In-Depth

Systems Engineering: A Job for SMS

Is SMS still necessary if you’re running Windows 2000? The fact is, each has its role when it comes to helping you take care of your network.

Now that Windows 2000 is here, do you still need SMS? That’s a question I hear many systems administrators asking these days. Heck, as one whose job is primarily involved with deploying Systems Management Server, it’s a question I started asking myself as soon as the first Win2K marketing salvos began launching from Redmond. So to either allay my fears or to get a head start on realigning my career priorities, I started to investigate. The result of my research reminds me of a high school English term paper assignment: “All right, class, I want you to compare and contrast the systems management features of Win2K and SMS 2.0…”

On the surface, it would appear that Microsoft stole the best features of SMS and built them right into Win2K, but, as they say, the devil is in the details. The desktop management features of Win2K have often been referred to as “SMS Lite.” I’d go so far as to call it, “SMS Ultra-Ultra Lite,” but let’s take a closer look at Win2K’s claim to fame in the area of systems management.

SMS 2.0 Service Pack 2 and Windows 2000

Service Pack 2 for SMS 2.0 is a must-have for any organization with SMS 2.0 installed, even on an all-Windows NT 4.0 network. With Windows 2000 beginning to appear on the desktop and servers, SP2 becomes an absolute necessity. (SMS 2.0 with Service Pack 1 only officially provided support for the Win2K Beta 3 release.) In addition to providing a number of critical bug fixes and performance enhancements, plus NetWare 5 support, SP2 instills SMS 2.0 with nearly complete Win2K compatibility. Let’s look at what’s meant by “nearly complete.”

The Complete

  • Full client support for Win2K Professional, Server, and Advanced Server, including hardware/software inventory, software distribution, remote tools, software metering and Network Monitor.
  • Full client upgrade capability from NT 4.0 or Win 9x to Win2K Professional.
  • Full client support in NT 4.0, NDS, or Active Directory environments.
  • Full server support for Win2K Servers as SMS Site Servers or Component Servers.
  • SMS client support on Win2K servers running Terminal Services.
  • All site roles supported in Active Directory domains. • SMS Administrator console support for all flavors of Win2K.
  • SMS Administrator console supported running under Terminal Services in either Remote Support mode or Applications Support mode.
  • Automated Win2K Professional distribution package.
  • Integration with Win2K Readiness Analyzer.
  • Support for Network Discovery using Win2K DHCP servers.

The Nearly

  • No accelerated video for remote control on Win2K clients.
  • Terminal Services client limited to inventory and background software distribution.
  • Server upgrades to Win2K limited to Member Servers only.
  • Sites with Site Servers residing on Domain Controllers must be reinstalled if either the domain is upgraded to Active Directory or the domain controller is upgraded to Win2K.
  • Domain Controllers running as Logon Points, CAPs, or Distribution Points can be upgraded to Win2K as long as the Logon Points, CAPs, or Distribution Points are deleted before the upgrade and then re-created after the upgrade.
  • WINS is still required even in a full Win2K environment.
  • If collapsing your domains is part of your migration to Active Directory, as with NT 4.0, there’s no support for moving SMS sites to different domains without reinstalling.
  • No support for Active Directory restricted groups.
  • Members of nested groups or members of Universal groups outside the AD domain where the site resides won’t get enumerated by SMS. AD Universal groups are treated like NT 4.0 Global groups.
  • No support for clustering a Site Server on Advanced Server. • No support for Win2K multi-language version.
  • SMS logon installation can’t be used to install the SMS client on servers supporting Terminal Services; however, you can use SMSman.exe or the NT Remote Client Installation method to install the SMS client.
  • No software metering on clients running Terminal Services.

Additional Considerations

  • As with NT 4.0 domains, the SMS Service account requires Domain Administrator rights in an Active Directory domain.
  • Upgrading to SP2 requires certain hotfixes to be applied to your site prior to installing the service pack. Which hotfixes to apply depends on which level your SMS site is at prior to the upgrade (RTM code or SP1). Be sure to read all the README files first!
  • As with SP1, SP2 is a “slipstream” upgrade, which means the service pack is applied to the installation files, not to the installed site server. This means you have to copy the SMS CD to a network share or some other write-able location, apply the service pack, then run setup from those updated source files. Check out the white paper on deploying SMS service packs at www.microsoft.com/smsmgmt/deployment/servicepacks.asp.

It may appear that The Nearly list is longer than The Complete list, but actually SP2 provides about as much Win2K compatibility as most enterprises will need for some time to come. The next version of SMS (rumored to be code-named some other precious stone, i.e. “Opal”) will no doubt provide seamless integration with whatever version of the OS Microsoft has going at the time, assuming Microsoft’s Operating System division and its Applications divisions are still part of the same company!

—Mark Wingard

I Think I’m Being Followed!

Win2K can boast some great new management features under the heading of IntelliMirror. With IntelliMirror technology, administrators can apply policies in the area of user data, desktop settings, and software distribution. These policies follow users as they log on to different computers on the network, allowing them to consistently experience the same desktop, data, and applications no matter when or where they log on.

In the area of data management, through the use of Group Policy, Offline Folders, and Synchronization Manager, Win2K users can be heard muttering, “My documents follow me!” For managing of desktop settings, administrators can employ Group Policies and Roaming User Profiles to centrally define computing environment settings on the network, leading users to nervously gasp, “My preferences follow me!” And finally, the software installation and maintenance aspects of IntelliMirror enable software installation, repair, update, and removal across the network, and can cause users to bolt from their cubicles, screaming, “My applications follow me!”

In addition to the ability to install software applications, Win2K provides for enhanced remote installation of Win2K itself via the Remote Installation Service (RIS). As if that weren’t enough, administrators have the ability to perform remote control of isolated servers and user desktops through the built-in Terminal Services. So admit it Microsoft, SMS is dead!

Long Live SMS!

But wait… what’s that I hear Microsoft saying? “Systems Management Server is the best change and configuration management tool for Windows.”?!

While it’s true that Win2K has all these nice, desktop management features, SMS has been around the block once or twice itself and can perform many of these same feats and then some. SMS will concede the user data and desktop settings battle to Win2K but is quick to assert, “Management is my middle name!”

Software Distribution Advantages with SMS 2.0

Win2K allows administrators to distribute software in two ways, by publishing and assigning. Publishing means that software installs are optional to users and are accessible through a Control Panel. When users are ready to install a published application, they can do so via the Add/Remove Programs Control Panel. SMS 2.0 offers a similar, optional software installation feature through the Advertised Programs Manager Control Panel; however, SMS has the option of letting users know there’s a potential software install waiting by providing an icon in the SysTray. (Published software installations within Win2K presumes users must be psychic to know an application install is available!)

Assigning in Win2K means that software installs are mandatory and will run the next time the user logs on. SMS 2.0 also assigns mandatory software installations, but with SMS they can be scheduled to run at any time, night or day, whether or not a user is even logged on. This can be a tremendous advantage to administrators to have software installed at night when users are away from their computers, to both prevent user interference with the installation and to eliminate user downtime while the install is taking place.

SMS 2.0 also allows much greater flexibility in targeting applications to users or computers. Win2K uses an “all-or-nothing” approach to distribute software to all users in a domain, a site, or an organizational unit (OU). SMS 2.0 bases software distribution on collections, which can include a single user, multiple users, or computers, regardless of their OU membership, so software distributions can be targeted with extreme granularity. For instance, a collection could be based on a query of the SMS database to find all PCs running Windows 98, with at least 64M of RAM, 1G of free disk space, and Internet Explorer 4.01 with Service Pack 2 or higher installed. Such a query could run against all computers in an SMS site, regardless of their domain or OU membership, or it could be based on NT or Win2K groups.

Collections are rules-based, which means their membership can dynamically change if the group membership the collection is based on changes or the users’ computer configuration changes. (Did I mention that in spite of a rich set of objects that can be stored in Active Directory, hardware and software inventory isn’t a feature of Win2K?) SMS can also use OUs for targeting software installations in an Active Directory environment provided administrators use scripting tools (found in the SMS Toolkit or via ADSI, Active Directory Scripting Interface) to translate Active Directory OUs to SMS 2.0 collections.

Figures 1. Whereas Windows 2000 software distribution to AD organizational units takes an all-or-nothing approach...
Figure 2. ....SMS 2.0 gives you much geater flexibility in targeting intallations. (Click image below to view larger version.)

Windows Installer vs. SMS Installer

“Oh, yeah, well what about the ability in Win2K to employ just-in-time (JIT) software distribution and automatic rollback or repair of damaged applications?” you might ask.

Those are features of Windows Installer, not Win2K, buckaroo. While Windows Installer comes installed as a part of Win2K, it also gets installed as part of Office 2000 or can be downloaded as part of the Microsoft Platform SDK and can run on many versions of Windows. Therefore, SMS is just as capable of deploying Windows Installer repackaged applications as Win2K is, but with greater flexibility.

SMS 2.0 goes further with the exclusive availability of the SMS Installer to allow a wide range of enhancements in repackaging application installs, such as additional registry changes, control over dialog boxes, software settings, and icon placement. Microsoft will shortly be making available for download a tool called the Installer Step-up Utility, to convert existing SMS Installer executables to Windows Installer files so SMS administrators will have the best of both worlds. (See the TechNet article, “Installer Step-up Utility for MS Systems Management Server.”) Optionally you can purchase Wise’s Installer for the Windows Installer, which creates MSIs and obviates the need for a conversion utility (www.wisesolutions.com/default.htm).

Software Distribution Reporting

SMS 2.0 has built-in status reporting for a number of its features. Among these is Advertisement status reporting, in other words, reporting on the success or failure of software distributions, assuming administrators have enabled a status MIF for the advertisement. When you’re distributing a new application to hundreds of users overnight, it’s useful to know which computers ran the install—and of those, how many completed it successfully. Unfortunately, the only kind of software distribution status reporting available to Win2K is when the users call the help desk the next morning to report, “Hey, that thing that ran when I logged on just broke my computer!”

Operating System Installs

The RIS feature of Win2K allows remote installation of Win2K Professional to fresh systems, meaning virgin computers with a PXE-enabled network card that have the capability to boot up and connect to the network. [See “Assembly-line Deployment” by John Gunson in the May 2000 issue.—Ed.] RIS, however, can’t be used to upgrade previous versions of Windows to Win2K.

Conversely, SMS 2.0 can push out only OS upgrades. There must be an existing version of Windows on the target desktop. For PCs fresh out of the box, RIS is definitely the way to go; however, if the target PC is an SMS client, then administrators can check its hardware and software inventory to see if the potential candidate has what it takes to run Win2K Pro in the first place.

Heterogeneous Environments

SMS 2.0 clients can include many flavors of Windows, from Windows 3.1x, to Windows 9.x, NT 3.5 and above, as well Win2K (as of SMS 2.0 SP2). SMS is also designed to work on a Novell NetWare network. Win2K’s desktop management features are only available in an all-Win2K environment, and this will take a long time to achieve in most enterprises.

Other Exclusive SMS Features

SMS 2.0 includes a host of other systems management features not found in Win2K. Among these are:

  • WAN Support—SMS 2.0 can regulate communications and software distributions over slow links in a variety of ways, including the ability to choose the percentage of bandwidth used to distribute packages between SMS sites, the LAN protocol to use, and support for RAS protocols, as well as schedule packages to run as updates across the LAN or WAN. The Courier Sender feature enables software distribution via CD-ROM or other media to really remote sites when network connectivity is extremely slow, unreliable, or nonexistent. (How about software installs to ships at sea or oil rigs in the North Atlantic?)
  • Asset Management—As I mentioned earlier, software and hardware inventory can often be the cornerstone of proactive software distribution. These inventories allow administrators to determine whether a given desktop machine meets the prerequisites for software upgrades. Manual hardware and software inventorying can be incredibly time-consuming, but SMS 2.0 performs this valuable service in the background and makes the information available to an administrator almost without that person having to lift a finger.
  • Software Metering—While unfortunately underpowered, software metering by SMS is still a great tool for recording what software is in use on the network and enforcing licensing restrictions if necessary.
  • Server Health Monitoring—SMS 2.0’s HealthMon is a variation on Performance Monitor that can provide critical performance information on processes such as Processor, Memory, Server Work Queues, and the like on Windows NT and 2000 Server and various Microsoft BackOffice products such as SQL Server, Exchange Server, and Internet Information Server.
  • Network Topology Tracing Tool—This feature provides a graphical display of the network routes between servers within an SMS site, including the activity and status of infrastructure devices such as routers and hubs. Network Tracing allows for quick analysis of the potential success or failure of an action such as software distribution to a remote location.
  • The full version of Network Monitor—While Win2K Server includes Network Monitor, it will only monitor traffic on the segment where the Win2K Server resides. It also only includes drivers to monitor other Win2K systems. To use Network Monitor to view traffic on your entire network, as well as to monitor both Win2K and other versions of Windows, you’ll need the version that comes with SMS 2.0. (Note: SMS 2.0 SP2 will be required for full Win2K client functionality.)
  • Integration with other network management tools—SMS can do a lot but certainly not everything required to keep on top of your network. Fortunately, the systems management capabilities of SMS 2.0 are compatible to other network management tools such as CA Unicenter TNG, Hewlett Packard OpenView ManageX, NetIQ AppManager Suite, Network Associates Magic Total Service Desk, and Tivoli enterprise management solutions.
  • Remote troubleshooting—Win2K Server sports Terminal Services, which can allow remote control of other Windows computers once the client is installed and the server side is enabled. SMS 2.0 offers the same capability on its clients and provides administrators the ability to perform various other remote diagnostics and troubleshooting.
    Note: The remote control feature of Terminal Services is definitely peppier than its SMS counterpart; however, Terminal Services lacks flexibility on the security configurations available to administrators. And speaking of security, the remote control feature of SMS offers much stronger encryption of sessions than the ICA protocol the original Citrix MetaFrame client used (what Terminal Server was originally based on). Let’s hope that the Remote Desktop Protocol (RDP) employed by Win2K Terminal Services is more secure.
Windows 2000 vs. SMS 2.0
Management Features At-a-Glance
Systems Management Feature Win2K SMS 2.0
User settings management F n
Data management F n
Application management F n
Deployment of new Win2K OS F F
Optional application installs F F
Mandatory application installs F F
Availability of Windows Installer F F
Remote Tools p F
Network analysis p F
Deployment of Win2K OS upgrades n F
Software deployment based on inventory n F
Software deployment to individual PCs n F
Software deployment outside of OUs n F
Application installs while user is logged off n F
Software deployment status reporting n F
Availability of SMS Installer n F
Hardware/software inventory n F
Software metering n F
Server health monitoring n F
Integration with other management tools n F
Management of pre-Win2K PCs n F
WAN support for software distribution n F

Key F = Full compatibility
p = partial compatibility
n = no compatibility

The Future of SMS

Let’s be realistic. Do you really think Microsoft would abandon an on-going revenue stream if it didn’t have to? The folks in Redmond have been careful to position the desktop management features of Win2K in such a way as to not cut into the market SMS enjoys. Systems Management Server is a complex and powerful tool, well suited to the large, complex, mixed-Windows organization. In many ways, the desktop management features of Win2K have been designed to provide SMS-like capabilities for environments in which SMS might be overkill.

Officially, Microsoft says SMS “extends the systems management features of Windows 2000,” but—between you and me—the Win2K desktop management features are for organizations unprepared to invest the resources required for a real desktop management tool like SMS. And to be practical, those resources aren’t insignificant. In addition to the cost of licensing fees, a serious investment in both training and retaining staff to be qualified SMS administrators is required for organizations that are committed to managing their desktops. It’s not that the desktop management features of Win2K are trivial or ineffective; it’s more like, “Yes, you can replace that leaky faucet on your own (Win2K) if you want, but for those major plumbing problems under the house, call a professional plumber (SMS) for heaven’s sake!”

Additional Information
  • For an overview of SMS and a discussion of its benefits, go to www.microsoft.com/smsmgmt.
  • For an introduction to Windows Management Services, including management roles and disciplines, as well as the architecture for management solutions that will be available either as part of the OS or as an add-on, go to www.microsoft.com/windows/server/
    Technical/management/default.asp
    . You’ll also find an overview of Change and Configuration Management and an introduction to how Microsoft products such as IntelliMirror technologies in Win2K, Remote OS Install, and SMS address this management discipline. Likewise, you can read an overview of the features of IntelliMirror technologies in Win2K and scenarios for how organizations can benefit from IntelliMirror.
  • For an overview of the features of The Windows Installer service and scenarios illustrating how it addresses specific customer needs, go to www.microsoft.com/windows2000/library/howitworks/management/
    installer.asp
    .
  • For more information on getting started with the Windows Installer, see the Platform SDK Windows Installer Start Page, at http://msdn.microsoft.com/library/psdk/msi/wiport_6gf9.htm.

Microsoft also recognizes that, for a number of reasons (including one that might be spelled “D-O-J”), it may take a few years yet before Win2K has completely taken over the desktops of the corporate world. Until that time comes, there’s no real rival to SMS for the systems management features it supports. By the time Win2K does become ubiquitous on the desktop, SMS will have evolved to fully leverage Win2K and Active Directory. So don’t start chucking those SMS skills quite yet. And if you’re one of the few, the proud, the brave to have successfully passed the SMS 2.0 exam, just think: It’s one elective you won’t have to retest on to keep your MCSE current with Win2K!

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.