Design Recommendation and Installation Prerequisites
- April 18, 2022
- Posted by: Laraonline2020
- Category: End User Computing
SCCM HARDWARE REQUIREMENTS
Design Recommendation and Installation Prerequisites : In the first part, we will cover SCCM installation prerequisites most specifically hardware requirements, design recommendations, and server prerequisites.
The hardware requirements for a Primary Site server largely depends on the features that are enabled, and how each of the components is utilized. When the number of clients grows and changes, the server hardware requirements change accordingly. For the initial deployment, hardware requirements can be estimated for each server by determining:
- The overall need for each component (Will you do Operating System Deployment ? How many daily software deployments ? Is Inventory and reporting being important for your organization? Will you manage Internet Client ?)
- The number of clients planned to be installed
- The load on each of the installed SCCM components
In general, medium environments (couple thousand clients) should consider the following recommendations when planning hardware:
- SCCM and SQL Server communicate constantly. We recommend that the main database and SQL Server be installed on the Primary site server. This is fully debatable, and we understand that some organization tries to standardize their SQL distribution. Performance is simply better using a local installation when configured properly
- Neither the SCCM site nor the SQL database should share their disks with other applications
- Configure the SQL Server databases and logs to run on a different disk than the disk where the SCCM database is located.
Another issue to consider when determining hardware requirements for a site server is the total amount of data that will be stored in the database. To estimate the required database size for a single site, an approximate figure of 5Mb to 10Mb per client is typically used.
In our setup, we will install a single Primary Site that has the role of Management Point, Reporting Point, Distribution Point, PXE Service Point, State Migration Point, Fallback Status Point and Software Update Point. SQL Reporting Services will be used to provide consolidated reporting for the hierarchy. This role will also be installed on the SCCM Server. Running reports can have an impact on server CPU and memory utilization, particularly if large poorly structured queries are executed as part of the report generation.
Consider placing client-facing role (Distribution Point, Reporting Point) on a separate server to reduce load on your Primary server.
Here’s our recommended reading about hardware requirements:
SCCM INSTALLATION GUIDE
- Design a hierarchy of sites
- Recommended hardware
- Supported configurations
- Plan for the site database
- Plan for site system servers and site system roles
We strongly recommend that you understand SQL Server before installing SCCM. Talk and have a good relationship with your DBA if you have one in your organization.
Here’s our recommended reading about SQL :
- Storage Top 10 Best Practice
- SQL Server Best Practices Article
- Disk Partition Alignment Best Practices for SQL Server
For this post, our servers run Windows 2019 with latest security patches
Make sure that your OS is supported, see the SCCM Current Branch Technet Documentation
Disks IOs are the most important aspect of SCCM performance. We recommend configuring the disks following SQL Best practice. Split the load on a different drive. When formatting SQL drives, the cluster size (block size) in NTFS must be 64KB instead of the default 4K. See the previously recommended reading to achieve this.
|E:\||SQL Database (64K)||40GB|
|F:\||SQL TempDB (64K)||40GB|
|G:\||SQL Transaction Logs (64K)|
SQL TempDB Logs
PRIMARY SITE SERVER PREREQUISITES
Once your hardware is carefully planned, we can now prepare our environment and server before SCCM Installation.
ACTIVE DIRECTORY SCHEMA EXTENSION
You need to extend the Active Directory Schema only if you didn’t have a previous installation of SCCM in your domain. If you have SCCM 2007 already installed and planing a migration, skip this step.
- Logon to a server with an account that is a member of Schema Admins security group
- From SCCM ISO run .\SMSSETUP\BIN\X64\extadsch.exe
Check schema extension result, open Extadsch.log located in the root of the system drive
CREATE THE SYSTEM MANAGEMENT CONTAINER
Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services
- Start ADSIEdit, go to the System container and create a new Object
Enter System Management
Set security permission
- Open properties of the container System Management created previously
In the Security tab, add the site server computer account and Grant the Full Control permissions
- Click Advanced, select the site server’s computer account, and then click Edit
- In the Applies to list, select This object and all descendant objects
- Click OK and close the ADSIEdit console
Create the necessary accounts and groups created before installation. You can use a different name, but I’ll refer to these names throughout the guide.
- SQL server services account – SCCM-SQLService
- SCCM Network Access Account – SCCM-NAA
- Domain user account for use SCCM client push install – SCCM-ClientPush
- Domain user account for use with reporting services User – SCCM-SQLReporting
- Domain account used to join machine to the domain during OSD – SCCM-DomainJoin
- Domain group containing all SCCM Admins Group – SCCM-Admins
- Domain group containing all SCCM servers in the hierarchy Group – SCCM-SiteServers
- Make sure that the server has a fixed IP and that internet connection is up
- Make sure the firewall service is ON
Run this script in an elevated command prompt order to open the necessary ports needed for SCCM.
** If you are using custom ports, change the values before running the script. **
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name=”SQL Admin Connection” dir=in action=allow protocol=TCP localport=1434
@echo Enabling conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh advfirewall firewall add rule name=”SQL Debugger/RPC” dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name=”Analysis Services” dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=2382
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh advfirewall firewall add rule name=”HTTP” dir=in action=allow protocol=TCP localport=80
@echo Enabling SSL port 443
netsh advfirewall firewall add rule name=”SSL” dir=in action=allow protocol=TCP localport=443
@echo Enabling port for SQL Server Browser Service’s ‘Browse’ Button
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=1434
@echo Allowing Ping command netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow
WINDOWS SERVER FEATURES
On the Primary site server, the following components must be installed before SCCM installation. We’ll install all these components using a PowerShell script.
- .Net Framework 3.51 SP1
- .Net Framework 4
- Remote Differential Compression
- BITS Server Extension
- WSUS 3.0 SP2
- Report Viewer
- ADK for Windows 8.1
ROLES AND FEATURES
On the Site Sever computer, open a PowerShell command prompt as an administrator and type the following commands. This will install the required features without having to use the Windows 2012 GUI.
Install-WindowsFeature NET-Framework-Features -source \\yournetwork\yourshare\sxs
Ensure that all components are showing as SUCCESS as an EXIT Code. It’s normal to have Windows Update warnings at this point.
Select the default path
Do not join CEIP
Accept the License Agreement
- Install the following components
- Deployment Tools
- Windows Pre-installation Environment
- User state Migration tool
- Add the computer account of all your site servers in the SCCM-SiteServers AD group
- Ensure that the group has Full Control on the SYSTEM Container in Active Directory
LOCAL ADMIN ACCOUNTS
Add both SCCM computer account and the SCCM Admin account to the local administrator group on the site server.
If applicable, uninstall SCCM 2007 client and FEP if present on the server before the installation. If the client is present, the 2012 SCCM Management Point installation will fail.
Run windows update and patch your server to the highest level
Your server is now ready for the SQL installation.
Live Instructor-led Online Training