Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Looking for an efficient method to deploy 1,350 Site Servers on a 1x3 hierarchy ITMS 7.1

Created: 15 Jan 2013 | 11 comments
orlando_huerta's picture

Hello, I need to know if anybody has deployed a big number of site servers (I need Task and Package Server) in a short period of time. The process I follow and recommend to my customers is described below to a very high level, however I have a challenge where a customer needs to deploy hundreds of Site servers in a new envieonment. The other interesting point here is that the configuration will be made using https (that has been reported as an issue for some customers)

1. Verify pre-requisites on servers (IIS, .net 3.5 on Servers - We will have 2 server types: Windows 2003 SP2 and addiitonal settings for Windows 2008 R2 as described in KB articles)

2. Create Sites and associate Subnets in Altiris Console

3. Configure SSL on servers (where applicable)

4. Install Altiris Agent on Server (Use the driver with the most available free space)

5. Verify Agent installation have finished

6. Install Task Services using Altiris Console

7. Verify Installation finish successfully and then Install Package Services from the Altiris Console

8. verify the installation finish, packages fully downloaded and turn to "ready"

9. Altiris Console should services installed and properly configured (Green status)

The challenges:

1. Available bandwith is very limited between Server's datacenter and remote locations (256 Kbps, 512 Kbps, and 1,536 Kbps) - So network is an issue

2. Unable to install during business hours. Current window time is defined on 2 hours from 1:00 AM to 3 AM - So the installation should be scheduled to run for then

3. No resources available to follow the process described - The process should be automated, maxmimizing the number of installs every night (based on available bandwidth)

4. Due other projects scheduled, this process should be accomplished ASAP (less than a month = OKAY, more time may not be OKAY...)

I'll like to get thoughts, experience, suggestions and so.

My initial idea:

1. Create a script that install the Agent, probably on Day 1,

2. Another script that install the Task Agent, Day 2

3. A 3rd script that install the Package Server Agent and download packages Day 3

 

My problem is to determine How many Installs can I do per day, since not sure about the overhead that may be created on the SMP servers...

Any inputs are more than welcome!

Kind regards!

Comments 11 CommentsJump to latest comment

Frederic SCHROBILTGEN's picture

Hi,

 

We are deploying remotely site servers (2003 SP2, PXE + Task Server + Patch management) all over the world with a specific DVD. All the needed software are already in.

 

The person which is starting the process(not a technician):

- connect the computer onto the network

- boot the WinPE

- start the ghost restore (syspreped image)

=> the computer is rebooting

- enter the final name of the computer

=> the computer is rebooting and do an autologin

- the startup script is installing the agent, the antivirus (we are living in a dangerous world...) and activating teamviewer

- the script is retreiving the teamviewer ID and send it by mail (thanks to powershell)

 

After, we prefer to register manually the server through teamviewer, for security reasons.  You never know.

Of course, you can use your agent to register it into the domain and automate it to the max.  Everything is possible with altiris ;0)

 

For the data part... Wouaw... 2 hours per day for such connectivity...

With the patch management, images, drivers, full bunch of software we are speaking about 80GB!

Compressing the data into 700MB packages and using cwrsync can do the job using the rsync protocol.  Can be still ok for 512Kbps but rather hard for 256. Perhaps you are asking the moon...  Sending DVDs should be considered, it's safer.

We have a site with such poor connectivity, we sent an HD.

Just my 2 cents,

 

FRED

orlando_huerta's picture

Thanks a lot Fred, it looks like shipping the DVD is an option for your compnay, but not here;, anyway I really appreciate your answer and I think you did a great job over there. Thanks a lot!

Frederic SCHROBILTGEN's picture

No prob.  I'm just curious to see how you are going to proceed without impacting the bandwidth with such poor connectivity and time constraints.

I surely missed something in your explanation ;0)

When you will found something interesting, can you send me just a little feedback?

Best regards,

FRED

Frederic SCHROBILTGEN's picture

Oh yes, I forgot: for the PXE as the ip is not the final one, it's installed afterward(still using 6.9 for the deployment).

FRED

andykn101's picture

I think the only way to automate the allocation of sites and subnets is to import from AD.

I don't think you can automate the creation of Site Servers as Altiris won't know which computers to use.

You don't need each Site Serer to be a Task Server, it has no effect on bandwidth, just offloads processing from the NS. One per 5,000 clients. (unless you're using DS but that doesn't work with SSL)

Use maintenance windows between 1:00 and 3:00.

If you can't get anyone to phase the installs manually it might be easiest to set them all off together, the faster connected site will complete before the slower ones. Use bandwidth throtttling to make sure the package downloads don't flood the links.

 

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

orlando_huerta's picture

Thanks Andy, I believe I should do every step by separate, I mean Deploy the Agent and then Deploy the Task and Package Service. I agreed on your statement about Task Servers but What happens if you want to use Quick deliveries with SW Delivery?. And you are correct, DS is out of the picture

Thanks

mclemson's picture

Quick Delivery doesn't need a task server on-site.  It just needs a task server somewhere in the hierarchy -- Symantec recommends that this is placed near the Notification Server.  The only reason to place a task server on-site is if you plan on enabling the site server as a deployment task handler for imaging or tasks in automation using PXE, but even that will go away soon with the 7.5 release.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

orlando_huerta's picture

Thanks for your response Mike. Basically the customer initially considered the posibility to use Deployment Solution to distribute images locally. So your response makes sense from the Design perspective. About the quick dellivery options, its something I'll like to verify, since my goal is that the remote computers does not have to use any other Site server but the local one (due limited bandwidth connectivity). But will do my testing and see the behaviour of not using Task Services locally in retail stores. Definetly the design may change significantly and the deployment may be more simple. Thanks for your thoughts.

mclemson's picture

You state "Configure SSL on site servers where appropriate," but you shouldn't configure SSL if your goal is to distribute images locally, since HTTPS is not supported in DS automation in the current release.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

orlando_huerta's picture

Yes, we know DS 7.1 SP2 (i.e. PectAgent) does not support SSL, but we are considering upgrade to 7.5 (when ready...). thanks again for the feedback!. Actually Do you have any experience with Bigfix?, I'm requesting to deploy the Symantec Management Agent using a Vbscript I tested in DS 6.9 and works like a charm;  but customer say that BigFix cannot run a script with specific user account, it just allow using  System Account. Ideas?, thanks in advance

mclemson's picture

Does your script fail when run as SYSTEM?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com