SCCM 2012 R2 Architectural Components

Microsoft System Center 2012 R2 Configuration Manager is an enterprise management tool that provides a complete solution for Windows client and server management, including delivery of new software packages, virtual applications, software updates and operating systems. SCCM 2012 R2 also has, to a certain extent, the capability to perform mobile device management and management of devices running non-windows operating systems. In this blog post we will briefly look at the architectural components of SCCM 2012 R2, to get a basic understanding of what function the different components of a SCCM 2012 R2 infrastructure serve.


1. Hierarchies and Sites


A site is the core role of Configuration Manager. A Configuration Manager hierarchy consists of sites that are linked directly or indirectly and have a parent-child relationship. The Configuration Manager 2012 infrastructure is simplified from earlier versions of the product, and consists of three different site types, Central Administration Site, Primary Site and Secondary site.

A hierarchy of sites can be described by one of three basic configurations,

A single stand-alone primary site that has no additional sites.
• A primary site that has one or more secondary sites.

• A central administration site as the top-level site that has one or more primary child sites. The primary sites can each support secondary sites.


Example of a SCCM 2012 R2 hierarchy


Central Administration Site (CAS)

CAS is the recommended location for all administration and reporting for the hierarchy, if you choose to deploy a hierarchy with a CAS. Central Administration sites are used in scenarios where you need more than one Primary Site, such as when you need to manage more than 100 000 clients. The maximum number of clients supported for an entire Configuration Manager 2012 hierarchy is 400 000. The CAS supports only primary sites as child sites. It has limited site roles available, has no clients assigned, and doesn’t process client data. The CAS requires SQL Server for data that is gathered from the hierarchy.


Primary Site

A required site that manages clients in well connected networks. All clients are assigned to a primary site. Primary sites can not be tiered below other primary sites. Each Primary site can support up to 250 secondary sites, 100 000 clients and 10 management points (for load balancing). A SQL server is required for primary sites. If an organization has less than 100 000 clients, it should only use a single stand-alone primary site.


Secondary Site

Secondary sites can be used to service clients in remote locations where network control is needed. General recommendation though is to avoid usage of secondary sites in such scenarios, and rather deploy Distribution Points in remote locations, because they allow controlling, or throttling, network bandwidth for content distribution between a site and a remote distribution point. Secondary sites are installed through the Configuration Manager console. A management point and distribution point are automatically deployed when the site is installed. SQL Server Express or a full instance of SQL Server is required for a secondary site. If neither is installed when the site is installed, SQL Server Express is automatically installed.

Secondary sites must be direct child sites below a primary site, but can be configured to send content to other secondary sites. They also receive a subset of the Configuration Manager database. Clients cannot be assigned directly to secondary sites.

Because administrative consoles can connect only to a central administration or primary site, secondary sites are typically used in locations that do not have administrators, or in locations where you need clients to scan for software updates compliance without needing to talk to a primary site server. The latter can be achieved by installing the software update point role on a secondary site server.


2. Site System Roles


Site System Roles are roles that can be installed on Configuration Manager 2012 R2 site servers. Any computer hosting a site system role is referred to as a site system server. You can assign multiple roles to one site system server. There are five site system roles that must exist in each site and must be configured during installation of a CAS or a Primary site, while the rest of the site system roles are optional.


Default Site System Roles


Component Server
Any server running the Configuration Manager Executive service. It is automatically installed with all site system roles except the Distribution Point, and is used to run Configuration Manager services.

Site Database Server
Server with Microsoft SQL Server installed, hosting the Configuration Manager site database. This database is used to store information about assets and site data.

Site Server
Contains components and services required to run a central administration, primary, or secondary site.

Site System
Supports both required and optional site system roles. Any server (or share) with an assigned role automatically receives this role.

SMS Provider
A WMI provider operating as an interface between the Configuration Manager console and the site database. Secondary sites do not install SMS providers.


Optional Site System Roles


Application Catalog Web Service Point
Publishes software information from the software library to the Application Catalog Website.

Application Catalog Website Point
Publishes the available software for a user on the Application Catalog Website.

Asset Intelligence Synchronization Point
Synchronizes Asset Intelligence data from System Center Online by downloading Asset Intelligence catalog data and uploading custom catalog data. This role can only be installed on the CAS or a stand-alone primary site server.

Certificate Registration Point
Communicates with the server that runs the Network Device Enrollment Service of Active Directory Certificate Services to manage device certificate requests that use the Simple Certificate Enrollment Protocol (SCEP).


Distribution Point
This role stages packages (source files), such as application content, software packages, software updates, operating system images, and boot images to clients. A Distribution Point can not be connected to a CAS, it always communicates with a primary site or a secondary site. A single Distribution Point is capable of supporting up to 4000 clients. A site can hold up to 250 Distribution Points.

Endpoint Protection Point
This role is configured at the Central Administration Site or a stand-alone primary site. With the System Center Endpoint Protection role you can secure your clients and servers from viruses and malware by deploying (and managing) Microsoft System Center 2012 Endpoint Protection to clients. Microsoft System Center 2012 Endpoint Protection provides an antimalware and security solution for the Microsoft platform.

Enrollment Point
Facilitates enrollment of Intel’s Active Management Technology (AMT)-based computers and mobile devices.

Enrollment Proxy Point
Allows the management of mobile device enrollment through Configuration Manager.

Fallback Status Point
Provides an alternative location for clients to send up status messages during installation when they cannot communicate with their management point.


Management Point
Facilitates communication between a client and site server by storing and providing policy and content location information to the client, and receiving data from the client such as status messages and inventory. One Management Point can support up to 25 000 clients.

Out-of-Band Service Point
Allows out of band management of AMT-based computers.

Reporting Services Point
Used to integrate reporting through SQL Server Reporting Services and is required if using reports.

Software Update Point
Provides software update management for Configuration Manager clients by integrating with Windows Server Update Services (WSUS).

Sate Migration Point
When using OSD, the state migration point holds the user state data for migration to the new operating system.

System Health Validator Point
When implementing Network Access Protection (NAP) a system health validator point validates the Configuration Manager NAP policies. The role must to be installed on the NAP health policy server.

Windows Intune Connector
When managing mobile devices via Windows Intune you need to install the Windows Intune connector to be able to retrieve status messages and inventory messages from the mobile devices that are enrolled in Windows Intune.

1 Comment

  1. Mohammed

    Really very informative information about SCCM. All the information is to the point.


Leave a Comment

Your email address will not be published. Required fields are marked *

Captcha * Time limit is exhausted. Please reload the CAPTCHA.