaming boundaries to include network segments that are not well-connected to the SMS site, then the distribution point is truly remote to the Advanced Client in physical proximity.
A client can roam to a nearby site and still be within the remote roaming boundaries of that site. In this case, the client treats the distribution points of that site as remote distribution points. Although the client is using the closest physically located distribution points, it does not treat them as locally available distribution points.
In a local roaming boundary, if the client is well-connected to the distribution point, but BITS is not enabled on the distribution point, SMS packages are downloaded directly using server message block (SMB). If the distribution point is BITS-enabled, clients download programs in a throttled manner and use checkpoint restart to automatically recover from network communication errors. BITS is more efficient than SMB even in an environment where network connectivity is reliable and fast, such as with local area network (LAN) speeds of 10 Mbps or greater.
If the Advanced Client is not located in any roaming boundaries, it reverts to its assigned site for Advanced Client policy and all other site communications. In this case, the client is still able to access package files, but it receives them from a remote distribution point, using BITS to download packages efficiently. Or, if the distribution points of the site are considered remote to the client's location, but a BITS-enabled distribution point cannot be located, then the package files are downloaded using SMB.
Roaming scenarios
Figures 2.3 and 2.4 illustrate a few potential regional and global roaming scenarios in an SMS 2003 hierarchy. Each figure is accompanied by a table that describes the Advanced Client's roaming path and which management point and distribution points that the client communicates with in each scenario.
Regional roaming (with WINS) Figure 2.3 illustrates different Advanced Clients that are assigned to primary site A00 and primary site B00, and that roam to various lower level primary and secondary sites. Some of the sites that they roam to are configured for roaming boundaries.
Figure 2.3 Regional roaming
.gif "cpig_002_003c")
Table 2.1 shows which management point and distribution points that each client uses in each regional roaming scenario depicted in Figure 2.3:
Client A1 roams into the site boundaries of secondary site C00 where no roaming boundaries are defined.
Client A2 roams into the site boundaries (also the local roaming boundaries) of primary site B00. Later, client A2 dials up a remote access server (RAS) in the remote roaming boundaries of site B00.
Client A3 roams into the local roaming boundaries of secondary site D00.
Client B1 roams into the site boundaries (also the local roaming boundaries) of secondary site D00.
Table 2.1 Regional Roaming Scenarios Depicted in Figure 2.3
Client |
Location where the client roams and the type of roaming boundary |
Which management point the client uses and the type of management point |
Which distribution points can deliver available software content to the client and their availability |
|---|---|---|---|
A1 |
Site boundaries of secondary site C00, which has no roaming boundaries |
Reverts to management point A (assigned, resident) |
Reverts to distribution point A (remote) |
A2 |
Site boundaries (enabled as local roaming boundaries) of primary site B00 |
Management point B (resident) |
Distribution point B (locally available) Or, reverts to distribution point A (remote) |
A2 |
Remote roaming boundaries of primary site B00 |
Management point B (resident) |
Distribution point B (remote) Or, reverts to distribution point A (remote) |
A3 |
Site boundaries (also the local roaming boundaries) of secondary site D00 |
Management point D (resident) |
Distribution point D (locally available) Or, reverts to distribution point A (remote) |
B1 |
Site boundaries (also the local roaming boundaries) of secondary site D00 |
Management point D (proxy, resident) |
Distribution point D (locally available) Or, reverts to distribution point B (remote) |
Global roaming (with Active Directory) Figure 2.4 illustrates three different clients that are assigned to different primary and secondary sites in the hierarchy and that roam to various lower level and higher level primary and secondary sites and to sites in another hierarchy branch.
Figure 2.4 Global roaming
.gif "cpig_002_004c")
Table 2.2 shows which management point and distribution points each client uses in each global roaming scenario depicted in Figure 2.4:
Client G1 roams up the hierarchy into the site boundaries (also the local roaming boundaries) of primary site E00.
Client G2 logs on to the wireless LAN in the remote roaming boundaries of primary site F00.
Client G3 roams into the site boundaries (also the local roaming boundaries) of secondary site H00.
Table 2.2 Global Roaming Scenarios Depicted in Figure 2.4
Client |
Location where the client roams and the type of roaming boundary |
Which management point the client uses and the type of management point |
Which distribution points can deliver available software content to the client and their availability |
|---|---|---|---|
G1 |
Site boundaries (enabled as local roaming boundaries) of primary site E00 |
Management point E (resident) |
Distribution point E (locally available) Or, reverts to distribution point G (remote) |
G2 |
Remote roaming boundaries of primary site F00 |
Management point F (resident) |
Protected distribution point F (locally available) Or, reverts to distribution point G (remote) |
G3 |
Site boundaries (also the local roaming boundaries) of secondary site H00 |
Management point F (resident) because, in the absence of a management point at H00, the roaming boundaries at H00 are an extension of the roaming boundaries of F00 |
Distribution point F (remote) |
Using protected distribution points
If there is a WAN connection between SMS site servers, the SMS administrator must be aware of and carefully consider bandwidth usage. By default, Advanced Clients choose a distribution point at random from the list of available distribution points provided by the resident management point when making package source file requests. To restrict access to a distribution point that is across a slow or unreliable network link, enable it as a protected distribution point. By doing so, Advanced Clients that are outside of the protected distribution point's specially configured boundaries will not attempt to download or run software packages from the protected distribution point. This is beneficial at remote locations, where a small number of SMS clients and a distribution point are connected to the primary site by a WAN.
Package source file requests and protected distribution points
To download or run a package program, the client sends a package source file request to its resident management point. If the client is in a set of boundaries that are configured for a protected distribution point, the management point provides the client with a list of distribution point locations that contain the requested package source files. If the client is outside of the boundaries configured for a protected distribution point, then the management point does not provide the protected distribution point to the client as a source file location.
The protected distribution point excludes Advanced Clients outside of its specially configured boundaries from downloading or running advertised packages from it.
If configured properly, protected distribution points ensure that Advanced Clients that are well-connected to an SMS site do not download packages from a distribution point located across a WAN link.
For example, you might have a primary site in your main office and a secondary site at a remote office. The secondary site boundaries are enabled as local roaming boundaries. You designate a protected distribution point at the remote office and include the site boundaries in the protected distribution point configuration. Only Advanced Clients that are in the boundaries of the protected distribution point use the protected distribution point to download or run package programs. These clients avoid using the parent primary site distribution point, unless the advertised package is not available at the protected distribution point. This can occur if you inadvertently send an advertisement to clients in the protected distribution point's boundaries before the package source files are copied to the protected distribution point. Similarly, Advanced Clients in the primary site do not download or run package programs from the remote office's protected distribution point.
The protected distribution point provides bandwidth protection for package run and package download only. It does not prevent the Advanced Client from communicating with its assigned management point in the absence of a proxy management point for inventory data, status messages, and Advanced Client policy requests.
Regional roaming and global roaming
If Active Directory is not available, or if the Active Directory schema for SMS is not extended, Advanced Clients can roam only to the lower level sites of their assigned site. This is called regional roaming. In regional roaming, the Advanced Client can roam to lower level sites and still receive software packages from distribution points.
When an advertisement is sent to the Advanced Client, the client receives information about the advertised package location from its assigned management point. Or, if the client has roamed into a secondary site, it receives information about the advertised package location from a proxy management point, if one is available. The client then uses the distribution points of one of its assigned site's lower level sites. Which distribution point it uses depends on which roaming boundary the client is in and whether the advertised package is available on the distribution point.
Global roaming allows the Advanced Client to roam to higher level sites, sibling sites, and sites in other branches of the SMS hierarchy and still receive software packages from distribution points. Global roaming requires Active Directory and the SMS Active Directory schema extensions. Global roaming cannot be performed across Active Directory forests.
For More Information
Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.