This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.
This also happens to be a very typical scenario for small environments for a production deployment. This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.
Server Names\Roles:
- DB3 SQL Database Services, Reporting Services
- CM1 Primary Site Server Management Server, Web Console server
Windows Server 2012 will be installed as the base OS for all platforms. All servers will be a member of the AD domain.
SQL 2012 RTM with CU2 will be the base standard for all SQL database and reporting services. http://technet.microsoft.com/en-us/library/gg682077.aspx
High Level Deployment Process:
1. In AD, create the following accounts and groups, according to your naming convention:
- DOMAIN\ConfigMgrAdmins ConfigMgr Administrators security group
- DOMAIN\ConfigMgrLocalAdmin ConfigMgr Client Push account
2. Add the domain user accounts for yourself and your team to the “ConfigMgrAdmins” group.
3. Install Windows Server 2012 to all server role servers.
4. Install Prerequisites and SQL 2012.
5. Install the Site Server and Database Components
6. Install the Reporting components.
Prerequisites:
1. Install Windows Server 2012 to all Servers
2. Join all servers to domain.
3. Install all available Windows Updates.
4. Add the “ConfigMgrAdmins” domain global group to the Local Administrators group on each server.
5. On CM1, Install required prerequisites for the site system roles (this covers all site system roles combined on a single server):
Open PowerShell (as an administrator) and run the following:
Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart
Note – if your machines are not internet connected, you might need to add a “–Source D:\sources\sxs” or whatever the path is to your Windows installation media. By default Windows 2012 gets .NET 3.5 from Windows Update, but this doesn't always work, and will never work for machines without an internet connection.
After installing these roles/features, you must register ASP.NET with IIS. The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r
6. On CM1 – Install the Deployment Tools, Windows PE, and the User State Migration tool from the Windows 8 ADK: http://www.microsoft.com/en-us/download/details.aspx?id=30652
7. On CM1 – add the WSUS feature from Server Manager.
8. Install SQL 2012 RTM with CU2 to the DB server role
- Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
- Run setup, choose Installation > New Installation…
- When prompted for feature selection, install ALL of the following:
- Database Engine Services
- Full-Text and Semantic Extractions for Search
- Reporting Services - Native
- Optionally – consider adding the following to ease administration:
- Management Tools – Basic and Complete (for running queries and configuring SQL services)
- On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
- On the Server configuration screen, set SQL Server Agent to Automatic. You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account. Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
- On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
- On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
- On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
- On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
- Setup will complete.
- Apply SQL 2012 RTM, CU2 to the SQL server. http://support.microsoft.com/kb/2703275
- Set a limit on SQL memory for the DB instance – to reserve memory for the OS and Reporting services.
9. On the SQL server – add the Computer Account in the domain to the local administrators group of the SQL database server (DOMAIN\CM1$)
10. In Active Directory – extend the schema, create the System Management container, and assign permissions: http://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD
Step by step deployment guide:
1. Install the Primary Site Server role on CM1.
- Log on using your personal domain user account that is a member of the ConfigMgrAdmins group.
- Run Splash.hta
- Click Install
- Read the “Before You Begin” Info and click Next.
- On the Available Setup Options, choose to install a primary site, but to NOT check the box for typical options. We are going to configure each step for our site and use a remote SQL database server.
- Choose Eval or input your license key and click Next.
- Accept the Eula and click Next.
- Accept the additional license agreements and click Next.
- Provide a path to the prereq file downloads. If you have not downloaded these recently then create a new folder for these, locally or on a remote path.
- Choose you language and click Next, on the server and client screens.
- Input a site code for your primary site. Input a description. Choose a path. Make sure you are also installing the console. Click Next.
- Choose to install a primary site as a stand alone site. We can add a CAS later in ConfigMgr 2012 SP1.
- Input the SQL server name, instance, click Next.
- Accept the default for the SMS provider. Next.
- Choose to configure the communication method on each site system role, and to use HTTPS in the check box. Next.
- Choose HTTP for the MP and DP – we can change this to HTTPS with certs down the road. Next.
- Choose to enable CEIP or not. Next.
- Choose next to run prereq checker. Resolve any issues. Click Begin Install.
Post Deployment Configuration:
1. Add Site System Roles:
2. Enable discoveries
This will bring in the AD site and IP boundaries.
- Enable AD system discoveries to bring in systems
- Enable User discovery
3. Create boundary groups
- Create a boundary group and add your site boundaries and site servers to it, for site assignment.
4. Assign a client Push account to Administration > Site Configuration > Sites
5. Push a client/clients from discovered assets.
6. Verify Hardware and software inventory for clients
7. Enable Endpoint protection
- Client Settings – create a new client device setting. Enable endpoint protection.
- Configure Client device settings to turn on Endpoint protection and deploy endpoints.
- Deploy new client policy to All Desktop and Server Clients Collection, or a custom collection
- Create automatic deployment rule for definition updates using Definition template.