Planning for High Availability with Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

System Center 2012 Configuration Manager sites, hierarchy of sites, and Configuration Manager clients can each take advantage of options that maintain a high level of available service. These include the following:

  • Sites support multiple instances of site system servers that provide important services to clients.

  • Central administration sites and primary sites support the backup of the site database. The site database contains all the configurations for sites and clients, and it is shared between sites in a hierarchy that contain a central administration site.

  • Built-in site recovery options can reduce server downtime and include advanced options that simplify recovery when you have a hierarchy with a central administration site.

  • Clients can automatically remediate typical issues without administrative intervention.

  • Sites generate alerts about clients that fail to submit recent data, which alerts administrators to potential problems.

  • Configuration Manager provides several built-in reports that enable administrators to identify problems and trends before they become problems for server or client operations.

Configuration Manager does not provide a real-time service and you must expect it to operate with some data latency. Therefore, it is unusual for most scenarios that involve a temporary interruption of service to become a critical problem. When you have configured your sites and hierarchies with high availability in mind, downtime can be minimized, autonomy of operations maintained, and a high level of service provided.

For example, Configuration Manager clients typically operate autonomously by using known schedules and configurations for operations, and schedules to submit data to the site for processing. When clients cannot contact the site, they cache data to be submitted until they can contact the site. Additionally, clients that cannot contact the site continue to operate by using the last known schedules and cached information, such as a previously downloaded application that they must run or install, until they can contact the site and receive new policies. The site monitors its site systems and clients for periodic status updates, and can generate alerts when these fail to register. Built-in reports provide insight to ongoing operations as well as historical operations and trends. Finally, Configuration Manager supports state-based messages that provide near real-time information for ongoing operations.

Use the information in the following sections to help you understand the options to deploy Configuration Manager in a highly available configuration.

  • High Availability for Configuration Manager Clients

  • High Availability for Configuration Manager Sites

    • Details for Sites and Site System Roles that are Highly Available

    • Details for Sites and Site System Roles that are not Highly Available

High Availability for Configuration Manager Clients

The following table provides information about the operations of Configuration Manager clients that promote high availability.

Feature

More information

Client operations are autonomous

Configuration Manager client autonomy includes the following:

  • Clients do not require continuous contact with any specific site system servers. They use known configurations to perform preconfigured actions on a schedule.

  • Clients can use any available instance of a site system role that provides services to clients, and they will attempt to contact known servers until an available server is located.

  • Clients can run inventory, software deployments, and similar scheduled actions independent of direct contact with site system servers.

  • Clients that are configured to use a fallback status point can submit details to the fallback status point when they cannot communicate with a management point.

Clients can repair themselves

Clients automatically remediate most typical issues without direct administrative intervention:

  • Periodically, clients self-evaluate their status and take action to remediate typical problems by using a local cache of remediation steps and source files for repairs.

  • When a client fails to submit status information to its site, the site can generate an alert. Administrative users that receive these alerts can take immediate action to restore the normal operation of the client.

Clients cache information to use in the future

When a client communicates with a management point, the client can obtain and cache the following information:

  • Client settings.

  • Client schedules.

  • Information about software deployments and a download of the software the client is scheduled to install, when the deployment is configured for this action.

When a client cannot contact a management point the following actions are taken:

  • Clients locally cache the status, state, and client information they report to the site, and transfer this data after they establish contact with a management point.

Client can submit status to a fallback status point

When you configure a client to use a fallback status point, you provide an additional point of contact for the client to submit important details about its operation:

  • Clients that are configured to use a fallback status point continue to send status about their operations to that site system role even when the client cannot communicate with a management point.

Central management of client data and client identity

The site database rather than the individual client retains important information about each client’s identity, and associates that data to a specific computer, or user. This has the following results:

  • The client source files on a computer can be uninstalled and reinstalled without affecting the historical records that are associated with the computer where the client is installed.

  • Failure of a client computer does not affect the integrity of the information that is stored in the database. This information can remain available for reporting.

High Availability for Configuration Manager Sites

At each site, you deploy site system roles to provide the services that you want clients to use at that site. The site database contains the configuration information for the site and for all clients. Use one or more of the available options to provide for high availability of the site database, and the recovery of the site and site database if needed.

The following table provides information about the available options for Configuration Manager sites that support high availability.

Option

More information

Use a SQL Server cluster to host the site database

When you use a SQL Server cluster for the database at a central administration site or primary site, you use the fail-over support built into SQL Server.

Secondary sites cannot use a SQL Server cluster, and do not support backup or restoration of their site database. You recover a secondary site by reinstalling the secondary site from its parent primary site.

Deploy a hierarchy of sites with a central administration site, and one or more child primary sites

This configuration can provide fault tolerance when your sites manage overlapping segments of your network. In addition, this configuration offers an additional recovery option to use the information in the shared database available at another site, to rebuild the site database at the recovered site. You can use this option to replace a failed or unavailable backup of the failed sites database.

Create regular backups at central administration sites and primary sites

When you create and test a regular site backup, you can ensure that you have the data necessary to recover a site, and the experience to recover a site in the minimal amount of time.

Install multiple instances of site system roles

When you install multiple instances of critical site system roles such as the management point and distribution point, you provide redundant points of contact for clients in the event that a specific site system server is off-line.

Install multiple instances of the SMS Provider at a site

The SMS Provider provides the point of administrative contact for one or more Configuration Manager consoles. When you install multiple SMS Providers, you can provide redundancy for contact points to administer your site and hierarchy.

Details for Sites and Site System Roles that are Highly Available

The following table provides information about features available at sites, and the site system roles that are part of a high availability configuration.

Feature

More information

Redundancy for important site system roles

You can install multiple instances of the following site system roles to provide important services to clients:

  • Management point

  • Distribution point

  • State migration point

  • System Health Validator point

  • Application Catalog web service point

  • Application Catalog website point

  • Software update point (Configuration Manager SP1 only)

You can install multiple instance of the following site system role to provide redundancy for reporting on sites and clients:

  • Reporting services point

You can install the following site system role on a Windows Network Load Balancing (NLB) cluster to provide failover support:

  • Software update point

    Note

    For Configuration Manager SP1, you must use Windows PowerShell if you want to configure an NLB software update point instead of using the automatic redundancy that Configuration Manager SP1 provides when you install multiple software update points.

Built-in site backup

Configuration Manager includes a built-in backup task to help you back up your site and critical information on a regular schedule. Additionally, the Configuration Manager Setup wizard supports site restoration actions to help you restore a site to operations.

Publishing to Active Directory Domain Services and DNS

You can configure each site to publish data about site system servers and services to Active Directory Domain Services and to DNS. This enables clients to identify the most accessible server on the network, and to identify when new site system servers that can provide important services, such as management points, are available.

SMS Providers and Configuration Manager consoles

Configuration Manager supports installing multiple SMS Providers, each on a separate computer, to ensure multiple access points for Configuration Manager consoles. This ensures that if one SMS Provider computer is offline, you maintain the ability to view and reconfigure Configuration Manager sites and clients.

When a Configuration Manager console connects to a site, it connects to an instance of the SMS Provider at that site. The instance of the SMS Provider is selected nondeterministically. If the selected SMS Provider is not available, you have the following options:

  • Reconnect the console to the site. Each new connection request is nondeterministically assigned an instance of the SMS Provider and it is possible that the new connection will be assigned an available instance.

  • Connect the console to a different Configuration Manager site and manage the configuration from that connection. This introduces a slight delay of configuration changes of no more than a few minutes. After the SMS Provider for the site is on-line, you can reconnect your Configuration Manager console directly to the site that you want to manage.

You can install the Configuration Manager console on multiple computers for use by administrative users. Each SMS Provider supports connections from multiple Configuration Manager consoles.

Management point

Install multiple management points at each primary site, and enable the sites to publish site data to your Active Directory infrastructure, and to DNS.

Multiple management points help to load-balance the use of any single management point by multiple clients. In addition, you can install one or more database replicas for management points to decrease the CPU-intensive operations of the management point, and to increase the availability of this critical site system role.

Because you can install only one management point in a secondary site, which must be located on the secondary site server, management points at secondary sites are not considered to have a highly available configuration.

Note

Mobile devices that are enrolled by Configuration Manager can connect to only one management point in a primary site. The management point is assigned by Configuration Manager to the mobile device during enrollment and then does not change. When you install multiple management points and enable more than one for mobile devices, the management point that is assigned to a mobile device client is non-deterministic.

If the management point that a mobile device client uses becomes unavailable, you must resolve the problem with this management point or wipe the mobile device and re-enroll the mobile device so that it can assign to an operational management point that is enabled for mobile devices.

Distribution point

Install multiple distribution points, and deploy content to multiple distribution points. You can configure overlapping boundary groups for content location to ensure that clients on each subnet can access a deployment from two or more distribution points. Finally, consider configuring one or more distribution points as fallback locations for content.

For more information about fallback locations for content, see the Planning for Preferred Distribution Points and Fallback section in the Planning for Content Management in Configuration Manager topic.

Application Catalog web service point and Application Catalog website point

You can install multiple instances of each site system role, and for best performance, deploy one of each on the same site system computer.

Each Application Catalog site system role provides the same information as other instances of that site system role regardless of the location of this site server role in the hierarchy. Therefore, when a client makes a request for the Application Catalog and you have configured the Default Application Catalog website point device client setting for Automatically detect, the client can be directed to an available instance, with preference given to local Application Catalog site system servers, based on the current network location of the client.

For more information about this client setting and how automatic detection works, see the Computer Agent client setting section in the About Client Settings in Configuration Manager topic.

Details for Sites and Site System Roles that are not Highly Available

Several site systems do not support multiple instances at a site or in the hierarchy.

Use the information in the following table to help you plan if these site systems go off-line.

Site system server

More information

Site server (site)

Configuration Manager does not support the installation of the site server for each site on a Windows Server cluster or NLB cluster.

The following information can help you prepare for when a site server fails or is not operational:

  • Use the built-in backup task to regularly create a backup of the site. In a test environment, regularly practice restoring sites from a backup.

  • Deploy multiple Configuration Manager primary sites in a hierarchy with a central administration site to create redundancy. If you experience a site failure, consider using Windows group policy or logon scripts to reassign clients to a functional site.

  • If you have a hierarchy with a central administration site, you can recover the central administration site or a child primary site by using the option to recover a site database from another site in your hierarchy.

  • Secondary sites cannot be restored, and must be reinstalled.

Asset Intelligence synchronization point (hierarchy)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server.

Endpoint Protection point (hierarchy)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server.

Enrollment point (site)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server.

Enrollment proxy point (site)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. However, you can install multiple instances of this site system role at a site, and at multiple sites in the hierarchy. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server.

When you have more than one enrollment proxy server in a site, use a DNS alias for the server name. When you use this configuration, DNS round robin provides some fault tolerance and load balancing for when users enroll their mobile devices. For more information, see How to Install Clients on Windows Mobile and Nokia Symbian Devices Using Configuration Manager.

Fallback status point (site or hierarchy)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server. Because clients are assigned the fallback status point during client installation, you will need to modify existing clients to use the new site system server.

Out of band service point (site)

This site system role is not considered mission critical and provides optional functionality in Configuration Manager. If this site system goes offline, use one of the following options:

  • Resolve the reason for the site system to be off-line.

  • Uninstall the role from the current server, and install the role on a new server.