Systems administrators have relied on tools to enable automated software distribution and deployment and to perform other management functions since the early days of network computing. As PCs have proliferated, the problem of managing individual computers has become more important to the health of the overall technology infrastructure. SMS is designed to help IT administrators contain the cost of managing distributed systems by allowing the number of deployed computers and installed applications to increase without requiring substantial investment in additional manpower for technical support. Managing client computers within an IT organization includes tasks such as troubleshooting computers, managing software assets, and analyzing network problems. These tasks can be complex and time consuming, preventing IT staff from focusing on new deployments and upgrades to existing systems. SMS helps to solve this challenge in IT.
SMS 2003 addresses the following key issues that IT administrators face in managing distributed computing environments:
Managing computers that roam among locations and connect to the network from different geographical locations
Tracking deployment and use of software assets, and using this information to plan software procurement and licensing
Providing IT administrators and management access to data accumulated by SMS
Managing security on computers running Windows operating systems in a scalable manner
To help solve these issues, SMS 2003 provides a number of key features. These include support for collections and queries, hardware and software inventory, software distribution, software update management, software metering, reporting, product compliance, security, and many others.
SMS manages resources such as client computers and software. Logical groups of SMS resources having common attributes are called collections. Collections are defined by queries that are refreshed at intervals specified by an administrator. A resource that no longer meets the collection criteria is removed from the collection and a resource that meets the collection criteria is added to the collection. SMS features can operate on clients only if they are members of a collection. By default, all SMS clients are members of the All Systems collection (shown in Figure 2-7). These collections form the basis for how SMS manages systems in your environment.
Another major feature is that hardware and software inventories on client computers can be performed by SMS. You can run a wide variety of reports against the resulting data, which can help you plan upgrades, track hardware and software assets, or compare the report output to software licensing data. Before you deploy a new software package, you can build a report that shows how many destination computers have the required memory and disk space to support the software package that is planned for distribution. This allows you to upgrade non-compliant systems before the deployment begins, ensuring a higher overall project success rate. You can customize the hundreds of types of data that can be recorded when you gather information during hardware and software inventory collection. This helps you to attain the appropriate balance between performance and inventory depth for your organization. SMS 2003 provides control over which software files should be scanned. Software inventory can scan specific directories and drives, using environment variables to optimize the data-gathering process. SMS has been designed to use Windows Management Instrumentation (WMI). SMS has access to data from many sources, including the Win32 API and Simple Network Management Protocol (SNMP), which provides administrators with a broad base of inventory and configuration data.
In addition to the useful hardware inventory features, there is extensive support for software inventory as well. A granular file inventory search is available in SMS 2003 and can be configured to retrieve only the necessary assets during discovery. This is done with wildcards, environment variables, and file properties to control software inventory searches more effectively. Other options allow for compressed and encrypted files to be skipped. In addition, the Add/Remove Programs list and other software installed by Windows Installer technology can be queried to validate against file inventory data in the case of corrupt or incomplete installations. This provides a check against pure file-based inventory data.
SMS also significantly reduces the time and complexity of maintaining and upgrading software for organizations with distributed networks. You can upgrade and configure each computer from a central location or from multiple locations. You can schedule individual software files or software programs for distribution to specific computers. You can also initiate unattended software installations to selected computers. Software installation packages can come ready for installation from Windows Installer using *.msi files or can be created with the SMS Installer.
Software distribution can be directed to computers based on collected information, including network and hardware configuration, group membership, and software installation status. If an SMS client computer is added to a group, software is automatically sent to the client according to predefined administrative settings for that group. Likewise, new computers matching a predefined destination, such as by IP subnet or installed peripheral, automatically receive specified packages or driver updates. Also there is a Courier Sender feature that allows software to be sent between SMS sites by CD or other media, rather than across the network. This is particularly useful in situations where the available network bandwidth is low or too expensive to use for the delivery of large update packages.
SMS can also be used to remove deployed software and applications from particular computers or groups. Software distribution uses Background Intelligent Transfer Service (BITS) technology, which can transfer files from distribution points that are BITS-enabled. And if a file download is interrupted in progress, a checkpoint is set. You can resume the file download and then proceed from the checkpoint rather than restarting the download from the beginning. On reconnection, any partial downloads to clients continue where they left off. There is no need to restart transmissions because of a disconnected session.
One of the more important features of SMS that drives many administrators to use it is the support for software updates. Software update management in SMS is the process of keeping computers and servers that are running Windows operating systems updated with security updates or patches, and includes the following functions:
Performing an inventory of the installed and applicable updates on managed computers
Evaluating and testing available updates
Authorizing and distributing the updates
Tracking software update compliance
You can use these tools to take advantage of the critical software updates that Microsoft provides for Windows operating systems, Microsoft Office, SQL Server, Exchange, and other system software. Several software update management tools are installed by default on the SMS site server. These include the Distribute Software Updates Wizard and the Software Updates Installation Agent, along with a collection of predefined reports for software updates. Let's take a look at those tools in greater depth to understand their function.
The Distribute Software Updates Wizard performs the following tasks:
Uses inventory information to analyze the applicable software update status for client computers
Provides a method of reviewing and authorizing suggested software updates
Downloads authorized software updates and installation information
Builds packages and advertisements tailored to specifications for each software update or set of updates
Distributes software update advertisements to client computers by using SMS software distribution
The Software Updates Installation Agent performs a number of functions as well. This tool evaluates advertised software updates against missing or previously installed updates on an SMS client computer and installs the applicable updates. The Software Update Reports Predefined reports help you to view information that is gathered by the update inventory tools. With these reports and with custom reports that can be designed through SQL Server, you can build entire dashboards that provide a picture of compliance and performance against service levels. Tools available for download include the Security Update Inventory tool, which scans a client computer for installed software updates to Windows operating systems, Internet Explorer, SQL Server, and other software.
In addition to software update management tools that are described in the previous section, SMS 2003 includes some other enhancements over the previous versions of SMS. One example is the persistent notification for software updates. This is an icon that appears in the system tray whenever a user is logged on and there are pending, but uninstalled, software updates. When the computer is in compliance, the notification area icon does not appear. The notification area icon can be used to support user needs as well. For instance, the program associated with the icon can schedule installations and reboots to occur at convenient times of the day or facilitate the install of software updates immediately. The Unattended software update installation provides a method to deploy mandatory updates to client computers silently. No notification icon appears in the notification area, and users with insufficient rights cannot terminate the process in Task Manager.
Efficiently managing the software products, services, and applications deployed to an organization is important to IT. SMS 2003 does this with its software inventory and software metering features. The focus of software metering in SMS 2003 is collecting and reporting software program usage data. You can use SMS 2003 software metering data to identify which applications are being used and which users are running them along with the number of concurrent application usages, software license requirements, redundant software installations, and unused software applications that can be reallocated.
Software metering is fully integrated with all other SMS components and is accessed through the SMS Administrator Console. In addition, SMS 2003 software metering data is now stored in the SMS site database with other SMS data. SMS 2003 software metering includes software usage history, and enables trend analysis and audit reporting. You can use this information to track software license usage and produce license compliance reports. An SMS site administrator can configure this process to suit your needs. They can also configure SMS 2003 to track software usage on managed SMS client computers on and off the network. SMS clients record software usage even when they are disconnected from the network by uploading usage reports either on a schedule or the next time a connection is available to the SMS site.
Summary and detail reports can be generated describing which applications were used by which users, for how long, and on which computers. Usage can be tracked by user or computer and the reports can be created comparing concurrent usage data to current license ownership, helping organizations to ensure compliance and track usage for budgeting and planning purposes as well.
Beyond the software update and metering features, there are some useful performance monitoring features in SMS 2003. The system provides a wide range of performance monitor counters that are accessed using the Windows System Monitor. These counters are helpful for maintaining SMS, identifying problem areas, tuning SMS systems, and troubleshooting. System Monitor gathers information about growth patterns that you can use to plan for future hardware growth. SMS 2003 also provides a comprehensive set of predefined, secure reports with information about the client computers across the SMS hierarchy and the current state of managed systems across an organization. You can provide management and other SMS users with reports that can be viewed using Internet Explorer. Reports include hardware and software inventory data, computer configuration details, and software deployment, deployment errors, and usage status.
SMS reports are extensible, enabling you to generate custom views and reports. You can use the SMS Administrator Console to create and manage reports. All reports are based on SQL, and administrators and other users who do not have access to the SMS Administrator Console can run reports by using the Report Viewer in Internet Explorer. You can export and import reports by using the Export Object Wizard and Import Object Wizard in the SMS Administrator Console, as shown in Figure 2-8. Use exported report files to share reports with other SMS administrators or to import reports obtained from another SMS administrator. Using Report Viewer, you can also create dashboards, which are sets of reports displayed in a grid, in a single window to monitor information about a variety of SMS objects or systems. All of these capabilities enable you to provide the right data to the right people, regardless of their status within SMS or knowledge of the system.
This extensive set of features in SMS enables a full software deployment and lifecycle management solution that IT can rely on for critical systems management functions. However, some of the features in SMS may not fit as well in certain IT environments or may require some complementary solutions. One of those solutions is Windows Server Update Services (WSUS). Let's take a look at how WSUS can help to manage decentralized IT environments when SMS isn't the right fit.