Options for Managing Remote Offices with Configuration Manager 2012

Options for Managing Remote Offices with Configuration Manager 2012

  • Comments 2
  • Likes

When I think about managing remote offices, it reminds me of a job I had developing RIP’s (Raster Image Processor) for digital printers. I was on a team of 40 engineers in a remote location. We had our own rules and our own way of doing things – which was quite liberating. But there was always a sense – despite our daily freedoms – that at any moment our productivity could be interrupted by a force outside of our control. Of course, this invisible force was nothing but the IT admins across the ocean doing their best to keep our remote computers secure and make applications available to us. But nonetheless, it was disruptive.

For IT admins, remote locations have always been a challenge when it comes to management. The devices in these locations are only known to them as IP addresses and network link speeds. Without a detailed understanding of the physical environment, they still need to figure out how the systems can be managed with the minimum server infrastructure deployed, while also ensuring the security and integrity of the corporate environment. They do try to minimize the impact to user productivity, but, as in my experience above, it seems like this is often the hardest thing to do.

That’s why I am so excited about some of the new features added to Configuration Manager 2012 that can help our admins who are faced with keeping those remote teams, like my old group, operating at capacity. Let’s take a simple example of an organization that has two remote locations, one head office and a newly acquired company that needs to be managed by Configuration Manager 2012.

image

For each of these locations, there are some rules of thumb to follow to ensure the best support of remote clients – and most importantly their users.

Scenario: Remote Sales Office (RSO)

  1. Users: 125
  2. Managed computers: 150
  3. Dedicated and reliable link with 10 MBPS available bandwidth
    a. Bandwidth allocation for Configuration Manager
        i. Week days = 35%
        ii. Weekends = 85%
Recommendations:

As the link speed is decent and reliable plus the number of computers managed at this location is relatively low, the admin’s best option is to deploy a local Distribution Point in the remote office. Clients can still reach out to the corporate campus to obtain policies from the Management Point. No new roles would be required as we don’t need to control the upward flow of traffic.

Scenario: Offshore campus (OC)

  1. Users: 1500
  2. Managed Computers: 1600
  3. Link speed to Head office is 2 MBPS
    a. Bandwidth allocation for Configuration Manager
        i. Week days = 25%
        ii. Weekends = 75%
Recommendations:

The bandwidth limitation in this scenario would demand an upward network traffic control from the OC to the corporate campus. In that case, it is recommended to install a secondary site which comes bundled with a proxy management point and local distribution point. Using a secondary site would guarantee that any data retrieved from managed clients will always be sent to the primary site in a controlled fashion. And the clients would not send data directly to the primary site in an unpredictable, and potentially bandwidth-impacting, pattern. This way, things like inventory information from all the clients will be bundled at the secondary site and sent to the primary at admin configurable schedules, thereby reducing the overall network impact from that location to the primary site.

Scenario: Newly acquired company (NAC)

  1. Newly acquired small company that has 1000 employees.
  2. All machines are in a separate forest with one-way trust between the NAC and the Corporate campus forest.
  3. Users: 1000
  4. Managed computers: 1300
  5. Link speed to Corporate Campus is 10 MBPS optical fiber link
    a. Bandwidth allocation for Configuration Manager
        i. Week days = 55%
        ii. Weekends = 85%
Recommendations:

The primary concern here is the one-way trust between the NAC forest and CC forest. Since site servers in ConfigMgr 2012 can only be installed when there is a two-way trust in place, the only option is to deploy remote site system roles like a Management Point and a Distribution Point into the NAC forest and enable forest discovery. Doing this would guarantee management of clients in the NAC and, since the link speed is fairly decent, we would not need to control the management of upward flowing traffic from NAC to OC.

Hope you felt this quick walkthrough of some real world scenarios helpful in establishing management of remote offices and locations using Configuration Manager 2012.

Feel free to let me know if you have suggestions/recommendations for future blog posts about topics in this area.

Abhishek Pathak
Microsoft Corporation| Program Manager | System Center Configuration Manager

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • how about one with a scenarios with new aquired companies and getting them up and running with ConfigMgr 2012. the requirements, etc.

  • Great scenario and recommendation review!  One question I have is this, in general what are the specific bandwidth requirments for a end node being managed by Config Mgr 2012?  Also, is there or will there be a "sizing guide" that details the relationship between # of end node devices and required bandwidth back to the Config Mgr server?