Single Primary Site with CAS

Hello,
I have a client with a single primary site server and a CAS. It was installed for some reason, doesn't really matter now why.
They have two options, leave it up or migrate to a new Primary Site server.
The questions is, if they leave it up (It's not needed or used), what harm will it do?
Yes, I know it will make the site simpler to manage but other than that? What would compel them to go through the hassle of a migration to a new server?
Thanks!
John

Short answer:  get rid of it.
There are a host of complications introduced by having a CAS and it should really only be done if the environment demands it (massive device management count for example).
In addition to patching complication increase and SQL replication monitoring you now have to do:
1.  Many roles will need to be installed multiple times.  Example WSUS will be required to be installed on the CAS with a secondary on the Primary for proper functionality.
2.  Some roles will be required on the CAS, some will be required on the Primary site.  If you aren't well-versed in your SCCM this can be a frustrating path of discovery.
3.  Then there are roles that _can_ be installed in both locations but don't have to be ... like the reporting server.  This one comes down to login policies and if people will ever log directly into the PRI or just CAS box.
All these architectural complications come before the "why" is asked ... which is usually driven by one of two things:
1.  In SCCM 2012 RTM, the CAS had to be installed first or you could never use it.  Some clients did this to avoid potential problems.  This requirement has sense changed.
2.  In 2007, people used to use multiple primaries as security boundaries.  With SQL replication, collections being uniform across all sites, and the general inclusion of RBAC .... this is now moot.
Basically don't use CAS unless it absolutely fits the company.  It's a lot more pain than just "one more VM".

Similar Messages

  • One primary site with a remote DP/MP, or two with a CAS server?

    Hi
    For a new SCCM 2012 environment, we have the following setup:
    - HQ site with 1500 PCs/users
    - Branch office in a separate AD site, slow WAN link, 120 PCs/users
    Now, I'd like to keep the setup simple so my first instinct is to deploy one primary site with a server in the branch office fulfilling the MP/DP/PXE/Update Point roles.
    However, the site has a local technician who needs the ability to deploy images to the local machines. Running the console from the branch office to the HQ site is not an option, since consoles (such as ADUC) have very poor performance over the WAN.
    This brings me to the option of either a primary HQ site with a branch secondary site (something I'd like to stay away from, since it requires SQL and the technician would still need to connect the console to the primary site anyway!), or 2 primary sites both
    connected by a CAS server. For what the technician needs, I think this is overkill, and I don't like the idea of the added complexity, or keeping both sites in-step as far as replication is concerned.
    Im leaning towards the 1 primary site, remote MP/DP option, but Im not sure how the technician would image machines without the console. I thought perhaps creating an optional advertisement to a dynamic collection that he could control another way (e.g.
    using a registry key), giving him the option to trigger deployments.
    Thoughts?

    Having a local DP will ensure that all deployments are made locally if the content is distributed.
    You'll have to get your content there first, if possible build your DP in your main office and ship it to the remote location after. Otherwise use prestage content. Getting GB of stuff throught that link will otherwise take days.
    For your deployment, why does the technician need access to the console  ? Could you deploy to "unknown computers" ?
    Benoit Lecours | Blog: System Center Dudes

  • Database instance for SCCM 2012 and WSUS on a single primary site server

    I am going to install SCCM 2012 and its SQL database on a single physical server. This is going to be a single primary site server. The default SQL instance will be dedicated to SCCM 2012 with no other named instances to be added on the SQL server down
    the road.
    During the WSUS server role installation, there is the Database Options page asking for using (1) Windows Internal Database, (2) existing db server on this computer, or (3) an external db server.
    Since SCCM 2012 doesn't share db instance with others, how should I handle the WSUS db that's going to be hosted on the same SCCM/SQL physical server? Do I really need to create a separate SQL instance just for the WSUS db?
    Thanks and regards. 

    Even though you can do it, it is the best practice to have SCCM 2012 and WSUS installed on separate instances.
    http://technet.microsoft.com/en-us/library/hh692394
    When the Configuration Manager and WSUS databases use the same SQL Server and share the same instance of SQL Server, you cannot easily determine the resource usage between the two applications. When you use a different SQL Server instance
    for Configuration Manager and WSUS, it is easier to troubleshoot and diagnose resource usage issues that might occur for each application.

  • How to evict a primary site from CAS

    Hi All,
    I have a SCCM hierarchy with a CAS and 2 Primary sites, We have planned to remove the first primary site, is there a process to evict the site directly.
    Please suggest !!
    Thanks,
    Pranay.

    You can't detach a primary site from a CAS. The only workaround would be to set-up a new standalone primary site and migrate all the required objects to the new site and reassign all the required clients.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • How to Join Primary site to CAS server

     Hello All
    Can any one please let me know to how to join Stand-alone primary server SCCM 2012 R2 to CAS server 2012 R2

    Different domains don't have to be a reason for extra primaries, see for more information:
    http://technet.microsoft.com/en-us/library/gg712701.aspx#Plan_Com_X_Forest
    In case this is really the way you want to go, you can only expand one primary to a CAS. Every other primary that already exists has to be rebuild, or migrated to a newly build primary.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Is 100K devices a hard cap for a Primary Site (or a guideline)?

    Hi,
    I'd like to know if the 'supports up to 100,000 devices' per Primary Site is a hard cap on the number of devices that SCCM 2012 R2 can handle or if it is a recommendation?
    We are using SCCM 2012 R2 and currently have a single Primary Site with about 90K devices.  Very soon, we will be looking at adding a CAS (with multiple Primary Sites) to support our ever growing number of devices.
    Until we get there with the CAS, I'd like to know what to expect if we get over 100K devices.
    Will we break SCCM?
    Will any devices over 100K not be added (and therefore not be managed)?
    Nothing much, but the system may perform more slowly?
    Results will be unpredictable?
    Something else?
    Thanks, Joe.

    Actually, it's not really a guideline either, it's an official statement of support from Microsoft meaning that if you go over this number, you may have issues that Microsoft will not provide support for.
    This is officially documented at https://technet.microsoft.com/en-us/library/gg682077.aspx under the Clients per Hierarchy section.
    Is your org simply close to this number or fearful of going over in the future?
    Remember that a primary site can be expanded into a CAS with multiple primary sites under it if need be in the future.
    Also note that the although the 100,000 client limit has been there since the launch of 2012, that was over three years ago and there are some upcoming releases.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCCM 2012 hierarchy CAS is down will primary sites work

    hi all
    SCCM 2012 hierarchy CAS is down will primary sites work and if primary site down will secondary sites work
    can anyone explain this, how CAS Down will affect the functionality of other primary sites or we can still manage the clients with primary site without any problem.

    Hi,
    if your CAS is down, you can still work with your primary site. You will get into replication trouble and even loose data after an offline time longer than 14 days. If you know that your offline time will be shorter than those 14 days, you will not get into
    trouble. This 14 day duration needs to be configured, I think the default value was 5 days.
    if you have a secondary sites and loose the connection to the primary, you are not able to manage the secondary sites since the SCCM console is only connectable to primary sites and CAS. The MP on your secondary will still collect client data which will
    be transmitted to the primary after an reconnect.
    Regards
    Thomas

  • Primary site server a single point of failure?

    I'm installing ConfigMgr 2012 R2, and employing a redundant design as much as possible. I have 2 servers, call them CM01,CM02, in a single primary site, and on each server I have installed the following roles: Management Point, Distribution Point, Software
    Update Point, as well as the installing the SMS Provider on both servers. SQL is on a 3rd box.
    I am now testing failover from a client perspective by powering down CM01 and querying the current management point on the client: (get-wmiobject -namespace root\ccm -class ccm_authority).CurrentManagementPoint . The management point assigned to
    the client flips to the the 2nd server, CM02, as expected. However, when I try to open the CM management console, I cannot connect to the Site, and reading SMSAdminUI log reveals this error: "Provider machine not found". 
    Is the Primary site server a single point of failure? 
    Why can't I point the console to a secondary SMS provider?
    If this just isn't possible, what is the course of action to restore console access once the Primary Site server is down?
    Many Thanks

    Yes, that is a completely false statement. Using a CAS and multiple primaries in fact will introduce multiple single points of failure. The only technical Eason for a CAD a multiple primary sites is for scale out; i.e., supporting 100,000+ managed systems.
    HA is achieved from a client perspective by adding multiple site systems hosting the client facing roles: MP, DP, SUP, App Catalog.
    Beyond that, all other roles are non-critical to client operations and thus have no built-in HA mechanism. This includes the site server itself also.
    The real question is what service that ConfigMgr provides do you need HA for?
    Jason | http://blog.configmgrftw.com

  • Upgrade OS of Primary Site (2008 R2 to 2012 R2)

    Our org has a single primary site (SCCM 2012 R2 5.00.7958.1203) and is comprised of two site systems/servers and roughly 2500 clients.
    Site System/Server 1 has the following site system roles installed:
    Distribution Point
    Management Point
    Software Update Point
    Site System/Server 2 has the following site system roles installed:
    Site Database Server
    Reporting Services Point
    Both servers are currently running Windows Server 2008 R2.  We'd like to upgrade the OS of these two site systems/servers to Windows Server 2012 R2 but as I understand it, Microsoft does not support this as an in place upgrade (Infrastructure
    Upgrade for Configuration Manager).
    Also, while it is not absolutely necessary, it would be nice to rename the site systems/servers in the process in order to better conform to our organization's naming conventions.
    What is the best process to accomplish this without any downtime to existing clients?  I was thinking something along these lines...
    Build out a 2nd site/servers with Windows Server 2012 R2 and the correct server names running side-by-side with the current production SCCM site/servers.
    Grant the new site's MP computer account permission to modify the System Management container in Active Directory. Will this have any impact on the production environment and existing clients?  
    Re-install the clients from the new site that is running 2012 R2 OS.
    Decommission the old site that is running on 2008 R2 OS.

    Grant the new site's MP computer account permission to modify the System Management container in Active Directory. Will this have any impact on the production environment and existing clients?  
    That will allow the new site to write information to the AD, if configured. That will only have an impact when you've got an overlap in the configured boundaries and you're using site assignment boundaries in combination with auto site assignment
    of clients.
    Also, if there is anything in the old environment that you would need in the new environment you can look at migrating those objects. See for more information:
    http://technet.microsoft.com/en-us/library/gg682006.aspx
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Do I need multiple primary sites? Some design questions..

    I have about a thousand users & devices, across two sites.   Setting up SCCM 2012 R2 and wondering if I need to have multiple primary sites?
    From everything I've read so far, it seems that a single standalone site will handle tens of thousands of users/devices or some very large number, so I'm not sure if I'd ever need a secondary site or what it's function would be - failover, backup, or is
    it just best practice to have different roles spread across multiple servers?
    I was originally thinking of just doing a single primary site on a single server.  But then I'm not sure if my DP should be separate.
    Can someone point me the the right direction to a high level planning document or blog?
    Thanks
    Nathan

    How many clients are there in total? How many at each location? What's the WAN speed in between?
    Multiple primaries are only needed for scale out purposes (>100k clients)!
    Torsten Meringer | http://www.mssccmfaq.de
    About 500 at each, T1 speeds connect the sites, so I want to enable software metering I think.
    Also - if I have a single server with DP role installed, what kind of RAM/HD requirements are needed?  I know this probably varies with the install/features, but are there any ballpark estimates/starting points posted?  Sorry I know this is probably
    on the MS site somewhere, the the volume of information is hard to weed through.   Update, I found some good guidelines here:
    http://myitforum.com/myitforumwp/2012/06/27/sccm-2012-site-hardware-requirements/
    For 1000 or less users, is a single Gb NIC sufficient?  Sounds like it might be?   Also, when using a virtual machine, do you need to still somehow separate SQL logs & data from OS?
    Update #2, looks like that above post answered that question too:
    If you’re in a VM, it’s not sufficient to have a single VHD file, and having the roles split among 4 virtual drives inside that file.  It’s not sufficient to have that single file on a shared set of remote disks.  It’s not sufficient to have that
    single file on a dedicated set of disks, regardless of the number and size of those disks.  Any VM should be configured to only run the OS, and the 3 other spindles should be dedicated sets of disks, attached to the VM.  Otherwise, it’s like painting
    with watercolors in a hurricane…you’re spending a lot of time, looking creative, with zero value.
    But I'll take any follow up comments or recommendations if you have them on proper VM setup.
    Thanks
    Nathan

  • SCCM 2012 R2 with CAS

    Hi
    I have SCCM 2012 R2 CU4 (on Windows 2012 R2) with SQL 2012 (on Windows 2012 R2).
    we decided to install a CAS,
    there he has a procedure that
    allows you to attach an existing SCCM
    2012 R2 CAS?
    Thanks

    Assuming you've got a good reason to install a CAS, here is the procedure to expand a stand-alone primary site with a CAS:
    https://technet.microsoft.com/en-us/library/jj591551.aspx
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 IP for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS which is in a different .Domain

    Hi,
    Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 Ip for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS . ?
    Scenario: We are building 1 SCCM 2012 primary site and 2 DPs in one domain . In future this will attach to a CAS server which is in different domain. Can we assign  2 IPs in Primary site server , one IP will use to communicate with its 2 DPs and second
    IP for communicating with the CAS server which is in a different domain.? 
    Details: 
    1)Server : Windows 2012 R2 Std , VM environment .2) SCCM : SCCM 2012 R2 .3)SQL: SQL 2012 Std
    Thanks
    Rajesh Vasudevan

    First, it's not possible. You cannot attach a primary site to an existing CAS.
    Primary sites in 2012 are *not* the same as primary sites in 2007 and a CAS is 2012 is completely different from a central primary site in 2007.
    CASes cannot manage clients. Also, primary sites are *not* used for delegation in 2012. As Torsten points out, multiple primary sites are used for scale-out (in terms of client count) only. Placing primary sites for different organizational units provides
    no functional differences but does add complexity, latency, and additional failure points.
    Thus, as the others have pointed out, your premise for doing this is completely incorrect. What are your actual business goals?
    As for the IP Addressing, that depends upon your networking infrastructure. There is no way to configure ConfigMgr to use different interfaces for different types of traffic. You could potentially manipulate the routing tables in Windows but that's asking
    for trouble IMO.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • Expand a Stand-Alone Primary Site into a Hierarchy with CAS using the same server?

    Currently i have a single server lab deployment of SCCM 2012 R2 which has all the CM roles and SQL server also installed on it.  I want to expand the standalone primary site configuration into central administration site but i'm not sure if i can do
    it on the same site system server or if i must get a second server up to do it?
    I read through http://technet.microsoft.com/en-us/library/jj591551.aspx and all the leading articles but i don't really seem to find this information anywhere.
    thanks.

    CAS and Primary Site cannot be installed on the same server.
    Gerry Hampson | Blog:
    www.gerryhampsoncm.blogspot.ie | LinkedIn:
    Gerry Hampson | Twitter:
    @gerryhampson

  • Multiple owa sites on a single server 2012 with exchange 2013 (mailbox, cas)

    hi,
    I'm trying to
    set up an exchange server 2013 on windows 2012 with all roles installed for 2 owa virtual directory, one for integrated windows authentication and the other for forms-based authentication.
    I followed a tutorial for exchange 2010.
    http://technicaljeditrials.info/2011/02/28/exchange-2010-multiple-owaecp-directories-part-1/
    Step 1: IP Address
    Obtain a second IP address and add it to the NIC of your server.
    Step 2: DNS
    Add a DNS entry for That secondary IP address for the name we will want to use in the new FBA OWA Web site.
    I have chosen "testwebmail."
    Be sure there is a valid SSL certificate (recommended to have UC or SAN
    SSL certs) on the server Which has the new name "testwebmail" that will be used in the certificate.
    Step 3: New Web Site
    Create a new web site in IIS on the Client Access Server and bind it to the new IP address used in step 1.
    Step 4: Adding Exchange Virtual Directories
    The web site has been created and bound to the secondary IP address of our server.
    Also the DNS record That will be used to access the OWA FBA new page was added to DNS.
    The next step is to go into EMS and begin adding our virtual directories for OWA and ECP.
    Login to the Exchange server and open the Exchange Management Shell.
    Then run Get-Get-OWAVirtualDirectory and ECPVirtualDirectory to see the default OWA and ECP directories.
    New-OWAVirtualDirectory -WebSiteName FBA -InternalUrl https://testwebmail.mylab.ad/owa
    New-ECPVirtualDirectory -WebSiteName FBA -InternalUrl https://testwebmail.mylab.ad/ecp
    Step 5: Configure the Virtual Directories
    To configure the virtual directories we will disable FBA on the Default Web Site OWA and ECP virtual directories
    Set-OWAVirtualDirectory -Identity "OWA (Default Web Site)" -WindowsAuthentication
    $true -BasicAuthentication $false  -FormsBasedAuthentication $false
    Set-ECPVirtualDirectory -Identity "ECP (Default Web Site)"
    -WindowsAuthentication $true -BasicAuthentication $false  -FormsBasedAuthentication
    $false
    Step 6: iisreset
    now if I access the default site I log in with
    windows integrated authentication, but when I try to access the second site with forms authentication tells me username or password incorrect
    Tell me you know where I'm wrong?
    thanks
    Greetings
    Daniele

    Hello,
    Something like this:
    New-OWAVirtualDirectory -WebSiteName "FBA"
    Enable the Basic authentication via running the following command:
    Set-OWAVirtualDirectory -Identity "yourservername\owa (FBA)" -BasicAuthentication $true
    Restart the IIS admin service in services.msc
    Thanks,
    Simon Wu
    TechNet Community Support

  • Configuring multiple web sites in a single OC4J instance with 10g OEM

    Hi There,
    there doesn't seem to be a way of configuring multiple web sites within a single OC4J instance using the 10g Enterprise Manager Website, so can i assume that there's some performance related issues with doing this, or is it just a case of if you want multiple web sites, configure it manually?
    We currently use 9iAS release 1 (which has been configured to use multiple web sites - with normally 1 j2ee app in each website - in a single OC4J clustered instance, using mod_proxy to forward the http requests onto oc4j), but we are looking to migrate to 10g very soon...
    The initial configuration was done by an external company, so i'm not entirely sure of the reasons why it was chosen (perhaps so that if there was a problem with a single website, it wouldn't impact all our applications)..
    Does anybody else currently use multiple *-web-site.xml's in a 9iAS release 2 or 10g in a production environment, and if so did you encounter any problems with the OEM website (assuming you configured them manually)?
    Thanks in advance,
    Andy

    Hello,
    Something like this:
    New-OWAVirtualDirectory -WebSiteName "FBA"
    Enable the Basic authentication via running the following command:
    Set-OWAVirtualDirectory -Identity "yourservername\owa (FBA)" -BasicAuthentication $true
    Restart the IIS admin service in services.msc
    Thanks,
    Simon Wu
    TechNet Community Support

Maybe you are looking for

  • "Error loading plugins" on sample plugin

    This is happening on a new installation of the Illustrator CS6 and new, out-of-the-box builds of sample plugins. I tried MenuPlay and Annotator in both Debug and Relese with the same error on AI startup. Here is what I do: - open xcode project for a

  • How to execute a  .sql file from a batch file

    Hi all I've to take backup of a database weekly twice on every wednesday & Friday @ 5pm IST. I've written a hot backup script, which works every well. now i want to automate the script. ie i want this script to run on wednesday & friday @ 5pm without

  • Regarding mutiple delivery adress in PO

    Hi everybody, 1010 and 1020 plants are there in company code 1000. I have a scienario like, i am doing a PO in 1010 plant having purchasing org 1010. i want, the goods to be deliver by vendor to different plant 1020 not the adress of 1010. but in ite

  • Shouldn't the ring/silent switch silence all sounds?

    Shouldn't the ring/silent switch silence all sounds at a system level, including those made by third-party apps? That's how my Treo worked, and it worked well. (I'm aware that clock alarms still ring, regardless of the setting, as pointed out in the

  • USB drive confusion

    I have 2 USB drive connected to the hub and both mount. Airport disk utility lists only item, and that is named after the base station, not the hard drive. Should not 2 drives be listed under the same name as is seen on the desktop? The disk utility