Show of hands: How many of you have implemented a comprehensive Windows patching system based on SUS or WSUS? Ok. Now, how many of you are handling asset management either manually or with a third party tool? Ok. Now, how many of you are relying on your Active Directory expert in the office to manually create software distribution packages—and hoping that he never finds a job somewhere else? Almost done: How many of you are starting to support more and more mobile clients and constantly hoping like the dickens that you can keep these traveling tools safe and updated?
Last question: How many of you would like to be able to handle all of these supporting roles (plus more) from a single package?
Enter Microsoft Systems Management Server 2003, SMS 2003 for short. I'll just call it SMS in this article, but know that I am referring to the 2003 version of SMS.
The mile-high overview
SMS 2003's feature sets includes functionality that helps you keep track of your inventory, maintain patches across all enterprise systems, monitor software usage, remotely manage workstations, distribute software, maintain product licensing compliance and more. In this section, I'll briefly discuss each of SMS's major areas of functionality.
If all you need to do is keep your systems current with the latest patches from Microsoft, SMS is probably overkill. You'd be better off with the Windows Server Update Services (WSUS), which accomplishes this goal very well. If you're looking for more than just patch management, you're reading the right article.
You already know how critical it is to get patches applied as soon as possible after their release. Exploit code for publicly-announced flaws now shows up within hours of the flaw being announced, meaning that your window of opportunity to get your machines protected continues to shrink with each passing month.
SMS 2003 can manage patches for the following products:
- SQL Server
- Internet Information Services (IIS)
For these products, SMS 2003 can schedule update installations during any time period you specify, and can force a silent, uninterruptible installation to end user workstations, and a whole lot more. Moreover, the SMS Software Update feature gathers and provides all pertinent information related to updating systems. For example, you are provided with a list of currently installed service packs and updates and, based on this information, as well as on the configuration of the target system, are also provided with a list of pertinent updates. During the process, SMS links to the Microsoft knowledge base for each update so that you can learn about your level of need for application of a particular update.
Patch management will be covered in more detail in a later article in this series.
Inventory and compliance features
How many computers running Windows XP Service Pack 2 do you have on your network? How many still have Office 2000 installed and need to be upgraded to Office 2003? How many systems have 256MB or less of RAM? With SMS managing your desktop computing environment, you can answer all of these questions, and a whole lot more, using its comprehensive hardware and software inventory features. SMS also includes reporting functionality allowing you to gain information about your infrastructure before you make important decisions.
On the hardware side of things, SMS uses WMI—Windows Management Instrumentation—to gain detailed knowledge about the hardware associated with a particular system, such as the amount of system RAM, disk space in use, services and system processes. Further, SMS can use data from other sources, including SNMP, and DMI—Desktop Management Interface—to compile a more accurate, complete hardware inventory. The hardware inventory feature also maintains a history of hardware scans for each client.
While the hardware inventory feature does gather some basic software stats (by using the contents of Add Or Remove Programs, for example), the complete software inventory feature set is much greater in scope.
For software, SMS also uses multiple methods to determine what is installed on this machine. In addition to looking at the files located on a system, SMS searches Add Or Remove Programs to build a complete list of software installed on a computer. Like the hardware side, all of this is reportable, so you can more granularly target groups of machines for new software rollouts. SMS gathers significant information, and makes that information reasonably available, to help you in your desktop management efforts.
Working in conjunction with this feature is SMS's Product Compliance mechanism. The Product Compliance feature allows a company to make sure that PCs are within corporate standards as far as software is concerned.
Even for smaller IT shops, software installation can be a major burden. In the worst case, IT staff has to physically visit each and every computer to perform an update. This is inconvenient and could be expensive if locations are geographically separated.
SMS 2003's software distribution capabilities are both powerful and flexible. Consider this: Using SMS, you can choose to deploy the latest version of a software package across your organization only to those machines that meet the physical requirements for that new software. SMS accomplishes this goal by allowing you to consult the hardware inventory when you push out new software. As a result, you won't run into a situation in which you push software out to a machine that is physically incapable of handling the load. This also results in one less call to the IT Help Desk by the upset user of this machine.
The SMS Software Distribution feature can even deploy software that requires administrative rights for installation. SMS accomplishes this by pushing the software with an "elevated rights" flag, and can fall back to running inside the user context at the appropriate point.
Software usage metering
With SMS's software metering and reporting features, you can take greater steps to stay within licensing compliance, and make more effective use of the licenses you have on hand. Even mobile systems not constantly connected to your network can be brought under the metering umbrella thanks to the SMS client's ability to maintain usage reports that are then uploaded to the SMS server once the system is connected to the corporate network. SMS 2003 can also monitor software usage in Terminal Server sessions, providing you with a more complete usage picture.
Software metering captures a plethora of information about who is using your software, including the programs in use, who is using them, how long the software is in use and more. Simply put, this feature can help you stay in compliance with software contracts and can help you save a whole lot of money by making sure you're using your licenses.
SMS includes a complete suite of tools that help you to manage an end-user system:
- Remote control: From the SMS server, take control of a remote computer. Similar to Remote Desktop.
- Remote chat: Chat with the user sitting at the remote system.
- Remote execute: Run any program on the remote client system.
- Remote reboot: Reboot the remote client.
- Remote file transfer: Transfer files between the SMS server and the client system.
- Client diagnostics: Runs SMS diagnostic utilities on the remote client.
- Network connectivity test: Uses the ping utility to determine the quality of the network connection between the client and the SMS server.
The main benefit of these tools is probably pretty clear: They're all remote. Now, techs don't have to waste time visiting sites to handle problems for users that aren't able to clearly describe a problem. In today's environment of sprawling corporations and sky-high travel costs, this can be a huge time saver.
SMS includes a number of built-in reports, including computer configuration reports, inventory reports and many more. Further, you can create your own custom reports and build "dashboards", which provide at-a-glance information about various aspects of your computing environment.
With the sheer amount of information collected by SMS, you definitely need powerful reporting functionality.
Like any other software, systems running SMS, and those managed by the product, must meet certain requirements.
Microsoft recommends that your SMS server have a 550MHz or faster processor with at least 256MB of RAM and 2GB of free disk space. These are definitely extremely minimum, and almost ridiculous, requirements. In reality, you should size your server with a 1 or 2 GHz or faster processor with 1GB of RAM and a whole lot of disk space for updates, deployment packages, and so forth.
SMS 2003 requires a SQL 7 SP3+ or SQL Server 2000 SP3a+ database in order to function. This database does not need to run locally on the SMS server, although SMS runs perfectly fine in this configuration. If you do run SMS and SQL on the same hardware, size your hardware accordingly. I'm providing SMS-only requirements in this article.
In addition to SQL Server, some SMS functions also require IIS in order to operate. I'll go over this specific requirement in future articles in this series.
While the server is the main consideration in an SMS rollout, be aware that your clients also need to meet minimum requirements in order to be manageable under SMS.
Microsoft recommends a 300MHz processor, 128MB RAM and 80MB minimum for systems managed under SMS.
The client you use—Legacy or Advanced—drives some of these requirements. For installation, the legacy client requires 40MB of disk space with 40MB available afterwards for typical usage. The Advanced Client requires 25MB of space for installation, and Microsoft recommends that you keep 275MB available for general usage.
New in SMS 2003, the Advanced Client is only available on Windows 2000 and above and also supports virtual machines running under Microsoft's Virtual Server 2005 and Virtual PC 2004 products. For versions of Windows prior to Windows 2000, including Windows 98 Second Edition and Windows NT SP6a, you need to use the Legacy Client. Neither client will work on other operating systems, including Windows 95 or NT SP5 or below. Note also that Windows XP Home is not supported under SMS and that the Legacy Client will no longer run on Windows 2000 or above.
I should also note that you can also manage Windows XP Embedded systems with SMS using an Advanced Client.
The advanced client uses the same technology as WSUS to handle background file transfers. This technology, called BITS (Background Intelligent Transfer Service), uses "spare" bandwidth to handle file transfers, meaning that it has less of an impact on system performance than other file transfer methods.
The old SMS 2.0 client is now known as the "Legacy Client" and is less secure than the Advanced Client due to its reliance on domain accounts. In contrast, the Advanced Client uses local system and computer accounts and is the client of choice whenever possible. For mobile users, Microsoft heavily recommends use of the Advanced Client because of new features introduced to each the headaches of supporting roaming users. In fact, with the release of SMS 2003 SP1, Microsoft dropped support for the Legacy Client on machines running Windows 2000 or above.
Made available to extend the capabilities of SMS in various ways, Feature Packs all require SMS 2003 SP1 in order to function. As of this writing, these are three feature packs to tell you about.
Operating System Deployment Feature Pack
The Operating System Deployment Feature Pack provides a means for administrators to quickly and easily deploy Windows systems using images. Included in this feature pack are the following capabilities:
- Image capture: Provides a way for you to capture a system image in Microsoft's imaging format.
- Image deployment: Deploys previously captured images to target systems using SMS's Software Distribution.
- Operating system package management: Allows you to customize settings for individual deployments, including network settings, notifications, and more.
- User state migration: Makes it possible to preserve user profiles when installing new operating systems. This provides you users with a more seamless experience and fewer frustrations.
- Reporting: Like everything else in SMS, this feature pack includes a number of reports to help you ascertain the success or failure of a particular task.
Administration Feature Pack
This feature pack includes tools that enhance SMS administrative tasks:
- Elevated Rights Deployment Tool: Probably the most useful tool in this pack, the Elevated Rights Deployment Tool assists with the deployment of packages that require local administrator rights to the client system.
- Managed Site Accounts Tool: Manage accounts and passwords.
- Transfer Site Settings Wizard: Copy certain SMS settings (site configuration, package, and collection) between sites.
Device Management Feature Pack
This feature pack extends SMS's capabilities to mobile devices running Windows CE 3.0 or greater or Windows Mobile Pocket PC software. As for larger clients managed under SMS, the Device Management Feature Pack provides you with the ability to include mobile devices in your hardware and software inventories, to distribute software to mobile devices, to manage files, and more.
More to come
By now, you probably have a good idea about the basic functionality offered by SMS. In the next part of this series, I'll provide some deployment planning tips and go through a sample SMS 2003 installation.