Bump.. Got lost through the weekend? J
One addition: the WSUS db switches to single mode when adding a WSUS, but then also back. That part is good then. -R From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Samstag, 7. September 2013 12:27 To: [email protected] Subject: RE: [mssms] CM12, Multiple SUPs questions Hi Troy, thanks for your detailed answer! The thread is getting long J I was aware that they are chosen randomly and that if one goes down that it will switch after a while. That would be ok actually and the idea. Although I'm hoping that we don't have outages that long, making it unlikely. The blog entry I've read also. One of the points I'm struggling with is that: "Now that you have your WSUS servers configured, updated with the required KBs, and sharing a database, let's walk through the new software update point setup workflow" Which KBs? The ones I've read on (other blog, can't recall and don't have access now to check) are both not applicable on Server 2012. I guess none are needed there (should say so). You know? Is there anything special to make a WSUS-db shared, it doesn't say on how. I'm only worried because I've read another older blog, the one above, saying that when he provided the first instance to the 2nd WSUS install, it overwrote the DB of the first install. And since I got this "switching to single user mode"-entry in the log, I figured something is not right. I would do: - Install 1 WSUS, use remote SQL (I use powershell and the command line to do so, not a manual install) - Install 2 WSUS and point to the same SQL DB. Here I've got the single user mode message. - All other WSUSs - The first WSUS is the first SUP. The one providing the data for all others, a small single point of failure but ok. I would put it on the first shared MP/SUP box, not on the site server. Is that a good idea and how it should be done? About that: "During client install, the process in-which the SUP/WSUS server chosen by the client is a non-deterministic process.it's completely random, and as an admin you have no influence over the decision/choice. " Having 5 of them at the beginning and since it is random, if really random, they would be distributed fairly even across them, not? Not only reducing the load on them, but also making it less dependent on one or two SUPs only and causing less clients to switch or be impacted should it happen. Doesn't that work? But I actually had the idea to assign the SUPs like this: Computer name last number: 0-1 to SUP1, 2-3 to SUP2 etc. That would spread them across all of them and make troubleshooting on clients easier I didn't get to the point where I actually tried to assign. I may not be able to do that after all. What happens, after the CM client install, if the registry key is changed as described here: http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/group-policy-pre ferences-and-software-updates-in-cm2012sp1.aspx not using any kind of GPO but a registry change during OSD changing it? If the SUPs pointer is registered by the CM agent not only in the registry, but also in WMI that might not work, but you see where I'm going with that? I see three scenarios: 1. Only use 1 or 2 SUPs as they can handle the numbers, but I have a bigger impact on clients should one go down and more load on the box itself 2. I use more, like 5 for a nice number with 20'000 each, have them available from the beginning and let the clients pick one. If random it should be spread nicely but still random (troubleshooting more complex) 3. I do 5 but try to assign clients. If a server goes down, clients switch. If the server comes back, I could even assign them back to the original one, ensuring the clients keep spread. If that technically is doable of course (and supported?) What do you think? -Roland From: [email protected] [mailto:[email protected]] On Behalf Of Troy Martin Sent: Freitag, 6. September 2013 16:21 To: [email protected] Subject: RE: [mssms] CM12, Multiple SUPs questions Hey Roland, I realize the goal is to "spread the load" across all of them. But it sound like you may not understand how the new SUP role (in SP1) and existing MP role works. Although the SUP "role" itself in SP1 is HA/redundant/fault-tolerant (e.g. simply meaning there is more than one SUP for clients to choose from), what also needs to be considered and factored into the solution is the behavior of the software update agent on the client when it's SUP becomes unavailable. During client install, the process in-which the SUP/WSUS server chosen by the client is a non-deterministic process.it's completely random, and as an admin you have no influence over the decision/choice. Once the client selects a particular SUP/WSUS server, it uses it exclusively from that point one. If/When that SUP becomes unavailable, the client will NOT fail-over "right away or instantaneously" to use one of the other SUPs.yet. This part is key to understand. The client will continue to try and communicate with the offline SUP for 2hrs (retry 4 times = 1 attempt every 30 minutes) plus an additional 2 minutes. Only after that time has expired will the client then automatically fail-over to use one of the other SUPs in the site. Yvette OMeally wrote an excellent blog on this - http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update- points-in-cm2012sp1.aspx So although, you have 5 SUPs, clients will only ever be able to use one of them at any given time.and you have to consider that clients/SU agent will not be able to scan against a SUP until the offline one comes back online. And definitely, the load will most likely not be load-balanced or evenly "spread across" all SUPs. If you're looking for 100% HA/load-balanced solution (e.g. meaning no need for the client/SU agent to fail-over. It will always have a SUP/WSUS server to scan against and the agent will not wait 2hrs and 2 minutes), then you're best bet and only other option IS to configure the SUP role in an NLB cluster. But even then, you can only have up to 4 nodes in the cluster. So in the end, I would reconsider whether 5 SUPs (and even MPs) are needed in the design... Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 678-898-6147 UK Mobile : +44 208 326 9141 <mailto:[email protected]> [email protected] | <http://www.1e.com/> www.1e.com <http://www.facebook.com/1eglobal> Facebook | <https://twitter.com/1e_global/> Twitter | <http://www.youtube.com/1enews> YouTube | <http://blogs.1e.com/> Blogs | <http://blogs.1e.com/index.php/feed/> RSS Please consider the environment before printing this e-mail From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Friday, September 6, 2013 9:11 AM To: [email protected] Subject: RE: [mssms] CM12, Multiple SUPs questions 150'000 clients, so yeah, although it would work fine with a single primary, as proven by others with even more clients, it is not supported and we can't ignore that, hence two primaries. Mostly 5 SUPs to reduce the impact on the server itself, split the load (they are MP and DP also) and if one of them should go down to have less clients impacted moving to another. Split the max of 100'000 clients to those, so 20'000 on each for all roles. NLB is not an alternative. Mostly it is a hassle because we can't use MS but 3rd party and that is a nightmare with CM07 already. What we get with multiple SUPs is good enough. Yeap, that is core only, ignoring local DPs for now. I'm looking for details on how to set the SUPs up in regards to WSUS and the (shared) DB. Especially since when I installed another WSUS using the DB on SQL, for one of those 5, the log stated it went into single user mode. Didn't continue with that yet, but that looks suspicious. Some advice where to put what and if I need to consider something special in regards to a shared WSUS DB used by several SUPs. And the first SUP is the one all others use, right? Sounds like a single point of failure again. Trying to get my head around this. -R From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Freitag, 6. September 2013 14:39 To: [email protected] Subject: RE: [mssms] CM12, Multiple SUPs questions The SUP is a role like any other and can be placed on the site server or any site system. So yes, nothing special here. What's you motivation for 5 SUPs? A remote stand-alone SUP can support up to 100,000 clients. So, for HA, you really only need 2 per site. Also, if you have 100,000+ clients (as I'm assuming that's the motivation for having multiple primary sites as well as 5 MPs per site), 10 DPs won't cut it. I guess you could just be describing the core and not any remote site systems, but just wanted to point that out. J From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Friday, September 6, 2013 6:16 AM To: [email protected] Subject: [mssms] CM12, Multiple SUPs questions All the blogs I've read just confused me more. That's what I want to do: CAS, two primaries Each primary consists of: - Site server - Remote SQL - 5 x MP/SUP/DP The site server should be relieved from processing clients as much as possible, so: - No MP role on the site server but using 5 MP replicas (working). - No SUP rule on site server. I'd like to have WSUS installed on the site server using a DB on that remote SQL-box And all 5 SUPs use that DB and clients only contact those 5 SUPs, but not the site server. Doable? Or do I have to have SUP on the site server? But wouldn't that mean that clients also use that box AND the 5 SUPs? -R _____ DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of this email address. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
