It is important to understand how software updates will work in your environment, and one way this can be accomplished is to set up a test environment similar to your production environment. This section describes the operating systems and settings that are necessary to create a minimum configuration of a Microsoft System Center Configuration Manager 2007 site to use while you are testing or evaluating the software updates components. For example, if your enterprise uses Microsoft Windows Server 2003, Microsoft Windows 2000, and Microsoft Windows XP, you will need a minimum of one computer for each configuration.
In addition, you need computers that have other crucial line of business applications running on them (for example, accounting or sales-tracking software). When configuring a test collection, you should also account for variation in hardware within your enterprise (desktop versus laptop computers) and hardware configurations (low-memory versus multiprocessor servers).
Testing Requirements for Client Computers
One client is sufficient for minimum test purposes. However, if you want to have a representative sample of how software updates will work with all the computers used in your enterprise, it is recommended that you have representation for each configuration in your environment. For example, if you have computers that are running Windows XP SP2, Windows Server 2003, and Windows Vista, you should have a client computer for each of these operating systems in your test configuration. If you do not currently use a certain operating system (for example, Windows Server 2003 SP1) in your enterprise, but you plan to use it in the future, it is recommended that you add a computer that is running that operating system to your test configuration. This allows you to become familiar with how the software updates components and software updates work with the operating system before you deploy it in your enterprise.
Setting up this type of extended client test configuration allows you to become familiar with software updates in many different ways. By using more than one operating system you can do the following:
- Review the specific software updates that
Microsoft has published for those operating systems.
- Start becoming familiar with software update
management practices for each type of computer.
- Learn how software updates work with
different operating systems in a controlled environment.
- Learn how to find information about specific
software updates for specific operating systems when you need
it.
Testing Requirements for Software Update Points
When using software updates in a test environment, create the software update point site role as it will be in the production site. You need to determine whether a single active software update point will be created or whether there will be an active software update point for connectivity from client computers on the intranet and an active Internet-based software update point for connectivity from client computers on the Internet. You also need to determine whether the software update point will be configured as a Network Load Balancing (NLB) cluster. For more information about planning for the software update points in a production environment and how to mirror the configuration in the test environment, see Planning for the Software Update Point Installation.
Testing Requirements for a Mixed Hierarchy
If you have a Systems Management Server (SMS) 2003 production environment, you should have at least two SMS 2003 test sites in the test hierarchy, with clients installed on each type of computer system and software updates working in the hierarchy. The central site should then be upgraded to Configuration Manager 2007 so that you can become familiar with the upgrade procedures and post-upgrade configuration that is necessary for software updates. For more information, see Planning the SMS 2003 Software Updates Upgrade.
Once the central site is upgraded and configured for software updates, you can create test deployments targeting both Configuration Manager and SMS 2003 client computers and become familiar with the Configuration Manager objects, as well as with the special SMS 2003 deployment objects that are created.
Network Access Protection
Network Access Protection (NAP) in Configuration Manager 2007 works in conjunction with policies on a Windows Server® 2008 computer running Network Policy Server to enforce compliance with selected software updates. Configuration Manager 2007 clients that can support NAP (such as Windows Vista) can have these software updates enforced through automatic remediation and can have restricted network access until these software updates are successfully installed. To achieve this, you must install a System Health Validator point on the computer running Network Policy Server, enable the Network Access Protection Client Agent for Configuration Manager 2007 clients capable of supporting NAP, and select the software updates you want to be included in NAP evaluation. If you do not require NAP enforcement of software updates in your environment or you do not have the supporting infrastructure for Network Access Protection, you do not need to configure Network Access Protection in your test environment or in the production environment. For more information, see Planning for Network Access Protection.