Book Image

Mastering System Center Configuration Manager

By : Vangel Krstevski
Book Image

Mastering System Center Configuration Manager

By: Vangel Krstevski

Overview of this book

Table of Contents (15 chapters)
Mastering System Center Configuration Manager
About the Author
About the Reviewers

Site system server and roles

After installing System Center Configuration Manager 2012 R2, the next step in the configuration process is to design your System Center Configuration Manager site hierarchy. You have to go through the entire content of this topic in order to have a more efficient and scalable environment.

Site system roles specify the support operations at each site. Machines that host Configuration Manager sites are named site servers, and machines that host other site system roles are called site system servers. Servers within one site communicate with each other using SMB, HTTP, or HTTPS, depending on the site's configuration. So, review your available network bandwidth before installing a site system server and configure your site system roles. Within each site, you can install site system roles on the site server or you can install site system roles on other site system servers. There is no limit to the number of site system roles on a site system server. The only limitation is that you cannot install a site system role from a different site. Some specific roles are only available to some sites in a hierarchy. In order to install site system roles, you can use the account of the site server or create a Site System Installation account. This account can be a local system account or a domain account. Here is a list of some of the site system roles:

  • Site system role: A machine that provides some of the core functionality for the site. Any machine that hosts a site system role is called a site system server.

  • Site database server: A site database server hosts the MS SQL Server database, which stores information about the site.

  • Component server: This is a machine running the Configuration Manager Executive service.

  • Management point: This role provides information to clients and receives configuration data from them. This site role manages the communication between a client and a site server.

  • Distribution point: This site system role contains all the source files enabled for download by clients, such as applications, software packages and updates, OS images, and their respective boot images.

  • Reporting services point: This role is required if you are using reporting. It integrates with the MS SQL Server Reporting Service instance.

  • State migration point: This role is used to store the user's state when a computer migration is performed.

  • Software update point: This role provides software updates for System Center Configuration Manager clients by integrating with Windows Server Update Services.

  • System health validator point: This is a necessary role if you use Configuration Validation performed by Network Access Protection, and it is installed only on a NAP-enabled server.

  • Endpoint Protection point: This is an optional site system role that Configuration Manager uses to enable Endpoint Protection on your site.

  • Fallback status point: This role provides an alternative location for clients to send messages to during installation when they cannot reach their management point. This role monitors client installation and identifies clients that are unmanaged because they cannot reach their management point.

  • Out-of-band service point: This role is used for the provisioning and configuration of Intel AMT-based computers.

  • Asset intelligence synchronization point: This connects to System Center Online in order to download Asset Intelligence catalog information and upload uncategorized titles so that they can be considered for future inclusion in the catalog.

  • Application Catalog web service point: This role provides information on the Application Catalog website from Software Library.

  • Application Catalog website point: This role provides clients with a list of the available software from Application Catalog.

  • Enrollment proxy point: This role intercepts enrollment requests from mobile devices so that they can be managed by System Center Configuration Manager.

  • Enrollment point: This role provides PKI certificates to mobile devices to finish the enrollment of mobile devices. It also enrolls Mac computers. It is also used to provision AMT-based computers.

You can find the full list of site system roles at the following link:

Site administration

Site administration activities include planning, analysis, installation, management, and monitoring of the System Center Configuration Manager 2012 R2 site hierarchy. There are three scenarios with respect to site hierarchy, and they are as follows:

  • A standalone primary site.

  • A primary site with one or more secondary sites.

  • A central administration site with one or more primary sites. Each primary site in this configuration can have one or more secondary sites.

Different configurations apply to different parts in the site hierarchy. This means that some site system roles are only available in the central administration site and some are only available at a child primary or a standalone site. When you have a single standalone primary site, you have all of the site system roles at your disposal.

Planning and deploying sites

Deploying your first site defines the entire structure of your hierarchy. This primary site supports secondary sites, and it can be extended with a central administration site. You can get more information on how to extend a primary site with a central administration site at the following link:

Deploying the central administration site as the first site will provide the flexibility to expand the hierarchy as your business needs and company grow.

More information about planning and deploying sites and defining the site hierarchy can be found at the following link:

If you plan to use certificates in your System Center Configuration Manager hierarchy, you need to plan the dependencies for PKI in your infrastructure. You can read more about PKI certificate requirements for System Center Configuration Manager at the following link:

For each site that you install, you have to install and configure site system roles for management. You have to review all the site system roles and see how to deploy them. For example, some roles require only one instance in the hierarchy and some roles require instances in each site. Finally, there are site system roles that can have multiple instances within a site.

If you deploy a central administration site, you can deploy site system roles that are used to monitor the entire hierarchy or roles that provide services for the entire hierarchy, such as the Endpoint Protection point. For primary sites, you need system roles for client communication, such as the software update point and the management point.

In order to plan your Configuration Manager's infrastructure better and deploy the site system roles in the most appropriate places, read the instructions at the following link:

After you deploy the first site, you can start configuring settings for hierarchy-wide operations and settings that are site-specific. Both configurations affect how sites operate and how clients function. The following is a list of some of the hierarchy-specific configurations:

  • Role-based authentication: You can create administrative users who manage System Center Configuration Manager and give them specific roles and scopes.

  • Resource discovery: You can discover active directory forests, groups, systems, users, network discovery, and heartbeat discovery.

  • Boundaries and boundary groups: These groups control client site assignment and site system servers from which clients obtain an application and other content.

  • Client settings: These settings specify how System Center Configuration Manager clients perform different tasks on the client machine. These tasks can check for new applications, check the hardware and software inventory, and so on.

Here are some site-specific settings:

  • The summarization of status messages collected from the clients

  • Maintenance tasks

  • Site components that control how site system roles work in a site

Monitoring and maintaining the hierarchy

Monitoring and maintaining the status of the hierarchy is very important. The status can change over time and changes need to be addressed. To keep all the systems in prime condition, you must monitor the hierarchy for problems and take actions in order to prevent problems.

You can perform the monitoring tasks for the hierarchy by using the Monitoring section in the System Center Configuration Manager console and also configure maintenance tasks at each site to help maintain efficiency. System Center Configuration Manager provides built-in tasks that can be used to monitor and maintain the following:

  • Reports that inform about the failure of tasks and operational status

  • Receive alerts for current or upcoming problems

  • Client statuses, which can show which clients are active

  • View status of endpoint protection clients