System Center IT 管理系列 - 如何使用 SCCM 完成企業 IT 環境的標準建構管理 (DCM) <SLIDETITLE INCLUDE=7>Title Slide</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this Microsoft TechNet session on {insert session title}. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>Let us start this session by going into more detail on exactly what we will be covering.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 魏早達 亞仕資訊

本課程所涵蓋範圍? SCCM 2007 DCM相關名詞及原理 如何建立DCM的管理程序 <SLIDETITLE INCLUDE=7>What we will Cover</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> [When writing the script for this slide, expand a bit on the list on the slide, do not simply list the slides items here. Think of this as the advert for the session, explain a bit more what will be covered and how.] </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>As with most TechNet sessions, some prior experience of Microsoft technologies or similar technologies is always helpful, the next slide provides a brief overview of what would be helpful, but not essential, for this session.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

預備知識 瞭解SCCM 2007的架構及功能

議題大綱 標準建構管理(DCM) 概觀 應用情境 名詞及概念 管理性程序

議題大綱 標準建構管理(DCM) 概觀 應用情境 名詞及概念 管理性程序

概觀 : 什麼是 DCM ? (Desired Configuration Management) 定義企業組態的標準 報告所管理Windows系統組態規範狀態 結合DCM 組態規範資料與 ConfigMgr 的其他功能來修正用戶端

應用情境 偵測伺服器組態設定 “偏移” 協助 Helpdesk 進行疑難排解, 並且 “及時解決”” 異動組態規範報告 預先及事後的變更驗證 大約 ½ 的非計劃性的停機時間導因於組態設定的錯誤 ! 協助 Helpdesk 進行疑難排解, 並且 “及時解決”” Helpdesk 對IT而言是最大的 “人員成本” 異動組態規範報告 針對異動的組態, 定義及報告違反實質組態的政策 預先及事後的變更驗證 確認系統已經就緒 驗證計劃性變更的精確及效力

使用DCM的條件 站台伺服器必須為 Configuration Manager 2007. DCM用戶端Agent必須啟用. 用戶端電腦必須安裝 .NET Framework v2.0 或以上版本

DCM 政策的下載週期 設定Computer Client Agent屬性的Polling Interval. 影響的設定 (預設值: 60分鐘) 影響的設定 啟用或停用 desired configuration management client agent及其相關設定 指定組態基準線

demonstration 啟用DCM 用戶端Agent 設定DCM政策下載週期

概觀 : DCM名詞及概念 組態項目 Configuration Item (CI) 組態的基本單元, 可以從ConfigMgr 管理的機器偵測、套用及移除 Application CI Operating System CI General CI Software Updates CI 組態基準線 Configuration Baseline 由不同的CIs組合而成, 根據下列型態 : Required Optional Prohibited 指定給欲進行監控的 collections

組態項目評估的順序 Applicability Detection 於何種作業系統版本, 才進行組態項目評估 Detection 於何種條件下, 才進行組態項目評估。如存在已安裝什麼軟體等。 The compliance of objects and settings 評估的條件

demonstration 組態項目 (Configuration Items) 組態基準線 (Configuration Baselines)

議題大綱 標準建構管理(DCM) 概觀 應用情境 名詞及概念 管理性程序

管理性程序 開發組態知識 指定基準線 檢閱規範報表 建立使用DCM規範狀態訊息的查詢方式的collections 使用管理主控台編寫新的組態項目(CIs)及基準線 編寫組態套件 滙入“最佳實務” 組態套件 指定基準線 每次指定需設定規範評估時程 檢閱規範報表 建立使用DCM規範狀態訊息的查詢方式的collections

建立知識 – CI 資料來源 微軟及其他軟體廠商 解決方案或系統整合廠商 顧問服務業者 線上應用系統開發者 個別的IT 微軟的下載中心 : https://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx 解決方案或系統整合廠商 顧問服務業者 線上應用系統開發者 個別的IT

DCM 知識 – 來自微軟的專家 Microsoft IT “Best Practices” Microsoft® Exchange Server 2003 and Exchange Server 2007 Microsoft® SQL Server™ 2000 and SQL Server 2005 Windows Server® 2003 Active Directory/DNS/ Windows Internet Naming Service (WINS)/ Dynamic Host Configuration Protocol (DHCP) Microsoft® Office SharePoint® Portal Server 2003 and SharePoint® Server 2007 Product group “Best Practices” Microsoft® System Center Configuration Manager server roles Vulnerability assessment Microsoft® System Center Operations Manager 2007 Microsoft® System Center Virtual Machine Manager 2007 SharePoint Server 2007 SQL Server 2005

Configuration Manager Client 概觀 – 運作流程 Configuration Packs 匯入組態項目 1 ConfigMgr Database Windows Server 2003 CI Line-of-business Application CI Antivirus Software CI Compliance State Tables ConfigMgr Admin Console 2 建立新的組態項目 Line-of-business Application Server Baseline 使用組態項目建立組態基準線 3 ConfigMgr Server Managed Client 4 指定組態基準線到collection 6 WMI 5 將符合狀態傳送到ConfigMgr 之資料庫, 並提供報表查詢 DCM 依據組態項目驗證是否違反規則 Script XML Configuration Manager Client Active Directory SQL Registry File Software Updates IIS MSI

以模型為基礎的管理架構 基準線可以建立在其他基準線之上, 以產生巢狀的效果 Web Specific Services Contoso Production Server Baseline Windows Server 2003 Windows Server Longhorn Line of Business Services BizTalk Server 2006 Exchange Server 2007 SQL Server 2005 Contoso Web Application Baseline ISA Server Forefront for Exchange Forefront Security for Sharepoint Web Specific Services Office Communications Server Outlook Web Access SharePoint Server 2007 基準線可以建立在其他基準線之上, 以產生巢狀的效果

範例……………

建立知識 – 在ConfigMgr編寫 從頭開始… 建立 Child CI 複製 Operating System CI 5/8/2019 7:38 AM 從頭開始… Operating System CI Application CI General CI Configuration Baseline 建立 Child CI 從其他CI 繼承 新增新的規則到繼承的物件及設定 新增新的設定及物件 複製 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

建立知識 – Parent/Child CIs 5/8/2019 7:38 AM 建立知識 – Parent/Child CIs Parent CI Imported from Microsoft Defines core settings/objects and “laws of physics” Duplicate CI No link maintained to original. Full editing capabilities. Copy of Microsoft SQL Server 2005 Microsoft SQL Server 2005 Child CI Inherit definition from parent Add rules to parent settings and objects Add new settings/objects for this child CI only Duplicate CI No link to original. Inheritance from same parent as original. Woodgrove Bank’s Configuration for SQL Server 2005 Best Practices for Microsoft SQL Server 2005 SQL Server for HR IT SQL Server for Sales IT Additional layers of inheritance as required. SQL Server for Sales Reporting Application © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

demonstration 組態設定流程

運用組態規範結果 組態規範結果被以XML型態附加在狀態訊息傳送 狀態訊息的嚴重性是以在CI/Baseline任何驗證失敗的規則中最嚴重者為基準 使用 DCM Home Page 來看基本報表 可以從Home Page or Reports node查詢所有報表 在DCM 組態規範資料上, 使用查詢基礎的 collections 來部署軟體, scripts, updates 或 task-sequences

設定未符合規範電腦的Collection 查詢條件 select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_CI_ComplianceState on SMS_G_System_CI_ComplianceState.ResourceID = SMS_R_System.ResourceId Where SMS_G_System_CI_ComplianceState.ComplianceStateName = non-compliant And SMS_G_System_CI_ComplianceState.MaxNoncomplianceCriticality = "<Severity>" and SMS_G_System_CI_ComplianceState.LocalizedDisplayName = "<BaselineName>" and SMS_G_System_CI_ComplianceState.CI_UniqueID = "<CI Unique ID>“ 嚴重等級(Severity) 1 (Information - no Windows event messages) 2 (Information) 3 (Warning) 4 (Error)

demonstration 檢視DCM報表 運用組態規範結果

Resources Technical Communities, Webcasts, Blogs, Chats & User Groups http://www.microsoft.com/communities/default.mspx Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet Trial Software and Virtual Labs http://www.microsoft.com/technet/downloads/trials/default.mspx System Center Home page http://www.microsoft.com/systemcenter

在何處取得 TechNet 相關資訊？ 訂閱 TechNet 資訊技術人快訊 http://www.microsoft.com/taiwan/technet/flash/ 訂閱 TechNet Plus http://www.microsoft.com/taiwan/technet/ 參加 TechNet 的活動 http://www.microsoft.com/taiwan/technet/ 下載 TechNet 研討會簡報與錄影檔 http://www.microsoft.com/taiwan/technet/webcast/

Q&A

<SLIDETITLE INCLUDE=0>Tag line</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>