Determine Administrator Roles and Processes for Out of Band Management

更新日期: 2009年10月

適用於: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

In a production environment, implementing out of band management in Configuration Manager 2007 SP1 and later involves various processes that might require interaction and collaboration with a number of different groups across the enterprise.

note附註
本主題中的資訊僅適用於 Configuration Manager 2007 SP1 和更新的版本。

These groups might include the following:

  • Procurement for new desktop computers that support out of band management.

  • Security advisors and infrastructure administrators to help determine appropriate options and values in the computer BIOS extensions. For more information, see Decide Whether You Need a Customized Firmware Image From Your Computer Manufacturer.

  • Security auditors to help determine which AMT features to audit and how to process the audit logs when you use auditing in Configuration Manager 2007 SP2 and later.

  • Active Directory Domain Services service administrators to create and configure the Active Directory container or organizational unit (OU) into which the AMT-based computers are published.

  • Public key infrastructure (PKI) specialists to create, deploy, and manage the PKI certificates required for out of band management.

  • Active Directory Domain Services data administrators to create the AMT user accounts that are used when running the out of band management console.

  • DNS and DHCP administrators so that AMT is updated with the FQDN of the AMT-based computer during provisioning and so that host records are created in DNS for each IP address that the AMT-based computer might need for out of band communication. Additionally, if you use out of band provisioning, you might need an alias record in DNS so that AMT-based computers can find a provisioning server.

  • Infrastructure and network architects to ensure that firewalls, routers, and switches are configured to allow the network traffic associated with out of band activity, and to ascertain the impact of network traffic when sending power-on commands to multiple computers and across WAN links.

  • Administrators who configure RADIUS solutions for 802.1X authenticated wired and wireless networks, if you will manage AMT-based computers on these networks with Configuration Manager 2007 SP2 and later.

  • Configuration Manager administrators responsible for configuring software distribution, software updates, and task sequences to identify which advertisements and software update deployments should be enabled for Wake On LAN and whether to configure the site for wake-up packets only, power-on commands only, or both of these configurations.

  • Help desk engineers who might require training in using the out of band management console for troubleshooting scenarios.

  • End users who might require training and notification about turning off their computers at the end of the day if this is not their normal working practice.

Because an out of band management solution can involve a number of different roles and processes, a successful implementation will depend on identifying who is responsible for the various roles and ensuring collaboration between groups when necessary. A successful ongoing implementation will depend on identifying and adhering to processes that coordinate the various functions between the roles.

Some of the consequences of not having and following defined processes when out of band management in Configuration Manager is implemented in a production environment are as follows:

  • Computers fail to provision or configure as expected, which impacts the success rate of computer management. This in turn can negatively affect service level agreements (SLAs) and business continuity.

  • A critical component, such as DNS configuration or firewall configuration, prevents AMT provisioning and delays out of band management operation because these infrastructure changes were not requested in a timely manner.

  • Computers are not woken up for scheduled activities as expected, which impacts the success rate of software distribution, software updates, and task sequences. In the case of software updates, this can mean that computers are vulnerable to security exploits.

  • Not enough time is allowed to power on multiple computers that need to install security updates by a defined date to achieve required compliance levels.

  • If nonfunctioning computers cannot be successfully remediated without a visit to the computer, productivity will be negatively impacted if users have to wait for a help desk engineer to arrive.

Use a methodology such as ITIL or Microsoft Operations Framework (http://go.microsoft.com/fwlink/?LinkId=88047) to help you implement out of band management within a framework of defined processes. Make sure you document your design, testing procedures, the areas of responsibility, and the processes to follow for configuring, monitoring, and troubleshooting. Then disseminate this information, making sure that it is centrally available and updated.

note附註
Review existing company security policies, and if necessary, modify them to include the implementation of out of band management.

另請參閱

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.

社群新增項目

顯示: