Features and Functions | Microsoft Systems Management Server 2.0 Administrators Companion (IT-Administrators Companion)

[Previous] [Next]

SMS 2.0 offers remote desktop administration in four primary areas:

Inventory and resource management The ability to gather and maintain a workstation's hardware and software configuration in a central database that is easy to access and interpret

Diagnosis and troubleshooting The tools to effectively analyze hardware and software concerns on remote workstations

Package distribution The ability to install applications and updates and execute programs on a remote workstation

Application management The ability to track, restrict, and license application usage on a user's workstation as well as to monitor product compliance issues

We will explore these SMS features more closely throughout this book. First let's look at the various SMS components; we will refer to these components as we look at features.

Components

The term "SMS component" refers to a program that performs a specific SMS task. In this section, we will review some basic SMS 2.0 terms and component definitions. If these descriptions seem brief, don't despair! Each component is discussed in detail later in this book.

SMS Site

An SMS site defines the computers, users, groups, and other resources that will be managed by SMS so that SMS can remotely control a Windows NT workstation, advertise a package to a user, view all Internet Protocol (IP) devices, or inventory system resources. An SMS site is defined first and foremost by IP subnet address, which means that you can manage computers based on their subnet address rather than simply by their domain membership. This computer managing feature allows SMS 2.0 to scale more efficiently to your enterprise network. An SMS site consists of an SMS site server, SMS site systems, and SMS clients and resources.

SMS Site Server

The SMS site server is the Windows NT 4.0 server on which SMS 2.0 has been installed and that manages the SMS site and all its component attributes and services. The SMS site server is the primary point of access between you and the SMS database. It must be a Windows NT 4.0 server that has been made fully Y2K-compliant—meaning that you have applied Windows NT 4.0 Service Pack 4, Microsoft Data Access Components (MDAC) 2.0 Service Pack 1, and Microsoft Internet Explorer 4.01 Service Pack 1. If the SMS site server will be a primary site, it will need access to a server running Microsoft SQL Server 6.5 with SQL Service Pack 4 or later or SQL Server 7.0. An SMS site server can be installed on either a domain controller or a member server, but not on a stand-alone server.

SMS Site System

An SMS site system is a Windows NT 4.0 server with Windows NT 4.0 Service Pack 4 applied that performs one or more SMS roles for an SMS site. These SMS roles include logon points, client access points (CAPs), distribution points, and software metering servers. All SMS roles are installed on an SMS site server by default unless the SMS site server is installed on a member server. In the latter case, the SMS site server is not installed as a logon point. (Chapter 3 will cover these roles in detail.) Additional SMS site systems can then be identified within the SMS site and can be assigned various SMS roles or combinations of roles.

Logon Points An SMS logon point is an SMS site system that becomes the first point of contact between a client computer and the SMS site. It is implemented when the discovery method Windows Networking Logon Discovery or Windows Networking Client Logon Installation is enabled by the SMS administrator. The logon point collects discovery information about the client, determines the client's site assignments, and provides the client with a list of CAPs.

Client Access Points An SMS CAP is an SMS site system and functions as the exchange point between SMS clients and the SMS site server. Components of SMS clients are installed from a CAP. Inventory, status, and discovery information is collected in a CAP. Advertisement information and other client instructions are obtained from the CAP. When a client receives an advertisement for a program, it will also include a list of distribution points at which the client can find the package files.

Distribution Points An SMS distribution point is an SMS site system that stores the package files, programs, and scripts necessary for a package to execute successfully at an SMS client computer. By default, SMS places these files on the drive with the most free space and shares them using a hidden share.

Software Metering Servers An SMS software metering server is an SMS site system that enables you to track application usage on SMS clients, restrict application usage, and grant or deny licenses for applications running on an SMS client. This feature of SMS requires its own SQL database for storing usage and license data.

SMS Client

An SMS client is a computer running any supported Microsoft operating system that has been assigned to an SMS site and installed using the SMS client component software. Valid Microsoft operating systems include the following:

Microsoft Windows 2000

Microsoft Windows NT 4.0 (Server, Workstation, or Enterprise editions)

Microsoft Windows NT 3.51, Service Pack 5 or later (Server and Workstation editions)

Microsoft Windows 95/98

Microsoft Windows for Workgroups 3.11

Microsoft Windows 3.1

NOTE
SMS 2.0 no longer supports MS-DOS as an installed SMS client. MS-DOS computers can be discovered by an SMS 2.0 site, but they cannot be managed by that site. Also, SMS 2.0 no longer supports Apple Macintosh or IBM OS/2 clients. If you need to support these types of clients within an SMS site, you will have to maintain a separate SMS 1.2 site server for them. See Chapter 19 for more information regarding support for mixed sites.

SMS Administrator Console

An SMS administrator is the individual trusted with the implementation, maintenance, and support of an SMS site or specific objects in the SMS database. An SMS Administrator Console, as shown in Figure 1-1, is the primary tool that an SMS administrator uses to maintain an SMS site. The SMS Administrator Console can be installed only on a Windows NT 4.0 computer and is generally installed on a Windows NT 4.0 workstation—the SMS administrator's NT 4.0 workstation.

The SMS Administrator Console is actually a Microsoft Management Console (MMC) with the SMS Administrator snap-in added. The nine top-level SMS objects in the SMS site database that can be administered are described in Table 1-1; each contains additional objects. Since the SMS Administrator Console is an MMC, additional snap-ins could be added to it—for example, add-ons from third-party SMS developers such as Computing Edge, or Microsoft SQL Server 7.0 Enterprise Manager Console or Windows 2000 management tools.

click to view at full size.

Figure 1-1. A representative SMS Administrator Console displaying the different top-level objects that can be managed by the SMS administrator.

Table 1-1. Top-level SMS objects

Object	Description
Site Hierarchy	Displays the site hierarchy and contains site properties and component configurations such as client agents, installation methods, discovery methods, site systems, status filters, and summarizers.
Collections	Predefined or SMS administrator-defined groupings of SMS resources. Collections can consist of any SMS-discovered resources.
Packages	Display package and program settings. A package is a set of files, programs, or commands that you want executed on an SMS client. Package programs are advertised to collections. Package files are stored in distribution points.
Advertisements	The means by which you let an SMS client know that a package is available for it. An advertisement can be offered not only to SMS client computers, but also to any users or user groups that have been discovered by SMS. Advertisements are maintained on CAPs.
Product Compliance	Defines a list of products and their Y2K-compliance level.
Queries	Provide a means of displaying database information based on a set of predefined criteria. Several queries are defined by default, and the SMS administrator can also create new queries.
System Status	SMS equivalent to the Windows NT Event Viewer. Virtually every SMS service or process generates a robust set of status messages that outline the progress of that service or process. The information provided by the System Status object is the best place for an SMS administrator to begin troubleshooting.
Security Rights	Provide the capability to define and refine the level of access that users have when working with SMS objects. This gives you the ability to delegate specific tasks to specific groups of users.
Tools	Four primary tools can be utilized through this object: Network Monitor, for network traffic analysis; SMS Service Manager, for monitoring component status and logging; Software Metering, for monitoring and maintaining product usage and licensing; and Reports for creating database reports using Crystal Info.

SMS Site Hierarchy

An SMS site hierarchy resembles an organizational flowchart and exists whenever two or more SMS sites have been defined in a parent-child relationship. SMS site hierarchies provide a means of extending and scaling SMS support across a wide variety of organizational structures.

Parent and child sites are defined by their relationship within an SMS site hierarchy. A parent site is any site with at least one child site defined and has the ability to administer any child site below it in the SMS site hierarchy. A child site is any SMS site that has a parent defined. Child sites send discovery, inventory, and status information up to the parent site. Any SMS primary or secondary site can also be a child site. An SMS primary site can have a child site reporting to it, but an SMS secondary site cannot.

Primary Site An SMS primary site is an SMS site that has access to a SQL Server database. An SMS primary site can be directly administered through the SMS Administrator Console as well as by any SMS site above it in the SMS site hierarchy. An SMS primary site can also administer any child site below it in the site hierarchy. SMS primary sites can be children of other primary sites. They can also have child sites of their own.

Secondary Site An SMS secondary site is an SMS site that does not have access to a SQL Server database. An SMS secondary site is always a child of a primary site and is administered solely through its parent or through another primary site above it in the SMS site hierarchy. A secondary site cannot have child sites of its own.

Central Site An SMS central site is an SMS primary site that resides at the top of the SMS site hierarchy. Inventory data, status messages, site control data, and discovery data roll from child to parent and are collected ultimately at the central site's SMS database. An SMS central site can administer any site below it in the SMS site hierarchy.

Figure 1-2 illustrates a simple SMS hierarchical model showing both primary and secondary sites as child sites of a central site. An SMS site system's roles do not all have to be enabled on the site server. CAPs, distribution points, and software metering servers can all be enabled on member servers in the domain. Logon points will be enabled on all domain controllers in the specified domain.

click to view at full size.

Figure 1-2. Various site system roles that can be assigned within an SMS site and a representative SMS site hierarchy.

That's it for general terminology. All these components and terms will be explored in more detail as we progress through the book.

Inventory and Resource Management

SMS 2.0 can collect and display resources deployed within your network. These resources include, of course, the workstations and servers that have been installed. You also have the ability to discover and view your Windows NT domain users and global groups, as well as any IP-addressable component connected to your local area network (LAN) or wide area network (WAN). SMS 2.0 offers several configurable discovery methods. While not all discovered resources may be manageable, some basic properties can be displayed and viewed by the administrator. For example, a computer's discovery data includes its IP address, network card address (the media access control [MAC] address), its computer name, and the domain of which it is a member. The process of discovering resources will be discussed at length in Chapter 7.

NOTE
The process of discovering a resource such as a computer does not automatically mean that SMS is installed on that computer. Nor does it mean that inventory is collected. Rather, it means that the "fact" of the resource being there is recorded along with some basic properties of that resource.

In addition to discovery data, SMS 2.0 can collect hardware and software data from an SMS 2.0 client. Two of the many client agents that can be installed on an SMS client computer are the Hardware Inventory Client Agent (also sometimes referred to as the Hardware Inventory Agent) and the Software Inventory Client Agent (also sometimes referred to as the Software Inventory Agent). Both are enabled and configured by the SMS administrator and then installed on an SMS client. Collected inventory is stored, viewed, and maintained in the SMS database. This database is created on a computer with SQL Server installed. The SMS Administrator Console acts as a front end to this database and provides the SMS administrator with the tools to manage that data. For example, an SMS client's inventory is viewed through the SMS Administrator Console using a tool called the Resource Explorer.

When troubleshooting needs to be performed, it is not always possible, or even appropriate, that users have full knowledge of their hardware or software configuration. Having an SMS client's inventory readily available and up-to-date, however, provides an administrator with the computer configuration data needed to assist a user with a problem.

The Hardware Inventory Client Agent executes according to an administrator-defined frequency and collects system configuration data such as hard disk space, processor type, RAM size, CD type, monitor type, and so on. In addition, the Hardware Inventory Client Agent can be configured to collect more granular information from 32-bit clients such as Windows 98 and Windows NT 4.0 Workstation, including the install date of the BIOS, program group names, and printers installed. It does so by using the Windows Management Service. Windows Management is Microsoft's implementation of Web-Based Enterprise Management (WBEM). (You'll learn more about these services in the section "Understanding WBEM and WMI" later in this chapter.) Briefly, Windows Management allows for detailed system configuration data to be reported and stored on the workstation for use by management applications such as SMS. Once the Hardware Inventory Client Agent on a 32-bit client has collected the full inventory, only changes to the inventory on the client will be reported in subsequent inventories. This feature is a welcome change from SMS 1.2, in which a complete inventory was always generated and reported at every hardware inventory interval. The hardware inventory process and configuration are discussed thoroughly in Chapter 9.

The Software Inventory Client Agent also executes according to an administrator-defined interval and essentially audits the SMS client for applications installed on its local hard disks. The SMS administrator can configure the Software Inventory Client Agent to audit other file types, as well as to collect copies of specific files. As with the Hardware Inventory Client Agent, the first time the Software Inventory Client Agent runs, a complete software audit or file collection takes place and the full inventory is gathered and reported. At each successive inventory interval, only changes to the audited files will be reported. The software inventory collection and configuration process is discussed more completely in Chapter 9.

Diagnosis and Troubleshooting

Several tools provided through the SMS Administrator Console can help the SMS administrator diagnose problems in the SMS site, with communications within and among sites, and with SMS client computers. These tools can also help the SMS administrator troubleshoot those problems with little direct physical intervention.

HealthMon

This utility presents an at-a-glance view of the current status of Windows NT 4.0 computers in the site. Through settings prescribed by the SMS administrator, HealthMon can generate events based on specific thresholds that are met or surpassed. For example, HealthMon can be set to display a warning indicator for a computer when its processor utilization exceeds 75 percent and a critical indicator when processor utilization exceeds 90 percent. See Chapter 6 for more information about working with HealthMon.

Network Monitor 2.0

This utility provides the means to track, capture, and analyze network traffic that occurs between individual client computers or within the network itself. This version has been enhanced both in functionality and security. Experts have been added to assist you in tracking down and parsing events such as top users, protocol distribution, and so on. In addition, the SMS Administrator Console provides seven Network Monitor Control tools that enable the SMS administrator to identify activities and specific problem situations, such as rogue Dynamic Host Configuration Protocol (DHCP) servers or connections from disallowed IP subnets, through real-time tracking routines. Network Monitor is discussed in detail in Chapter 6.

Network Trace

This utility offers a snapshot flowchart of the SMS site system structure that maps the communication path of each site system, checks for communication status between site systems, and displays the status of SMS components running on each site system. Think of Network Trace as a miniature Simple Network Management Protocol (SNMP) manager. See Chapter 6 for more information about working with Network Trace.

Performance Monitor

When SMS has been installed on a site server, it also adds several new objects that contain counters to the Windows NT Performance Monitor utility. These objects are listed here:

SMS Discovery Data Manager

SMS Executive Thread States

SMS In-Memory Queues

SMS Inventory Data Loader

SMS Software Inventory Processor

SMS Standard Sender

SMS Status Messages

These objects and their corresponding counters, along with the traditional Windows NT objects and their counters (Processor, Process, Memory, Logical Disk, Physical Disk, and so on) can be used to assist the SMS administrator in performance testing site systems and determining optimization alternatives. See Chapter 6 for more information about working with Performance Monitor.

Remote Tools

This utility is perhaps the most appreciated feature of SMS 2.0. Remote Tools enables the SMS administrator to gain keyboard and mouse control of an SMS client from the administrator's workstation. Through a video transfer screen, the administrator can "see" the user's desktop and diagnose and troubleshoot problems without having physical access to the remote client. The administrator can also "talk" to the user through a remote chat screen, execute programs on the remote client, transfer files to and from the remote client, and restart the remote client. As with the Hardware Inventory Client Agent and the Software Inventory Client Agent, the amount of remote access that can be initiated is configured by the SMS administrator and rendered on the client by a Remote Tools Client Agent (also sometimes referred to as the Remote Tools Agent).

The Remote Tools utility also includes remote diagnostic utilities specific to Windows NT 4.0 and other Windows operating systems that provide real-time access to system attributes such as interrupt usage, memory usage, services running, and device settings. This feature is discussed more thoroughly in Chapter 10.

SMS Trace

This utility allows the SMS administrator to view one or more SMS log files in real time in order to follow, diagnose, and troubleshoot service activity. You can use SMS Trace to search for text strings and to highlight found values. See Chapter 5 for more information about SMS Trace.

SNMP Traps and the Event to Trap Translator

SNMP Traps is a tool developed to monitor and troubleshoot IP-addressable devices in a network. Status and event information about these devices is both requested by and reported to an SNMP management server. The SMS 2.0 Event to Trap Translator lets you generate SNMP traps out of Windows NT events logged through Windows NT's event service and send them on to a defined SNMP management system such as Hewlett-Packard's OpenView or Compaq's Insight Manager. It does so by utilizing the SNMP Service, which can be added to any Windows NT computer. Chapter 6 discusses the Event to Trap Translator in more detail.

SMS services also create and update a wide variety of log files and generate detailed event status messages. These files and messages provide the SMS administrator with an extensive source of diagnostic data that is critical to the successful maintenance of the SMS site, as well as providing an ideal means to learn about the inner workings of SMS.

Package Distribution

One important way of reducing the total cost of owning and maintaining client computers is to minimize the amount of time an administrator needs to physically spend at a computer. When part of the administrator's job involves installing and upgrading software at a computer, the amount of time spent at each computer can be significant. We've already looked at some of the remote tools available to reduce the time spent at a user's computer. Another way to reduce this time is to acquire the ability to remotely install, maintain, and upgrade software. SMS 2.0 enables you to do just that. Through its package distribution feature, you can run programs on client computers to install and upgrade software, update files, execute tasks such as disk optimization routines, and modify configuration settings such as registry entries or INI files.

The SMS administrator defines a package's properties, including the location of source files, sending priority, where the package should be stored and shared on the distribution point, and version and language values. The SMS administrator identifies which distribution points should receive the package and also creates one or more programs for the package that define how the package should be executed at a client computer. For example, a software application installation may have several types of installs that can be run, such as Typical, Custom, and Laptop. Each of these installs would represent a program that the SMS administrator would create for the package. The same package definition could then be used to install the application in different ways on different clients.

Clients are made aware of the existence of a program through advertisements. An advertisement is created by the SMS administrator and identifies both the program that should be executed by the target resources and the SMS collection that defines the target resources. Programs can be advertised only to collections, and a valid collection can consist of SMS clients, Windows NT users, or Windows NT global user groups. The advantage of this arrangement is that when a new computer, user, or global user group is added to a collection, it will automatically receive any advertisements for that collection. Packages and advertisements are discussed in detail in Chapter 12.

Application Management

SMS 2.0 offers several tools for managing applications installed on SMS clients. Perhaps the most distinctive new tool is the software metering server. The software metering server provides two main functions: application usage tracking and application licensing. Whenever an application is executed at the client, a client agent reports that fact to the software metering server. This information is passed to the SMS site server and stored in its own SQL database. The data can then be summarized and displayed for the SMS administrator through the SMS Administrator Console. The SMS administrator is capable of excluding applications from monitoring. For example, you probably would not be interested in knowing every time the Clock accessory was run. If you exclude the Clock application, the client agent will then ignore any instance of Clock that is run on the client.

An application can also be registered by the SMS administrator. When an application is registered, the SMS administrator can set restrictions on it or enforce tracking of licenses. For example, an organization might allow FreeCell to be played on company computers only at lunchtime. The SMS administrator can register FreeCell and restrict its execution to a designated time period—say, from 12:00 PM to 1:00 PM. Or the SMS administrator could bar the execution of any applications that are not Y2K-compliant or Euro-compliant. An application can also be restricted by user, group, or client, much like creating an access control list (ACL) for a Windows NT folder.

When the restricted or licensed application is run on a client, the client agent checks for restrictions or licenses on the software metering server. If a restriction exists, the client will receive a message stating that the application cannot be run, and the client agent will shut down the application. Similarly, if the application has been licensed, the client agent will check to see whether any licenses are available for the application. If no licenses are available, the client agent will shut down the application and display a message to that effect. The client agent will also offer a callback option to the user, which means that the user doesn't have to keep retrying the application until a license becomes available on the software metering server. Instead, if the user requests a callback, the software metering server will reserve a license for that user for a default period of time when a license becomes available. The client agent checks the software metering server periodically for available callbacks and notifies the user when a license is available.

NOTE
As with all SMS site systems, you can have multiple software metering servers. SMS will automatically balance available licenses across all the software metering servers based on the license usage data it collects.

An additional application management tool, the product compliance database, is an optional feature that can be installed with SMS. The product compliance database was originally intended to be used to provide a list of Microsoft applications and their level of Y2K compliance. You can add your own product information to this database and use it to identify other compatibility issues, such as Windows 2000 compatibility of the existing clients and software applications, before you implement a Windows 2000 upgrade strategy.

This identification process actually involves several SMS features. The Software Inventory Client Agent can be used to collect a list of programs installed on each client. This list is compared to the product compliance database using SMS queries. Once you have identified the programs that need to upgraded, you can use the package distribution process to send and apply the appropriate upgrades. The product compliance database is discussed in Chapter 20.