Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Eramet Group AD 2008 and SCCM 2007R3 Architecture

    Загружено:

    Venkatesh Konada
    20 просмотров16 страниц
    The document describes the architecture of Eramet Group's Active Directory and System Center Configuration Manager (SCCM) environments. It outlines the Active Directory forest and domain structures, locations of domain controllers, and group policy configurations. It also details the SCCM site system locations across multiple forests, primary and secondary site roles, and distribution points for application deployment. Security roles and delegations are defined for centralized management of the SCCM infrastructure.

    Исходное описание:

    Eramet Group AD 2008 and SCCM 2007R3 Architecture

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    The document describes the architecture of Eramet Group's Active Directory and System Center Configuration Manager (SCCM) environments. It outlines the Active Directory forest and domain structures, locations of domain controllers, and group policy configurations. It also details the SCCM site system locations across multiple forests, primary and secondary site roles, and distribution points for application deployment. Security roles and delegations are defined for centralized management of the SCCM infrastructure.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    20 просмотров16 страниц

    Eramet Group AD 2008 and SCCM 2007R3 Architecture

    Загружено:

    Venkatesh Konada
    The document describes the architecture of Eramet Group's Active Directory and System Center Configuration Manager (SCCM) environments. It outlines the Active Directory forest and domain structures, locations of domain controllers, and group policy configurations. It also details the SCCM site system locations across multiple forests, primary and secondary site roles, and distribution points for application deployment. Security roles and delegations are defined for centralized management of the SCCM infrastructure.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 16

    Eramet Group AD 2008R2 and SCCM 2007R3

    Architecture

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 1


    Summary

     Active Directory Architecture and Design


     DC locations
     Central Domain Controllers
     Security Model
     GPO and OU Structure

     SCCM Architecture
     Forests
     Site System locations
     OSD / App Deployment
     Security Updates

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 2


    Group Active Directory Overview

     Domain Controller locations and reductions


     One DC per site with 10 or more clients
     Not required for small sites with direct , stable connection to Datacenter
     Two(2) root DC’s in the Central Site to host the FSMO Roles and provide redundancy
     One(1) DC in the Central Site for each Domain to host the FSMO Roles
     + One(1) DC in the Central Site for each Domain for redundancy
     Possible need for redundant DC’s on larger sites with greatest impact. (This is easily achieved by hosting a
    VM)
     TMM, Les Ancizes, Pamiers, ENP
     Some sites do not require a DC
     TMM, Alloys group (30 computers, 40mb connection to Datacenter)
     ELA, CIN,FTS,WUX,ENA,QTS , INC

     Global Catalog requirements


     All site Domain Controllers will have the GC Role.
     Global Catalogs process user logins
     Enable clients to locate AD objects outside of their current Domain
     MS Outlook Client and Exchange servers rely heavily on Global Catalogs

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 3


    Group Active Directory Overview
    Central Domain Controllers (Installed)
    Logical View

     Central Domain Controllers


     VMWare ESX
     1 CPU
     2GB RAM
     80GB Disk
     60GB volume for OS
     20GB for System State exports

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 4


    ECM.ERA Forest overview
    Site Domain Controllers

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 5


    Active Directory OU Structure and delegation

     Standard OU Naming
     Powershell Script for OU creation and Security Model
     OU Naming based on AD Site Codes and corresponding SCCM Boundaries
     Same delegation and structure for all sites

     Site Administration will be delegated by Group Memberships


     All site level Administrative Groups will be managed by SSC
     Different levels of Administration will be defined
     Full site object administration – All Objects
     User object administration – Passwords, Groups…
     Industrial object administration - Industrial related objects

     Site Delegation groups will be created conforming to the Standard Naming


    Convention and will be easily identified in the ACL of each OU

     All Users and Groups used for delegation should be contained in the same
    OU (SSC on each Domain) to ensure ease of management and auditing purposes

     Standard GPOs
     Standard GPO for all W7 Clients
     Site Specific GPO + Preferences
     3 Levels maximum OU/GPO Processing

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 6


    Eramet Global AD Forests and trusts

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 7


    Active Directory OU Structure and delegation

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 8


    • SCCM Architecture
    • 3 Forests, 10 domains, 5 Geographic Zones
    • Industriel.INTRA Out Of Scope

    9
    Direction des Systèmes d’Information Groupe – [Mark Ferguson]
    SCCM Architecture
    Central

     1 Central Site (Installed)


    CENTRAL
     1 Primary per Forest (ECM Primary
    SUP
    installed)
     A Secondary DP for each site directly
    connected to the Primary (TMM Pilot
    installed)
     A Distribution Point for each site not
    directly connected to Primary GABON PRIMARY ERAMET PRIMARY NEW CALEDONIA PRIMARY

     Branch DP for small sites


    One Primary per Forest

    For Each One Secondary per site


    Forest directly connected to
    Primary Site
    Computers > 10

    SECONDARY

    DP
    Branch DP
    One DP per site not directly
    connect to Primary Site
    Computers > 10 One Branch DP per site
    3 < Computers < 10 or when
    no server could be installed/
    used

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 10


    ECM.ERA Forest
    SCCM Site Systems required per Site

    ECM.ERA
    Approximately 6000
    Servers and Workstations

    4 Child Domains

    1 or 2mb connection for


    most sites

    11
    Direction des Systèmes d’Information Groupe – [Mark Ferguson]
    Comilog Forest
    SCCM Site Systems required per Site

     COMILOGSA.COM
     Approximately 1000
    Workstations and Servers

     Many remote sites

     Forest trust with SETRAG.COM

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 12


    SLN Forest
    SCCM Site Systems required per Site

     Pacific.Intra + SLN.Intra
     Approximately 1000
    Workstations and Servers

     Many remote sites

     INDUSTRIEL.INTRA Domain out


    of Scope

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 13


    SCCM Operations

     Operating System deployment


     Windows 7, X64 and x86, w/wo Office 2010
     Boot Media or PXE Boot
     Task Sequence for System configurations, Driver Packages, Core Applications….
     SCCM Client Installation

     Collection based MSI and AppV packages


     Collections are populated by Security Group queries
     Security Groups are created in the Forest Root
     Computers or Users added to Security Groups in Forest Root
     Standard Naming convention applies to all packages, Collections, Groups, and Advertisements to ensure easy
    identification (Site relationship, Package info, target)

     Windows Update deployment


     Windows Update clients managed by collections
     Maintenance Windows to manage installations and system restarts
     Office
     Industrial
     Servers

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 14


    SCCM Delegation

    Role Function
    Central Administrator Central Site administration
    Security Patch Operator Create Security Distribution packages
    Global Support Operator Allowed remote Control operations of
    clients/servers

    Central Packaging Operator Create and deploy Global packaged applications

    Primary Site Administrator Manage Primary Site


    Primary Packaging Operator Create and deploy Primary Applications
    Site Distribution Operator Approve and Publish applications and Updates
    on XXX site

    Site Support Operator Client OS deployments, Remote Control


    Report Viewer View and Export SCCM reports
    Helpdesk Operators Read Only remote Control

    Direction des Systèmes d’Information Groupe – [Mark Ferguson] 15


    Discussion Topics

    • AD Security and Delegation


    – Site, Object, and Network Service management

    • SCCM Design
    – Collections and Queries
    – Task Sequences
    – OSD
    – Management
    – Client remote control

    Вам также может понравиться