Question on "best" topology design

[HaikoH]

Hello at all!

 

I have a question about what would be the "best" topology design for our purpose.

 

First of all, I want to give you a short idea of our network. We have 6 offices in the country, all connected trough Site-to-Site-VPNs. I wan't to manage (mostly install) clients (via OSD) on a weekly base (We are MS Learning Partner and want to set up our classroom computers via OSD Tasklists).

I have a server on each site that could uses for SCCM. Memory Considerations and licensing is nearly no fact that influences our decission.

 

So I think there are two options:

 

1.) One CAS and a Pri-SIte on our headquarter and one Pri-Site on each other site.

 

2.) One Pri-Site on our headquarter and one Sec-Site on the rest of the sites

 

What would you recommend? What is "best practice" and why? Technically, option 2 would be sufficient.

[HaikoH]

I forgot to mentiion, that each site has approx. 25 clients to manage...

[Peter van der Woude]

I can't think of any reason why you should go for scenario 1....

[Rocket Man]

1 Primary and remote DPs at each of the other locations...

[Kingen]

I would go with rocket man's sugesstion, but it depends, is the VPN links fast or slow? Beacuse if you will use the MP at the primary site over the VPN's it might slow down a bit, then a local MP at each site would be to prefer?

[HaikoH]

Hey Guys. First, thanks for your opinions.

 

The version with just a PS in HQ and DPs in Branch-Offices gets me headache. The VPN-links are via ADSL, so they could fail anytime and the are asynchronous and slow (16MBit downlink, 1-2MBit uplink). At least OSD is critical for us, as we have to roll out PCs in every location every week on a single day. We are re-installing all our classroom PCs at least once, sometimes twice a week. If the link fails, we can't do anything as the connection to MPs is broken at this time.

 

So there is either "Single PS in HQ and SecSite on every Branchoffice" or "CAS and PS in HQ, PS in every Branchoffe"

 

What made me think about a central CAS and PS on every site is the thinking about similar situation: With just SecSites on the Branch-Offices and no connection between one of them and their PS, we can not set any changes as (AFAIK) the SecSites get all their configuration from their parent PS. Or am I wrong?

A PS in Hierarchy could still be configured and managed on it's own, even if the connection to CAS is broken, doesn't it?

 

What WORKS and what DOEST NOT if we choose to have a single PS and just SecSites in the branchoffice an either:

- Link between branchoffe and HQ fails or

- PS or other part of architecture in HQ fails

??

 

Could you please give me some hints?

Thanks a lot!

[Kingen]

PS + Secondary site:

Link dies, nothing really happens directrly, the clients in the remoteoffice can talk to the MP on the Secondareysite. It can acces sourcefiles from the DP on the Secsite.

 

PS + branch

Link dies, client's cant talk to the MP on HQ, they can access already existing sourcefiles that whould be avaible on any branchclient. But won't get any new deployments. They wont get updates no nothing.

 

 

 

But with ADSL i would go with PS and DistrubutionPoints, especially when you say that you are going to do OSD. Just install DP and enable PXE on it, distrubute sourcfiles to DP's and create a TaskSequence.

[HaikoH]

Hey Kingen!

 

I've set up a lab for this with a PS and a DP. DP can do OSD as long as the connection to the PS is OK. As soon as the connection to DP dies, Clients can't boot PXE any more. Is this normal??

 

Thanks so far...

[HaikoH]

Looks like the same happens with PS and SS. Client can PXE-boot from MP on SS as long as link to PS is ok. Link dead = no PXE-boot from MP on Secondary Site. What is wrong here?

[Peter33]

There is nothing wrong. The Primary Server holds the information about your PXE advertisments of your task sequnces. The WDS is just a helper tool. If there is no connection to your Managment Point it just can't get the required informations to service your clients.