hats off to ms research! wake-on-lan in configmgr
TRANSCRIPT
The MMS 2013 Treasure HuntHidden Gems in Configuration Manager 2012 (Service Pack 1)Andreas Hammarskjöld & Phil WilcockAtea
UD-B392
Assumptions• Familiar with ConfigMgr• This is a Level 300 session
• Notepad & Telnet skills required • Scripts and Command Prompts
• We will not cover our coding!
Agenda
Making the most of.....• Wake On Lan Proxy• BranchCache features with Windows 8 & Server
2012• Hybrid Media
”You had me at Ping!”
Hats off to MS Research!
• “Sleepless in Seattle No Longer”• Joshua Reich, Michel Goraczko, • Aman Kansal, and Jitu Padhye
• Columbia University, Microsoft Research
• Great work, read it here: http://research.microsoft.com/apps/pubs/?id=131390
Short summary of the problem• A desktop machine• Workdays: often used, sometimes idle• Nights, holidays, weekends: often idle
• sometimes accessed remotely by user (via RDP etc)• more often accessed by IT (patches, updates, scans)
• But always powered on• Power Management offers big savings• ..but systems need to be available
• Some history• Introduced in ConfigMgr 2007 R3 • Relied on subnet-directed broadcast or unicast• Unicast – OK until the client MAC address is dropped by the network hardware• Subnet-directed broadcast – insecure so usually disallowed by Network Police!• WOL Proxy solution introduced in SCCM 2012 SP1• Server-side components unchanged – WOL Manager/comms manager – sends out WOL
requests
Wake-on-LAN in ConfigMgr
Sleep Proxy basics
• A Sleep Proxy allows a machine to be• network available while physically asleep• May involve some network tweaking!• Client component• Sleep Proxy component
9
How a Network Sleep Proxy Works
Sleep Proxy
Remote LoginWork Payload
Client Machine
Remote User
Remote Login ResponseSend Traffic to Me
Sleep notificationWake Up!
Zzzz….
Send Traffic To Me
• When a computer sleeps, sleep proxy takes over, examines traffic, following a Reaction Policy• Respond to some traffic on behalf of the client (e.g., ARP)• Wake for some traffic (e.g., remote login/SCCM deployment)• Ignore the rest (e.g., ICMP)
• Reaction Policy choices determine the energy savings
Reaction Policy
11
How the Sleep Proxy Works
12
Subnet router
Sleep ProxyARP Probe
00:11:22:33:44:551.2.3.4
WOL / Magic Packet00:11:22:33:44:55 …
SYN-ACK
Remote User
ARP Probe00:11:22:33:44:55
1.2.3.4
Sleep notification00:11:22:33:44:55
1.2.3.4Listing ports: 445,
3389
TCP SYN1.2.3.4:3389
TCP SYN1.2.3.4:3389
Client Machine
Zzzz….
Sample Wakeup TimelineStep Time From To Packet Type Note
1 0 RU->(CM) SP SYN
2 0.04 RU->CMMagic packet
3 3 RU->(CM) SP SYN Retransmit
4 5.6 CM->Bcast ARP Probe CM awake
5 9 RU->CM SYN Retransmit
6 9.01 CM->RU SYN ACK
Remote User (RU)
Client Machine (CM) Sleep Proxy (SP)
Save by having sleep proxy replay most recent TCP SYN
ConfigMgr Architecture
Manager Guardian #1
Guardian #2
Sleeping Client(s)
ConfigMgr Site
Router/Switch
How it Works• 3 ‘Guardians’ per subnet• One guardian becomes the ‘Manager’• As clients sleep, the manager collects MAC/IP info• Manager tells the network (router/switch)
• ‘I am now listening for packets for all these sleeping clients’
• If relevant traffic arrives for a client, the Manager issues a WOL
• Should the WOL fail – another Guardian will try• If the Manager is powered off – a new Guardian is
appointed
Demo: Wake Up ProxyAndreas Hammarskjöld
Recap: Gotchas• Simple to implement• Makes WOL more ‘useable’• Native functionality• MAC Flaps!• RDP only works over port 445
BranchCache in Win8 and SCCM2012
The age old problem…
• How do I service clients at remote branches?• Without flooding the WAN!
• BranchCache support from SCCM2007SP2 + Win Server 2008 R2
• BranchCache enables single download, serverless offices
• With BranchCache it’s all about sharing
BranchCache and SCCM
• BranchCache distributed cache mode• Only works on a single subnet• This is the supported mode for SCCM• So if you have multiple subnets there will be one
download per subnet
BranchCache Architecture
Client 1
Client 2
Client 3
ConfigMgr Site
Low bandwidth WAN
BranchCache Enabled DP
10110010010
10110010010
1 0 1 1 0 0 1 0 0 1 0 1 1 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1
1 0 1 1 1 0 1 0 0 1 0 1 1 0 1 01 0 1 1 1 0 1 0 0 1 0 1 1 0 1 0
1 0 1 1 0 0 1 0 0 1 0 1 1 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1
10
0111
0111
1
New features in BranchCache/SCCM
• SCCM Cloud based DP with BranchCache• Windows 8 clients functionality• Native data encryption – no need for fiddly certificates
etc.• New Netsh and PowerShell functionality• Ability to prestage data
In the Clouds• You can now host your SCCM DP with Windows Azure• You can choose the geographic region for your DP• Use BranchCache to avoid ’bill shock’ !• You can calculate the costs here
• http://www.windowsazure.com/en-us/pricing/calculator/?scenario=full
• Prestaging content locally will reduce costs even more
Confusion! – Check your Windows Versions• Windows 8 client functionality• Win8 Pro
• BranchCache platform APIs and Background Intelligent Transfer Service (BITS) integration
• Win8 Ent • BranchCache platform APIs, BITS integration, and the HTTP and Server Message Block (SMB)
integration.
• Win8 Core• No support
• Best combo is Windows Server 2012 with Win8 clients
Some useful CmdLets
Set-BCCache -path Drive:\FolderSet-BCCache –Percentage <UInt32>Clear-BCCache (useful for testing purposes)
Full list here - http://technet.microsoft.com/en-us/library/hh848392.aspx
Content Information
• BranchCache processes content to create Content Information
• Content Information = Hashes• Client gets the Content Information first• Then uses the content info to decide where to get the
content• Content information vs actual Content ratio is 2000:1
Content Information Versions
• BranchCache has 2 content versions – V1/V2• V1 – Larger file segments = less efficient• V2 – Uses smaller, variable sized segments• V2 only available with Server 2012 and Win8
clients
Beware – clients that use different content information versions DO NOT share content!
PowerShell Cmdlets for PrestagingPublish-BCFileContent -Path D:\share -StageData
Export-BCDataPackage –Destination D:\temp
Import-BCCachePackage –Path D:\temp\Package.zip
Prestaging Content
Client 1
Client 2
Client 3
ConfigMgr Site
Low bandwidth WAN
BranchCache Enabled DP
1 0 1 1 0 0 1 0 0 1 0 1 1 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1
1 0 1 1 1 0 1 0 0 1 0 1 1 0 1 01 0 1 1 1 0 1 0 0 1 0 1 1 0 1 0
1 0 1 1 0 0 1 0 0 1 0 1 1 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1
10
0111
0111
1
Publish-BCFileContent -Path D:\share -StageData
Export-BCDataPackage –Destination D:\temp
Import-BCCachePackage –Path D:\temp\Package.zip
Package.zip
USB
Demo: BranchCache in a TS
Andreas Hammarskjöld
• Please visit our blog for updated info: http://ateasolutions.info
Blog!
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.