ud-b404 migration best practices from system center 2007 to 2012

Migration best practices from System Center 2007 to 2012Laszlo RuboczkiCEO and lead architectRUBEDI LTD

UD-B404

Who am I?

Laszlo Ruboczki

CEO and lead architect at RUBEDI ConsultingWorking with Microsoft technologies for more than 15 years. Specialized for IT operation and implementation support using System Center products

Agenda• Overview of new features which have an impact on

the migration• Design considerations• Prerequisite steps before start the migration• Migration process• Decommission of SCCM 2007

At this session we will not…• discuss all the new features of SCCM 2012 SP1• dig deep into the details of supporting 3rd party

platforms• learn the SCCM 2012 migration basics• develop your migration plan

Overview of new features which have an impact on the migrationReasons why we are moving to the new version of SCCM.

Capacity of SCCM 2012 SP1• SCCM 2012 in number of supported clients which

increased since last version• 400,000 per hierarchy• 100,000 per primary site• 25,000 per management point• 25,000 per software update point• 5,000 per secondary site

• Other objects:• 400,000 clients per Application Catalog Web components (50,000 for the best

performance)• 10,000 packages and applications per distribution point

More than 30%

increase

Not supported operating systems in SCCM 2012 SP1

• Windows Server 2003 Service Pack 1 and below• Windows Vista Service Pack 1 and below• Windows XP x86 Service Pack 2 and below• Windows XP x64 Service Pack 1 and below• Windows Server 2008 Service Pack 1 and below• Windows Itanium Server

Increase the level of Service Pack to the supported levelIMPACT

Migration design considerations

Migration Process

• Migrate the required objects• Check the functionality of the

migrated objects• Migrate clients in pilot• Perform bulk migration of

clients• Decommission the old SCCM

MIGRATE

• Install SCCM 2012 (ensure the required HW resources)

• Use the latest recommended OS and SQL level (2012)

• Perform the smoke and performance test on the new environment

BUILD

• Discover existing environment

• Level up SCCM 2007 SP2• Select objects to be migrated• Design the new hierarchy

PLAN

PLAN for site boundaries

Consideration SCCM 2007 SCCM 2012

Security boundaries - delegation New site Role Based Access Control

Site-wide settings New site Client settings

PXE with DP Secondary site Distribution point

Manage computers in other AD forests New site Client Push installation

In most cases only one SCCM 2012 site server is enoughIMPACT

Supported hierarchy in SCCM 2012 SP1• You can specify parent site for a primary site anytime (it was

limited before Service Pack 1)• Not necessary to install a primary or secondary site in every

domain or forest• SCCM 2012 supports agents in untrusted forest and domains• Impact of Pull Distribution Points

Supported upgrade paths from SCCM 2007

• No in-place upgrade path for SCCM 2007 to SCCM 2012

• Only side-by-side upgrade is supported (content migration only)

• Built-in tools and features supports the migration

Prerequisite steps before start the migration

Active Directory Schema Extension

...if you previously extended the schema for SCCM 2007 SP2...

BUT add the new SCCM 2012 server object with FULL admin right to the System Management OU in ALL concerning Active Directory domains

NOT NEEDED

Server side

• Build the new SCCM 2012 environment

• Ensure the required HW resources• 16 GB RAM is REALLY recommended

• Ensure the required software components• OS: Windows Server 2012• SQL: SQL Server 2012 with Service

Pack 1

Client side• Install BITS 2.5 to all system where applicable• Migrate the service pack level of the clients to the supported

level of SCCM 2012• Disable Group Policies configuring SCCM agent

• Change WSUS configuration Group Policies to the new WSUS server

Computer Configuration/Administrative Templates/Configuration Manager 2007/Configuration Manager 2007 Client/Configure Configuration Manager 2007 Client Deployment SettingsComputer Configuration/Administrative Templates/Configuration Manager 2007/Configuration Manager 2007 Client/Configure Configuration Manager 2007 Site Assignment

Computer Configuration/Administrative Templates/Windows Components/Windows Update/Specify intranet Microsoft update service location

Set the intranet update service for detecting updates: <FQDN of new WSUS server>Set the intranet statistics server: <FQDN of new WSUS server>

Delete the unnecessary registry settings on clients*

The following registry keys must be deleted from the computers which has been configured by Configure Configuration Manager 2007 Site Assignment group policy• HKLM\Software\Microsoft\SMS\MobileClient\GPRequestedSiteAssignmentCode• HKLM\Software\Microsoft\SMS\MobileClient\

GPSiteAssignmentRetryInterval(Min)• HKLM\Software\Microsoft\SMS\MobileClient\

GPSiteAssignmentRetryDuration(Hour)

*...only when you have managed the SCCM agent assignments with group policy

If you do not delete the keys referenced above, the newly installed SCCM 2012 clients will not be able to locate the

new SCCM 2012 Management PointIMPACT

DelSCCMSiteAssigmentValues.ps1$ErrorActionPreference = "SilentlyContinue"$file = Get-Content $PSScriptRoot\machines.txt foreach ($computername in $file){ $PingStatus = Gwmi Win32_PingStatus -Filter "Address = '$computername'" | Select-Object StatusCode If ($PingStatus.StatusCode -eq 0) { $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername ) $regKey= $reg.OpenSubKey("SOFTWARE\\Microsoft\\SMS\\Mobile Client",$true) $regKey.DeleteValue("GPRequestedSiteAssignmentCode") $regKey.DeleteValue("GPSiteAssignmentRetryInterval(Min)") $regKey.DeleteValue("GPSiteAssignmentRetryDuration(Hour)") Write-Host "Registry keys has been deleted from $computername" } else { Write-Host "$computername unreachable" } }

Communicate with the end users

In a fancy newsletter with the expected changes in their life

…a chance to use Publisher

Communicate with the end usersSoftware Center

No more: Control Panel \ Programs \ Get Programs

Communicate with the end users

Software Catalog

*requires Silverlight

Migration process

Use migration functionality of SCCM 2012• Built-in solution• Automates the boring

manual processes• Rebuild WSUS instead of

migrate the content of existing software updates

Source hierarchy configuration• Connect to every content source (primary site

servers) in the SCCM 2007 hierarchy started by the root-level primary parent site

• The first gathering will be the baseline of the migration, changes will be checked in every 4 hours PS1

PS2-1

BS2-1

BS2-2

PS2-2

PS3-1

Top level

Tier 1

Tier 2

PS1

SCCM 2007 SCCM 2012

Migration jobs

Capabilities of Migrate JobsObjects that can be migrated

Objects that cannot be migrated• Collections

• Advertisements• Boundaries• Software

distribution packages

• Virtual application packages

• Software metering rules

• Software Updates:• Deployments • Deployment packages• Templates• Software update lists

• Queries• Security rights and instances for the

site and objects• Configuration Manager 2007 reports

from SQL Server Reporting Services• Configuration Manager 2007 web

reports• Client inventory and history data• AMT client provisioning information• Files in the client cache

• Asset Intelligence customizations

• Operating System Deployment: • Boot images • Driver packages• Drivers• Images• Packages• Task sequences

• Desired Configuration Management: • Configuration baselines • Configuration items

Changes in collections

• Redesign your collections• Collections can be migrated but with limitations:• End of collections: only User or Device collections• Collections can mixed by using Include and Exclude Collections• End of linked collections (or subcollections)

Migration of collections – Example 1Consolidation of collections from different sites:

SITE

Collection

Linked Collection 1

Linked Collection 2

SITE (Folder)

Collection (Folder)

Linked Collection 1

Linked Collection 2

EMPTY!

Migration of collections – Example 2Consolidation of linked collections from members in all of them:

C1

LC1

LC2

C1 (Folder)

C1

LC1

LC2

C1 includes members of LC1 and LC2

Creating new collections

New collections maybe created because of the following

reasons:• Scope the client settings

• Scope the security roles (RBSA)

• Scope for firewall policies

• Scope for antimalware policies

CreateCollections.ps1Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'CD SRV:\$csv_content = import-csv $PSScriptRoot\collections.csvforeach ($Collections in $csv_content){New-CMDeviceCollection -Name $Collections.Name -LimitingCollectionName $Collections.LimitingCollectionName -Comment $Collections.Comment -RefreshType $Collections.RefreshType}

Shared Distribution Points• Can be used during the migration while the two SCCM

co-exists• It cannot be updated during it is shared• It is RECOMMENDED to create a new Distribution Point

to SCCM 2012 immediately to avoid the possible administration overhead of the shared and finalized DP

• Suggested workaround instead of using Shared Distribution Point

Migrate WSUS• Migrate only Software Update Lists, if needed (will be

converted to Update Groups)

• Migration of Custom Updates are not supported, contents in SCUP must be published again

Migrate WSUSDeployment behavoiur of Maintenance Window configuration has changed(no more „dummy” maintenance windows)

Migrate custom hardware inventoryAny custom SCCM 2007-based MOF file can be used in SCCM 2012

No re-authoring is required, MOF can be imported

DEMO

Migrate OSD• Boot image has been changed in SCCM 2012 SP1• WinPE4 instead of WinPE3• Driver migration not recommended• Task sequences including MDT or any other 3rd party

solution tasks will not be migrated• Old version of the boot images cannot be changed

(unable to add or remove drivers)

Use Powershell instead of MDT in the futureIMPACT

Changes caused by WinPE 4• New driver model (Windows 8 / 2012)• You cannot add the same drivers to boot image which were used in

SCCM 2007• Most of the drivers published these days are included in WinPE 4

• Probably you may not have to use additional specific driver when booting WinPE4

• Please use the latest driver packages published by the vendors and use the drivers published to WinPE4, Windows 8 or Windows Server 2012

Auto Apply Drivers issueThe following Task Sequences may not work properly in case of installation of pre-Windows 8 or Windows Server 2012 OS deployment in SCCM 2012 SP1• Auto Apply Drivers• Apply Driver Package

SymptomDriver installation is failing during „Setup Windows and ConfigMgr” task.

IBS CallBack_AddDriverPackageIntoDriverStore:Failed to install the driver package

Inject drivers to the operating system imageWorkaround

DEMO

Driver injection process (Windows 8 / 2012)1. Dism /Get-ImageInfo /ImageFile:<path to .wim file>\boot.wim

2. Dism /Mount-Image /ImageFile:<path to .wim file>\

boot.wim /Index:1 /MountDir:<path to mount folder>

3. Dism /Image :<path to mount folder> /Add-Driver

/Driver:<path to folder contains driver files> /Recurse

/ForceUnsigned

4. Dism /Unmount-Image /MountDir:<path to mount folder>

/Commit Use /Get-WimInfo /Mount-Wim /Unmount-Wim /WimFile switches in case of Windows 7 and Windows Server 2008 R2Note

Client migrationIn-place upgrade is supportedSilverlight is installed by default BUT can be skipped • (both in manual and push agent installation processes)

Silverlight.exe is required only when application catalog will be used

Ccmsetup.exe /mp:<FQDN of management point /skipprereq:silverlight.exe

Installation parameters

Client migration propertiesThe following properties will be migrated on clients:• Client variables• Inventory• State• Execution history• Re-run status• GUID

Client migration processInstalled from package• Automatically created and distributed during SCCM 2012 server setup• Deselect „Enable this distribution point for prestaged content” on DP where

the SCCM client package is locatedPre-requisites• BITS 2.5 (SCCM agent install will not be started without BITS)• .NET 3.0 or higher (.NET 4 will be installed if it does not exist)

Push install• SLP parameters can be used but this role has been integrated into MP• Do not forget to use the SMSSITECODE and SMSMP properties• The following command line switches can be used also in properties of Client

Push Installation in SCCM 2012 SP1• /forcereboot /skipprereq /logon /BITSPriority /downloadtimeout /forceinstall

Forefront Protection PoliciesThe FEP policies used in SCCM 2007 can be exported and re-imported in SCCM 2012

Some of them are recommended by default in SCCM 2012

Decommission of SCCM 2007

Clean up the environmentClean up the migration data on SCCM 2012 servers

Delete SCCM 2007 secondary sites first

Disconnect the SCCM 2007 parent sites from each other started by the bottom of the hierarchy

Delete all objects from System\System Management container in the Active Directory started by

• SMS-<old SCCM 2007 site codes>• SMS-Site-<old SCCM 2007 site codes>• SMS-MP-<old SCCM 2007 site codes>• SMS-SLP-<old SCCM 2007 site codes>

Summarizing the considerationsRedesign the hierarchy, remove unnecessary sites and site components

Avoid to migrate the unused\not needed objects and packages

Use the new features instead of existing solutions (servicing, applications)

Remove the obstacles from agent installation

Communicate the changes in user experience to end-users

Perform the migration is small batches

Clean up the Active Directory and all related objects after decommission of SCCM 2007

Thank you!

Evaluation

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

We want to hear from you!

Resources

http://channel9.msdn.com/Events

Access MMS Online to view session recordings after the event.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.