Microsoft Systems Management
Server Implementation at SLAC
Freddie Chow
fchow@slac.stanford.edu
Stanford Linear Accelerator Center
Contents
 Overview
 SLAC
NT Environment
 Current Status
 Work-In-Progress
 Some Recommendations
 Summary
Overview
 Systems
management tool set by
Microsoft
 Require MS SQL Server 6.x or 7.0
 Current SMS Version 2.0 with SP1
 SLAC uses v1.2 and working on
upgrading to v2.0
Components of SMS
 Software/Hardware
 Remote
Inventory
Tools
 Software Distribution
 SMS Installer
 Shared Network Application
 Network Monitor
SLAC NT Environment
 Single
master domain model
 13 Windows NT domains
 ~1400 NT machines
 Windows NT is supported
A Bit of History
~
2 1/2 years back searched for a
central management software
 Looked at NICE/NT, SMS, LANDesk
Mgmt, etc.
 SMS matched SLAC environment
 Collaborated with BSD, project started
 SLAC Computing Service and other
departments wide collaboration project
SMS Architecture at SLAC
2
SMS primary sites
 9 NT domains managed by SMS
 ~1000 Windows NT machines (~71%)
 Business Service Division - One site
• To support secured network
8
other domains - One site
Architecture - continued
 SLAC-wide
Site
• Primary site server
– Dual PP200, 256MB
• 3 Distribution servers
– 2 Dual PP200, 256MB, RAID 5, 1 PP200,
128MB
 BSD
Site
• Primary site server, also distribution server
– PII 400, 256MB
Security Models
 Integrated,
Standard, Mixed modes
 Standard mode at SLAC on v1.2
• Requires MS SQL server login + NT login
 More
granular security on v2.0
What have been done?
 Standardize
on hardware and software
configuration (on going)
 Software distribution
 Use of remote tools
 Inventory reports
 Shared Network Application (tested)
Hardware Standardization
 Name
brand vendor for hardware
 Clone not recommended
 Workstations, laptops - Dell
 Servers - Compaq, Dell
Desktop Standardization
 Scripted
install of workstations
 Maintain known configuration
 Format disk and reinstall as time
permits
Software Distribution
 Use
Package Command Manager
service
 Unattended install
• NT 3.51 to 4.0 upgrade, NT4 SP3, SP4,
SP5, Post-SP Hotfixes, IE 4.x, Netscape
Communicator 4.x, Meeting Maker, Virus
Definition Files, SolidEdge CAD Software,
InocuLAN, Software Patches, Uninstall
VirusScan, TeraTerm, AFS Client 3.5
(beta), etc.
Use of Remote Tools
 User
support
• Remote trouble-shooting, user education
 Servers
support
 Essential tool for work-from-home
admins
 Network Monitor - restricted usage
Inventory Reports
 Some
samples:
• Check for NT Service Pack in a domain, in
all domains
• List IP address of machines in a domain
(for network change)
• List CPU MHz, RAM, user, office number,
etc.
 Customized
Reports
reports - use Crystal
Shared Network Application
 Tested,
but not in production
Miscellaneous Issues
 Locked/powered
off machines resulted
in failed software distribution
 Home connections very slow for
software distribution support
 Domain administrators need to keep
accurate machine lists
Benefits
 Shorter
response time
• Shorter downtime, higher productivity
 Reduce
TCO
• No more house calls for software
install/upgrade
 Quick
response to security vulnerability
• Apply NT hotfixes to a domain in one night
 Eliminate
human errors
In Progress
 Upgrade
to SMS Version 2.0 - testing
 Develop internal training material
 Evaluate complementary tools
 Evaluate Windows2000 deployment
Anticipated Usage with SMS 2.0
 All
of the above
 Enforcing software licensing requires all
NTs on SMS
 Turn on software metering
 Fine-tune security
 Security fixes, Service Packs on
Windows2000, etc.
Some Recommendations
 Architecture
is based on environment
 SMS 2.0 with SP1, SQL Server 7.0
 Servers requirement sizing
• CPU MHz, RAM, disk space, RAID
• How many servers ?
• Where to put which server ?
 Test,
test, test before deployment
Summary
 Essential
tool set for managing
Windows environment
 Reduce TCO
 Complexity - high
 SLAC NT administrators like it