High level (generalized) design decisions are discussed in this post. Most common design decision I have seen is discussed in the below paragraph. I must warn that this design decision won’t suit all scenarios. In this post, we will see SCCM Intune architecture decision making tips and sample diagram.
The design decisions will be based on the existing SCCM/ConfigMgr CB environment and will replicate some of the features as per the requirement. An SCCM solution will be implemented to provide device management facilities for fully managed Windows servers and Windows endpoints. A standalone Intune platform will also be installed on managed mobile devices (iOS, Android, Windows 10 modern device via MDM channel).
SCCM Servers On-Premises or AZURE? CAS and NO CAS SCCM Server Intune Hybrid – Intune Standalone? Integration with ISVs ServiceNow/Remedy? Windows 10 Co-Management? SCCM/Intune High Availability-DR Options? Intune SCCM Architecture Diagram Other Design Decisions
SCCM Servers On-Premises or AZURE?
Can we install SCCM/ConfigMgr CB infrastructure in Microsoft Azure? Installing SCCM servers in Azure supported? Yes, we can install SCCM CB infra in Microsoft Azure. And this is fully supported by Microsoft. More details about on-prem or Azure (IaaS) is available here. Microsoft doesn’t provide any supporting statement about hosting SCCM infra in AWS IaaS solution, but it should work well if all the communication ports are open. I know some customers are running SCCM infra in AWS. This is the first step towards SCCM architecture decision making.
Decision – CAS and NO CAS SCCM Server
A CAS (Central Administration Site), is the name for the SCCM/ConfigMgr site server role. I would recommend avoiding SCCM/ConfigMgr CAS server wherever possible. I don’t think; you need to have an SCCM hierarchy with CAS in 99% scenarios. There are several blog posts about CAS or NO CAS decision making. More details “Determine when to use a central administration site (CAS).” I will surely go with standalone SCCM primary server in most of the SCCM infrastructure.
Whether to go with Intune hybrid with SCCM or Intune standalone? This is the most critical decision for your organization. Microsoft recommendation is to go with Stand-alone Intune and stand alone SCCM/ConfigMgr. I don’t recommend Intune hybrid architecture.
Microsoft already provides a detailed documentation of this decision making. More details choose between Microsoft Intune standalone and hybrid with SCCM. Microsoft also has a complete documentation about migrating Intune hybrid users to Intune standalone. So, it’s clear that Microsoft recommends going with Intune standalone and SCCM Stand-alone infrastructure. Do not go with Intune Hybrid Solution with SCCM/ConfigMgr.
Integration with ISVs ServiceNow/Remedy ?
Can Intune get integrated with ISVs like ServiceNow or Remedy? SCCM can get integrated with various 3rd party service providers like ServiceNow or Remedy. IT service management tools are essential for most of the organizations. As SCCM is having vast majority market share in device management world, this is one of the critical points which we should consider while architecture decision making.
Microsoft Intune has a way to hook into ISVs like Remedy and ServiceNow for IT service management and as well as for asset management. This integration can be achieved through Microsoft Graph APIs. But, I didn’t hear anything from Remedy or ServiceNow about Intune integration.
Windows 10 co-management is a dual management capability available with Windows 10 1709 version (Fall Creators Update) and later. Co-management is the bridge between traditional management and modern management. More details about co-management are available in my previous post here.
Managing Windows 10 with Intune is a possible option for some of the scenarios. But there are some challenges with Intune management for large enterprises. These challenges could be because of:-
Win 32 Application Delivery Mechanism Application Deployment Automation with ISV Bandwidth Issues (Delivery Optimization is only available for some channel) Complex Operating System Deployment (OSD) scenarios Existing investment into SCCM echo system
Co-management option could provide organization an opportunity to the transaction the workload from on-prem to cloud. The co-managed windows 10 devices would be visible in the SCCM and Intune console ( + Database).
SCCM/Intune High Availability-DR Options?
Is SCCM/Intune treated as business critical service within your organization? Most of the organizations won’t treat SCCM as business essential service (unlike exchange online). But, in the modern world with Intune and co-management options we may need to rethink about this strategy. From my perspective, SCCM is not business critical. We can live without SCCM for hours (4-8) depending on the SLA.
What are the DR or High Availability(HA) options available for SCCM? Microsoft SCCM product group (development team) is working to improve the HA/DR options for SCCM/ConfigMgr.
One of the improvements which are already there in the production version of SCCM CB 1706 and later is SQL Availability groups. SQL Server Always On availability groups as a high availability and disaster recovery solution for the site database. When you use SQL availability group then, you need to adjust your backup and restore procedure of your SCCM infra. More details available here.
SCCM Primary Passive Server installation option is available in the Preview versions of SCCM CB. SCCM primary passive site server option is not enabled for production versions of SCCM CB. The Passive mode SCCM site server is in addition to your existing SCCM primary site server that is in Active mode. More details available in the section called “Site Server High Availability.”
Intune SCCM Architecture Diagram
Following is the sample Intune SCCM/ConfigMgr architecture diagram. This explains the high level flow between Intune/SCCM/CMG/Cloud DP and Co-managed Windows 10 device.
Other Design Decisions
There are several other critical design decisions. I won’t be able to cover all these in this post. Some of them will be discussed in the Bangalore IT Pro event on 16th Dec 2017. More details about the event here. I will try to share the presentation deck after the event.
SCCM Tier 2/3 Hierarchy Strategies (Secondary servers/Remote DPs/MPs) SCCM Servicing Strategy SCCM Client Management Strategy SCCM Application Management Strategy SCCM Software Update Strategy SCCM Backup and Restore Strategy