Deploying System Center 2012 R2 Configuration Manager – Single Site Server Scenario – Part I – Infrastructure

 

Part I – Infrastructure

Preparing the infrastructure for ConfigMgr 2012 R2

In this blog I will be deploying ConfigMgr 2012 R2 to a fictional company called Turner & Sons Time Travel.  (Yes, sorry, I am not that creative and my other the first thought of Turner Tots was all over the web.)  Turner & Sons Time Travel is a medium sized company with about 500 users and about 1200 devices that needed to be managed ranging from Desktops, Laptops, Mobile Devices, and Servers. 


The Infrastructure

In this case I will build a Primary Site server with all roles installed on a single site server.  I will also install SQL Server Standard 2012 SP1 on the same server as my site server.  In some cases, especially for larger companies you could think about off loading the SQL Server on to another box as well as install SQL Server 2012 SP1 Enterprise.  For sites with more than 50,000 devices you will need Enterprise.  Also, since this is a smaller company SQL Server 2012 SP1 Standard comes free with your System Center 2012 R2 license.  I will also build me a management/tools server that I will install all my needed tools to manage ConfigMgr, Active Directory, etc..

Server List

Server Role OS
DC01 Domain Controller Windows Server 2012 R2
Mgmt Management/Tools Windows Server 2012 R2
SCCM ConfigMgr 2012 Primary Site Server Windows Server 2012 R2

 

Since I am only going to be deploying a single site server the naming convention doesn’t really matter.  I suggest that you site down and think about naming conventions of your System Center environment.  For instance, if this where a larger environment with a CAS server, another Primary Site Server, maybe even a Secondary Site, along with several Distribution points you might need to name your servers based off the role for easier identification.  SCCMCAS for the CAS, SCCMP01 for your Primary Site 01, or based off physical location SCCMPUS for Primary for United States, etc.  Since my fictional company is a lot smaller and only requires a single site server we will keep it simple and name it SCCM. 


Downloads Needed

Before I begin I will download and have all software that will be needed for our deployment.  Here is a list of needed software and prerequisites that will be needed as I continue deploying ConfigMgr for this company.

  • System Center 2012 R2 Configuration Manager
  • Windows ADK 8.1
  • MDT 2013
  • Windows Server 2012 R2 Datacenter
  • SQL Server 2012 SP1 Standard *

*SQL Server 2012 SP1 Standard is included in your ConfigMgr 2012 R2 download as long as you download it from your Volume License site.  Once again, if you are planning on managing more than 50,000 clients you should be using SQL Server Enterprise version and not Standard.

I normally create a directory on my Tools/Management Server E:\InstallFiles and place these downloads into separate folders.

I will download my files from the following locations but I would suggest if you are deploying to a production environment that you grab your System Center bits from your volume license download site.


Building The Infrastructure

Turner & Sons Time Travel already has an existing infrastructure in place.  They are running everything on Hyper-V 2012 R2 core servers, with Windows Server 2012 R2 for their Guest OS.  Active Directory is at 2012 R2 functional level. 

Virtual Hardware Considerations

If you are using Hyper-V or VMware please consider the following NIC changes to your guest.

VMware Change the E1000 NIC to VMXNET3 NIC to avoid a lot of future issues.
Hyper-V Change the default network to use a Legacy Network Adapter. This will support WOL and PXE integration.

 

Active Directory Security Groups and Service Accounts

Their domain is called tstt.cloud.  The only task I will have to deal with within Active Directory is creating the security groups, service accounts, and creating the System Management Container that ConfigMgr will need.  I will start out with the following service accounts and security groups:

Name

Description

Type

Svc.sql

SQL Service Account

User

ConfigMgr Admin

ConfigMgr Administrator Account

User

ConfigMgr Servers

ConfigMgr Servers Group

Group

ConfigMgr Administrators

ConfigMgr Administrators Group

Group

Svc.networkaccess

ConfigMgr Network Access Account

User

Svc.ClientPush

ConfigMgr Client Push Installation Account

User

Svc.sqlreports

SQL Reporting Services Account

User

 

I will also add my newly created user ConfigMgr Admin to the ConfigMgr Administrators group I had just created.  Once I have my SCCM server built and added to Active Directory I will add it to my ConfigMgr Servers Group. 

I will also create a Group Policy that gives my service account svc.clientpush local admin rights on all systems in my domain.  We can get the same results if we add this account to Domain Admins group but it isn’t recommended.

In Part II I will extend the Active Directory Schema and Create the System Management folder that we will need in order to install ConfigMgr 2012 R2.

 

Build my ConfigMgr Server

I am now building out my ConfigMgr Server.  For this company I will have configured the hardware with 2 CPU’s, and 16 GB ram.  I will assign 100 GB for my Operating System volume which will be the C:\ drive.  For my data volume, drive D:\, I will assign 100 GB as well.  This is where I will install ConfigMgr, MDT, SQL, etc.  I will also assign 300 GB for my volume that will contain my Content Library and Source folder structure.   Since we will have SQL installed on the same server for this deployment I will also create two more volumes.  One for my SQL Data files and another for my SQL Log Files.  Both these volumes will be 100 GB to start for future SQL DB growth.

I have now installed Windows Server 2012 R2 and configured my servers volumes, and various other task that involve  building out a new server.  At this time I will join my SCCM server to the tstt.cloud domain and also add my ConfigMgr Admin Group, ConfigMgr Admin user, and my svc.sql service account to the local administrators group.

Once on the domain, I will disable the firewall on my ConfigMgr server.  Depending on the can of security you may or may not have on your network this would be a good talking point to have with your security and network teams.  However, at Turner & Son’s Time Travel, we have been approved to disable the Windows firewalls.  We can do this manually via the GUI, by PowerShell, or by Group Policy.  Later, we can even control Firewall settings from within ConfigMgr 2012 R2.  I will be using a PowerShell command below.

Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled False

 

Install SQL Server 2012 SP1 Standard

I won’t be going into detail on how to install SQL Server but I will point out a few key considerations and points that we will be keeping a close eye on during installation and configuration of my clients SQL instance.

SQL Server installation considerations

  1. If you are installing SQL Server yourself make sure the Collation is set at SQL_Latin1_General_CP1_CI_AS. This should be default but double check.
  2. Install the Database feature, Management Tools and Reporting Services.  Do not configure Reporting Services at this time.
  3. If using the Windows Firewall and haven’t disabled the Firewall Profiles like I have done you will need to make sure SQL ports for incoming traffic and reporting are open.
    a. SQL 1433/4022
    b. Reporting 80/443

During the installation of my SQL server instance I will also make sure that my svc.sql account is a SQL sysadmin server role along with my ConfigMgr Admin.  These two accounts I have already added to the local administrator group.

I will configure SQL to store the SQL data files on the G drive (G:\MSSQL\Data\) and the SQL Log files on the H Drive (H:\MSSQL\Logs)  These volumes where created earlier.

I will also set the memory allocation for my SQL server to a minimum of 8,192 MB and a maximum of 10,240.  That will give my OS and ConfigMgr the remaining 6 GB to use for their processes. 

Install WSUS Server Role

When installing the WSUS role for ConfigMgr you can install by GUI or using PowerShell. I have included instructions for both. The more I use PowerShell the more I find it hard going back to the GUI when working with Windows Server 2012 R2.

Using the Server Manager (GUI)

Using the Server Manager tool to install WSUS server role once the SQL Server has been installed and Firewall Domain Profile disabled.

  1. In the Server Manager tool, click Manage on the top left menu bar and then select Add Roles and Features from the drop-down menu to launch the Add Roles and Features Wizard.
  2. Click Next and Next
  3. Verify that SCCM is selected.
  4. On Select Server Roles select Windows Server Update Services.
  5. Click Add Features.
  6. Click Next
  7. Click Next On Windows Server Update Services Role Setup Screen
  8. Unselect WID database.
    We will be using our SQL Server to host the WSUS database not a Windows Internal Database.
  9. Select Database
  10. Click Next
  11. Uncheck Store Updates
  12. Click Next
  13. Enter SQL Server: SCCM
  14. Click Check Connection
  15. Click Next after Successful Connected To Server Message.
  16. Click Install
  17. Click on Configure WSUS role but don’t configure it. Allow the role to finish configuration and then exit WSUS configuration screen.
Installing using PowerShell

Using PowerShell to install WSUS server role.

  1. Open PowerShell prompt with admin rights.
  2. Run the following command:
  3. Install-WindowsFeature -Name UpdateServices-DB -IncludeManagementTools
  4. Once role is installed you will need to do the additional configurations needed. Within the PowerShell command window navigate to C:\Program Files\Update Services\Tools
  5. Run the following command
    .\wsusutil.exe postinstall SQL_INSTANCE_NAME="SCCM\YourInstanceName"
  6. If you want to specify a default Content Directory for the Updates you can add to the end of the command CONTENT_DIR=D:\WSUS or a specified path. However, since ConfigMgr will be managing the download of these Security updates you do not need to have WSUS download them for the clients.

Verify that WSUS role was configured and installed correctly no matter which method you went with.

  1. Check the SQL server for the SUSDB database.
  2. If you specified a Content Directory check that the path exists.

So I now have my infrastructure ready to start the ConfigMgr Installation process. This will include installing and configuring the prerequisites that are needed, and installing Configuration Manager.   These next steps are included in Part II – Installation.


Part II – InstallationPart III – Configuration

Advertisements
Tagged with: , , , ,
Posted in Configuration Manager 2012 R2, SCCM 2012 R2, System Center 2012 R2

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow Kristopher Jon Turner on WordPress.com
Archives
%d bloggers like this: