In late October of 2013, Microsoft published the R2 System Center 2012 Configuration Manager release. I thought that I would put together a simple overview guide to help those of you looking to deploy this update. What will this posting help you to accomplish?
A. If you are not sure about your SCCM architecture, and need a refresher on the various components first, see below:
B. This checklist/guide will explain the steps required to upgrade an existing SCCM 2012 SP1 Stand-alone primary site to SCCM 2012 R2. ( 15 step checklist is at the END of this post )
A. System Center 2012 R2 Configuration Manager Design Considerations
1) Central Administration Site (CAS) – A central administration site can support up to 25 child primary sites. When you install a Central Administration Site and use an Enterprise or Datacenter edition of SQL Server, the hierarchy can support a combined total of up to 400,000 devices.
2) Primary Site – Each primary site can support up to 250 secondary sites and up to 100,000 clients.
3) Secondary Site – A secondary site supports a maximum of 5,000 clients. For secondary sites SQL Server must be installed on the site server computer and in a location if there are fewer than 500 clients, consider a distribution point instead of a secondary site.
4) Management Point (MP) – Each primary site supports up to 10 management points and each primary site management point can support up to 25,000 computer clients. Each secondary site supports a single management point which must be installed on the site server computer.
5) Distribution Point (DP) – With System Center 2012 R2 Configuration Manager each primary and secondary site supports up to 250 distribution points and each distribution point supports connections from up to 4,000 clients. Each primary site supports a combined total of up to 5,000 distribution points. This total includes all the distribution points at the primary site and all distribution points that belong to the primary site’s child secondary sites. Each primary and secondary site supports up to 2,000 additional distribution points configured as pull-distribution points. For example, a single primary site supports 2,250 distribution points when 2,000 of those distribution points are configured as pull-distribution points.
6) Software Update Point – A software update point that is installed on the site server can support up to 25,000 clients.
7) Fallback status point – Each fallback status point can support up to 100,000 clients.
The DEFAULT SITE SYSTEM ROLES are described in the following table.
Site system role
|Configuration Manager site server||The site server role is automatically installed on the server from which you run Configuration Manager Setup when you install a central administration site or primary site. When you install a secondary site, the site server role is installed on the server that you specify as the secondary site server.|
|Configuration Manager site system||Site systems are computers that provide Configuration Manager functionality to a site. Each site system hosts one or more site system roles. Most site system roles are optional, and you install them only if you have to use them for specific management tasks. Other site system roles are automatically installed on a site system and cannot be configured.This role is assigned during Configuration Manager site installation or when you add an optional site system role to another server.|
|Configuration Manager component site system role||Any site system that runs the SMS Executive service also installs the component site system role.This role is required to support other roles, such as a management point, and it is installed and removed with the other site system roles.This role is always assigned to the site server when you install Configuration Manager.|
|Configuration Manager site database server||The site database server is a computer that runs a supported version of Microsoft SQL Server, and it stores information for Configuration Manager sites, such as discovery data, hardware and software inventory data, and configuration and status information.Each site in the Configuration Manager hierarchy contains a site database and a server that is assigned the site database server role. You can install SQL Server on the site server, or you can reduce the CPU usage of the site server when you install SQL Server on a computer other than the site server. Secondary sites can use SQL Server Express instead of a full SQL Server installation.The site database can be installed on the default instance of SQL Server or on a named instance on a single computer that is running SQL Server. It can be installed on a named instance on a SQL Server cluster.Typically, a site system server supports site systems roles from a single Configuration Manager site only; however, you can use different instances of SQL Server on clustered or non-clustered servers running SQL Server to host the database for different Configuration Manager sites. For this configuration, you must configure each instance of SQL Server to use different ports.
This role is installed when you install Configuration Manager.
|SMS Provider||The SMS Provider is the interface between the Configuration Manager console and the site database. This role is installed when you install a central administration site or primary site. Secondary sites do not install the SMS Provider. You can install the SMS Provider on the site server, the site database server (unless the site database is hosted on a clustered instance of SQL Server), or on another computer. You can also move the SMS Provider to another computer after the site is installed, or install multiple SMS Providers on additional computers. To move or install additional SMS Providers for a site, run Configuration Manager Setup, select the option Perform site maintenance or reset the Site, click Next , and then on the Site Maintenance page, select the option Modify SMS Provider configuration.
The OPTIONAL SITE SYSTEM ROLES are described in the following table.
Site system role
|Application Catalog web service point||A site system role that provides software information to the Application Catalog website from the Software Library.|
|Application Catalog website point||A site system role that provides users with a list of available software from the Application Catalog.|
|Asset Intelligence synchronization point||A site system role that connects to Microsoft to download Asset Intelligence catalog information and upload uncategorized titles so that they can be considered for future inclusion in the catalog. This site system role can only be installed on the central administration site or a stand-alone primary site. For more information about planning for Asset Intelligence, see Prerequisites for Asset Intelligence in Configuration Manager.|
|Certificate registration point||A site system role that communicates with a server that runs the Network Device Enrollment Service to manage device certificate requests that use the Simple Certificate Enrollment Protocol (SCEP).
|Distribution point||A site system role that contains source files for clients to download, such as application content, software packages, software updates, operating system images, and boot images. You can control content distribution by using bandwidth, throttling, and scheduling options. For more information, see Planning for Content Management in Configuration Manager.|
|Fallback status point||A site system role that helps you monitor client installation and identify the clients that are unmanaged because they cannot communicate with their management point.|
|Management point||A site system role that provides policy and service location information to clients and receives configuration data from clients. You must install at least one management point at each primary site that manages clients, and at each secondary site where you want to provide a local point of contact for clients to obtain computer and user polices.|
|Endpoint Protection point||A site system role that Configuration Manager uses to accept the Endpoint Protection license terms and to configure the default membership for Microsoft Active Protection Service.|
|Enrollment point||A site system role that uses PKI certificates for Configuration Manager to enroll mobile devices and Mac computers, and to provision Intel AMT-based computers|
|Enrollment proxy point||A site system role that manages Configuration Manager enrollment requests from mobile devices and Mac computers.|
|Out of band service point||A site system role that provisions and configures Intel AMT-based computers for out of band management.|
|Reporting services point||A site system role that integrates with SQL Server Reporting Services to create and manage reports for Configuration Manager. For more information, see Planning for Reporting in Configuration Manager.|
|Software update point||A site system role that integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients. For more information, see Planning for Software Updates in Configuration Manager.|
|State migration point||A site system role that stores user state data when a computer is migrated to a new operating system. For more information about storing user state when you deploy an operating system, see How to Manage the User State in Configuration Manager.|
|System Health Validator point||A site system role that validates Configuration Manager Network Access Protection (NAP) policies. It must be installed on a NAP health policy server.|
|Windows Intune connector||A site system role that was introduced in Configuration Manager SP1 that uses Windows Intune to manage mobile devices in the Configuration Manager console.|
Site System Role Placement in Hierarchy
Use the following table to identify the site system roles that you can install at each type of site in a System Center 2012 Configuration Manager hierarchy, and whether the site system role provides functionality for its site only, or for the entire hierarchy. You can install any supported site system role on the site server computer or on a remote site system server at a central administration site or primary site. At a secondary site, only the distribution point is supported on a remote site system server.
Site system role
Central administration site
Child primary site
Stand-alone primary site
Site-specific or hierarchy-wide option
|Application Catalog web service point||No||Yes||Yes||No||Hierarchy|
|Application Catalog website point||No||Yes||Yes||No||Hierarchy|
|Asset Intelligence synchronization point1||Yes||No||Yes||No||Hierarchy|
|Certificate registration point||Yes||Yes||Yes||No||Hierarchy|
|Distribution point2, 5||No||Yes||Yes||Yes||Site|
|Fallback status point||No||Yes||Yes||No||Hierarchy|
|Management point 2, 3, 5||No||Yes||Yes||Yes||Site|
|Endpoint Protection point||Yes||No||Yes||No||Hierarchy|
|Enrollment proxy point||No||Yes||Yes||No||Site|
|Out of band service point||No||Yes||Yes||No||Site|
|Reporting services point||Yes||Yes||Yes||No||Hierarchy|
|Software update point 4, 5||Yes||Yes||Yes||Yes||Site|
|State migration point 5||No||Yes||Yes||Yes||Site|
|System Health Validator point||Yes||Yes||Yes||No||Hierarchy|
|Windows Intune connector||Yes||No||Yes||No||Hierarchy|
1 Configuration Manager supports only a single instance of this site system role in a hierarchy.
2 By default, when you install a secondary site, a management point and a distribution point are installed on the secondary site server.
3 This role is required to support clients in Configuration Manager. Secondary sites do not support more than one management point and this management point cannot support mobile devices that are enrolled by Configuration Manager. For more information about the site system roles that support clients in Configuration Manager, see Determine the Site System Roles for Client Deployment in Configuration Manager.
4 When your hierarchy contains a central administration site, install a software update point at this site that synchronizes with Windows Server Update Services (WSUS) before you install a software update point at any child primary site. When you install software update points at a child primary site, configure it to synchronize with the software update point at the central administration site.
5 Prior to System Center 2012 R2 Configuration Manager, all site system roles at a secondary site must be located on the site server computer. The only exception is the distribution point. Secondary sites support installing distribution points on the site server computer and on remote computers. Beginning with System Center 2012 R2 Configuration Manager, the state migration point can also be installed on the site server computer or on a remote computer, and can be co-located with a distribution point.
B. SCCM 2012 R2 Upgrade Checklist/Guide
- Verify that all your sites run SCCM 2012 SP1
- Uninstall the existing version of Windows Assessment and Deployment Kit (ADK) 8.0 Note: If you have other servers with the SMS Provider installed, you also need to uninstall Windows ADK 8.0 on these servers
- Install Windows Assessment and Deployment Kit (Windows ADK) 8.1 for Windows 8.1 Download Windows ADK 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39982
- Review the site and hierarchy status.
- Install all critical updates available from Microsoft Updates on all relevant servers.
- Back up the site database.
- Disable all site maintenance tasks that might run during the upgrade.
- Run Setup Prerequisite Checker, to verify that the site server is ready to upgrade.
- Download the prerequisite files and redistributable files for SCCM 2012 R2 by running setupdl.exe.
- Test the database upgrade process on a copy of the most recent site database backup. More information: http://technet.microsoft.com/en-us/library/8b6ff5c8-3c84-49fb-8bc7-930bed865de5#BKMK_TestSiteDBUpgrade
- Restart the site server (to ensure that there are no pending restarts).
- Install the SCCM 2012 R2 Upgrade on the Primary Site Server.
- Upgrade the stand-alone Configuration Manager Consoles.
- Reconfigure the database maintenance tasks you might have disabled prior to the upgrade.
- Upgrade clients (use any method you prefer).
- Rockin’ the CASB – What you need to know about Cloud Access Security Brokers …
- Cloud Tweaks Blog … What Do You Know About Cloud Security?
- Security Awareness @ ISC2 Security Congress 2015
- Secure the Power of the Cloud … (and get certified while doing it)
- Announcing Exchange Server 2016 Preview!
- VMware Scripting Overview – A quick look under the hood
- Checklist: Use AD FS to implement and manage single sign-on with Server 2012/R2
- Checklist: Setting up a Federation Server (ADFS) for use with Office 365 on Windows Server 2008/R2
- The (ISC)² CISSP Domain Refresh … Are you prepared?
- vSphere 6.0 is on the way !!! …. Are you ready???