Nunzi0 Posted July 5, 2017 Report post Posted July 5, 2017 I'm in the process of designing an entirely new System Center environment for my company and just have a couple of questions regarding the SQL setup for it. I know that i need a CAS hierarchy in this new setup, as it will be global. Unfortunately i have not built a CAS environment before and I'm a bit unfamiliar with the database that it runs on. My plan is to install the database instances on a clustered SQL environment, however i am just unsure if the CAS database needs to run locally on the CAS itself or not. Also, what type of data is on the CAS database itself? Is it the client data for the entire environment, or just used as a vehicle to replicate primary site data between sites? Just trying to size out the storage requirements for the databases. Any insight is appreciated. Thanks Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted July 6, 2017 Report post Posted July 6, 2017 So you have over 150,000 computers? If not then why have a CAS? Quote Share this post Link to post Share on other sites More sharing options...
Nunzi0 Posted July 6, 2017 Report post Posted July 6, 2017 It's not about the sheer number of machines we have, as we probably only have around 20k. It's more for a central reporting/asset source of truth for all locations. We're going to have 3 primary sites, and several child sites, and would like to have one point where several groups can administer the entire environment as a whole for consistency at every location. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted July 6, 2017 Report post Posted July 6, 2017 That is why you have one Primary and setup RBA to restrict access. Primary sites are NOT security boundaries. You are BEGGING for problems with a CAS. Quote Share this post Link to post Share on other sites More sharing options...
Nunzi0 Posted July 6, 2017 Report post Posted July 6, 2017 In our current DR strategy, we will typically shut down entire datacenters at a time for maintenance, patching, upgrades, etc. This is why i would need more than one primary site to be active in order to keep things up and running. If you still think that i could get by without a CAS for a scenario like this, i would definitely look into it. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted July 6, 2017 Report post Posted July 6, 2017 And how exactly will you be able to maintain patching when the CAS is down? Once The CAS is down, no new SU can be deployed. A CAS will not help with DR. if anything it will cause you more headache. What you should be looking at is your backup strategy. Where SQL is installed and How long it will take you to rebuild CM12. (Which BTW, why are you not moving to CMCB instead of CM12?), Are you using Physical or Virtual computers? etc. Fine your SLA for everything, It your SLA reasonable, most places the SLA is not reasonable. Quote Share this post Link to post Share on other sites More sharing options...
Nunzi0 Posted July 6, 2017 Report post Posted July 6, 2017 I was not aware of the CAS being down causing issues with SU. Thank you for that. If i install software update points at other primary sites, would i still be able to deploy them? To give you a better picture here's what i was thinking as far as layout: Datacenter A (Headquarters). with CAS and primary site. Roles on primary: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenter B. (HQ DR) with Primary Site. Roles: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenter C. Primary site. Roles: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenters D-K Child Sites. Same roles. SQL will be Windows Clustered servers in multiple datacenters running only the system center instances. All servers are virtual, and will be using SCCM/SCOM 2016 and SQL 2016. I dont expect any of the datacenters to be down for any extended period of time, but i would like to be able to say that if one goes completely dark from either power or connectivity that we can still deploy to other sites. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted July 6, 2017 Report post Posted July 6, 2017 No setting up another SUP will not help you with new SU. You can only have one AI point and you only one on FSP. Are you going with HTTPS? if not why have an FSP anyways? Why have a RP on a primary server? Generally it is recommend to have SQL local to CM. So exactly what version of CM are you going to installed? Why have Secondary site at all? Quote Share this post Link to post Share on other sites More sharing options...
Nunzi0 Posted July 6, 2017 Report post Posted July 6, 2017 So i cannot have an FSP designated for one site, and another FSP designated for a different site? Yes i will be using HTTPS wherever possible. As for the reporting on primary servers, this is for a site by site basis. I only want some select users to have access to reporting for all locations, and other users to have reporting capabilities for single locations. I suppose i could accomplish this with RBAC and site permissions on the CAS as well. For SQL, with our current licensing model we would need to run SQL servers that are solely for the purposes of System Center and nothing else in order to be included in the agreement. So, i want to run 2 SQL servers at one datacenter, and 2 at another datacenter in a Windows cluster. That cluster will hold the CM instance, and if possible the CAS instance. I do not manage the databases so you'll have to forgive my lack of knowledge there. This was the design given to me by the DBA's. I'll be using CM16 Secondary sites are for the more remote locations scattered across the globe. I guess i could just deploy a site server and MP/DP at those sites instead, that may be the better option since it will want a local copy of SQL. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted July 6, 2017 Report post Posted July 6, 2017 2 minutes ago, Nunzi0 said: So i cannot have an FSP designated for one site, and another FSP designated for a different site? Yes i will be using HTTPS wherever possible. As for the reporting on primary servers, this is for a site by site basis. I only want some select users to have access to reporting for all locations, and other users to have reporting capabilities for single locations. I suppose i could accomplish this with RBAC and site permissions on the CAS as well. For SQL, with our current licensing model we would need to run SQL servers that are solely for the purposes of System Center and nothing else in order to be included in the agreement. So, i want to run 2 SQL servers at one datacenter, and 2 at another datacenter in a Windows cluster. That cluster will hold the CM instance, and if possible the CAS instance. I do not manage the databases so you'll have to forgive my lack of knowledge there. This was the design given to me by the DBA's. I'll be using CM16 Secondary sites are for the more remote locations scattered across the globe. I guess i could just deploy a site server and MP/DP at those sites instead, that may be the better option since it will want a local copy of SQL. Personally I would avoid HTTPS, too many issue with too little gain. If you have a CAS you MUST set the RBA permissions. Primary site are NOT security boundaries! What happens on one primary WILL affect what happens at another. Even if you have a single primary you will need to set RBA permissions. CMCB comes with it own SQL licenses that can ONLY be used for CMCB (and related products, WSUS, MDT, etc.). So... jamming all of the SC product onto one server is a bad idea and it not for because of licensing reasons. Have a CAS and Primary on one cluster is a bad idea and might not ever work. Due to the Services that MUST be installed by each site server. Just so that you know there is no product called CM16, it call CMCB. What have an MP? There isn't a lot of content come and going from MPs. I hate to say it but I'm starting to think you should hire a consultant with experience to help with this design. Quote Share this post Link to post Share on other sites More sharing options...