How IT Works
Roaming in SMS 2003
Systems Management Server (SMS) 2003 is a comprehensive solution that allows you to roll out relevant software and updates to your users easily and cost effectively. SMS lets you designate "sites" that represent groups of computers. SMS sites give you very granular control over software distribution conditions. Sites have boundaries and when you define the boundaries of an SMS site, either by IP address or through association with Active Directory®, you are defining the groups of clients a particular site should own and manage.
For software distribution, boundaries are used to determine a client’s location relative to the site—either local or remote. This is important because SMS assumes that a client that is within a local boundary of the site is on a fast LAN connection, while a client within a remote boundary is on something less—a VPN or a slower WAN link. These designations help you determine which groups will get updates and when. If a particular software package is very large, for example, you may not want to push it out to clients residing in remote boundaries of a site.
The way machines move around to different SMS sites is called roaming, and understanding it is crucial to getting the most out of SMS 2003 software distribution. Because the topic has led to confusion for many SMS administrators, I’ll attempt to explain key concepts here.
Local Roaming Boundaries
By default, all boundaries defined on the site boundaries list are included in the Local Roaming Boundaries category. Any clients that reside within the defined boundaries or that are within the boundaries while visiting from another site are considered local to the SMS distribution points defined at this site for software distribution—regardless of whether the client is actually assigned to the site or not. Figure 1 shows the Roaming Boundaries dialog.
Figure 1 Roaming Boundaries
Remote Roaming Boundaries
An SMS site can include boundaries that define clients the site should manage but that may be across a slow WAN link and considered remote from the installed SMS site server and distribution points. Such boundaries are designated as "remote roaming" boundaries, which means that clients residing within or traveling to the designated boundary have no local distribution point and should be assumed remote for the purposes of software distribution. You add a new boundary using the dialog shown in Figure 2.
Figure 2 New Roaming Boundary
It is not uncommon for an administrator to install a local distribution point within a boundary that is listed as remote roaming with the expectation that clients residing within that remote roaming boundary will begin to use the new distribution point and treat it as local. It is important to remember that all distribution points installed as part of a particular site are considered local to that site, but not necessarily to the clients of that site. In the described scenario, the clients of the remote roaming boundary will treat this newly installed local distribution point just as they would every other distribution point (unless it’s protected—more on that in a moment) because the designation as local or remote is controlled not by the location of the distribution point but rather by the specification of the client’s boundary in relation to the site. If a client is within a boundary that is designated as remote roaming, that client will treat every distribution point of the site as remote.
When a boundary is designated as remote roaming, an administrator can control whether an advertisement should execute or be delayed until the client comes back into a local roaming boundary. This is particularly useful when distributing large packages—such as Microsoft® Office—which may not be appropriate to distribute across slower WAN connections. The options that control whether the distribution will continue are found on the Advanced Client tab (see Figure 3).
Figure 3 Advertisement Properties
There you can choose to avoid running the advertisement if there are no local distribution points, download the advertisement to the local cache using Background Intelligent Transfer System (BITS) before running, or simply proceed with the execution of the advertisement.
The SMS 2003 Advanced Client is designed to accommodate travel. Each client will have an assigned site to which it reports. The assigned site will have a list of boundaries—both local and remote—to define clients it should manage. If the client travels to an SMS site that is not its assigned site, it will attempt to use the local site for software distribution and the concepts discussed earlier will apply. If the client travels to a location where there is no local SMS site controlling the boundary, it will default back to its assigned site for management and software distribution.
Global and Regional Roaming
As I noted earlier, roaming is a concept that applies to software distribution and is designed to allow the SMS Advanced Client to use local distribution points—potentially at any site in the hierarchy—to facilitate local software distribution (assuming the distribution point has a copy of the package). Regional roaming involves a client traveling to any branch of the SMS hierarchy that is below its assigned SMS site. Any SMS advanced client may participate in regional roaming. Global roaming, in contrast, is defined as a client traveling to any SMS site in the hierarchy—regardless of location within the hierarchy. Global roaming requires Active Directory integration and is not supported across different forests.
Protected Distribution Points
The final piece of the picture you need to understand involves protected distribution points. These are important because they extend the control of software distribution by allowing the SMS administrator to choose which distribution points should be used by clients residing in a particular subnet. When a distribution point is configured as protected, as in Figure 4, it is not available for use by any client outside the boundary range configured specifically on the protected distribution point.
As you can see, with roaming boundaries SMS advanced clients can move from one location to another and still receive software packages from SMS—without clogging slow network links.
Steve Rachui is a Manageability Support Escalation Engineer in the Product Support Services group at Microsoft. He has supported SMS since version 1.2. Steve can be reached at firstname.lastname@example.org.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited
Figure 4 Protected Distribution Point