Configuration management plays a vital role in any organization because it maintains the consistency of a product’s performance. It automates the delivery of software and applications efficiently. The IT team can use this to check for changes to any components. It enables them to quickly identify any bad changes and roll back to the last state.
There are various configuration management products available in the market right now. Microsoft’s SCCM really stands out. It provides tools to automate the delivery of software and applications. In this SCCM tutorial, we will help you in understanding all the basic concepts of SCCM.
What is SCCM?
Microsoft Endpoint Configuration Manager, which is formerly known as System Center Configuration Manager is a system management software. It was first released in the year 1994 as ‘Systems Management Server 1.0’. It is used to work on systems like Windows for Workgroups, Macintosh, LAN Manager, etc. It then incorporated many features over the years. The latest version of SCCM is the ‘Endpoint Configuration Manager 2002’ released on April 1st, 2020.
The Endpoint Configuration Manager is a software management suite that manages systems connected over the corporate network. The systems that it can manage include Windows, macOS (OS X), Linux, UNIX systems, and mobile devices like Windows Phone, Symbian, iOS, and Android. It became popular for several features that it provides, like network protection, patch management, operating system deployment, network access protection, and many more.
SCCM deploys operating systems and installs applications on a client system. It then keeps the system continuously updated with patches based on templates. It helps the IT team to employ standardization across all the systems in the network.
How does SCCM work?
When we want to deploy applications, we have to create them as packages in the SCCM console. The package usually contains executable files and the command lines useful for the applications to be deployed. Then we have to replicate these packages on the distribution points.
The distribution points are similar to file servers of a particular region to store the package contents. If a set of systems are remotely located, then they download the application from their distribution point. All the systems connected to SCCM will have SCCM Client agents installed on them. This will help them to communicate with the SCCM server.
The SCCM client agent on the client systems keeps checking for new deployments or policies. So when the admin creates a deployment for some systems, it will be picked up by the SCCM client agent. Once the policy reaches the client system, it evaluates it and downloads the package from its regional distribution point. Once the download of package content is complete, it installs the application and sends the status back to the SCCM server.
SCCM Architectural components
The architecture of SCCM contains several components. It is important to learn about how each of these components works. Sites are an integral part of the configuration Manager. The SCCM hierarchy of sites is based on the parent-child relationship. It contains the following three different site types.
- Single stand-alone primary site – It does not have any additional sites.
- Primary site – It has one or more secondary sites.
- Central administration site – It has one or more primary child sites. Each primary site further supports secondary sites.
Central Administration Site (CAS)
When an organization has more than 100,000 clients, it is recommended to follow the CAS architecture. So you can set up a hierarchy with multiple primary sites for regions. The CAS supports primary sites as child sites. It requires an SQL server to store the metadata of the hierarchy. 400,000 are the maximum number of clients that the entire configuration manager supports.
When an organization has less than 100,000 clients, it is recommended to set up a single stand-alone primary site. A primary site manages all the assigned clients connected to the network. We cannot set up a primary site under another primary site. It can only be tied down with secondary sites. It can support 250 secondary sites, 100,000 clients, and 10 management points. It also requires an SQL server to store the secondary sites and clients’ information.
A secondary site is useful to service clients present in remote locations. We can install a secondary site through the SCCM console. When the secondary site is installed, a management point and a distribution point will get deployed automatically. An SQL server express or full instance of SQL Server is needed for a secondary site. These are the direct child sites of a primary site. We cannot assign clients directly to a secondary site.
Features of SCCM / System Center Configuration Management Features
Let’s look at the features that the Microsoft SCCM offers.
We can cloud-attach our existing systems to the configuration manager through conditional access. We can manage Windows 10 devices concurrently with both Configuration Manager and Microsoft Intune.
It is a cloud-based service that provides insight and intelligence about your Windows systems. It aggregates the data from your organization with the collected data and provides analytics.
To manage internet-based clients, we can use cloud management gateway and cloud-based distribution points.
We can manage multiple online devices by using CMPivot. We can query the devices, filter, and group the data to get insights.
We can create, manage, deploy, and monitor applications on a specific set of systems. We can even integrate SCCM with the Microsoft Store to deliver cloud-based apps.
We can deploy an upgrade of Windows 10 to the client systems by deploying OS images. We can also re-deploy existing devices with Windows AutoPilot.
We can manage, deploy, and monitor software updates across the organization. We can also control network usage of the organization.
Company resource access
We can give access to remote clients for data and applications. We can do it through VPN, Wifi, etc.
We can assess, track, and remediate the compliance of client devices. We can also configure a range of features to manage.
It provides security and antimalware features like antivirus, firewall, exploits guard, and others for the systems in your organizations.
We can identify and monitor the assets of your organization. This includes both software and hardware inventory.
We can monitor software license data in your organization.
On-premises mobile device management
We can configure and manage on-premise devices. It currently supports Windows 10 Enterprise and Windows 10 Mobile devices.
We can monitor the power consumption of the systems in your organization.
We can remotely monitor client systems through the SCCM console.
SCCM provides hundreds of default reports.
We can monitor the software usage of the client systems connected to your organization.
Prerequisites for SCCM
Before going with the SCCM installation, it is necessary to prep your system with the following.
- Create a system management container in Active Directory.
- Extend the schema in AD
- Install .Net Framework 3.5
- Remote Differential Compression
- Windows Assessment and Deployment Kit (ADK)
- SQL server
We can verify if the system satisfies all the components required for SCCM through a prerequisite checker (Prereqchk tool).
SCCM Installation Process
Go to https://www.microsoft.com/Licensing/servicecenter/default.aspx and download the SCCM ISO package. Run the ‘splash.hta’ file to begin the installation. Choose the ‘Install’ option when the wizard opens. Click ‘Next’ for the next two screens. Choose the ‘Install a Configuration Manager Primary Site’ option and click ‘Next’. Enter the license key or evaluate and click ‘Next’. Accept the license agreements and click ‘Next’.
Create a folder that stores all the installation updates, specify the location to it, and click ‘Next’. The updates will download and start installing. Choose the language requirement for both the server and client. Click ‘Next’. Enter the 3 digit site code, description, and click ‘Next’. Choose the ‘Install the primary site as a stand-alone site’ option and click ‘Next’. Accept the database default information and click ‘Next’.
Specify the path of the SQL Server data file, SQL Server log file, and click ‘Next’. Leave the default settings for the SMS provider screen and click ‘Next’. Choose the ‘Configure the communication method on each site system role’ option and click ‘Next’. Choose both ‘Install a Management Point’ and ‘Install a Distribution Point’ options, and click ‘Next’. Leave the default settings on the usage data screen.
Go through the summary and click ‘Next’. Click ‘Begin Install’ to start the installation. You can check the progress of the installation in the progress bar. Click ‘Close’ when the installation is complete.
Difference between Microsoft Intune and SCCM (SCCM vs Microsoft Intune)
Both Microsoft Intune and SCCM tools are used for server management. However, they have some differences.
- SCCM can manage devices on-premise. Intune is a cloud-based technology that can manage devices on the cloud.
- SCCM can deploy and customize Windows systems, and Intune cannot.
- We can deploy Windows operating systems through SCCM. But we cannot do the same with Intune.
- Software metering is provided in SCCM. It is not provided in Intune.
- We can control who can access which product capabilities through SCCM. But we cannot do the same with Intune.
- Intune cannot support Microsoft Windows Server, but SCCM can support it.
- If you want to manage the systems both on-premise and on the cloud, we can go for a hybrid approach. Where we can use both SCCM and Intune to co-manage the devices.
Using SCCM, we can manage devices on-premise and on the cloud as well. It enforces compliance policies across all the systems in your organization. We can reduce the manual tasks of the IT team, thereby increasing efficiency for high-value projects.
Many organizations prefer SCCM as it provides the right software at the right time. The applications or updates deployed through SCCM are not only scalable but also secure. It uses the Azure Active Directory for security. When you plan carefully according to your business requirements, it reduces administrative overhead.