Throughout the various iterations of ConfigMgr (SCCM), we have seen numerous technologies integrated into the management platform. These integrations were either directly or indirectly built to help administrators tackle the challenges presented when managing thousands of devices in an enterprise at scale.
The current wave of these which I want to talk about are primarily aimed at addressing 3 critical areas:
- Efficient deployment and management of Windows devices
- Mechanisms to streamline existing ConfigMgr infrastructure
- Effective utilization of WAN bandwidth
So firstly, why do we need to think or address these areas?
Organisations are often more globally dispersed with 10’s if not 100’s of offices spread throughout different regions. These remote offices put an ever-increasing strain on the infrastructure and networks required to operate in these scenarios. ConfigMgr is a scalable solution, however, in the past this would typically mean that IT departments would continue to deploy Distribution Points to each of the regional offices to provide management and Software deployment services for endpoints at each of these locations. The issue becomes that this approach can frequently introduce just as many problems for IT as it intends to solve, thus increasing the infrastructure footprint when organisations are generally looking to reduce infrastructure and move away from on-prem services and solutions. Finally, if you don’t deploy the Distribution Point infrastructure and perhaps opt for remote software deployment services, then this will inevitably only increase the strain on organisations Wide Area Network (WAN) links often causing congestion with a whole host of application and business services all fighting for a piece of the available (and sometimes limited) bandwidth. This ultimately, doesn’t help IT or the business drive efficiencies.
Keeping pace with new trends
One key area that brings this topic into sharp focus has been the trend of the “as a Service” (aaS) model, and specifically Windows 10. Windows 10 is delivered leveraging the Windows as a Service (WaaS) model. Unlike Operating Systems of the past that would have a pre-defined life-cycle and interim updates to maintain stability and security, this means that Windows 10 will be perpetually updated on an on-going basis much like we experience with other technology platforms such as our smartphones. In my opinion, this is a largely positive move as it will provides far greater control on which version(s) can exist; and by ‘exist’, I mean ‘be supported’. It enables Microsoft to introduce new features incrementally, ensuring ongoing support for technological changes can be satisfied. But, as we have seen, the operating system improvements in sophistication and complexity also means an increase in the size of updates required to service and maintain the core system. One area where this has presented a challenge in the Enterprise space is understanding how organisations will maintain this ongoing change, and a key aspect of this is the systems used to managed and maintain these systems today ConfigMgr.
As they also recognise that simply deploying more hardware isn’t going to work anymore, Microsoft has been working hard to provide alternatives to the traditional ‘just deploy more hardware’ solution. They are opting to adopt software-defined solutions to help organisations with this technology change.
That’s a good thing, right? Well… yes. However, I also believe that Microsoft is also driving these solutions in the knowledge that adopting software-defined solutions will be the most effective way for organisations to adopt and embrace a Win10 (WaaS) operating platform.
The Good the Bad and the Ugly (you decide)
From my point of view, there are now three clear alternatives to deployment of traditional infrastructure (hardware-based distribution points) and these are:
1. Branch Cache
Branch cache technology was originally introduced into the Windows Server platform as a way for file servers to cache recently accessed files providing faster load times for end-users to access files and content. More recently, this tech has also been integrated into ConfigMgr allowing administrators to leverage this caching solution for software-based content at each site where it doesn’t necessarily stack up to deploy a traditional Distribution Point. Unfortunately, there are some drawbacks to this method with the primary one being that this solution is largely a ‘black box’ with very few options for configuration and, more importantly. no easy way of monitoring what content is cached.
- Easy to set-up
- Can handle non ConfigMgr content types
- Supports de-duplication
- No management or reporting interface (difficult to know what content is cached)
- Requires separate cache location for ConfigMgr for content storage (duplicated cached content)
- Doesn’t natively support WinPE out of the box
- Limited to Subnet based discovery broadcasts (problematic in wireless networks where broadcast may be disabled)
2. Peer Cache
Microsoft’s recent integration enables ConfigMgr clients to share content with other Peer cache enabled clients. This now utilizes the LEDBAT transport to efficiently manage network activity during a caching event to ensure that the network doesn’t become saturated when sharing content.
- Directly integrated in ConfigMgr, so any enabled device can perform this function
- Supports partial content download, so client can serve content as soon as the first blocks are available
- Utilizes the efficient LEDBAT data transfer technology to reduce network congestion
- Client peering scoping is limited to ConfigMgr client site boundary groups which can become complex to manage due to the number required and can limit peering capabilities down to smaller groups of end-points
- ConfigMgr scheduled deployments can cause multiple end-points peering from origin sources, reducing the peering efficiency achieved
3. Delivery Optimization
Microsoft’s integrated peering solution introduced into the Windows 10 platform is a peer-to-peer client update service that uses both local and remote end-points (via the internet) to deliver Win10 updates and Windows store applications.
- Integrated directly into the OS, easy to enable / configure
- Standalone solution not requiring ConfigMgr integration (great for SMB’s)
- No upfront costs
- Only supports Win10 endpoints
- Limited ‘use case’ for content deployment (only supports Updates and Store Apps)
- No centralized management (no reporting or analytics)
- No control over content
- Requires extensive boundary configuration
No such thing as a free lunch
Now don’t get me wrong, the Microsoft tools and integrations to solve the challenge of providing efficient deliveries while reducing and simplifying your ConfigMgr infrastructure are very effective, but as you might start to see, no single solution can act as holistic solution to solve this problem. In fact, from many discussions with customers and working at the coalface on this, I have come to realise that you will most likely need to implement all these technologies in parallel as point solutions to achieve a successful outcome.
Well that’s alright. After all, they are free to use?
You have probably heard the phrase “No such thing as a free lunch” and when we are presented with this potential offer, we should be thinking “what’s the catch”?
All of us in both our professional and personal lives are offered free (at the point of use) software, services and offers. However, sometimes we need to consider ‘does free really mean free’? Often what we need to do is take a step back and examine the bigger picture to the problem we are trying to solve. If we accept free services do these have a catch and/or a drawback? When evaluating these free solutions, I recommend considering the following aspects:
- Does the solution provide all the capabilities and features we require to address the problem?
- Are there going to be hidden costs further down the line?
- Is the solution going to require additional work or effort on our side?
- Do we have enough time, knowledge and resources to support the additional effort required to manage any functional deficits?
The Toolbox Vs. the Contractor
Given the above, we can all sometimes solve a problem by ourselves utilizing a ‘Do It Yourself’ approach. In my personal life, I have been going through a house refurbishment, so I’ll use that analogy here. I have often asked myself “Do I just DIY this, or do I need to bring in the professionals?”. I go through a very similar thought process to consider the upsides and downsides to each option. Some considerations when pondering the DIY approach:
- Up-skilling – Will I need to build my knowledge around the area of work I’m looking to take on?
- Time – Do I have the time to invest in doing the job myself, as it will take me more time than a professional to achieve the same task?
- Outcome – Will I be happy and/or satisfied with the result? Will it be delivered to the standard required?
- Risk – Are there significant risks associated with undertaking the work? Would a professional with proven experience mitigate these?
- Cost – Considering the possible mistakes and/or overlook of the previous considerations, will doing the work myself really save me money?
So, it certainly makes sense to me that we make the same evaluations in our commercial / professional lives. Yes, we can do a job ourselves, but we may not achieve the desired outcome or to an acceptable standard, and this I think is certainly true when considering the free Microsoft solutions. Do you muddle through and hope for the best outcome whilst increasing your operational overheads and perhaps not achieving your strategic goals, or do you engage and procure a premium solution that delivers all the functionality and capabilities required to ensure a successful outcome? Sometimes, letting the professionals take care of it can add immense value to your organisation by leveraging their many years of expertise and importantly delivering all the functional specifications in a single ‘one stop shop’ solution.
There are many options to consider when re-defining your ConfigMgr infrastructure. What is clearly apparent is that a traditional approach of simply deploying more and more Distribution Points won’t help to scale your infrastructure to meet the demands of the modern workplace, WaaS and the on-going servicing and maintenance demands these changes will make on your environment.