Reduce Device Management Overheads with 1E Agent

Device management has significantly changed in the modern world and is becoming increasingly complex. This post should give you a better understanding of Device Management overheads and an overview of how 1E Agent helps reduce Them.

Modern Device Management involves more than just deploying apps and patches to devices; it also includes securing them. The device admin’s job is to protect and secure devices’ resources and data. Several activities are involved in ensuring your organisation’s resources and data.

How do we reduce device management overheads? Read on to learn the common pain points from an admin perspective.

Do you have to manage and secure the same types of devices? Many form factors of devices are available for Windows 10 in the market. However, it’s been primary practice for most organizations to define a hardware catalog of devices with supported hardware support (TPM chipset, etc..). So, you need to manage and secure all these devices.

Index
Device Management
Architecture
Network Bandwidth
Peer-to-Peer Content Sharing
OS Deployment
Real-time Management
Reduce Device Management Overheads with 1E Agent – Table.1

Device Management

There are many device management solutions in the industry. Different solutions, such as on-prem, cloud, and a combination, are available. The Configuration Manager (a.k.a Microsoft Endpoint Manager ConfigMgr) is an on-prem solution coming to the cloud with Intune integration.

Most organizations use Configuration Manager (a.k.a. SCCM) as a device management tool. ConfigMgr is a proven tool for managing the end-to-end life cycle of modern Windows 10 devices. This mature product has hundreds of essential features for securing device resources and data.

Reduce Device Management Overheads with 1E Agent - Fig.1
Reduce Device Management Overheads with 1E Agent – Fig.1

Microsoft documents the maximum supported number of ConfigMgr sites and site system roles. Therefore, you must be very careful when designing a ConfigMgr infrastructure.

Even though having a CAS and 25 primary servers is officially supported, you should never implement it. First, you should not have CAS at all. Community experts say 99.99% of enterprises have no CAS implementation requirements!

  • Let’s have a quick look at the table for more details about the maximum number of site and site systems roles:
Child Primary ServersSecondary ServersDPsMPsPull DPs
25250250152000
Reduce Device Management Overheads with 1E Agent – Table.2

I don’t think having many DPs, like 250 DPs, under a primary server is recommended. I think the operational cost will be very high to manage those number of DPs. The expectation of SCCM admins is:

  • Good network connectivity
  • Unlimited WAN bandwidth
  • High-spec Servers, as recommended by Microsoft
  • Etc…

However, often, the reality on the ground is a bit different. Most enterprises are challenged with:

  • Complex Networks
  • Slow WAN connections
  • Shared Servers as DPs/PXE
  • Limited options for storage
  • And more

Let’s understand some of the critical device management overheads here. This post discusses all these challenges in the following sections.

  • FanOut Architecture (a large number of DPs/PXE Servers)
  • Bandwidth (Saturated WAN connections)
  • A lot of content-sharing options
  • OS Deployment
  • Real-Time management
  • Power Management

Architecture

A complex architecture is an overhead for many ConfigMgr environments. Admins dream of reducing the complexity of their ConfigMgr hierarchy. Distribution points are a must-have component for most ConfigMgr implementations because they can reduce the WAN bandwidth consumption for branch/remote offices.

However, remote DPs and secondary servers are the most significant troublemakers for a ConfigMgr environment. Let’s understand how to simplify ConfigMgr architecture, especially if the remote offices are connected with saturated WAN links.

An additional agent installation on all ConfigMgr client devices and some additional configurations can help eliminate the remote DPs. Many enterprises can eliminate the FanOut of architecture by deploying the additional agent & the server-side configurations. These steps help to simplify architecture and reduce operating costs.

Reduce Device Management Overheads with 1E Agent - Fig.2
Reduce Device Management Overheads with 1E Agent – Fig.2

The 1E Nomad agent uses peer-to-peer technology to eliminate the need for remote distribution points. For the initial content transfer, you might need only one distribution point at the central office. A peer-to-peer network fully manages the rest of the content transfer.

The following are some of the features that help to reduce the FanOut architecture of ConfigMgr:

  1. Bandwidth Management
  2. Election Process to have master client
  3. The Master client starts to download the content
  4. The bandwidth management is similar to LEDBAT protocol at the client end
    • This dynamically adjusts the delay between the blocks
    • Inserts the delay in between the blocks – Delay and back off
  5. Real-Time Bandwidth monitoring

More details about the 1E peer-to-peer architecture can be found in 1E documentation.

Network Bandwidth

One of the key deciding factors of Configuration Manager architecture is network bandwidth. The saturated WAN network is one of the most significant pain points for Configuration Manager (a.k.a. SCCM) implementations.

Let’s understand how to reduce and manage network bandwidth consumption when GBs of content must be downloaded from a central office distribution point.

Microsoft technologies like BranchCache, PeerCache, and LEDBAT can help with bandwidth management to some extent. However, according to a comparison study, 1E Nomad’s bandwidth management algorithm provides better and more reliable bandwidth management.

Bandwidth
Management
Peer-to-peer
sharing
NomadYesYes
BranchCacheNoYes
Peer CacheNoYes
Delivery OptimizationYesYes
Background Intelligent Transfer Service (BITS)YesNo
Low Extra Delay Background Transport (LEDBAT)YesNo
Reduce Device Management Overheads with 1E Agent – Table.3

Nomad’s reliable bandwidth management never allows the saturation of the WAN bandwidth, so there is no need to manage network locations using boundary groups. The 1E Nomad agent installed on the ConfigMgr client helps dynamically manage network bandwidth.

The 1E Nomad Single Site Download feature helps reduce content transfer from remote DP by allowing peer-to-peer content transfer across different subnets.

Reduce Device Management Overheads with 1E Agent - Fig.3
Reduce Device Management Overheads with 1E Agent – Fig.3

Peer-to-Peer Content Sharing

Let’s understand another device management overhead. Peer-to-peer content sharing and bandwidth management are closely linked topics from the device management perspective. Microsoft offers more than one bandwidth management and peer-to-peer technology. All those technologies are helpful for specific scenarios. In my experience, it’s expensive and time-consuming to integrate more than one technology to produce a relevant solution.

With every new version of Windows 10, Microsoft improves and adds new features to make these technologies more valuable in the enterprise world. It is worth having an end-to-end assessment (once every couple of years) of all these Microsoft Peer-to-Peer content sharing and bandwidth management technologies.

1E Nomad is a mature peer-to-peer content-sharing and bandwidth management product. The 1E Nomad peer-to-peer content distribution agent provides two (2) solutions: bandwidth management & peer-to-peer content sharing. 1E Nomad is included in the 1E Windows Servicing Suite and extends automation for Windows 10 upgrades and application deployment. You can read the 1E whitepaper for more details on the additional features supported by 1E Nomad.

As I mentioned in the previous post, content distribution issues for remote DPs are expensive and time-consuming. By using 1E Nomad peer-to-peer technology, you can eliminate remote branch office servers. Reducing costs and simplifying management are the key factors you must consider before selecting any solution. The FanOut feature mentioned above dramatically improves peer-to-peer efficiency.

1E Nomad Pre-caching is also a helpful option that removes the content delivery overhead of device management. In my experience, most admins would like to pre-cache content to ensure better deployment success rates. The reporting option with 1E Nomad Pre-caching Jobs is also helpful for validating the content pre-cache on Windows 10 devices.

Reduce Device Management Overheads with 1E Agent - Fig.4
Reduce Device Management Overheads with 1E Agent – Fig.4

OS Deployment

One of the most significant overheads in device management is dealing with network team(s) to make OS Deployment (OSD) work. The PXE boot is the critical component (unless USB boot media has been used) for bare metal OS deployments. Three main elements are involved in this process (listed below).

  • Network (Routers)
  • DHCP Server(s)
  • PXE Server(s)

I love the quote from Microsoft’s Kerwin Medina (ConfigMgr Product Team Member): “Befriend your network administrators. Be nice to them, out of a genuine heart.” You can read Kerwin’s post below to understand the network team’s dependency on making PXE/OS deployment work: Do you want to use PXE Boot? Don’t use DHCP Options.

1E Nomad eliminates all the remote DPs from your environment. However, that creates another problem: PXE servers! What will we do for PXE servers hosted on DPs servers? Let’s eliminate the PXE servers with the PXE EveryWhere agent (part of the 1E agent) and a web service (PXE EveryWhere Central Server).

That makes one or more PXE servers available in each subnet, and therefore, no router configuration is required (unless DHCP Snooping is enabled). You can find more details about PXE Everywhere in the 1E documentation (https://help.1e.com/display/PXE32/Introducing+PXE+Everywhere+3.2).

Reduce Device Management Overheads with 1E Agent - Fig.5
Reduce Device Management Overheads with 1E Agent – Fig.5

Real-time Management

Remote client management is another overhead in the device management world. Recently, the work location and connectivity to the work environment have drastically changed. New challenges were introduced because of the change from an office-based to a home-office-based work environment. The real-time management of devices from home-office networks is essential for organizations in this changed scenario.

1E Tachyon comes with real-time management and many more features. Real-time management is challenging because all the devices may not be connected at the time of a query. So, what will happen to the query when the device is offline? One of Tachyon’s most significant advantages is the configurable options to tackle these scenarios.

  • Each query has a configurable duration.
    • This allows devices to connect later and send answers
  • Keep answers for a configurable duration

You must be more careful when dealing with real-time management scenarios because some answers can quickly become stale. The configurable duration option should be decided carefully to produce accurate results.

As per the 1E documentation, most real-time queries/instructions require only a single packet exchange, enabling your team to remediate and respond to issues faster. This ensures that you are NOT choking the home office network by sending and receiving many queries/answers simultaneously.

Reduce Device Management Overheads with 1E Agent - Fig.6
Reduce Device Management Overheads with 1E Agent – Fig.6

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here – HTMD WhatsApp

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.