DOCX

IPD - System Center Configuration Manager 2007 R3 and Forefront

By Vanessa Chavez,2014-06-20 12:57
7 views 0
IPD - System Center Configuration Manager 2007 R3 and Forefront

    Infrastructure Planning and Design

    ?Microsoft System Center Configuration

    ?Manager 2007 R3 and Forefront Endpoint

    Protection

Version 2.0

Published: October 2008

    Updated: July 2011

    For the latest information, please see www.microsoft.com/ipd

Copyright ? 2011 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below.

    If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

    This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user’s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM.

    Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious.

    Microsoft, Active Directory, Forefront, SQL Server, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries and regions.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.

     microsoft.com/solutionaccelerators

Contents

    The Planning and Design Series Approach .................................................................................................... 1 Introduction to the Microsoft System Center Configuration Manager 2007 R3 and Forefront

    Endpoint Protection Guide .......................................................................................................................... 3 Step 1: Define the Project Scope.................................................................................................................. 8 Step 2: Determine Which Roles Will Be Deployed ...................................................................................... 13 Step 3: Determine the Number of Sites Required ....................................................................................... 18 Step 4: Design the Sites ............................................................................................................................. 20 Step 5: Determine the Number of Hierarchies Required ............................................................................. 31 Step 6: Design Each Hierarchy ................................................................................................................... 32 Step 7: Design the Forefront Endpoint Protection Integration .................................................................... 33 Conclusion ................................................................................................................................................ 37 Appendix A: Client Population Job Aid ....................................................................................................... 38 Appendix B: Number of Configuration Manager Sites and Hierarchies Requirements Job Aid ...................... 40 Appendix C: Forefront Endpoint Protection Integration Job Aid .................................................................. 41 Appendix D: Forefront Endpoint Protection Fringe Scenarios ..................................................................... 42 Appendix E: IPD in Microsoft Operations Framework 4.0............................................................................ 43 Appendix F: System Center Configuration Manager and Forefront Endpoint Protection in Microsoft

    Infrastructure Optimization ....................................................................................................................... 44 Version History ......................................................................................................................................... 45 Acknowledgments .................................................................................................................................... 46

     microsoft.com/solutionaccelerators

The Planning and Design Series

    Approach

    This guide is one in a series of planning and design guides that clarify and streamline the ?planning and design process for Microsoft infrastructure technologies.

    Each guide in the series addresses a unique infrastructure technology or scenario. These guides include the following topics:

     Defining the technical decision flow (flow chart) through the planning process. Describing the decisions to be made and the commonly available options to consider

    in making the decisions.

     Relating the decisions and options to the business in terms of cost, complexity, and

    other characteristics.

     Framing the decision in terms of additional questions to the business to ensure a

    comprehensive understanding of the appropriate business landscape. The guides in this series are intended to complement and augment the product documentation. It is assumed that the reader has a basic understanding of the technologies discussed in these guides. It is the intent of these guides to define business requirements, then align those business requirements to product capabilities, and design the appropriate infrastructure.

    Benefits of Using This Guide

    Using this guide will help an organization to plan the best architecture for the business and to deliver the most cost-effective Microsoft System Center Configuration Manager ?2007 R3 and Forefront Endpoint Protection (FEP) infrastructure.

    Benefits for Business Stakeholders/Decision Makers:

     Most cost-effective design solution for an implementation. Infrastructure Planning and

    Design (IPD) eliminates over-architecting and overspending by precisely matching

    the technology solution to the business needs.

     Alignment between the business and IT from the beginning of the design process to

    the end.

    Benefits for Infrastructure Stakeholders/Decision Makers:

     Authoritative guidance. Microsoft is the best source for guidance about the design of

    Microsoft products.

     Business validation questions to ensure the solution meets the requirements of both

    business and infrastructure stakeholders.

     High-integrity design criteria that includes product limitations.

     Fault-tolerant infrastructure, where necessary.

     Proportionate system and network availability to meet business requirements. Infrastructure that is sized appropriately to meet business requirements. Benefits for Consultants or Partners:

     Rapid readiness for consulting engagements.

     Planning and design template to standardize design and peer reviews. A ―leave-behind‖ for pre- and post-sales visits to customer sites.

     General classroom instruction/preparation.

     microsoft.com/solutionaccelerators

2 Infrastructure Planning and Design

    Benefits for the Entire Organization:

    Using this guide should result in a design that will be sized, configured, and appropriately placed to deliver a solution for achieving stated business requirements, while considering the performance, capacity, manageability, and fault tolerance of the system.

     microsoft.com/solutionaccelerators

Microsoft System Center Configuration Manager 2007 R3 and FEP 3

    Introduction to the Microsoft System

    Center Configuration Manager 2007 R3

    and Forefront Endpoint Protection

    Guide

    This guide leads the reader through the process of planning a System Center Configuration Manager infrastructure and optionally a Forefront Endpoint Protection (FEP) infrastructure. This guide presents both of these products together, as FEP requires an operational Configuration Manager infrastructure as its operational foundation. The guide addresses the following fundamental decisions and tasks:

     Identifying which Configuration Manager and FEP capabilities will be needed. Designing the components, layout, security, and connectivity of the Configuration

    Manager infrastructure.

     Designing the components and the dependencies that FEP requires.

    Business objectives should be prioritized at the start of the project so that they are clearly understood and agreed on by IT and business managers.

    Following this guide should result in a design that is sized, configured, and appropriately placed to deliver the stated business benefits, while considering the user experience, security, manageability, performance, capacity, and fault tolerance of the system. The guide addresses the scenarios most likely to be encountered by someone designing a Configuration Manager infrastructure, with or without FEP functionality. An existing Configuration Manager infrastructure may be used in lieu of designing one specifically for FEP, as long as it supports the FEP design outlined in this guide.

    Customers should consider having their architecture reviewed by Microsoft Customer Service and Support prior to implementation because that organization is best able to comment on the supportability of a particular design.

    What’s New in System Center Configuration

    Manager 2007 R3 and Forefront Endpoint

    Protection

    This guide has been revised to include these new enhancements in Configuration Manager 2007 R3 that may affect the infrastructure choices and design: Enhanced scalability and performance. Increased number of supported clients to

    100,000 per primary site and 300,000 per entire hierarchy.

     Power management. Provides a set of tools that enable the site administrator to ?configure standard Windows power settings across computers.

     Operating system deployment improvements. Provides prestaging of boot images

    and Windows Imaging Format (.wim) files on new computers, enabling the

    administrator to apply a task sequence to the device that can use the prestaged

    media.

     Dynamic collection evaluation. Enables rapid evaluation of a collection

    membership by adding only newly discovered resources.

     Active Directory Delta Discovery. Performs an intermediate discovery cycle that

    adds only new resources to the Configuration Manager 2007 database. Simplified resource management. Enables searching for and adding resources to a

    specified collection.

     Desired configuration management. Enables creation of a collection of compliant

    or noncompliant computers in desired configuration management.

     microsoft.com/solutionaccelerators

4 Infrastructure Planning and Design

    In addition, this guide contains new material about designing a Forefront Endpoint Protection infrastructure. FEP uses Configuration Manager’s capabilities to perform tasks such as deploying antimalware clients, enforcing security policies on endpoints, managing devices, and alerting administrators to events related to FEP. Assumptions

    To limit the scope of material in this guide, the following assumptions have been made: The design being created is for Configuration Manager 2007 R3 and/or Forefront

    Endpoint Protection. ? Active Directory Domain System (AD DS) is already designed. For assistance in

    designing AD DS, see the Infrastructure Planning and Design Guide for Windows

    Server 2008 and Windows Server 2008 R2 Active Directory Domain Services at

    http://go.microsoft.com/fwlink/?LinkId=157704.

    System Center Configuration Manager 2007 R3 and Forefront Endpoint Protection Design Process

    This guide addresses the following decisions and activities that must occur in planning the design for a functional infrastructure. The seven steps that follow represent the most critical design elements in a well-planned Configuration Manager and Forefront Endpoint Protection design:

     Step 1: Define the Project Scope

     Step 2: Determine Which Roles Will Be Deployed

     Step 3: Determine the Number of Sites Required

     Step 4: Design the Sites

     Step 5: Determine the Number of Hierarchies Required

     Step 6: Design Each Hierarchy

     Step 7: Design the Forefront Endpoint Protection Integration

     microsoft.com/solutionaccelerators

Microsoft System Center Configuration Manager 2007 R3 and FEP 5

    Figure 1 provides a graphic overview of the steps involved in designing a Configuration Manager infrastructure.

Figure 1. The Configuration Manager and Forefront Endpoint Protection

    infrastructure decision flow

    Figure 2 is a graphical representation of one Configuration Manager and FEP implementation. Note that the figure does not provide a comprehensive view of all possible options; rather, it is a single representation that shows the architectural items that must be considered for each Configuration Manager and FEP design.

     microsoft.com/solutionaccelerators

6 Infrastructure Planning and Design

Figure 2. Example Configuration Manager and FEP architecture

    The components can be designed in many ways. Figure 2 shows the components in one implementation for illustrative purposes only.

    A Configuration Manager instance can include three types of sites:

     Central site. There is one central site, which is the top of the site hierarchy. If there is

    only one site in the hierarchy, that site is both a central site and a primary site. This

    site requires a site server and a site database.

     Primary sites. These sites report up to either the central site or another primary site;

    there can be an unlimited number of tiers of primary sites. Each primary site requires

    a site server and a site database.

     Secondary sites. Each secondary site reports up to one primary site. A secondary

    site requires a site server but not a database.

    A FEP instance can be integrated into Configuration Manager in the following ways: Centralization of services. All FEP services exist in a single location: the central

    primary site. This allows for management of all FEP resources in a single place. Decentralization of services. FEP services exist in each individual child primary site.

    This provides distributed management that is delegated at the child primary site level.

    FEP reporting is also done at the child primary site level, with only that subset of

    devices available to reports.

     A combination of both. FEP services are distributed across central primary and

    child sites. This provides a finer level of manageability while also providing a roll-up

    reporting view of all FEP resources.

     microsoft.com/solutionaccelerators

Report this document

For any questions or suggestions please email
cust-service@docsford.com