SCCM Primary sites design considerations

Today I will discuss scenarios under which you might require multiple primary sites.

As a thumb rule use a stand-alone primary site to support management of all of your systems and users. This topology is also successful when your company’s different geographic locations can be successfully served by a single primary site. To help manage network traffic, you can use multiple management and distribution points across your infrastructure to optimize network traffic.

A stand-alone primary site supports:

  • 175,000 total clients and devices, not to exceed:
    • 150,000 desktops (computers that run Windows, Linux, and UNIX)
    • 25,000 devices that run Mac and Windows CE 7.0

For mobile device management:

  • 50,000 devices by using on-premises MDM
  • 150,000 cloud-based devices

For example, a stand-alone primary site that supports 150,000 desktops and 10,000 Mac or Windows CE 7.0 can support only an additional 15,000 devices. Those devices can be either cloud-based or managed by using on-premises MDM.

For more information on sizing check https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/size-and-scale-numbers

Now let’s get into scenarios of considering more than 1 Primary sites

  1. Load balancing across two Primary Sites

This scenario comes into play when you will have a Central Administration Site (CAS), and 2 or more Primary Sites with the thought of splitting the clients across multiple primary sites, in this scenarios if you lose one Primary site, you could still support half of your environment until the other Primary is recovered.

Below are pros and cons of this design:

Pros

  • If you lose the CAS or One Primary, then at least one Primary is still functional, as are its Secondary Sites until the CAS or other Primary is brought back online.

The deciding factor for this is if you have a tight SLA in bringing up SCCM sites then this is your best bet.

Typically, it takes around 3 hours to bring back SCCM sites if you have SCCM DB as SCCM site backup available.

  • Removes the Single Point of Failure scenario from the design, as clients assigned to other primaries would still be able to report in and be managed.

If need be, you can also manually switch clients to report to the available primary sites and continue to manage them

Cons

  • Increased Licensing costs
  • Increased hardware costs
  • Increased SQL Replication
  • Change latency across the Infrastructure as well as Locking due to replication latency
  1. Redundancy and High Availability

The data from Primary Sites and the CAS replicates among sites in the hierarchy. The CAS also provides centralized Administration and reporting.

Note that automatic Client Re-assignment does not occur when a Primary Site fails.

The result of a Primary Site failure is that the Primary Site and its Secondary sites communication are now broken, and the Secondary Sites cannot be re-parented. This coupled with the fact that the Client cannot be easily re-assigned in the time it would take to recover the failed Primary Site means there is really not a valid reason to do this unless the time it will take you to recover the Primary site, is greater than the time it would take to reassign and reinstall all of the Secondary sites the failed primary had.

However, this becomes valid when the scenario of Natural Disaster or War Type precautions for redundancy are being considered where the other location won’t be coming back online for quite some time.

  1. Geographic Boundaries

In some scenarios, companies across different countries require that each continent or country can share data, but that they also must be able to still support their country or continents clients must still be manageable. In this case, which is a business case for continuity; it would be feasible to have more than one Primary Site. Making the choice to use another Primary site in this case should be based on connectivity and client count because just using a Secondary site or remote Distribution point should be good enough for Geographic separation.

  1. Political or just that your clients want it

In some scenarios, your client you want multiple primary sites and segregate clients between them just because they are being managed by different departments or heads.

There can also be situations where they want to segregate data clients between and do not want everybody in the organization to have to access to all information.

Practically this cannot be a good reason to have multiple primary sites as SCCM user roles permissions can take care of it. And CAS by default will have access to all the information across primary sites.

However, there are situations that I have come across where this is required for client satisfaction.

Patching by Orchestrator Part -1

Today i will explain you how you can achieve patching by orchestrator including complex patching procedures.

Below is list of software that you will need:

  1. Excel – To put the steps that needs to be carried out in a sequential order
  2. MS SQL DBs
  3. PS Scripts
  4. MS Orchestrator
  5. MS SCCM
  6. MS SCSM (incase you want to make patching a self service offering)

Now a few things to keep things in order:

  • In a Excel sheet arrange all steps that needs to be automated, below is just an example of column headers:

SequenceNo ActionType ComputerName Parameter1 Parameter2 Parameter3 Parameter4 Parameter5 Parameter6 Outcome Expected Patching by Orchestrator Excel sheet Template Patching by Orchestrator Template

  1. Now create DBs called ‘SteptoExecute’ in a SQL instance where you will upload the steps created in the previous steps, my suggestion is to create it in Orchestrator instance itself
  2. Another DBs called ‘ExecutedSteps’
  3. Now you have to create 1 main runbook which in turn will call multiple other runbooks that you need to create in next step.
  4. Here runbooks should be arranged to first read steps from ‘SteptoExecute’ and then invoke runbooks based on sequence#
  5. Other multiple runbooks that you need to create will mainly depend upon complexity of steps, here i will just give a high level of runbooks that will typical be required
    • SCCM Patch push code runbook
    • SCCM patching status code check runbook
    • Service Start runbook – Runbook will take service name
    • Service Stop runbook
    • Service restart runbook
    • Computer restart
    • Computer restart with timeout
    • Computer restart with check when it’s back online
    • Run Program- Can use to run a batch file
    • Web Status code checker – can be used to check response status code of web application – Click to download runbook  web application response status code checker
    • Email activity runbook – to send status of steps executed over an email
  6. Now use orchestrator runbook to invoke steps from the DBs in the sequential order arranged, use SQL DB read activity or a PS script
  7. Each step has an associated action type with it as explained earlier, which in turn will call the runbooks and runbooks will execute the steps such as stop/start/restart services, run batch files, rename files, start a web service, stop a web site and etc
  8. Make sure to make runbooks names same as action type, it will easier to invoke runbooks in the previous step
  9. Once all the steps are executed a email activity combines all the steps executed along with the results that are saved in ‘ExecutedSteps’ Db

Download link to Visio Diagram

In the next part i will share with you scripts that you will need and reference to other MVP and system center blogs which will be helpful to you.

However, due to NDA with my ex employer i will not be able to share complete runbooks or scripts that i have used. 

Please note, do test your runbooks in a dev environment first. Sometimes it can take a few trial and error in getting the steps in a sequence order.

Hex & RGB Color Scale

While designing forms in Service Manage or make changes to colour scheme in SCOM you need hex colour codes.

I needed it while making changes to colour scheme in service manger self service portal and had to go to multiple portals to generate value for each colour. So i decided to put all the codes in excel sheet and publish it for everyone who needs it.

Download file: Hex & RGB Color Scale

 

Stop runbook instance by orchestrator

If you are an automation geek, you will come across multiple scenarios where you would like to stop a runbook while it is getting executed. unfortunately OOTB MS orchestrator does not have any activity that supports this model.

There is PS command lets that you can use but it is quite complex and most important it is very difficult to  have it triggered automatically (runbook runtime).

However, there is awesome ready made integration pack available from Kelverion Kelverion integration pack for runbook management you can use this IP to stop, start, get runbook status and get runbook ID. Obviously this comes at a cost, now if you are an geek like me who like to do things rather than buy them then click here: Stop runbook instance

How it works:

Just enter  Runbook ID or unique ID is taken as an input parameter, (you need to fetch this info the orchestraor database or orchestrator web URL).

Once unique ID is entered,  stop runbook will automatically fetch it instance id (this will be unique every time a runbook runs) from orchestrator DB and stop only that instance of the runbook.

I hope this will be of  help to the community.

Please post your feedback in comments section below.

SCSM 2012 self service portal in Arabic

SCSM self service portal in not supported in arabic and neither there is much way to do it other than buying a portal from a third party vendor like Expit

I came across such a situation and buying a third party product was not a solution for me at that time and therefore had to write the silveright rex file myself in Arabic. (Thanks to my friend for the translation work)

Even if you just install SharePoint Arabic LP and make changes in your SCSM service offering to Arabic, you still have certian portions of the portal which is based on silverlight displayed in English, as it the default fall back language. Microsoft does not make Arabic silverlight localization for SCSM SM portal.

So if you are in sitaution like how i was, this file will be of your help.

Well now how does this work?

  1. Install SharePoint Arabic LP on the server hosting your SCSM self service portal.
  2. Go to folder where you have your resx other language files, typically it will be under inetpub\service manager\content
  3. Create a new folder called ‘ar’ without the quotaion marks.
  4. Now just dump the file in the folder.
  5. Go back to your portal, change the display language and you will say all your SM content is also displayed in Arabic.
  • If you want to change the portal to RTL then make the changes by using sharepoint designer and search for allignment and just change LTR to RTL for language ‘ar’ only.

In this way you will be able to get your self service portal completely in Arabic.

Download file from here: SCSM Self Service portal in Arabic

Note this will work only on self service portal based on silverlight. 

I am working on to make this for the new HTML 5 portal too, will post it by next month.

Blank select performance counter in SCOM

Issue:

When it says select performance counter like in the screenshot below  and you do not see anything to select

SCOM_Blank Performance counter error

Resolution:

Enable the monitors which are associated with the performance counters.

Reason:

Monitors associated with the performance counters are in disabled state. As a result, you get the see the views but cannot select the counters.

This happens when we import MPs which bring in monitors but it is in disabled state by default.

 

ITIL Process and System Center Service Manager

While deciding on a ITSM tool  there are many Qs that comes to one’s mind, below are most important one’s:

  • How many ITIL process can the tool support?
  • What is licensing model of tool?
  • How flexible is the tool in terms of configuration and customisation?
  • Can the tool support self service and keep up with business expectation in IT automation
  • How easy it is for end users to use it?
  • Last but the most important one, what is the Capex and Opex involved as IT is a cost center, budget is always a constraint

Here, i will try to answer the above questions.

Below is a table of ITIL process Vs OOTB System Center and MS tools capabilities

S. No ITIL Process Supported by System Center tool How it can be achieved
1 Service Strategy
1.1 Strategy Management for IT Services This is a combination of documentation and management review Microsoft EPM/Microsoft Office Sharepoint Server (MOSS) can be used
1.2 Service Portfolio Management SCSM
1.3 Financial Management for IT Services Other ERP tools can be used MS Dynamics
1.4 Demand Management SCOM Limited capabilities
1.5 Business Relationship Management SCSM Yes, only for customer satisfaction survey along with SCSM and SharePoint
2 Service Design
2.1 Design Co-ordination This is a manual exercise
2.2 Service Catalogue Management SCSM
2.3 Service Level Management SCSM
2.4 Availability Management SCOM
2.5 Capacity Management SCOM SCOM reporting
2.6 IT Service Continuity Management SCOM, SCDPM Through SCOM and System Center Data Protection Manager (SCDPM)
2.7 Information Security Management SCCM, SCSM SCCM to track no. compliant machines and SCSM for incident and service request
2.8 Supplier Management SCSM Service Catalogue of SCSM
3 Service Transition
3.1 Change Management SCSM
3.2 Service Validation and Testing SCORC Automated testing can be achieved by PS and orchestrator runbooks
3.3 Asset and Configuration Management SCCM, SCOM, SCSM Inventory information from SCCM, SCOM can be brought into a central repository of SCSM CMDB
3.4 Release and Deployment Management SCSM, SCORC SCSM to track releases and SCORC to auto deploy packages
3.5 Knowledge Management SCSM
3.6 Change Evaluation SCSM This is more of manual execise
3.7 Transition and Planning Support This is manual task
4 Service Operation
4.1 Event Management SCOM, SCCM
4.2 Incident Management SCSM
4.3 Request Fulfillment SCSM
4.4 Problem Management SCSM
4.5 Access Management SCSM, SCORC Limited capabilities
5 Continual Service Improvement
5.1 Continual Service Improvement Manual Task but Service Reporting can be generated from SCOM, SCSM, SCCM, etc

Coming to 2 point. SCSM licensing model is simplest of all, it comes along with System Center license which means you buy one edition of datacenter or Enterprise edition and you can use any product from the system center suite without any additional cost.

Infact this is least expensive ITSM tool in the market.

3rd point

SCSM is undoubtedly winner here, with SCSM authoring tool kit you can customise the tool to any length.

4th point

SCSM along with SCORC can be stretched to any length in terms of automation. Here also to further expand capabilities you can buy third party integration packs or build your own for more custom requirements. Of course, integration packs with MS products comes for free.

5th point

Yes, SCSM is relatively simple to use mainly as it lacks a lot of bells and whistles that today’s ITSM tools have specially when you pitch it against top tools of market. However, it will be a wrong comparison. SCSM is best suited for small enterprises.

Finally,  my recommendations is go for SCSM incase of SME where end users is not more than 5K and daily ticket limit does not hit over 2K (including incident, change, service request)

It is great tool, if you have a dedicated resource or team to work on automation of your daily tasks as SCSM is best in market in terms automating things and comes almost a zero cost.

Please share your feedback and comments below on SCSM experience.