Jake Posted April 23, 2015 Report post Posted April 23, 2015 Good morning, Having read some conflicting info recently I am hoping someone can please sanity check my SCCM deployment plans... I have been using SCCM 2012 (/R2) since more or less release, thanks to windows-noob guides and we are now heavily reliant on it as a platform for OSD, SUS and application deployment. I am at a school of approx 900 devices and 1600 users in the process of migrating computers, groups, users and mailboxes to a new domain along with a few other schools that form an academy trust. Existing SCCM 2012 environment is a single site, single distribution point, everything connected by 1gbit. New environment will span 4 schools and potentially leverage azure in the future interconnected by a shared 100mbit link that may well burst up to close to 100mbit, but it is not expected that we should saturate this link. The current plan for new domain is a single sccm 2012 r2 site with locally installed SQL 2012 SP2, that may well end up in azure, and a distribution point in each school all with the same site code. school1 has ~900 devices and 1600 users school2 has ~1000 devices and 1800 users school3 has ~200 devices and 500 users school4 has ~300 devices and 600 users but will grow considerably due to being new build. Expectations are that we will not exceed even 5000 devices in the next few years (by which point I'm sure we will be considering the next SCCM offering and potentially a new design). Licensing of many products including Microsoft Windows/Office etc will be done as a whole over the entire environment, many other products will be specific to an individual school e.g. Adobe CS6. Boundaries/Boundary Groups have been defined by AD Site. Distribution Points and Distribution Point Groups have been configured and associated with some relevant collections - along with having configured a number of collections obviously. It is currently built to the point of being able to deploy an OS, deploy Office and deploy appropriate Windows/Office updates via WSUS and only a single school with a distribution point so far, and none deployed to the other schools. Have also confirmed that the OS is coming from that local DP and not from the main site DP (having lost a lot of time and hair screaming at my monitor I discovered I had a tick in 'Use this boundary group for site assignment' on main site GRR). My question is - is this how you would set it up? Would you have a primary site/site code for each school in the environment? I would prefer not to have to rip everything out and start fresh, but will if recommended and certainly don't object to ripping out/changing the way my local DP server is setup etc. Your comments, suggestions and advice is very much appreciated. Thank you Quote Share this post Link to post Share on other sites More sharing options...
Garrett804 Posted April 23, 2015 Report post Posted April 23, 2015 I think your design is good for that amount of devices. You only need a single primary server until you get up to around 100,000 devices. You can always put in secondary's if you need to control the traffic a bit more for machines checking in. You can help control your bandwidth usage by having your packages on the DP's at each site so they don't pull from your main location. You can also help with the SUP and WSUS updates by having the packages for those also on the DP's so that your wan bandwidth stays minimal with having machines go out to Microsoft to get all the updates. 1,000 machines going out to download updates can put a nice hit on a 100Mb connection pretty quick. For the size of your environment I'd say to just "Keep it Simple" and go with a single site, single server installation. You can add on the DP roles to your local file/print/dhcp servers on each school location so your equipment costs will be down. You need to just ensure that you have enough volume to accomidate the storage you'll need for all your packages. Your most important design piece will be the hardware layout that you choose for the primary server. Remember that by having both the site and SQL on the same system your IO can be higher so you'll want seperate physical discs for the SQL pieces as well as the OS and SCCM piece. I run basically the same type of setup. - Single Primary server with local SQL installed - 26 DP's spread out across the US - Single Site I do the following config for discs on my primary server: - Raid 1 (2 discs, 146Gb discs should be fine) System OS - Raid 1 (2 discs, 146Gb discs should be fine) SCCM App - Raid 10 (4 discs, 146Gb discs should be fine) SQL Data - Raid 1 (2 discs, 146Gb discs should be fine) SQL Logs - Raid 1 (2 discs, 146Gb discs should be fine) SQL Temp - Raid 10 (8 discs, 300Gb discs) Source Content In terms of the SQL performance which dictates your entire systems response time going through the console make sure you read up on performance tweaks like breaking the tempdb files up etc.. 1 Quote Share this post Link to post Share on other sites More sharing options...
Jake Posted April 24, 2015 Report post Posted April 24, 2015 I think your design is good for that amount of devices. You only need a single primary server until you get up to around 100,000 devices. You can always put in secondary's if you need to control the traffic a bit more for machines checking in. You can help control your bandwidth usage by having your packages on the DP's at each site so they don't pull from your main location. You can also help with the SUP and WSUS updates by having the packages for those also on the DP's so that your wan bandwidth stays minimal with having machines go out to Microsoft to get all the updates. 1,000 machines going out to download updates can put a nice hit on a 100Mb connection pretty quick. For the size of your environment I'd say to just "Keep it Simple" and go with a single site, single server installation. You can add on the DP roles to your local file/print/dhcp servers on each school location so your equipment costs will be down. You need to just ensure that you have enough volume to accomidate the storage you'll need for all your packages. Your most important design piece will be the hardware layout that you choose for the primary server. Remember that by having both the site and SQL on the same system your IO can be higher so you'll want seperate physical discs for the SQL pieces as well as the OS and SCCM piece. I run basically the same type of setup. - Single Primary server with local SQL installed - 26 DP's spread out across the US - Single Site I do the following config for discs on my primary server: - Raid 1 (2 discs, 146Gb discs should be fine) System OS - Raid 1 (2 discs, 146Gb discs should be fine) SCCM App - Raid 10 (4 discs, 146Gb discs should be fine) SQL Data - Raid 1 (2 discs, 146Gb discs should be fine) SQL Logs - Raid 1 (2 discs, 146Gb discs should be fine) SQL Temp - Raid 10 (8 discs, 300Gb discs) Source Content In terms of the SQL performance which dictates your entire systems response time going through the console make sure you read up on performance tweaks like breaking the tempdb files up etc.. Thank you Garett, really appreciated to have someone just double check things. All of the servers will be/are VMs - microsoft licensing in schools at least in Uk, is incredibly cheap - physical tin is where we struggle a little more. A SAN upgrade will not happen for a while yet but it does ok. Our current/old sccm environment is all on a single VM so I am used to the relatively slow performance - still, it is ok for us - even then I think a ram uprade here would make a significant difference. Again, thank you for the time you have taken to reply. Quote Share this post Link to post Share on other sites More sharing options...
Garrett804 Posted April 24, 2015 Report post Posted April 24, 2015 You can help with some performance on the VM by offloading roles like separate the MP, SUP, and DP roles from the main System with the SQL. This will cut down on the requests. Also if you lengthen out some of the scheduled processes like inventories, software update scan cycles etc... your SQL install won't be hit so much either so that will help with some performance. The time you choose either leaving them all at default times or extending them out is of course something you'll have to decide on. Depending on the SAN solution you all are utilizing that will be your #1 issue because its not dedicated hardware. Modern San's that use SSD technology really are a great benefit for large VM environments and have much better redundancies built into them as well. A good example of one would be Nimble. Good luck and please come back and feel free to ask questions here as we all like helping each other out. Quote Share this post Link to post Share on other sites More sharing options...