Another step in the right direction for SMS
Like any good incremental release, Microsoft Systems Management Server (SMS) 2003 improves on the features of its predecessor. Although the stability and reliability of SMS 2.0 improved with every service pack, the service packs couldn't address the product's primary shortcomings. Customers had asked for out-of-the-box support for Active Directory (AD) integration, support for mobile clients, a smoother upgrade and deployment experience, less impact on current infrastructure, software metering that's truly scalable, and a more tightly integrated management suite. Before discussing the improvements that Microsoft has made in SMS 2003 in response to these customer requests, let's take a quick look at SMS, including its architecture.
What Is SMS?
SMS is a Change and Configuration Management (CCM) tool that's ideally suited for medium and large AD-based Windows networks. SMS provides a suite of tools for centralized asset management, application and patch deployment, and remote support.
Centralized asset management. Hardware inventory, software inventory, and software metering provide SMS's asset-management capabilities. Hardware inventory relies on Windows Management Instrumentation (WMI) to collect information (e.g., processor speed, amount of RAM, services installed) about each managed computer. Software inventory collects information about all the executables (and optionally other file types) on each managed computer. Software metering collects information about the frequency of application use and the amount of time each application is open.
Application and patch deployment. SMS's software-distribution feature provides the underlying infrastructure to support application and patch deployment. This feature can use elevated permissions to install applications, patches, or any other file (e.g., a virus-definition file update). This capability is crucial in environments in which users don't have the necessary rights to install software locally. Alternatively, the software-distribution feature can operate in the target user's security context to complete an installation.
Remote support. SMS Remote Tools lets you remotely control SMS clients and perform other tasks. SMS Remote Tools consists of an SMS Management Console component and a set of client-side remote tools called the Remote Tools Client Agent.
SMS 2003 Architecture Primer
Understanding the SMS architecture is an important piece of appreciating this systems management solution. An SMS implementation contains sites, a site hierarchy, site systems, and clients. Each SMS site is a logical grouping of SMS clients and servers in a network. An IP subnet or an AD site delineates the boundaries of each SMS site, and this delineation is called an SMS site boundary. Each site boundary determines whether computers should have the SMS client installed and, for existing SMS clients, which SMS server components (i.e., site servers and site systems) service them.
Sites share a parent-child relationship with one another to create a site hierarchy. Information (e.g., inventory data) from child sites percolates up through the site hierarchy to parent sites. Ultimately, SMS stores the data from child sites and parent sites in a Microsoft SQL Server database.
There are two types of SMS sites: primary sites and secondary sites. Each primary site consists of a site server with a SQL Server database. SMS stores the inventory, metering, and configuration data from that site and its child sites in the database. Each secondary site consists of a site server that doesn't have a database. A primary site can have child sites that are either primary sites or secondary sites. A secondary site is always at the bottom of a site hierarchy. Therefore, a secondary site can't contain child sites, and its parent site will always be a primary site.
In small SMS installations, site servers can run all the necessary SMS services. In medium and large SMS installations, you need to distribute the SMS services among multiple computers in a site. Each computer (including site servers) that runs an SMS service is called a site system. The services are referred to as site system roles. Table 1 describes the site system roles that a computer might implement. Note that the name of a site system role is often used to refer to the site system performing that role. For example, the computer performing the client access point (CAP) role is often referred to as a CAP.
Although Table 1 shows that CAPs and management points serve the same purpose, the types of clients they support differ. CAPs serve Legacy Clients, whereas management points serve Advanced Clients. (We explain the difference between the two client types in the "New Type of Client" section.)
All site systems, with the exception of management points, must run Windows 2000 Service Pack 2 (SP2) or later. Management points must run Win2K SP3 or later. In addition, you must deploy AD and extend the AD schema with SMS 2003 classes to realize all the benefits of SMS 2003. SMS 2003 uses these classes to create AD objects for sites, boundaries, server locator points, and management points.
To get a better picture of the SMS 2003 architecture, it helps to examine how information flows through a simple SMS site hierarchy. Suppose you have an SMS hierarchy that contains a primary site and a child secondary site, which has an Advanced Client and a management point. For simplicity, the primary and secondary site servers assume all the other site system roles.
Let's first look at how information flows in a hardware inventory. The hardware inventory begins when the Advanced Client retrieves configuration information, which includes a hardware inventory schedule, from the management point in the secondary site. The Advanced Client conducts a local hardware inventory according to the schedule and sends the inventory data back to the management point. The management point then sends the hardware inventory data to the secondary site server, which sends the inventory data to the primary site server. The primary site server writes the inventory data to its database.
Now consider how software distribution works in the same environment. The Advanced Client polls the management point periodically to see whether it needs to install any software. When the Advanced Client determines that it needs to install software, it obtains a list of distribution points from the management point. (In this scenario, the primary and secondary site servers assume the distribution-point role.) The Advanced Client then contacts the local distribution point in the secondary site to obtain the software. During the software distribution, the Advanced Client reports the status (e.g., receiving the installation instructions, starting the installation) to the management point. The management point then passes the status data to the secondary site server, which forwards the data to the primary site server. Finally, the primary site server writes the status information to its database.
Now that you have a basic understanding of SMS, let's look at the improvements Microsoft made in SMS 2003. Namely, Microsoft improved the installation and upgrade processes, created a new type of client, added a new method for deploying clients, improved hardware and software inventory, enhanced software distribution, added support for native remote tools, redesigned the software-metering feature, increased the number of Web Reports, enhanced a patch management add-on, and designed new feature packs and client packs.
Easy Installation and Upgrade
Making new installations of SMS 2003 easy and making upgrades from SMS 2.0 smooth were key focus areas for Microsoft during the development of SMS 2003. The two most notable installation improvements from SMS 2.0 to SMS 2003 are the removal of SMS logon points and the addition of the Deployment Readiness Wizard (DRW).
During the installation of a site system, SMS creates all roles on the site server. By default, a new primary site server assumes the CAP and distribution-point roles. New client installations and Advanced Clients require the presence of server locator points and management points in the network, both of which require you to first install Microsoft IIS on the site server. This new architecture removes the need for logon points. The SMS logon point role in SMS 2.0 was problematic because, in many situations, the SMS Administrator didn't have full access to logon servers to install logon points.
To facilitate a smooth upgrade path, Microsoft created the DRW. This wizard ensures that the existing environment meets all upgrade prerequisites before you begin an SMS upgrade. Those prerequisites include the removal of SMS 2.0 logon points and verification that all SMS sites have at least SMS SP4 applied.
New Type of Client
Whereas SMS 2.0 supports only one type of client, SMS 2003 supports two client types: the Legacy Client and the Advanced Client. Microsoft recommends the Advanced Client for client PCs running Win2K or later because it's more efficient and reliable than the Legacy Client. The improved efficiency and reliability is especially important in slower or congested networks and in environments supporting mobile client computers.
The Advanced Client uses Microsoft's Background Intelligent Transfer Service. BITS throttles the Advanced Client's use of network bandwidth to avoid significantly affecting client computer performance resulting from SMS client activity. The Advanced Client also uses Checkpoint restart, another key feature of BITS. With Checkpoint restart, the Advanced Client gracefully recovers from an interrupted session with a site system. When communication is restored, it can resume its session with the site server at the point where it left off.
Both the Advanced Client and the Legacy Client support the primary SMS features, but there are major differences in how SMS 2003 implements each client type. SMS 2003 installs all Advanced Client components at the same time on client computers. You can then enable each component from the SMS Management Console. In contrast, SMS 2003 installs the Legacy Client one component at a time. Thus, enabling a new Legacy Client component from the SMS Management Console generates additional network traffic, which makes the Advanced Client installation more efficient than the Legacy Client installation.
New Method for Deploying Clients
SMS 2003 provides an array of client deployment methods. Like its predecessor, SMS 2003 can install clients through the Client Push Installation method. When you use this method, SMS initiates the installation of the SMS client to all client computers in a site. New in SMS 2003 is the Client Push Installation Wizard. As Figure 1 shows, this wizard lets you initiate a client installation.
There are other installation methods that you can use. You can install Legacy Clients from the command line (with smsman.exe) or from a logon script (with capinst.exe). You can install Advanced Clients with the client.msi Windows Installer package. Because client.msi is an .msi file, you can deploy it a number of ways. For example, you can deploy it from the Software Installation node in the Group Policy snap-in, which has been renamed the Group Policy Object Editor snap-in in Windows Server 2003.
Improved Hardware and Software Inventory
Like SMS 2.0, SMS 2003 relies on WMI for hardware inventory. Although it's named hardware inventory, this feature collects both hardware and software information because the Common Information Model (CIM) repository (i.e., the WMI schema) contains both WMI hardware and software classes that the Hardware Inventory Agent uses to collect data.
By default, SMS 2003 collects the most common hardware inventory items, such as a computer's processor speed, hard disk size, physical memory capacity, installed services, and the contents of Add or Remove Programs. However, that default set of inventory data is only a small portion of the data that WMI can provide. You can augment or trim the default set of inventory data by editing the sms_def.mof file on the site server. (For more information about editing this file, see Chapter 2 of the "Systems Management Server 2003 Operations Guide," http://www.microsoft.com/resources/documentation/sms/2003/all/opsguide/en-us/ops_1kc7.mspx.)
The SMS 2003 Software Inventory Agent scans the header information of files to collect data such as the software's vendor, name, and version. By default, the agent scans all hard disks for files with an .exe extension. The Advanced Client lets you fine-tune software inventory scanning by adding other types of files to scan, by specifying which drives and directories to scan, and by excluding compressed and encrypted files.
Enhanced Software Distribution
SMS 2003's Advanced Client and BITS significantly improves the software-distribution process compared to that in SMS 2.0. You can use the Advanced Client and BITS to download all source files for a particular installation to a local client cache before installation begins. This practice can increase the success rate of software distributions because an interrupted download process can be later resumed without causing the subsequent application installation to fail.
SMS 2003's software-distribution process also provides a tremendous amount of flexibility in how you distribute programs. You can run application installations, scripts, or batch files for a set of computers, users, or groups.
New Support for Native Remote Tools
As we mentioned previously, SMS Remote Tools consists of an SMS Management Console component and the Remote Tools Client Agent. You can use the console component to access the Remote Tools Client Agent and other Windows-based remote-management technologies, such as Remote Assistance, Remote Desktop, and Terminal Services.
Although the remote control of a client computer is a core feature of SMS Remote Tools, it's not the only feature. You can also remotely reboot, transfer files, execute applications, and perform client diagnostics (e.g., perform a ping test against an SMS client computer).
SMS 2003 lets you use the SMS Management Console to launch the SMS Remote Tools and manage the remote tools natively found in client computers running Windows 2003 and Windows XP. (SMS 2.0 supports these capabilities; however, in SMS 2003, these capabilities are present by default.) As Table 2 shows, the native remote tools supported varies by the Windows OS. If you have clients running an OS that doesn't have any native remote tools, you can install the Remote Tools Client Agent and use the SMS Management Console to launch and manage the installed remote tools. You can skip the Remote Tools Client Agent installation if your clients are running OSs that have native remote tools and you want to use those tools exclusively.
Software Metering Makeover
SMS 2003's software metering bears no resemblance to its counterpart in SMS 2.0â€”a welcomed improvement. Microsoft completely rewrote the software-metering program so that it fully integrates with the SMS architecture. The software-metering program's sole purpose is to monitor application use; it isn't intended to prohibit software use. Software metering provides you with data about which applications are in use, when they're in use, and by whom. By combining this data with software-inventory data, you can identify installed but unused applications. This information can lead to reducing the number of software licenses, which might save your organization a significant amount of money.
More Web Reports
SMS 2003 provides even more canned Web Reports than its predecessor. SMS 2003 ships with more than 150 Web Reports. The reports use Active Server Pages (ASP) to execute SQL queries against the database and display the results in table or graph format. The reports can be copied to the clipboard, emailed, printed, saved to Favorites, or saved as a comma-separated value (CVS) file. You can also create dashboards that tie multiple reports to a grid.
SMS 2003's Web Reports are arranged in categories such as Hardware, SMS Site, Software, Software Distribution, Software Metering, and Status Messages. Some of the more useful reports include the Count reports in the Hardware category. With this report type, you can quickly sort and count computers by metrics such as disk size or processor speed, as Figure 2 shows.
Another helpful report counts all instances of software registered with the Control Panel Add or Remove Programs applet. This report lets you see all the software in an environment and the count of each product. However, note that the Add or Remove Programs applet shows only some of the installed software programs because not all programs register with this applet. In the Software Distribution category, the Status of a specific advertisement report shows you the percentage of clients that received a distributed application and the percentage of clients that installed the application successfully.
Enhanced Patch Management Add-On
SMS 2003's asset-management and software-distribution features make it an ideal tool for managing software updates. To further augment this capability, Microsoft released the Systems Management Server 2003 Software Update Scanning Tools. This suite of tools contains the Microsoft Office Inventory Tool, the Security Update Inventory Tool, and the Distributed Software Update Wizard. These tools collect patch information about all security vulnerabilities in a Windows environment and deploy fixes. The resulting inventory shows installed patches and patches that you should apply to each SMS client. You can then use the Distributed Software Update Wizard to deploy any required security patches within the SMS software-distribution framework.
You can download this tool set from the Microsoft Download Center at http://www.microsoft.com/downloads/details.aspx?familyid=88723540-2093-4276-910e-9ed1d3ae4a5e&displaylang=en. For other SMS 2003 downloads and a wealth of useful information about SMS, visit the SMS Web site at http://www.microsoft.com/smserver.
New Feature and Client Packs
The idea of adding extra features to SMS through feature packs and client packs began with SMS 2.0 and continues in SMS 2003. For SMS 2003, Microsoft currently offers the SMS 2003 Administration Feature Pack, which lets you perform site administration tasks more efficiently, and the SMS 2003 Advanced Client for Windows XP Embedded, which lets you manage Windows XP Embedded (XPe) client devices with SMS 2003.
In the near future, Microsoft will be offering two additional feature packs: SMS 2003 Device Management Feature Pack (in beta 2 as of this writing) and the SMS 2003 Operating System Deployment Feature Pack. The Device Management Feature Pack will add SMS client support for Windows CE 4.2 and Windows Mobile 2003Âbased devices. With this feature pack, you'll be able to manage mobile devices as SMS clients just as you would manage desktops and servers. With the Operating System Deployment Feature Pack, you'll be able to deploy and upgrade OSs from the SMS Management Console. This feature pack has its roots in the Microsoft Consulting Services (MCS) zero touch offering. (For more information about the zero touch offering, see http://www.microsoft.com/presspass/press/2003/aug03/08-20bddsolutionsaccelpr.asp.)
The Administration Feature Pack, Device Management Feature Pack, and Operating System Deployment Feature Pack are components in Microsoft System Center 2005. Targeted for release in late 2004, System Center 2005 combines SMS 2003 and Microsoft Operations Manager (MOM) 2005 to provide integrated enterprise management capabilities. For more information about System Center 2005, see the sidebar "Future Plans to Integrate SMS and MOM."
A Noteworthy Successor
SMS 2003 builds on its predecessor by providing the best features of SMS 2.0, augmenting others, and replacing features that didn't work well. The original goal of SMS was to facilitate CCM by creating a powerful and scalable management infrastructure. SMS 2003 has taken a big step forward in achieving that goal. Ultimately, SMS should help you lower your organization's cost of operations and increase the productivity of your existing staff.
| WINDOWS & .NET MAGAZINE RESOURCES |
Ed Roth, "Third Parties Enhance Microsoft's Systems Management Efforts"
Paul Thurrott, "What You Need to Know About Microsoft Systems Management Server 2003"
"Patch Management Using Microsoft Systems Management Server 2003"
"Scenarios and Procedures for SMS 2003: Planning and Deployment"
"SMS 2003 Deployment Readiness Wizard Procedures for Resolving Test Failures"
"Systems Management Server 2003 Concepts, Planning, and Deployment Guide"
"Systems Management Server 2003 Operations Guide"