System Center 2012 Configuration Manager uses site system roles to support operations at each site. Computers that host the Configuration Manager site are named site servers, and computers that host the other site system roles are named site system servers. The site server is also a site system server.
Site system servers within the same site communicate with each other by using server message block (SMB), HTTP, or HTTPS, depending on the site configuration selections that you make. Because these communications are unmanaged and can occur at any time without network bandwidth control, review your available network bandwidth before you install site system servers and configure the site system roles.
At each site, you can install available site system roles on the site server or install one or more site system roles on another site system server. Configuration Manager does not limit the number of site system roles that you can run on a single site system server. However, Configuration Manager does not support site system roles from different sites on the same site system server. Additionally, Configuration Manager supports some site system roles only at specific sites in a hierarchy, and some site system roles have other limitations as to where and when you can install them.
Configuration Manager uses the Site System Installation Account to install site system roles. You specify this account when you run the applicable wizard to create a new site system server or add site system roles to an existing site system server. By default, this account is the local system account of the site server computer, but you can specify a domain user account for use as the Site System Installation Account. For more information about this account, see the Site System Installation Account in the Technical Reference for Accounts Used in Configuration Manager topic.
Use the following sections to help you plan for site systems:
- Site System
Roles in Configuration Manager
for Proxy Servers Configurations for Site System Roles
- Planning Where to Install Sites
System Roles in the Hierarchy
- Planning for
Database Servers in Configuration Manager
- Planning for the
SMS Provider in Configuration Manager
for Custom Websites with Configuration Manager
What’s New in Configuration Manager SP1
What’s New in System Center 2012 R2 Configuration Manager
Site System Roles in Configuration Manager
When you install a site, several site system roles automatically are installed on the servers that you specify during Setup. After a site is installed, you can install additional site system roles on those servers or on additional computers that you decide to use as site system servers. The following sections identify the default site system roles and the optional site system roles that are available in Configuration Manager.
Default Site System Roles
Optional Site System Roles
Planning for Proxy Servers Configurations for Site System Roles
For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:
During normal operation, several Configuration Manager site system roles require connections to the Internet. Typically, this connection is made in the system context of the computer where the site system role is installed and cannot use a proxy configuration for typical user accounts. When a proxy server is required to complete a connection to the Internet, you must configure the computer to use a proxy server. For Configuration Manager with no service pack, you must manually configure the proxy server for the system context outside of Configuration Manager. Beginning with Configuration Manager SP1, you can use the Configuration Manager console to configure each site system server to use a proxy server. This proxy server configuration is used by each applicable site system role that is installed on that computer. For example, a software update point might connect to Microsoft to download updates, and with Configuration Manager SP1 when you use a cloud-based distribution point, the primary site server that manages the cloud-based distribution point must connect to Windows Azure.
The following table identifies the site system roles that can use a proxy server:
|Site system role||Configuration Manager version||Details|
Asset Intelligence synchronization point
This site system role connects to Microsoft and will use a proxy server configuration on the computer that hosts the Asset Intelligence synchronization point.
Cloud-based distribution point
When you use a cloud-based distribution point, the primary site that manages the cloud-based distribution point must be able to connect to Windows Azure to provision, monitor, and distribute content to the distribution point.
If a proxy server is required for this connection, you must configure the proxy server on the primary site server. You cannot configure a proxy server on the cloud-based-distribution point in Windows Azure.
For more information see the Configure Proxy Settings for Primary Sites that Manage Cloud Services section in the Install and Configure Site System Roles for Configuration Manager topic.
Exchange Server connector
This site system role connects to an Exchange Server and will use a proxy server configuration on the computer that hosts the Exchange Server connector.
Software updates point
This site system role can require connections to Microsoft Update to download patches and synchronize information about updates. With Configuration Manager with no service pack you can configure proxy server settings for the active software update point. With Configuration Manager SP1, proxy server options are only available for the software update point when there is already a proxy configured for the site system server.
For more information about proxy servers for software update points, see the Proxy Server Settings section in the Configuring Software Updates in Configuration Manager topic.
Windows Intune connector
This site system role connects to Windows Intune and will use a proxy server configuration on the computer that hosts the Windows Intune connector.
Beginning with Configuration Manager SP1 you can configure the proxy server for a site system server when you install a site system role by using the Add Site System Roles Wizard or the Create Site System Server Wizard. After you have installed a site system server, you can configure a proxy server by editing the properties for the site system server. Each site system server supports only a single proxy server configuration. If you configure a new proxy server when you install site system role or edit the site system server properties, the new proxy server configuration replaces the previously configured proxy server for that site system server.
The proxy server configuration is shared by all site system roles that run on a computer. There is no support for individual site system roles that run on the same computer to use different proxy server configurations. If you require different site system roles to use different proxy servers, you must install the site system roles on different site system server computers.
Typically, when you configure the proxy server, each site system role on that computer that supports using the proxy server will use the proxy server with no additional configuration required. An exception to this is the software update point. By default, a software update point does not use an available proxy server unless you also enable the following options when you configure the software update point:
- Use a proxy server when synchronizing
- Use a proxy server when downloading
content by using automatic deployment rules
|A proxy server must be configured on the site system server that hosts the software update point before you can select either option. The proxy server is only used for the specific options you select.|
Because each site system server supports a single proxy server configuration, if you add a new site system role to a computer and specify a different proxy server configuration than is already configured, the new replaces the previous proxy server configuration. Similarly, after you configure a proxy server for a site system server, if you edit the properties of the site system and change the proxy server configuration, this new configuration replaces the previous proxy server configuration.
For procedures about configuring the proxy server for site system roles, see the Install and Configure Site System Roles for Configuration Manager topic.
Planning Where to Install Sites System Roles in the Hierarchy
Before you install site system roles, identify the site types that can or cannot support specific site system roles, and how many instances of each site system role you can install at a site or across a hierarchy.
You can install some site system roles at only the top-level site in a hierarchy. A top-level site can be a central administration site of a multi-primary site hierarchy or a stand-alone primary site if your hierarchy consists of a single primary site with one or more secondary child sites.
Additionally, some site system roles support only a single instance per hierarchy. However, most site system roles support multiple instances across the hierarchy and at individual sites.
Site System Role Placement in the Hierarchy
Considerations for Placement of Site System Roles
Planning for Database Servers in Configuration Manager
The site database server is a computer that runs a supported version of Microsoft SQL Server that stores information for Configuration Manager sites. Each site in a System Center 2012 Configuration Manager hierarchy contains a site database and a server that is assigned the site database server role. For central administration sites and primary sites, you can install SQL Server on the site server, or you can install SQL Server on a computer other than the site server. For secondary sites, you can use SQL Server Express instead of a full SQL Server installation; however, the database server must be co-located with the site server.
You can install the site database on the default instance of SQL Server, a named instance on a single computer running SQL Server, or on a named instance on a clustered instance of SQL Server.
Typically, a site system server supports site system roles from only a single Configuration Manager site; however, you can use different instances of SQL Server, on clustered or non-clustered servers running SQL Server, to host a database from different Configuration Manager sites. To support databases from different sites, you must configure each instance of SQL Server to use unique ports for communication.
SQL Server Configurations for Database Servers
To successfully configure a SQL Server installation for use as a Configuration Manager site database server, ensure that the following required SQL Server configurations are specified. Also, be familiar with the optional configurations and planning for service principal names (SPNs), database server location planning, and how to modify the database configuration after a site has completed installation.
Prerequisites for Database Servers
Database Server Locations
SQL Server Service Principal Names
About Modifying the Database Configuration
About Modifying the Database Server Alert Threshold
Planning for the SMS Provider in Configuration Manager
The SMS Provider is a Windows Management Instrumentation (WMI) provider that assigns read and write access to the Configuration Manager database at a site. The SMS Admins group provides access to the SMS Provider and Configuration Manager automatically creates this security group on the site server and on each SMS Provider computer. You must have at least one SMS Provider in each central administration site and primary site. These sites also support the installation of additional SMS Providers. Secondary sites do not install the SMS Provider.
The Configuration Manager console, Resource Explorer, tools, and custom scripts use the SMS Provider so that Configuration Manager administrative users can access information that is stored in the database. The SMS Provider does not interact with Configuration Manager clients. When a Configuration Manager console connects to a site, the Configuration Manager console queries WMI on the site server to locate an instance of the SMS Provider to use.
The SMS Provider helps enforce Configuration Manager security. It returns only the information that the administrative user who is running the Configuration Manager console is authorized to view.
|When each computer that holds an SMS Provider for a site is offline, Configuration Manager consoles cannot connect to that site’s database.|
Use the following sections in this topic to plan for the SMS Provider. For information about how to manage the SMS Provider, see Manage the SMS Provider Configuration for a Site.
SMS Provider Prerequisites
About SMS Provider Locations
About SMS Provider Languages
About Multiple SMS Providers
About the SMS Admins Group
About the SMS Provider Namespace
Operating System Deployment Requirements for the SMS Provider
Planning for Custom Websites with Configuration Manager
Configuration Manager site system roles that require Microsoft Internet Information Services (IIS) also require a website to host the site system services. By default, site systems use the IIS website named Default Web Site on a site system server. However, you can use a custom website that has the name of SMSWEB. This option might be appropriate if you must run other web applications on the same server and their settings are either incompatible with Configuration Manager, or you want the additional resilience of using a separate website. In this scenario, these other applications continue to use the default IIS website, and Configuration Manager operations use the custom website.
|When you run other applications on a Configuration Manager site system, you increase the attack surface on that site system. As a security best practice, dedicate a server for the Configuration Manager site systems that require IIS.|
You can use custom websites on all primary sites. When you use a custom website at a site, all client communications within the site are directed to use the custom website named SMSWEB on each site system instead of the default website on IIS. Additionally, site system roles that use IIS but do not accept client connections, such as the reporting services point, also use the SMSWEB website instead of the default website. For more information about which site systems require IIS, see Supported Configurations for Configuration Manager.
Before you configure a Configuration Manager site to use a custom website, you must manually create the custom website in IIS on each site system server that requires Internet Information Services (IIS) at that site. Because secondary sites are automatically configured to use a custom website when you enable this option on the parent site, you must also create a custom website in IIS on each secondary site system server that requires IIS.
If you enable custom websites for one site, consider using custom websites for all sites in your hierarchy to ensure that clients can successfully roam within the hierarchy.
|When you select or clear the check box to use a custom website
for a site, the following site system roles that are installed on
each site system server in the site are automatically uninstall and
Site System Roles That Can Use Custom Websites
Custom Website Ports
Switching Between Default Websites and Custom Websites
How to Create the Custom Website in Internet Information Services (IIS)
To use a custom website for a site, you must perform the following actions before you enable the option to use a custom website in Configuration Manager:
- Create the custom web site in IIS for each
site system server that requires IIS in the primary site and any
child secondary sites.
- Name the custom website SMSWEB.
- Configure the custom website to respond to
the same port that you configure for Configuration Manager client
|When you change from using the default website and use a custom website, Configuration Manager adds the client request ports that are configured on the default website to the custom website. Configuration Manager does not remove these ports from the default website, and the ports are listed for both the default and custom website. IIS cannot start both websites when they are configured to operate on the same TCP/IP ports, and clients cannot contact the management point.|
Use the information in the following procedures to help you configure the custom websites in IIS.
|The following procedures are for Internet Information Services (IIS) 7.0 on Windows Server 2008 R2. If you cannot use these procedures because your server has a different operating system version, refer to the IIS documentation for your operating system version.|