WHITE PAPER

HOW TO GET THE

MOST FROM
YOUR MICROSOFT
CONFIGMGR 2012
MIGRATION

SCCM
2012
1E.COM

THE AUTOMATED MIGRATION: AN ANALYSIS OF OPTIONS

Contents

Share this

1E.COM

Overview

ConfigMgr 2012 Migration Options

Getting the Most from ConfigMgr 2012

14

1E Nomad: Enhancing Your ConfigMgr 2012 Infrastructure

19

How Else Can 1E Help

Abstract
This white paper sets out how you can
expedite your migration to ConfigMgr
2012. When the migration is done, or if
you have already migrated, it also
provides ideas to maximize SCCM 2012s
benefits and to lower your costs.

The Authors
Several of 1Es ConfigMgr technical
specialists have contributed to this
document, namely: Shaun Cassells, Troy
Martin, Mike Terrill, and Paul Thomsen.

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Overview
Microsoft System Center Configuration Manager 2012 (ConfigMgr or SCCM) has
been well received by organizations of all types and sizes around the world. Many of
the organizations that 1E works with have moved to it, are moving to it, or have
imminent plans to do so. If you are preparing to upgrade or are in the midst of such a
project, this is the ideal time to expedite your project, minimize your costs, and
maximize the benefits from ConfigMgr. If youve already made the move, you can build
on the lessons youve learned to make your ConfigMgr implementation even better.
Based on 1Es many years of experience as Microsofts premier ConfigMgr partner, this
document provides you with a wide variety of ideas and options to maximize the
return your organization is getting from your ConfigMgr investment. You can consider
implementing these ideas yourself, and where appropriate talk with 1E about how we
can help.
This document suggests options such as:
Use industry best practices when using the key SCCM 2012 features
Keep your ConfigMgr hierarchy as simple as possible (especially since SP1s
availability) you can add a Central Administration Site (CAS) or other primaries later
if business developments require them
Flatten your server infrastructure and cut on-going running costs
Consider the Intune integration option so that you can manage consumer-oriented
devices in addition to Windows computers (as well as Macintosh and Linux)
PowerShell support brings a new level of customization and control
In 2012 1E consultants took a deep dive into SCCM and published their tips for success.
Those original observations proved to be very helpful and popular so we were pleased
to update them in 2013 for Service Pack 1 (SP1). Later in this document you will find
updates to the changes that were made in ConfigMgr 2012 R2 and the changed
environment ConfigMgr now serves.

1E.COM

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

ConfigMgr 2012 Migration Options

If you are planning to migrate to
ConfigMgr 2012 or are in the midst of your
project, you should consider your
migration options. The benefits include:
Minimizing your ConfigMgr server
footprint and maximizing reliability
and performance
Reducing the deployment timeline by
two thirds
Improving your patching and software
distribution success

Doing the migration with your own staff

and just SCCM might be a viable option if
you are prepared to delay other projects,
often by months. You will need time to
set up a lab, educate the team on the
migration process, build a design and
process, test the process in the lab, plan
for production, and then do the actual
work of the migration itself. There is also
the risk that you will miss lessons that
have been learned elsewhere, given that
this is your first opportunity to actually do
a migration to SCCM 2012. The challenges
and risks increase dramatically if your
organization is fairly large, is very diverse,
or has other unique characteristics.
You should also consider how well the
end state will serve your needs. As long
time partners of Microsoft, 1E is very
impressed by the capabilities of
ConfigMgr 2012 and is very pleased to
specialize in it. However, 1E has worked
with hundreds of organizations where
SCCM could be enhanced to even better
serve the organization. Such
enhancements are why Microsoft so
greatly values its huge partner

1E.COM

ecosystem. Therefore it is prudent to take

time to consider whether additional
software would allow SCCM to work even
better for you. Taking time to read this
whitepaper is a great first step.
The cost of additional services and
software are often a concern and we are
pleased to discuss that with you. Our
experience has been that the benefits are
so dramatic, in hard savings, that the
investment quickly pays for itself. We
have the analysts to help you quantify
those savings and we have the history to
prove that the savings will be realized as
planned. Our large support and
engineering teams ensure the savings
continue to be realized for years, long
after the investment has paid off.
If you see the potential that 1Es
consultants, software, or partners can
help you, we encourage you to contact
us. We will be pleased to meet at a time
and in a format that works well for you to
explore the possibilities. Our professional
account and technical teams will
carefully listen to your challenges and
requirements and then explain our
solutions to whatever degree you like. If
there are better alternatives we will point
them out and leave you to them. We are
here to help, as we have done with so
many organizations since 1997.

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Getting the Most from ConfigMgr 2012

Whether you are about to migrate to
ConfigMgr 2012 or are already there, you
should investigate how you can get the
most from SCCM. This section highlights
key changes in ConfigMgr 2012 as
compared with ConfigMgr 2007 and
provides an overview of the lessons that
1E has learned in relation to them.

files, install and uninstall command lines

and user experience (e.g. whether a user
needs to be logged in), similar to the
properties of the legacy packages and
programs. Deployment types are
deployed through a deployment, which
isnt all that dissimilar from the concept
of an advertisement.

Application Management

The most significant difference with

The deployment of software is the

primary function of most ConfigMgr
implementations. In ConfigMgr 2007,
software distribution was achieved by
defining packages and programs and
then advertising the programs to
collections of clients or users.

SCCM 2012 application management is

that the deployment type also defines
the targeting logic, which is evaluated on
the client each time the Application
Deployment Evaluation Cycle occurs.
Application management uses the same
engine as the Compliance Settings, so
the decision whether to install can be
based on values from Windows
Management Instrumentation (WMI), the
local registry, the return code of a script,
the result of a Microsoft SQL Server
database query, or the user (either
logged on at the time, or the primary user
of the device).

Different installation types (e.g. 32-bit

and 64-bit installation) could require
separate programs. Typically, a collection
would define the target for each
installation type (query-based
collections define the logic that
determines which systems should run
the program).
Those legacy objects are still available in
ConfigMgr 2012, and are in fact still
required for some of the content required
in an operating system deployment task
sequence (such as boot images, OS
images, driver packages and the
ConfigMgr client agent). However
ConfigMgr 2012 introduced a completely
new alternative approach to software
distribution application management.
For application management, an
application has a number of deployment
types, each defining the required source

1E.COM

The collections targeted by a

deployment can therefore be much more
encompassing now you neednt panic
when you accidentally deploy to All
Systems (as long as you have the right
conditions defined in the Deployment
Type requirements).
SP1 extended this model by improving
the App-V support and adding Windows
8 support.
Migrating to ConfigMgr 2012 does not
require migrating to application
management right away, but you should

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

consider doing so when time permits in

order to take advantage of its benefits:
Applications are state based, so if an
application is uninstalled from a client,
it will be reinstalled automatically in
order to restore the intended state of
the client
The evaluation as to which clients or
users receive the application is done
on the clients, so the workload on the
servers is reduced (particularly in
terms of collection evaluation)
Applications can be made available to
users in the Application Catalog, thus
enabling a user-centric service model
Site Hierarchy
ConfigMgr 2012 should keep the
minimalists happy the architecture is
designed for a much flatter hierarchy,
and in fact, a single site ConfigMgr 2012
hierarchy is used by most organizations
with less than 100,000 clients to manage.
An important change in the SCCM 2012
architecture for those organizations that
do require multiple sites is the Central
Administration Site (CAS), which is in
some ways similar to an SCCM 2007
central site, but no clients can be
managed directly from the CAS.
A key role of the CAS is to coordinate
replication of data throughout a
hierarchy, so it is not required if you are
going to manage your entire
environment with a single primary site.
As of SP1, a standalone site can be
attached to a CAS at a later stage. A CAS
also enables a failed primary site to be
recovered even without a backup. It is

1E.COM

worth noting that only primary sites can

attach to a CAS, and only secondary sites
can be attached to these primary sites, so
effectively your hierarchy will not exceed
three tiers for the core sites (additional
secondary sites can be lower tiers).
Even the role of the secondary site is
somewhat changed in ConfigMgr 2012.
One of the main reasons for deploying
secondary sites in ConfigMgr 2007 was to
be able to manage network bandwidth
for the distribution of content (packages,
updates and OS images).
In ConfigMgr 2012, distribution of
content to remote distribution points can
be scheduled and throttled in the same
manner as site-to-site traffic, so unless
you are concerned about the volume of
traffic going back to the primary site
(inventory, status, software usage, etc.)
you can do without secondary sites. Its
worth noting that secondary sites require
a SQL database in ConfigMgr 2012,
however the secondary site installation
will install Microsoft SQL Server Express
if a supported version of SQL Server is not
installed locally.
In ConfigMgr 2012, boundaries are used
to identify network locations and are
available to all Sites in the hierarchy.
Boundaries are then grouped together in
boundary groups, which can be
optionally associated with a particular
site for client site assignment. For
example, each of the LANs in a particular
location, like a branch office or a retail
store, would be added as individual
boundaries, and these boundaries would

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

then be added to a boundary group that

identifies that location. The boundary
group can then be associated with the
primary site that should manage that
location.
Given all these options, you can do a lot to
simplify your SCCM hierarchy and
therefore simplify operations and
increase reliability:
Dont include a CAS unless you must
Only use secondary sites in locations
with a large number of clients and/or if
you expect a very large volume of data
to be frequently reported up the
hierarchy
If you must have multiple primary
sites, keep the count as low as possible
Site-to-Site Replication
If you have need for a multi-site
ConfigMgr hierarchy, you should be
aware that site-to-site communication
has received a major overhaul in
ConfigMgr 2012. Database replication has
replaced most of the legacy file transfer
in and out of inboxes (content as in
packages, applications and operating
system deployments are still replicated
using the file system).
Most changes in any site will be
replicated globally to all sites in the
hierarchy, not just to the parent or child
sites. To help monitor and resolve
replication issues between the sites there
is a Database Replication node in the
Monitoring section of the console that
shows the status of any links. The
Replication Link Analyzer is an additional
tool that enables further analysis and

1E.COM

remediation of SQL replication issues

between sites.
SP1 improved replication by giving you
more control in terms of what is
replicated and when.
Administration
The administration console was
historically a big pain point for ConfigMgr
2007 administrators. Not only was it
difficult to control (to allow certain users
to only see the features they administer)
but it also crashed too often. The
administration console in ConfigMgr 2012
has been completely redesigned and
rewritten from the ground up. It does not
use Microsoft Management Console
(MMC), and displays only the features the
administrator has rights to.
SP1 enhanced the administrative model
even further. New PowerShell support
extends your administration options so
that you can automate ConfigMgr
operations even more than in previous
versions. The addition of the Client
Operations infrastructure allows you to
initiate Endpoint Protection and client
policy refreshes whenever you require
them.
Managing Clients Over the Internet
The complexities of Native Mode in
ConfigMgr 2007 no longer exist in
ConfigMgr 2012 as the Mixed and Native
Site modes are no more. Instead, the
various Site system roles within the Site
are configured to support HTTP or HTTPS
connections (or both).

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Within a Site, multiple site systems (e.g.

management points) can be deployed,
allowing one or more servers situated in a
demilitarized zone (DMZ) to host
internet-facing roles using HTTPS, with
the same roles hosted on an internal
server using HTTP.
Use of HTTPS still requires public key
infrastructure (PKI) to enrol client and
server certificates (mutual authentication
is still required), however the Site Server
Document Signing Certificate is now
created by the site as a self-signed
certificate.
By default, if a client has a client
authentication certificate issued by a
trusted Certificate Authority (CA) it will
use HTTPS and will be able to
communicate with all Site systems that
are configured to support HTTPS. If no
such client authentication certificate
exists, the client will use a self-signed
certificate and use HTTP to communicate
only with site systems that are configured
to support HTTP.
New to ConfigMgr 2012 is the possibility
for Internet-based clients to evaluate a
user-based policy (such as application
deployments). In order for this to occur,
either the management point (MP) and
user account must be in the same forest,
or a trust must exist between the forests
in which the MP and the user account
reside. In either case, any perimeter
firewall must allow AD authentication
traffic between the MP and a domain
controller in the user accounts forest.

1E.COM

Exciting SP1 changes include the ability

to use cloud-based (Azure) distribution
points and to enable clients to get
software updates from Microsoft Update
if corporate DPs are not available.
ConfigMgr 2012 SP1 and R2 demonstrate
Microsofts commitment to dramatically
improving your internet client
management options. The Intune
integration is much more robust and a
larger variety of clients are supported.
With R2 you can also now manage iOS7
settings, deploy web application
shortcuts, and use Windows 8.1 app
bundles.
Similarly, remote connection, certificate,
VPN, Wi-Fi, and email profiles make it
easy for you to enable mobile user
support, rather than having to implement
your own solution.
As your users increase their expectations
for mobile support, and ConfigMgr
increasingly enables it, you should
consider implementing these features in
your organization.
Scalability
A ConfigMgr 2007 hierarchy could
support a maximum of 200,000 clients
(300,000 with R3). ConfigMgr 2012
supports up to 400,000 clients in a single
hierarchy when the database for the
Central Administration Site is running
SQL Server Enterprise. Each Primary Site
can support up to 100,000 clients if the
database and Primary Site roles are
hosted on separate servers. The SP1
database replication options ensure that

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

you can fine tune it in even the most

challenging environments.

can be installed on servers (2003 upwards)

and workstations (Vista upwards).

As with ConfigMgr 2007, each

Management Point (MP) can support up to
25,000 clients. However, the concept of a
Default Management Point no longer exists
in ConfigMgr 2012, and neither does
support (or necessity) for Network Load
Balancing (NLB) an MP. Instead, up to four

Interestingly, the DP role is the only site

system that is supported on both 32- and
64-bit computers; all other site systems
require a 64-bit OS. Distribution of content
to remote DPs (i.e. any DP that is not hosted
on the same LAN as a site server) can use
scheduling and throttling similar to that

servers can host the MP role and clients

manage the load balancing in much the
same way as they do with Distribution
Points (DPs). ConfigMgr 2012 also increases
the number of supported DPs per Site from
100 to 250, each supporting up to 4,000
clients.

defined in our old friend, the site-to-site

address, that has survived since the first
version of SMS.

At first you might think that scalability is

not an issue for you, unless you work for a
very large organization. However, even
medium-sized organizations could have a
very large number of clients when you take
into account the multiple devices that
users often have. So if users typically have a
laptop, tablet, and phone, and you manage
them all, then an organization with 50,000
to 100,000 users could have some scale
concerns. Add in a lot of data-center
servers, point-of-sale systems, robotic
control systems, or similar options and
even current ConfigMgr 2012 scalability is
worth taking seriously.

Distribution Points
There are some notable changes in the role
of the distribution point (DP) in ConfigMgr
2012. The branch distribution point (BDP)
distinction has been dropped in ConfigMgr
2012. Instead, there is a single DP role that

1E.COM

By default all content is obtained by clients

using HTTP (or HTTPS), which means that
any system (including a workstation)
hosting a DP need Internet Information
Server (IIS) installed.
Although there is the option to establish
content for specific packages on a legacy
style DP share (this is in fact necessary if
you want to use OS deployment task
sequences that obtain content directly
from the DP), the HTTP/S server must
always be present. If you currently use
network-attached storage (NAS) devices to
host ConfigMgr 2007 DP shares, you are
going to need a new strategy for ConfigMgr
2012.
The DP role now incorporates the Preboot
Execution Environment (PXE) service as an
optional feature if the DP is hosted on a
server operating system. Windows
Deployment Services (WDS) is still required
for PXE booting in ConfigMgr 2012. Talk to
1E about Nomad, which not only eliminates
the need for any kind of DP in your remote
locations but also enables PXE to be served

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

from a workstation. Nomad 2012

integrates seamlessly with the ConfigMgr
2012 operating system deployment (OSD)
process, using content stored on local
peer workstations to complete a full OS
Deployment without impacting the WAN.

1E Shopping provides a much richer

experience with configurable approval
workflow, support for system as well as
user based deployments, optional
restriction of deployment if insufficient
licenses exist.

Configuration Manager 2012 SP1 and R2

also introduced and enhanced a new pull
distribution point role, or pull DPs. The

It integrates with other service desk

systems and enables users to rent
applications for a fixed period after which

benefit of pull DPs is that they offload the

site-to-DP content distribution workload
from the site server to the DPs. They do
not provide any benefit in getting the
content to the clients and they may in
fact complicate that process by adding
more moving parts.

they are automatically put back into the

pool for other users to employ, further
reducing the costs associated with
purchasing unnecessary software
licences.

Also new are cloud DPs, meaning

distribution points hosted on Microsoft
Azure. These can be useful for clients on
the internet but you should pay close
attention to their costs. If used, they are
most appropriate for small critical
deployments to a limited number of
clients.
Users in Control
ConfigMgr 2012 has been built with the
user in mind. The Software Center,
installed on all clients, provides an
interface for the user to manage the
installation of software that has been
made available to them and to view
software that has been installed by
ConfigMgr. The Software Center can also
give the user control over the ConfigMgr
actions that are likely to impact them
most. For example, a user can define their
working day and software deployments
and updates can be configured to respect
these and deploy outside of these hours.

1E.COM

10

Note that Shopping allows for quarantine

periods required by some specific
software vendors when reallocating
licensed software.
SP1s extension of ConfigMgr to the
device and Macintosh environments
allow organizations to empower their
users to use the solutions they want while
ensuring IT control for security and similar
requirements are maintained.
Client Health and Efficiency
There are a number of features in
ConfigMgr 2012 to ensure clients remain
healthy, operational and efficient. The
reality is that once your hierarchy has
been deployed for a year or more,
somewhere between 5% and 15% of your
clients will experience issues and may
stop communicating with ConfigMgr if
you dont intervene.
ConfigMgr 2012 directly addresses this
problem with ConfigMgr Client Heath
evaluator. This program (which runs as a

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

scheduled task separate from the

ConfigMgr clients service) detects and
remediates the most common causes of
client failure, reporting its activities to
ConfigMgr.
ConfigMgr 2012 clients can also
automatically upgrade themselves to the
latest version if it is below the specified
version. You enable this from site settings
and you can configure the maximum
number of days before the client must
upgrade. In addition to this you have
control over how the clients installation
files are downloaded or not if the
distribution point is on a slow link, and
they can even have a fall-back source
location. (Note: Microsoft recommends
using this as a catch-all after the bulk of
any upgrade has finished.)
To protect clients from malware,
ConfigMgr 2012 has Endpoint Protection
fully integrated, so no more running two
separate infrastructures. The Endpoint
Protection client is installed using
ConfigMgr 2012 client settings, so there is
no need to create any packages or
programs.
Endpoint Protection reports and
dashboard are integrated into the
ConfigMgr console further simplifying
operational tasks. There is even an
out-of-the-box security role for the
Endpoint Protection Administrator,
defining all the necessary rights to enable
the role to be delegated. And with SP1
you can initiate Endpoint Protection
activities when you need them using the
new Client Operations feature.

1E.COM

11

Keeping up to date with software

updates is an important step for ensuring
the health and functionality of a client. A
significant improvement to management
of software updates in ConfigMgr 2012
comes with the Automatic Deployment
Rules feature. Administrators can ensure
updates are automatically downloaded,
approved and deployed based on specific
criteria, instead of manually carrying out
tasks. For example, this could be used to
automatically deploy all critical updates
for Windows 7, or to automatically deploy
recent signature definitions for System
Center 2012 Endpoint Protection.
If you do not want to deploy
automatically, the rules can be
configured to retrieve compliance
information from client computers for the
software updates without deploying
them.
ConfigMgr 2012 R2 further enhanced
software updating by allowing you to
specify maintenance windows that are
for software updates only. Software
distribution and task sequences can be
done at other times using other
maintenance windows.
Power Management, introduced in
ConfigMgr 2007 R3, is enabled by default
in ConfigMgr 2012 and includes some
minor enhancements. It continues to
enforce the same peak and non-peak
power plan settings for turning off the
display, inducing sleep or hibernate
modes, controlling battery notifications
and button actions and scheduling
desktop computers (deliberately not

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

laptops) to wake from sleep. You can now

copy settings from another Collection so
you only have to tweak the differences.
Also, users can now exclude their PC from
power management which you can
report on and over-ride. NightWatchman
Enterprise from 1E fills in the gaps,
enabling scheduled shutdown and
wake-up for all systems, over-riding
processes that prevent computers from
going to sleep and enabling potential
application issues when resuming, to be
addressed, as well as providing other key
features.
Client Configuration
In previous versions of ConfigMgr, client
settings were configured by site. In
ConfigMgr 2012, the default client
settings (a bit like a profile of settings)
are applied to all clients in the hierarchy.
As well as editing the Default Client
Settings, it is also possible to create your
own settings profiles that can be applied
to specific Collections. For example, you
may have Installation Permissions
configured globally to allow
Administrators and Primary Users to
initiate software installations, but a
custom client setting can be configured
to allow no users to initiate software
installation for a group of sensitive
computers.
The definition of WMI classes that get
reported through Hardware Inventory is
now managed through the Client
Settings interface in the console. No
more editing SMS_DEF.MOF or

1E.COM

12

CONFIGURATION.MOF (Microsoft
Operations Framework). What is really
cool with this interface is that new classes
can be added by connecting to WMI on
any computer and browsing to the class
you want to report on. In addition,
custom hardware classes may be
exported to a MOF file and imported in
the same interface. This allows custom
inventory settings to easily be transferred
from a lab environment to your
production environment.
Administrators in Control
Central to simplifying ConfigMgr
hierarchies is removing the need to have
primary sites to manage subsets of
clients. With ConfigMgr 2007 you might
have created a separate SCCM site to
manage datacenter clients, another for
your clients in Europe, and another for
the executives computers.
The same logic could have applied to
managing their ConfigMgr objects, such
as packages, task sequences, and
software update deployments. SCCM
2012 gives you new options to put such
controls in place without having to add
primary sites.
The first set of such controls are what
well call assignment collections,
meaning collections used to define the
clients and users that the administrators
can manage, and then assigned to them.
When setting up administrators in the
ConfigMgr console you should specify
one or more collections that the
administrators can use.

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

When those administrators are creating

deployments or otherwise managing
clients they can then use those
collections to target the right clients or
users, or use collections that are directly
or indirectly limited to those assigned
collections. Clients or users that are
outside those assigned collections are
not available to them.
The second set of such controls are
security scopes. Scopes control which
ConfigMgr objects the administrators can
see in the ConfigMgr objects (except for
collections and the clients and users in
those collections, which are limited as
above). So scopes control which
administrators can see applications,
packages, deployments, task sequences,
sites, distribution points, software
metering rules, configuration items, and a
wide variety of similar objects.
When creating such objects they can
assign them only to scopes that they are
limited to, and thus other administrators
cannot see the objects they have created
unless the other administrators are also
assigned to the same scope.
The third and final set of controls are
security roles, meaning the ConfigMgr
permissions that the administrators have.
There are a number of predefined sets of
permissions (roles) and you can easily
create more.

1E.COM

13

Between these three sets of controls you

can ensure that administrators can do
only what you intend, using only the
objects you want, to the appropriate set
of clients or users. You can be confident
that they wont do more than intended,
no matter what site they have access to.
However, you should also consider
whether you need a mechanism to
coordinate object creation. For example,
administrators from multiple scopes may
require an Office 2013 application, but the
second administrator to have such a need
might not be able to see that another
administrator has already created one
because they are in different scopes.
With appropriate coordination the
second administrator could ask a senior
administrator to add his scope to the
already existing application, allowing him
to see and use it as well.

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

1E Nomad: Enhancing Your ConfigMgr 2012

Infrastructure
When planning to migrate to ConfigMgr
2012 too many organizations plan to
simply replicate their hierarchy design
from previous versions. That means
duplicating the entire existing
architecture whether it is needed or not.
Wed like to show you how you can avoid
that waste, both in terms of budget and
effort.

Nomad is proven and active across

millions of seats including at the worlds
largest organizations. It is part of 1Es
suite of products helping around the
world to reduce IT complexity and
achieve dramatic cost efficiencies.
Nomad is a sophisticated software
distribution solution that acts as an
Alternate Content Provider for SCCM. It is
a proven and effective tool in delivering

1Es SCCM Migration with Nomad is the

smartest, most cost effective means of
migrating to and running Configuration
Manager. This package of 1E software and
consulting services is built on 1Es years of
experience deploying and supporting
Nomad at hundreds of organizations, and
on our experience helping organizations
of all sizes deploy various versions of
ConfigMgr.

automated systems management and is

the perfect companion to SCCM 2012.
Nomad offers the smartest, most reliable
and cost effective way to distribute
patches, upgrades, software and
Operating Systems across the enterprise.

The power of the software combined

with the strength of the expertise
ensures you get the ultimate migration
experience. And if youve already done
the migration well help you to
incorporate the solution into your
hierarchy. Either way you are going to
reduce costs and have an even more
efficient computer management
infrastructure.
With 1E and Nomad you can dramatically
reduce the cost of your SCCM
infrastructure by minimizing your SCCM
server footprint and actively maximizing
reliability and performance. By engaging
1E you can reduce your ConfigMgr 2012
implementation timeline by two thirds
while actually improving your patching
and software distribution success.

1E.COM

14

Software Distribution
Nomad enables software to be
distributed across the enterprise quickly
and efficiently, from patches and
upgrades to full Operating System (OS)
Images. In most cases clients can find the
content they need on other clients that
have previously needed it.
When thats not the case the client can
smartly download it from a central
distribution point, as described in the
Bandwidth Efficiency section below.
When multiple clients need the content
simultaneously that download is done
only once by a master that is elected for
the purpose.
The process of establishing Nomad
communications is entirely automated.
Nomad clients use UDP broadcasts to
intelligently elect the master computer
for each download on each subnet, with
the ability to re-elect should the master

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

become unavailable. Elections are

weighted to ensure that the optimal
client is elected as the master. That
weighting especially favors clients that
already have the needed content, but if
none have it yet then the software is
downloaded from a ConfigMgr
distribution point. As the download
commences, the solutions peer-to-peer
model immediately fans out the content

other files. Furthermore, users do not

want to be without their computers for
long, so there is limited time to install all
that software let alone download it.

to more local clients, enabling fast and

efficient distribution across locations and
subnets.

ready for the first client to be upgraded,

but Nomad readily accommodates
precaching. Nomad also helps with
storing user data (USMT data) and PXE
booting as discussed in the Server
Reduction section.

Nomads automated discovery of

network topography enables
administrators to treat multiple subnets
as a single subnet. Nomad has the option
to add a central server role
(ActiveEfficiency) that automatically
maintains a list of subnets at all locations.
If a master on a subnet at a location
requires content that is available on a
Nomad client on another subnet at that
location, the master can find that client
via ActiveEfficiency and obtain that
content directly from it. This eliminates
the need for the master to download its
copy over the WAN from a central DP. For
large content or at locations with
especially constrained WAN network
links, this can be quite beneficial.
Operating System deployment (OSD)
especially benefits from Nomads
strengths. Operating System images
themselves are often very large, as in
gigabytes, but at the same time clients
will also need a variety of applications,
device drivers, patches, and possibly

1E.COM

15

Therefore Nomads ability to reliably

provide the content from the LAN
anywhere in your organization is crucial
to your OSD success. You will usually
want to precache that content so that it is

The use of clients for software

distribution is how Nomad can deliver
those enormous reductions in the server
footprint.
Server Reduction
With Nomad, organizations looking to
migrate can design an SCCM 2012
infrastructure with the bare minimum of
distribution points and secondary sites.
Even PXE server roles and state migration
points can be eliminated. Often 95% or
more of those servers can be eliminated.
If youve already migrated then you can
consider removing the servers, reusing
them for other purposes in your
organization.
In some cases the servers used for DPs or
even secondary sites are also used for
other purposes, such as file serving or
print sharing. Therefore removing the
need for ConfigMgr does not allow
removal of the servers themselves.

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

However, the fact that you dont need to

deployment, and then you dont need to
maintain them, is a considerable saving in
itself.
Not only does Nomad deliver
transformative cost savings in terms of
capital investment; dramatically reducing
the server footprint also results in
ongoing maintenance cost savings as
well as significantly reducing the
manpower and time needed to deploy
SCCM 2012.
Because Nomad uses any or all
ConfigMgr clients and the master
(sharing) role is dynamically elected any
time content is needed, any issues with
Nomad or the computers Nomad is
running on do not prevent Nomad from
functioning. Another computer is elected
and the process continues.
Similarly, any changes in the network do
not affect Nomad because the primary
network activities are local to the subnet
the subnet address and topology do not
matter to Nomad and thus can change at
any time without adverse effect. If the
content is not available on the subnet
already then Nomad must be able to
contact a distribution point, but that DP
will be one of a small number of DPs,
likely in a central and very stable data
center.
The ConfigMgr PXE functionality is a
DP-specific function and therefore every
PXE server is also a DP. However, a
Windows Server Operating System must
be used. Nomads PXE option can run on

1E.COM

16

any workstation Operating System such

as Windows 7, Windows 8, or even
Windows XP.
State migration points are useful when
migrating users from one computer to
another or in some cases when upgrading
Operating Systems. However, they are
another role that must be configured and
maintained and considerable disk space
must be provisioned and maintained.
Nomad can serve this purpose in a very
similar manner to how it delivers content
automatically and dynamically.
Many organizations have tried but
struggled to use large numbers of
secondary sites, distribution points, or
branch distribution points. This has often
lead them to come to 1E and Nomad.
Secondary sites and distribution points
can work well enough in small numbers (a
dozen or two), but as the numbers
increase the odds increase even faster
than at any given time a DP or site will be
broken for a variety of reasons.
Therefore your deployments will not be
as successful as they should be, requiring
you to track down those issues and spend
time resolving them. This work can be
very time consuming, and tedious, if you
have a sizable number of servers.
DP and site challenges come in various
forms but often include:
Hardware issues, including failures, full
disks, or performance limitations
Operating System issues, including
compatibility issues

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Networking issues such as IP address

changes and subnet changes
o Remote SCCM servers are often
protected to serve local clients
only by assigning boundaries to
those servers. However, the
networking team may not always
remember to coordinate with the
ConfigMgr, leaving ConfigMgr
servers to be assigned the wrong
boundaries
Coordination issues the people
responsible for the server may not
coordinate with the ConfigMgr team
when swapping hardware, shutting it
down for maintenance, moving it, etc.
End-of-life-replacement even
though this work is predictable, it is
still time consuming to arrange
Bandwidth Efficiency
There is a significant flaw in most
bandwidth throttling techniques: they
involve setting percentage limits for IT
traffic across the network. The problem is
that these thresholds are static and result
in the enterprise either not using all of the
available pipeline, or in slowed delivery as
different functions compete for
bandwidth. With Nomad, content is only
downloaded to a location once and from
then on it is shared locally from peer to
peer.
Nomads intelligent bandwidth
monitoring and usage management
reacts in real-time to the existing traffic.
It eliminates the competition between IT
and business traffic without the need for
scheduling or delaying IT tasks until close

1E.COM

17

of business. As Nomad is downloading it

will monitor for latency in the
downloading.
If any is detected then that is evidence
that there is contention on the network
links somewhere between the master
and the central DP that it is downloading
matter. Access to routers is not needed
and the topology of the network does not
matter it is sufficient that Nomad sees
latency. In that case it will immediately
reduce its download rate, allowing the
other traffic to take priority on the WAN.
When the latency disappears Nomad will
carefully increase its download rate until
it is downloading as fast as the WAN will
support. In this way the WAN is providing
maximum benefit at all times, either to
the other business traffic (as the first
priority) or to Nomad.
Remote Locations
Nomad is the most reliable way of
distributing software across WANs, even
to poorly-connected and remote
locations, eliminating the need to
establish distribution points everywhere.
Nomad establishes a peer-to-peer
network for distribution of software,
patches, and OS images from SCCM. So
whether the challenge is setting up a new
location or bringing an isolated site into
your network, with Nomad delivery is
easy.
Nomads intelligent bandwidth
monitoring and utilization ensures 100
percent reliable content delivery even
where the network quality is poor, such

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

as locations connected via satellite. If you

happen to need to update the software
on an off-shore oil platform you can stand
down the helicopter and rely on Nomad
instead.
1E has even done this for Operating
System deployments. It took a while for
the downloads to complete but the
critical business traffic continued

It is not just about not adding risk though

Nomad actively reduces it. The efficient
distribution of content enables IT to
distribute patches and upgrades during
the day, rather than having to wait until
end-of-day. That keeps your computers
security up-to-date at all times. That
distinction is especially critical for

uninterrupted over the satellite link. The

upgrades then proceeded quickly using
the local copies of the content.

zero-day exploits but also for computers

that arent online afterhours, such as
laptops.

Improved Security
Security and compliance are quite rightly
significant concerns for the enterprise.
Nomad integrates with and builds on the
inherent security provided by SCCM 2012,
introducing no additional risk to

1E.COM

individual PCs or to the network.

18

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

How Else Can 1E Help?

Nomad and 1Es consulting services (including those of our partners) are central to a
successful ConfigMgr 2012 migration but 1E is pleased to offer even more options and
has solution to address the following concerns:
Will you provide all the same software packages from ConfigMgr 2012 as you did with
ConfigMgr 2007? If not, then which packages should be migrated?
Do your users here in 2014 have the same expectations as the users had when you
deployed ConfigMgr 2007? We often find that users are much more likely now to
seek out software that will make them more productive and do not understand why
that cannot be an almost instantaneous experience.
When you have made the investment in the ConfigMgr 2012 migration is your
organization getting new added value that demonstrates to the business that the
project was truly a step forward?
Are the client computers as available for computer management as much as they
were when you implemented SCCM 2007?
AppClarity
Inevitably some software packages that were useful years ago for business needs at
that time are not so useful now. But which software is that? Of the software in this
case, which is the least used? When migrating packages it seems prudent to start with
the packages that are deployed and used mostly widely, then those that are deployed
widely and fairly well used, and finally those that are not deployed widely nor widely
used. Packages for software that is not used at all should not be migrated no matter
how widely they were previously deployed.
You (or your SCCM administrators) can run reports to identify what software is
deployed and how widely, but determining how well used it is can be challenging.
Enabling software meter rules results in often overwhelming data if done on a large
scale and takes weeks or months to collect. Any other form of software usage data is
hard to relate to specific software products. And with or without usage data, the
reports will be very long, listing tens of thousands of unique software titles, most of
which will be extremely obscure.
1Es AppClarity addresses these challenges by importing relevant data from
ConfigMgr, applying sophisticated normalization algorithms, and presenting the
results in user-friendly reports that will give you the information you require. You can
dive as deeply as needed into the data but the summarized form will be sufficient for
most migration purposes. Having identified the most used software in your
organization, you can consider which packages should be migrated to SCCM 2012 as
legacy packages or converted to applications.

1E.COM

19

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

Your software asset management or licensing team will also benefit from AppClarity
in that they can import their licensing data and readily identify license compliance
issues. They can even address compliance issues in many cases by using AppClarity
to automatically de-install software where it is not being used, bringing it into
compliance.
Shopping
Microsoft has anticipated the rise of user expectations for app stores by including an
Application Catalog in ConfigMgr 2012. However, the Application Catalog is a minimal
solution lacking key features such as:
Offering both applications and legacy packages (the latter are not offered)
Active Directory security groups changes
Resource requests, such as for computers or office supplies only ConfigMgr
objects can be offered
A robust approval workflow
Easy integration with ticketing systems or other infrastructure
Rental of applications, legacy packages, or security group changes, ensuring they
are removed after the user has used them for project-oriented work
Extensive customization to brand the web site in the same fashion as your other
intranet sites
License management
1E Shopping offers these and many other features in a very modern web design that
your users will find to be a pleasure to use. The experience is consistent with what
they have with their consumer devices, reflecting well on your IT organization.
NightWatchman
One of 1Es most popular products is our industry leading power management
solution, NightWatchman. Windows and ConfigMgr have power management
features but real-world complexities often prevent them from enforcing power
management when they should. Reporting on the savings realized is minimal.
Integrating NightWatchman in your ConfigMgr 2012 infrastructure will allow your
organization to maximize power savings and minimize its greenhouse gas impact.
The facilities and sustainability teams in your organization will highly value the added
value that ConfigMgr 2012 brings to the organization when partnered with
NightWatchman.

1E.COM

20

ARE YOU GETTING THE MOST FROM YOUR CONFIGMGR 2012 MIGRATION?

WakeUp
Where power management is effective you might find that you cannot manage
computers after-hours because they are in a low power state. To minimize this issue
you should use a Wake-on-LAN (WOL) solution. ConfigMgr includes WOL options,
including a new WOL proxy feature, but technical constraints mean that these options
only work in limited circumstances.
Both Nomad and NightWatchman include WakeUp, a full-featured WOL solution that
does not have technical constraints. You can use WakeUp to maximize the
effectiveness of ConfigMgr 2012s features. Either automatically or at SCCM
administrator discretion you can use the ConfigMgr console to wake computers for
patch management,

We trust this white paper has raised ideas that will make your experience with
ConfigMgr 2012 even better. If you would like to discuss those ideas further, please
contact us at the numbers below.

Share this

1E.COM

About 1E
1E is the pioneer and global leader in
efficient IT solutions. 1Es mission is to
identify unused IT, help remove it and
optimize everything else. 1E efficient IT
solutions help reduce servers, network
bandwidth constraints, software licenses
and energy consumption.

Contact us
UK (HQ): +44 20 8326 3880
US: +1 866 592 4214
India: +91 120 402 4000
info@1e.com

Copyright 2014 1E. All rights reserved. The information contained herein is subject to change without notice.
1E shall not be liable for technical or editorial errors or omissions contained herein.