Documente Academic
Documente Profesional
Documente Cultură
Manager
Design Questionnaire
Prepared for
Client
Client Contact Name
Client Contact Email
Client Contact Phone
Prepared by
Arun Singh
Document Information
Status
Change History
Approvals
This document was approved by:
Distribution
This document must be distributed to:
Business objectives should be prioritized at the start of the project so that they are clearly understood
and agreed on by IT and business managers.
Following this guide should result in a design that is sized, configured, and appropriately placed to
deliver the stated business benefits, while considering the user experience, security, manageability,
performance, capacity, and fault tolerance of the system.
The guide addresses the scenarios most likely to be encountered by someone designing a SCCM
infrastructure.
Please note that the terms System Center Configuration Manager, ConfigMgr, Configuration Manager,
CM and SCCM all refer to the same Microsoft product, and the terms are used interchangeably.
Design Process
This guide addresses the following decisions and activities that must occur in planning the design for
SCCM. The following steps that represent the most critical design elements in a well-planned SCCM
design:
Page 5 of 33
Remote Tools;
Operating System Deployment;
User State Migration;
Security;
Remote Consoles;
Discovery;
Client Installation;
Design Hierarchy/Site.
The specific target machines that will become SCCM clients will be identified based on the project
scope and the selected features. Finally, the organizations service level expectations and future
growth plans will be documented to assist in the planning process.
Page 6 of 33
Software Updates Scans servers and workstations for
software updates and deploys those
updates.
Standardize Network Access Provides enforcement of software
configurations and Protection updates on clients before they can
compliance access network resources.
Settings Management Defines configuration standards and
policies, and audits standards
compliance throughout the
enterprise against those defined
configurations.
Software Metering Collects and reports on software
that is in use so that this can be
compared against licenses to ensure
software license compliance.
Manage machines off Wake on LAN Can power on a system, even when
hours its switched off, which is useful for
performing software distribution or
software updates during off hours.
Out of Band Can manage systems when they are
Management turned off, in sleep mode, in
hibernation mode, or otherwise
unresponsive. The managed
computer must have the Intel V-Pro
chip installed.
Take the Help Desk to Remote Control Remotely administer client
the user workstations. Useful for Help Desk
personnel needing to troubleshoot
individual user issues
Antimalware Endpoint Protection Provides antimalware security for
protection, policy- client computers and servers that
based security can be integrated directly into
management, and System Center applications; also
reporting provides historical reporting of
malware events and client status.
Manage outside the Internet client Enables management of clients that
enterprise are beyond the organizations
firewall boundaryfor example, on
the Internet.
Mobile device Mobile devices, such as phones, can
management run a capabilities subset, such as
inventory and software distribution
(cannot be managed by remote
control or receive operating system
deployments like desktop clients).
Page 7 of 33
SCCM Infrastructure
Now that the scope has been identified, there are many constraints of its own that would affect a
SCCM Infrastructure. The following questions will help to identify the various elements and
components that will make up the base SCCM hierarchy.
Questionnaire
1. Physical locations
2. Network connectivity
4. Server location
6. Client Connectivity
Connection Number
8. Are any acquisitions or divestitures planned in the environment in which SCCM will be
implemented?
11. Can this solution be totally virtualized? If yes, which virtualization platform will be used?
Location
Page 8 of 33
13. Should a DR planning be part of the project?
14. If the solution is totally virtualized, can the DR planning be held as part of the
virtualization solution (ie. Server replication, VMotion, etc)
16. Should SQL Server (Installation and Configuration) be part of the project?
17. Should SQL Reporting Services (Installation and Configuration) be part of the project?
Location
19. Will 3rd Party Software be considered as part of the project? (ie. 1E Nomad)
20. If required, Should Public Key Infrastructure (Design, Installation and Configuration) be
part of the project?
21. If required, Should configuration of the Active Directory for Bitlocker be part of the
project?
Location Language
Page 9 of 33
Inventory
Inventory is responsible for collecting information about the clients machines hardware and
software resources. This information includes installed hardware, memory statistics, hard disk space
usage as well installed software patches.
The inventory information is often used to effectively target the installation of new software
packages. For example, when deploying Microsoft Office 2007; it is possible to use the inventory to
generate a report of the clients that meets the required installation prerequisites.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
Hardware Inventory
1. How often should it be updated?
Software Inventory
1. How often should it be updated?
Asset Intelligence
1. Should Asset Management manage Microsoft Volume License licenses?
Page 10 of 33
3. Should it synchronize its database with Microsoft online? If yes, how often?
Page 11 of 33
Software Distribution
Software distribution feature provides a set of tools and resources that help you create and manage
applications and packages used to distribute software to client resources within your enterprise.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. List all applications (Manufacture, name, version, service pack, size, deployment type) that
you believe will be deployed to your organisations client resources using SCCM.
5. How often a re-evaluation of the system should happen for software that is required to be
installed?
7. When requesting software via web portal that requires approval, should an e-mail be sent
to his/her manager? If yes, is this information populated into Active Directory?
Page 12 of 33
Software Updates
The software updates feature provides a set of tools and resources that can help manage the
complex task of tracking and applying software updates to client computers in the enterprise.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. List of existing Windows Software Update Service in use
Categories Included?
Critical Updates
Definition Updates
Drivers
Feature Packs
Service Packs
Tools
Update Rollups
Updates
3. List of Microsoft Software to be patched
6. List of Scan/evaluation
Date/Time Computer
Page 13 of 33
9. Will Software Update be used to patch non-Microsoft software? If yes, can 3rd party
software be used?
Page 14 of 33
Application Virtualization
Application virtualization is at the heart of Microsoft Application Virtualization (App-V). It decouples
applications from the operating system and enables them to run as network services. Application
virtualization can be layered on top of other virtualization technologiesnetwork, storage,
machineto create a fully virtual IT environment where computing resources can be dynamically
allocated in real-time based on real-time needs. App-V's patented application virtualization, dynamic
streaming delivery, and centralized management technologies make everything from deployments
and upgrades to migrations and business continuity initiatives easier and faster with better agility:
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Does your company SA gives you access to the MDOP package?
3. List all applications (Manufacture, name, version, service pack, size that you believe will be
deployed to your organisations client resources using SCCM.
Application Middleware
Page 15 of 33
Software Metering
Software metering in SCCM allows you to monitor and collect software usage data on SCCM clients.
The collection of this usage data is based on software metering rules that can be configured by the
administrator in the SCCM console, or by the automatic generation of rules based on usage data
collected by SCCM inventory. These rules are evaluated by the software metering client agent on
SCCM client computers, which collects metering data and reports this back to the site database.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. How often Software Metering should be reported?
Page 16 of 33
Settings Management
The SCCM desired configuration management (DCM) feature provides a set of tools and resources
that can help assess and track configuration compliance of client computers in the enterprise.
Desired configuration management in SCCM allows you to assess the compliance of computers with
regard to a number of configurations, such as whether the correct Microsoft Windows operating
system versions are installed and configured appropriately, whether all required applications are
installed and configured correctly, whether optional applications are configured appropriately, and
whether prohibited applications are installed. Additionally, you can check for compliance with
software updates and security settings.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Will Settings be used for Servers (Application Monitoring)?, if Yes, List all applications that
will be monitored
Page 17 of 33
Network Access Protection
The SCCM Network Access Protection (NAP) feature provides a set of tools and resources that can
enforce compliance of software updates on client computers to help protect the integrity of your
enterprise network.
Network Access Protection (NAP) is a policy enforcement platform built into Windows 7, Windows
Vista, and Windows Server 2008 operating system that lets you better protect network assets by
enforcing compliance with system health requirements.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Is the Windows 2008 Network Access Protection in place?
2. How often the evaluation cycle will happen? Will it be a fresh scan every time?
3. Will it use the same Active Directory Forest? If not, what is the other domain suffix
Page 18 of 33
Wake On Lan and Power Management
Configure scheduled SCCM activities to take place outside business hours using the Wake On LAN or
Power Management feature, which has the following benefits:
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Will Wake On Lan be used?
3. Are users allowed to exclude their devices from power management? If no, any exception?
User / Group
Page 19 of 33
Out of Band Management
Out of band management in SCCM provides powerful management control for computers that have
the Intel vPro chip set and a version of the Intel Active Management Technology (Intel AMT) that is
supported by SCCM.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Are all machines v-pro capable?
Page 20 of 33
Remote Tools
SCCM remote tools allow you to remotely access and operate client computers in the SCCM site
which have the remote tools client agent components installed.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Will users be able to change the local settings?
Page 21 of 33
Operating System Deployment
Operating System Deployment allows you to create operating system images and deploy those
images to target computers. Operating System Deployment also provides task sequences which help
facilitate the deployment of operating system images, and other SCCM software
applications/packages.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Will OS Deployment be integrated with MDT?
3. Will OS migration be used? (ie: from XP to Windows 7, from Windows 7 to Windows 7).
4. If Question 3 is yes, will the Migration be responsible for saving users profile?
6. If question 5 is yes, does your network (switches/routers) support Multicast? If yes, any
exception
Location
11. Does your organization need deploy OS to any computer that SCCM do not know?
(Unknown computer support), if yes, should it use password?
12. Does the OS refresh/migration need install application that was already installed?
Page 22 of 33
13. Is there any disk encryption used?
15. Will BitLocker be used? If yes, will recovery key be stored in active directory?
Page 23 of 33
User State Migration
A key goal of the project is to ensure that the users do not lose their locally stored files or settings
during the deployment process.
As such, the locally stored user data will be preserved using the Microsoft User State Migration Tool
(USMT).
Questionnaire
1. Should OS Deployment save user profile?
2. Should Offline capture be used? If yes, should BitLocker be disabled before installing new
OS (if applicable)?
4. Should users profile be saved on a remote server? If yes, for how long it should be kept
there?
5. Should users profile be saved locally/on a USB disk when no remote server available or on
a remote site with unreliable/slow network connectivity?
Application Settings
Settings
9. Regional Settings
11. Exclude user profile on last logon? If yes, since when (Number of days / specific date time)
Page 24 of 33
Security
By default, only administrators have access to all SCCM features. Non-administrators may need
access to only a subset of features and this access should be controlled.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. List of user/group with their respective access
2. Is there any requirement to split the management in more than one SCCM infrastructure?
Remote Consoles
The SCCM console is the primary interface to configure, run, and access SCCM features and tools and
it is required to accomplish the day-to-day tasks required to configure sites, maintain SCCM site
database, and monitor the status of a SCCM hierarchy.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. How many concurrent consoles will be used?
2. List of connections
Page 25 of 33
Discovery
An important concept to understand in SCCM is that of resource discovery. Before a client machine
can be controlled and managed by SCCM it must be discovered.
The discovery process is important to initially find all resources, and also on an on-going basis so that
newly built machines can be discovered quickly and added to the SCCM site database. Discovering
resources is the first phase of the client deployment process.
Once a resource has been discovered a Discovery Data Record, or DDR, is created and recorded in
the SCCM site database.
IP subnets
Operating system name and version
Domain or workgroup
Last logon user name
Name of discovery agent that generated the DDR
Questionnaire
1. Which of the following Discovery methods will be used?
Page 26 of 33
Active Users Domain
Directory controllers
User
Discovery
Active Groups Domain
Directory controllers
Group
Discovery
Heartbeat Computers The
discovery discovered
computer
Network Computers, Network
Discovery routers and devices
devices that
respond to
network
requests
2. Should the membership of distribution groups be discovered? (applicable to Active
Directory Group Discovery)
3. Only discover computer that have logged on to a domain recently? If yes, what is the time
since last logon (days)? (applicable to Active Directory System Discovery and Group
Discovery)
4. Only discover computer that updated their computer account password recently? If yes,
what is the time since last password update (days)? (applicable to Active Directory System
Discovery and Group Discovery)
5. Forest Discovery
Page 27 of 33
9. Network Discovery
Data Value
Type of Discovery
Slow network awareness
Subnets
Domains
SNMP
SNMP Devices
DHCP
Page 28 of 33
Mobile Device Management
Organizations with mobile devices, such as smart phones and tables that operate beyond firewalls
but must be managed centrally.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. List of mobile device types
3. Will users be able to enrol mobile devices? If yes, list users and groups
User / Group
4. If answer of question 3 is yes, what are the Issuing Certification Authorities and the Mobile
device template to be used?
5. Should Exchange Active Sync be used to manage mobile devices? If yes, list the exchange
servers and accounts
Page 29 of 33
Client Installation
The next phase is to install the SCCM client software on the clients. The following section details the
various installation methods available in SCCM.
Page 30 of 33
If the Active Directory schema installation properties to
has been extended, computers in your site.
computers can read
installation properties
published to Active Directory.
Logon script installation Does not require computers to Can cause high network traffic
be discovered before the if a large number of clients are
client can be installed. being installed.
Supports using command line
properties for CCMSetup.
Manual installation Does not require computers to No automation, therefore time
be discovered before the consuming.
client can be installed.
Can be useful for testing
purposes.
Supports using command line
properties for CCMSetup.
Upgrade installation Can leverage the features to Can cause high network traffic
(software distribution) upgrade the client by when distributing the client to
collection, or to a defined large collections.
timescale. Can only be used to upgrade
Supports using command line the client software on
properties for CCMSetup. computers that have been
discovered and assigned to the
site.
Upgrade installation Can leverage the features to Can cause high network traffic
(automatic upgrade) upgrade the client by when distributing the client to
collection, or to a defined large collections.
timescale. Can only be used to upgrade
Supports using command line the client software on
properties for CCMSetup. computers that have been
discovered and assigned to the
site.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
1. Client Installation method
2. If client push enabled, will Client installation be automatic or manual after initial
discovery?
Page 31 of 33
Endpoint Protection
Endpoint Protection uses SCCMs capabilities to perform tasks such as deploying antimalware
clients, enforcing security policies on endpoints, managing devices, and alerting administrators to
events.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
Automatically install Endpoint Protection on client computers? If yes, any exception?
Computer
Computer
Allow Endpoint Protection client installation and restart outside maintenance windows? If
yes, any exception?
Computer
Supress any required computer restarts after Endpoint Protection installation? If yes, any
exception?
Computer
Allow users to postpone restart after Endpoint Protection installation? If yes, any
exception?
Allow 1st definition update download only from SCCM infrastructure? If yes, any
exception?
Computer
Anti-malware policy
Page 32 of 33
Real-time protection
Exclusion Settings
Advanced
Threat overrides
Microsoft Active Protection
Services
Definition updates
Windows Firewall Policies
Page 33 of 33