Académique Documents
Professionnel Documents
Culture Documents
Solution
Benefits
Cost savings:
Microsoft IT
anticipates saving
approximately U.S.
$500,000 in the next
two years due to a
consolidation of
servers and reduced
costs for support,
backup, custom tool
development, and
updates.
Empowered end
users: Microsoft IT
uses the
Configuration
Manager
Application
Catalog (the
catalog website)
and Software
Center (the local
utility) to offer
users an
unprecedented
level of control
over how and when
their software
installations occur.
Automatic client
health monitoring:
Using the
Configuration
Manager Health
Evaluation feature,
Microsoft IT has a
The following content may no longer reflect Microsofts current position or infrastructure. This
content should be viewed as reference documentation only, to inform IT business decisions
within your own company or organization.
Situation
The consumerization of IT is affecting how the Microsoft Information Technology department
(Microsoft IT) thinks about client management. As the group responsible for maintaining the
Microsoft corporate network and infrastructure, Microsoft IT is tasked with managing the
more than 280,000 computers and reporting on the 125,000 mobile devices that connect to
the network. Microsoft IT needed to enhance its client management environment in order to
better support the ever-increasing numbers of systems connecting to the network, and to
accommodate employees' requests for more control over their managed systems.
Microsoft IT had been using Microsoft System Center Configuration Manager 2007 to ensure
that managed systems comply with corporate policies and required configuration states. As
the numbers of connected systems increased throughout the company's regional domains,
Microsoft IT added servers on an as-needed basis to support the additional load. Microsoft IT
would also perform in-place updates as Configuration Manager 2007 evolved. However, each
update utilized the same underlying architectural model. Microsoft IT wanted to redesign its
infrastructure to reduce the number of physical servers and secondary sites, and improve
performance by reallocating resources according to client load.
With so many systems in the environment, maintaining the health of the Configuration
Manager 2007 clients became a daunting task. Microsoft IT depended on custom scripts to
monitor and remediate certain aspects of a client in order to keep it healthy. Not only did the
scripts require continual maintenance due to code revisions and updates to support the
functions, but they also lengthened users' system logon times.
Finally, Microsoft IT needed to evolve its application distribution services to meet the selfservice needs of Microsoft personnel. In the company's Configuration Manager 2007based
environment, Microsoft IT used a custom packaging tool to deploy applications through
Configuration Manager 2007. Turnaround time for a complex package could require 7 to 10
days and the input of several IT personnel. Microsoft IT also had to maintain a separate
Configuration Manager 2007 site to ensure that production setup was completely isolated
from testing efforts.
Solution
As the companys first and best customer, Microsoft IT regularly adopts early releases of
Microsoft technologies, tests them in a real-world environment, and provides critical feedback
to improve products before they are generally available to the public. When the System
Center product team began developing the next generation of Configuration Manager,
Microsoft IT worked closely with the team to meet IT goals and to help ensure that System
Center 2012 Configuration Manager could provide an end-to-end IT management
experience.
Implementation
The following sections describe the process that Microsoft IT undertook to implement System
Center 2012 Configuration Manager throughout the companys client environment. The
overall approach that Microsoft IT used for this large-scale process was based on the
Microsoft Operations Framework, which provides guidelines for everyday IT practices and
activities.
As shown in Figure 1, Microsoft IT divided the System Center 2012 Configuration Manager
implementation process into four main phases: Envision, Plan, Test, and Deploy. Each of
these phases is described in more detail below.
Envision
Plan
Test
Depl
oy
Envision Phase
In this first phase, Microsoft IT scoped the project and clarified its vision for implementing
System Center 2012 Configuration Manager. Microsoft IT had three primary objectives that it
wanted to achieve by upgrading the system management environment to System Center
2012 Configuration Manager:
Page 2
Page 3
and planned to continue with the new System Center 2012 Configuration Managerbased
environment included:
Malware protection
Power management
Microsoft IT also determined they would implement the following Configuration Manager
features some of which were new in System Center 2012 Configuration Manager, some
were expanded feature sets, and others were existing features that Microsoft IT wanted to
implement as part of the new deployment:
User-centric management
Settings management
Note: For more information about the features available in System Center 2012
Configuration Manager, see http://technet.microsoft.com/en-us/library/gg699359.aspx.
Envisioning was straightforward for most of the new features. Microsoft IT's user-centric
management strategy is described in detail in the Microsoft IT Showcase paper at
http://technet.microsoft.com/en-us/library/hh925141.aspx. Microsoft IT's mobile device
management and endpoint protection implementation strategies are discussed below.
Page 4
Plan Phase
In the Plan phase, Microsoft IT determined the functional requirements for its System Center
2012 Configuration Manager system architecture and developed server and client migration
plans.
Page 5
Microsoft IT collated all this data into a single data set. After reviewing the information,
several sites were identified as having an imbalance in the number of servers to clients. In
some places, the number of clients did not merit a stand-alone server; other locations had no
server, but the number of clients merited one.
Microsoft IT used the results of its architectural review to design a new topology that best
uses System Center 2012 Configuration Manager features and optimizes network bandwidth
across the globe. This new infrastructure is illustrated in Figure 4.
Page 6
Co-location of the Central Administration Site (CAS) SQL Server and CAS
provider on a single server, replacing the two separate servers in
Configuration Manager 2007
Removal of the stand-alone Limited Services (Patching) site, with the help of
RBA and collection-level client settings
Splitting the large Redmond site into two smaller sites to bring the primary
site into compliance with the supported number of clients
Table 1 summarizes the hardware that Microsoft IT implemented in its new client
environment.
Page 7
Server
Model
Memory
Processor
Count
Processor
Type
HP ProLiant
64 GB
2 sockets
Intel Xeon
SE326M1
Primary Site
Server
Virtual Machine
12 GB
12 cores
CPU L5640
24 threads
(Hyperthreading)
@ 2.26 GHz
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Management
Point
Virtual Machine
6 GB
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Software Update
Point
Virtual Machine
6 GB
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Distribution Point
Virtual Machine
4 GB
2 cores
Intel Xeon
2 threads
CPU UE7450
@ 2.40 GHz
SQL Server
>50,000 Clients
SQL Server
<50,000 Clients
HP ProLiant
64 GB
DL 580 G5
HP ProLiant
SE326M1
48 GB
4 sockets
Intel Xeon
16 cores
CPU E7330
16 threads
@ 2.40 GHz
2 sockets
Intel Xeon
8 cores
CPU L5520
16 threads
(Hyperthreading)
@ 2.26 GHz
Note: For more information about Microsoft IT's use of hardware in the new Configuration
Manager deployment, see the blog at
http://blogs.msdn.com/b/shitanshu/archive/2012/04/10/configuration-manager-2012hardware-configuration-used-in-microsoft-it.aspx.
Page 8
Note: For more information about Microsoft IT's Configuration Manager client migration, see
http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx.
Microsoft IT designed some custom reports to monitor the prerelease server environment
and Configuration Manager data replication processes.
Note: Microsoft now offers a System Center Monitoring Pack for System Center 2012
Configuration Manager. For more information, see
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=29267.
Microsoft IT also developed pre-upgrade and post-upgrade checklists to help track the
migration progress and confirm that all critical processes were running as expected.
In terms of the mobile device implementation strategy, Microsoft IT wanted to implement
Exchange Server Connector with the appropriate rights to allow device information to be
discovered from Exchange Server computers across the corporate domains. Because most
mobile devices at Microsoft are owned by individuals, Microsoft IT limited the Exchange
Server Connector account to read-only access, which provides the desired inventory
reporting information.
Test Phase
During the Test phase, Microsoft IT built a virtual lab environment to validate the System
Center 2012 Configuration Manager implementation plan.
Building the Virtual Lab Environment
Microsoft IT configured a virtual lab environment for its proof-of-concept (POC) hierarchy.
The POC mirrored the existing Configuration Manager 2007 architecture, differing only in its
smaller scale. The components of the lab are displayed in Figure 5:
Page 9
In order for the virtual lab to accurately test the mobile implementation strategy, Microsoft IT
created two new connectors for Exchange Server Connector: one for the on-premises
Exchange Server Connector, and another for the cloud-based Exchange Server Connector.
Validating the Content Migration
To minimize client management downtime during Distribution Point and Secondary Site
migration, Microsoft IT tested two content migration strategies:
For validating replicating content for new packages created in System Center
2012 Configuration Manager, Microsoft IT devised and tested the following content
pre-staging strategy for upcoming Configuration Manager Distribution Points:
1.
Export all critical package content from the existing System Center 2012
Configuration Manager hierarchy using the administrator console. Copy the
content through a Background Intelligent Transfer Service (BITS) job in
multiple phases (based on the network layout).
2.
3.
Enable the Distribution Point as Pre-Stage enabled, and then assign the
Distribution Point to a test boundary group.
4.
5.
After validating that all content is successfully pre-staged, remove the PreStage option and configure the boundaries on the Distribution Point.
Note: Microsoft IT wanted to keep some of the packages that were created in Configuration
Manager 2007 but also wanted new packages that were created in System Center 2012
Configuration Manager to be available on the new Configuration Manager Distribution Points
as soon as they were migrated. This meant Microsoft IT had to test and validate both
packages. However, this is not a required process. Customers can migrate all content from
their old Configuration Manager 2007 hierarchy directly to System Center 2012 Configuration
Manager without having to create new packages.
Page 10
2.
3.
Note: For more information about Microsoft IT's client migration testing, see
http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx.
b.
c.
Microsoft IT tested using the /forceinstall flag to ensure that the old client
was fully uninstalled and the new client installed.
2.
Ensure the client registered correctly with the new site. Microsoft IT tested this by
using a forced site code through the command line.
3.
4.
a.
b.
c.
Execute hardware and software inventory cycles and confirm that the
server processes the hardware and software inventory data files
successfully.
Ensure that the client passes a client health evaluation scheduled task using
CCMEVAL.exe, and that it reports back to the site server that it completed
successfully. Microsoft IT used the CCMEVALSENDALWAYS=TRUE command line
option to ensure that the data was received every day for each client.
Test the Exchange Server Connector account's ability to access Exchange Server.
2.
Page 11
3.
Confirm that the mobile device data collected through Exchange Server Connector
synchronization is valid.
4.
Run the mobile device management reports that list the inventory of various types of
discovered devices.
After validating that all features were functioning properly, Microsoft IT obtained approval
from stakeholders to move the Configuration Manager implementation from the test
environment into production.
Deploy Phase
In this phase, Microsoft IT finalized the worldwide rollout of the new Configuration Manager
infrastructure that includes five primary sites and approximately 280,000 systems. Due to the
scale of the rollout, Microsoft IT chose to migrate in batches in order to minimize impact to
the corporate network.
Microsoft IT stepped through the following sequence to deploy the new Configuration
Manager environment:
1.
2.
b.
Create primary site and SQL Server installation on a remote server, which
will cater to Redmond-based clients. Install and configure all required roles,
including Management Point, Distribution Point, Software Update Point,
Fallback Status Point, and Application Catalog.
Migrate content.
a.
b.
3.
Populate the Application Catalog with appropriate applications based on the new
application model, and direct users to this self-service application management
portal.
4.
Migrate clients.
a.
b.
Monitor the clients and confirm that they can obtain bits from their
distribution points and can communicate with multiple management points
before migrating another batch of clients.
c.
Repeat this process until the Redmond primary site contains approximately
65,000 clients (or roughly half the total number of clients at Redmond), and
then migrate the remaining Redmond clients to the second Redmond site.
Page 12
5.
Expand the rollout worldwide to the company's other regions, following the phased
approach as described in steps 24 above.
6.
Use the Configuration Manager built-in wizard for Exchange Server Connector to
connect to Exchange Server for mobile device discovery.
Note: Discovery is configured at a primary site level. Using global data replication,
discovery data becomes available across all sites in the hierarchy.
Results
The results from deploying the new System Center 2012 Configuration Managerbased
client environment are as follows:
More than 150,000 clients were migrated to the new Configuration Manager
environment within the first 100 days.
Consolidation of servers
Removed the limited services site (six servers) that offered patch-only
service.
Confirmed that the client health evaluation scheduled task was installed as
part of the Configuration Manager client, and is scheduled to run at the
appropriate time each morning. This allows for detailed reporting of current
client health issues within Microsoft IT's environment.
With users accessing the new Application Catalog, Microsoft IT has begun
phasing out the legacy homegrown application management solution.
Microsoft IT has been able remove the custom scripting requirement for
approximately 70 percent of all application deployments. In the remaining
deployments, Microsoft IT is able to use the application model to prepare an
application for deployment in an average of 3 to 4 daysan activity that used
to require 7 to 10 days using Configuration Manager 2007 with custom-built
application packages.
Page 13
Approximately 125,000 mobile devices were identified during the initial full
discovery.
Best Practices
When working with System Center 2012 Configuration Manager to implement a new client
management environment, Microsoft IT developed and implemented these best practices:
Take time to review roles in RBA. You want to use roles that align to users
responsibilities, so consider the set of responsibilities that each individual has. RBA
provides a great level of granularity and permissions control, but if you have
personnel working in multiple roles (such as test and production), consider changing
their responsibilities so that no individual can deploy to both test and production.
Use SQL Server database backup to manage your backup data and reduce
backup storage costs. System Center 2012 Configuration Manager stores data in
the site database and replicates it across sites. By using SQL Server compressed
data files for backup, Microsoft IT reduces backup storage costs when compared to
using the Configuration Manager 2007 Backup task.
Carefully review types and numbers of objects, data, and data replication
topology. This is especially critical for large-scale, geographically distributed
enterprises. Examine how you manage SQL Server data replication and object
management, and how you plan to migrate users and user objects without having
systems re-replicate all their data to the Configuration Manager database.
Use client health reporting to assist you in attacking issues that are most
prevalent. Client health evaluations can resolve many issues right away, but you
should also use the built-in reporting capabilities to gain insight into what issues
exist in your environment.
During migration, ensure your new Configuration Manager clients are not
assigned to Configuration Manager 2007. Microsoft IT uses GPOs and security
groups to manage this process and to deploy in phased migrations.
Page 14
Be familiar with the new SQL Serverbased replication and use Replication
Link Analyzer for troubleshooting. There are significant replication differences
between Configuration Manager 2007 and System Center 2012 Configuration
Manager, so make sure you differentiate between site data and global data, and
know how this information is used for different Configuration Manager features.
Benefits
Microsoft ITs implementation of System Center 2012 Configuration Manager derived a
number of benefits:
Cost savings. Microsoft IT estimates the new client environment will save the
company U.S.$200,000 in infrastructure savings from reduced server, support and
backup costs over the next two years. As described in the Microsoft IT Showcase
paper at http://technet.microsoft.com/en-us/library/hh925141.aspx, Microsoft IT
anticipates an additional estimated savings of U.S.$300,000 in custom tool
development and update costs from the new user-centric client management
implementation.
Simplified backup and recovery. Microsoft IT can more easily perform backup and
recovery now that all Configuration Manager bits are stored in SQL Server
databases.
Page 15
Conclusion
System Center 2012 Configuration Manager is the cornerstone of Microsoft IT's improved set
of client management services that cater to today's consumerized, user-centric IT landscape.
This new client environment gives employees an unprecedented level of control over their
managed systems. For example, by making use of Configuration Manager Application
Catalog and Software Center, employees can set a variety of system management preferences,
including how and when mandatory software changes occur.
Additionally, built-in Health Evaluation actively monitors and reports on client health, and can even
remediate when a health issue is identified. Other Configuration Manager features are
enhancing Microsoft IT's ability to monitor, report on, and manage 280,000 systemsand for
the first time, report on more than 125,000 mobile devices.
By taking the opportunity to perform a detailed, bottom-up review of its older Configuration
Manager 2007based infrastructure, Microsoft IT built a more efficient solution based on
System Center 2012 Configuration Manager that consolidates servers and improves client
access to sites throughout the company's global domains. Now that Microsoft IT has fully
rolled out the new client management environment, the department has begun phasing out
the old Configuration Manager 2007based solution. Microsoft IT anticipates saving
approximately $500,000 in the next two years due to a consolidation of servers and reduced
costs for support, backup, custom tool development, and updates.
Page 16
Page 17