Post on 21-Dec-2015
Microsoft Systems Microsoft Systems Management Server Management Server Implementation at SLACImplementation at SLAC
Freddie ChowFreddie Chow fchow@slac.stanford.edufchow@slac.stanford.edu
Stanford Linear Accelerator CenterStanford Linear Accelerator Center
ContentsContents
OverviewOverview SLAC NT EnvironmentSLAC NT Environment Current StatusCurrent Status Work-In-ProgressWork-In-Progress Some RecommendationsSome Recommendations SummarySummary
OverviewOverview
Systems management tool set by Systems management tool set by MicrosoftMicrosoft
Require MS SQL Server 6.x or 7.0Require MS SQL Server 6.x or 7.0 Current SMS Version 2.0 with SP1Current SMS Version 2.0 with SP1 SLAC uses v1.2 and working on SLAC uses v1.2 and working on
upgrading to v2.0upgrading to v2.0
Components of SMSComponents of SMS
Software/Hardware InventorySoftware/Hardware Inventory Remote ToolsRemote Tools Software DistributionSoftware Distribution SMS Installer SMS Installer Shared Network ApplicationShared Network Application Network MonitorNetwork Monitor
SLAC NT EnvironmentSLAC NT Environment
Single master domain modelSingle master domain model 13 Windows NT domains13 Windows NT domains ~1400 NT machines~1400 NT machines Windows NT is supportedWindows NT is supported
A Bit of HistoryA Bit of History
~ 2 1/2 years back searched for a central ~ 2 1/2 years back searched for a central management softwaremanagement software
Looked at NICE/NT, SMS, LANDesk Looked at NICE/NT, SMS, LANDesk Mgmt, etc.Mgmt, etc.
SMS matched SLAC environmentSMS matched SLAC environment Collaborated with BSD, project startedCollaborated with BSD, project started SLAC Computing Service and other SLAC Computing Service and other
departments wide collaboration projectdepartments wide collaboration project
SMS Architecture at SLACSMS Architecture at SLAC
2 SMS primary sites2 SMS primary sites 9 NT domains managed by SMS9 NT domains managed by SMS ~1000 Windows NT machines (~71%)~1000 Windows NT machines (~71%) Business Service Division - One siteBusiness Service Division - One site
• To support secured networkTo support secured network 8 other domains - One site8 other domains - One site
Architecture - Architecture - continuedcontinued
SLAC-wide Site SLAC-wide Site • Primary site serverPrimary site server
– Dual PP200, 256MBDual PP200, 256MB
• 3 Distribution servers3 Distribution servers– 2 Dual PP200, 256MB, RAID 5, 1 PP200, 128MB2 Dual PP200, 256MB, RAID 5, 1 PP200, 128MB
BSD SiteBSD Site• Primary site server, also distribution serverPrimary site server, also distribution server
– PII 400, 256MBPII 400, 256MB
Security ModelsSecurity Models
Integrated, Standard, Mixed modesIntegrated, Standard, Mixed modes Standard mode at SLAC on v1.2Standard mode at SLAC on v1.2
• Requires MS SQL server login + NT login Requires MS SQL server login + NT login More granular security on v2.0More granular security on v2.0
What have been done?What have been done?
Standardize on hardware and software Standardize on hardware and software configuration (on going)configuration (on going)
Software distributionSoftware distribution Use of remote toolsUse of remote tools Inventory reportsInventory reports Shared Network Application (tested) Shared Network Application (tested)
Hardware StandardizationHardware Standardization
Name brand vendor for hardware Name brand vendor for hardware Clone not recommendedClone not recommended Workstations, laptops - DellWorkstations, laptops - Dell Servers - Compaq, DellServers - Compaq, Dell
Desktop StandardizationDesktop Standardization
Scripted install of workstationsScripted install of workstations Maintain known configurationMaintain known configuration Format disk and reinstall as time Format disk and reinstall as time
permitspermits
Software DistributionSoftware Distribution
Use Package Command Manager serviceUse Package Command Manager service Unattended installUnattended install
• NT 3.51 to 4.0 upgrade, NT4 SP3, SP4, NT 3.51 to 4.0 upgrade, NT4 SP3, SP4, SP5, Post-SP Hotfixes, IE 4.x, Netscape SP5, Post-SP Hotfixes, IE 4.x, Netscape Communicator 4.x, Meeting Maker, Virus Communicator 4.x, Meeting Maker, Virus Definition Files, SolidEdge CAD Software, Definition Files, SolidEdge CAD Software, InocuLAN, Software Patches, Uninstall InocuLAN, Software Patches, Uninstall VirusScan, TeraTerm, AFS Client 3.5 (beta), VirusScan, TeraTerm, AFS Client 3.5 (beta), etc.etc.
Use of Remote ToolsUse of Remote Tools
User supportUser support• Remote trouble-shooting, user educationRemote trouble-shooting, user education
Servers supportServers support Essential tool for work-from-home Essential tool for work-from-home
adminsadmins Network Monitor - restricted usageNetwork Monitor - restricted usage
Inventory ReportsInventory Reports
Some samples:Some samples:• Check for NT Service Pack in a domain, in all Check for NT Service Pack in a domain, in all
domainsdomains• List IP address of machines in a domain (for List IP address of machines in a domain (for
network change)network change)• List CPU MHz, RAM, user, office number, List CPU MHz, RAM, user, office number,
etc.etc. Customized reports - use Crystal Reports Customized reports - use Crystal Reports
Shared Network Shared Network ApplicationApplication
Tested, but not in productionTested, but not in production
Miscellaneous IssuesMiscellaneous Issues
Locked/powered off machines resulted Locked/powered off machines resulted in failed software distributionin failed software distribution
Home connections very slow for Home connections very slow for software distribution support software distribution support
Domain administrators need to keep Domain administrators need to keep accurate machine listsaccurate machine lists
BenefitsBenefits
Shorter response timeShorter response time• Shorter downtime, higher productivityShorter downtime, higher productivity
Reduce TCOReduce TCO• No more house calls for software No more house calls for software
install/upgrade install/upgrade Quick response to security vulnerability Quick response to security vulnerability
• Apply NT hotfixes to a domain in one nightApply NT hotfixes to a domain in one night Eliminate human errors Eliminate human errors
In ProgressIn Progress
Upgrade to SMS Version 2.0 - testingUpgrade to SMS Version 2.0 - testing Develop internal training materialDevelop internal training material Evaluate complementary toolsEvaluate complementary tools Evaluate Windows2000 deployment Evaluate Windows2000 deployment
Anticipated Usage with Anticipated Usage with SMS 2.0SMS 2.0
All of the aboveAll of the above Enforcing software licensing requires all Enforcing software licensing requires all
NTs on SMSNTs on SMS Turn on software meteringTurn on software metering Fine-tune securityFine-tune security Security fixes, Service Packs on Security fixes, Service Packs on
Windows2000, etc.Windows2000, etc.
Some RecommendationsSome Recommendations
Architecture is based on environmentArchitecture is based on environment SMS 2.0 with SP1, SQL Server 7.0SMS 2.0 with SP1, SQL Server 7.0 Servers requirement sizingServers requirement sizing
• CPU MHz, RAM, disk space, RAIDCPU MHz, RAM, disk space, RAID• How many servers ?How many servers ?• Where to put which server ?Where to put which server ?
Test, test, test before deploymentTest, test, test before deployment
SummarySummary
Essential tool set for managing Essential tool set for managing Windows environmentWindows environment
Reduce TCOReduce TCO Complexity - highComplexity - high SLAC NT administrators like it SLAC NT administrators like it