SCCM 2016 prerequisites

For SCCM 2016 we have prerequisites: hardware, software, service accounts and AD Schema

  • Hardware
    • CPU 2 x v-CPU
    • Memory 16 GB (in my lab 6 GB)
    • 7 x HDD
      • C:\ OS, 80 GB, OS Installation
      • D:\ APPS, 80 GB, SCCM binaries
      • E:\ Content, 200 GB, Source files for apps, drivers, updates, packages, etc
      • F:\ Temp DB, 20 GB
      • G:\ Temp DB logs, 20 GB
      • H:\ DB, 40 GB
      • I:\ DB logs, 20 GB
  • Software
    • SQL server (it's free for System center usage) with collation SQL_Latin_General_CP1_CI_AS
    • Windows ADK for Windows 10, version 1607 Link: https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit
    • Windows Roles
      • BITS
      • .Net
      • WSUS, After you finished to install SQL
      • IIS
      • Common HTTP Features
        Static Content
        Default Document
        Directory Browsing
        HTTP Errors
        HTTP Redirection
      • Health and Diagnostics
        HTTP logging
        Logging tools
        Request Monitor
        Tracing         
      • Performance
        Static Content Compression
        Dynamic Content Compression
      • Security
        Basic Authentication
        Windows Authentication
        URL Authorization
        Request Filtering
        IP and Domain Restrictions
      • Application Development
        ASP.NET 4.5
        .NET Extensibility
        ASP 4.5
        ISAPI Extensions
        ISAPI Filters
      • Management Service
        IIS 6 Management Compatibilty
        IIS 6 Metabase Compatibility
        IIS 6 WMI Compatibility
        IIS 6 Scripting Tools
        IIS 6 Management Console
        All Management Tools
        IIS Management Console
        IIS Management Scripts and Tools
         
  • Service accounts
    • Domain Group sccm_admin where you will drop all domain members to be administrators in SCCM
    • SQL account db_sccm
    • SCCM push client sccm_push, regular domain user
  • AD
    • System Management Container
    • Schema Update
    • GPO to add sccm_push to the local administrator
    • GPO to stop windows automatic update
    • GPO to add firewall exception in windows firewall for push sccm agent 

System Management Container

Open adsiedit.msc and connect to Default Naming Context

Select CN=System right click and create a new object 

Select Container --> Next --> Value add System Management --> Next --> Finish

Now open Active Directory Users and Computers, select view-->Advanced Features

Right click on the new container, System Management, and select Delegate control --> Next --> Select the SCCM server object --> Create a custom task to delegate --> Select default This folder, existing objects ... --> Next --> Select everything (General, Property-Specific, Creation/Deletion ..) with Permissions: Full control --> Finish

Schema Update

This step can be made from any station with domain admin wrights, I will run that from my sccm server. Open command prompt  Go to SCCM installation package 

d:\SC_Configmgr_SCEP_1606\SMSSETUP\BIN\X64>extadsch.exe

Microsoft System Center Configuration Manager v5.00 (Build 8412)
Copyright (C) 2011 Microsoft Corp.


Successfully extended the Active Directory schema.

Please refer to the ConfigMgr documentation for instructions on the manual configuration of access rights in active directory which may still need to be performed.  (Although the AD schema has now be extended, AD must be configured to allow each ConfigMgr Site security rights to publish in each of their domains.)

d:\SC_Configmgr_SCEP_1606\SMSSETUP\BIN\X64>

Design a hierarchy of sites for SCCM 2016

Before installing the first site of a new System Center Configuration Manager hierarchy, you should understand the available topologies for Configuration Manager, the available types of sites and their relationships with each other, and the scope of management each site type provides. Then, after considering content management options that can reduce the number of sites you need to install, you can plan a topology that efficiently serves your current business needs and can later expand to manage future growth. +

Note

When planning a new installation of Configuration Manager, remain aware of the release notes which detail current issues in the active versions. The release notes apply to all branches of Configuration Manager. However, when you use the Technical Preview Branch, you will find issues specific to only that branch in the documentation for each version of the Technical Preview. +

Hierarchy topology

Hierarchy topologies range from a single stand-alone primary site to a group of connected primary and secondary sites with a central administration site at the top-level (top-tier) site of the hierarchy.
The key driver of the type and count of sites that you use in a hierarchy is usually the number and type of devices you must support: +

Stand-alone primary site: Use a stand-alone primary site when a single primary site can support management of all of your devices and users (see Sizing and scale numbers). This topology is also successful when your company’s different geographic locations can be successful served by a single primary site. To help manage the network traffic you can use preferred management points and a carefully planned content infrastructure (see Fundamental concepts for content management in System Center Configuration Manager). +

Benefit of this topology include: +

    • Simplified administrative overhead

    • Simplified client site assignment and discovery of available resources and services

    • Eliminates possible lag introduced by database replication between sites

    • This choice is not permanent and you can expand a stand-alone primary hierarchy into a larger hierarchy with a central administration site. This enables you to then install new primary sites to expand the scale of your deployment.

+

Central administration site with one or more child primary sites: Use this topology when you require more than one primary site to support management of all your devices and users. Benefits of this topology include: +

    • Required when you need to use more than a single primary site

    • Supports up to 25 primary sites enabling you to extend the scale of your hierarchy

    • This choice is permanent. You cannot detach a child primary site to make it a stand-alone primary site. Therefore, unless you reinstall your sites, you will always use the central administration site

      The following sections can help you understand when to use a specific site or content management option in place of an additional site.

+

Determine when to use a central administration site

Use a central administration site to configure hierarchy-wide settings and to monitor all sites and objects in the hierarchy. This site type does not manage clients directly but it does coordinate inter-site data replication, which includes the configuration of sites and clients throughout the hierarchy. +

The following information can help you decide when to install a central administration site: +

    • The central administration site is the top-level site in a hierarchy

    • When you configure a hierarchy that has more than one primary site, you must install a central administration site, and it must be the first site that you install

    • The central administration site supports only primary sites as child sites

    • The central administration site cannot have clients assigned to it

    • The central administration site does not support site system roles that directly support clients, like management points and distribution points

    • You can manage all clients in the hierarchy and perform site management tasks for any child site when you use a Configuration Manager console that is connected to the central administration site. This can include installing management points or other site system roles at a child primary or secondary sites

    • When you use a central administration site, the central administration site is the only place where you can see site data from all sites in your hierarchy. This data includes information such as inventory data and status messages

    • You can configure discovery operations throughout the hierarchy from the central administration site by assigning discovery methods to run at individual sites

    • You can manage security throughout the hierarchy by assigning different security roles, security scopes, and collections to different administrative users. These configurations apply at each site in the hierarchy

    • You can configure file replication and database replication to control communication between sites in the hierarchy. This includes scheduling database replication for site data, and managing the bandwidth for the transfer of file-based data between sites

+

Determine when to use a primary site

Use primary sites to manage clients. You can install a primary site as a child primary site below a central administration site, or as the first site of a new hierarchy. A primary site that installs as the first site of a hierarchy creates a stand-alone primary site. Both child primary sites and stand-alone primary sites support secondary sites as child sites of the primary site. +

Consider using a primary site for any of the following reasons: +

    • To manage device and users

    • To increase the number of devices you can manage with a single hierarchy

    • To provide additional point of connectivity for administration of your deployment

    • To meet organizational management requirements. For example, you might install a primary site at a remote location to manage the transfer of deployment content across a low-bandwidth network. However, with System Center Configuration Manager you can use options to throttle the network bandwidth use when transferring data to a distribution point and that content management capability can replace the need to install additional sites.

+

The following information can help you decide when to install a primary site: +

    • A primary site can be a stand-alone primary site or a child primary site in a larger hierarchy. When a primary site is a member of a hierarchy with a central administration site, the sites use database replication to replicate data between the sites. Unless you need to support more clients and devices than a single primary site can support, consider installing a stand-alone primary site. After a stand-alone primary site installs, you can expand it to report to a new central administration site to scale up your deployment.

    • A primary site supports only a central administration site as a parent site

    • A primary site supports only secondary sites as child sites and can support multiple secondary child sites

    • Primary sites are responsible for processing all client data from their assigned clients

    • Primary sites use database replication to communicate directly to their central administration site (this is configured automatically when a new site installs)

+

Determine when to use a secondary site

Use secondary sites to manage the transfer of deployment content and client data across low-bandwidth networks. +

You manage a secondary site from a central administration site or the secondary site's direct parent primary site. Secondary sites must be attached to a primary site, and you cannot move them to a different parent site without uninstalling them and then re-installing them as a child site below the new primary site. However, you can route content between two peer secondary sites to help manage the file-based replication of deployment content. To transfer client data to a primary site, the secondary site uses file-based replication. A secondary site also uses database replication to communicate with its parent primary site. +

Consider installing a secondary site if any of the following conditions apply: +

    • You do not require a local point of connectivity for an administrative user

    • You must manage the transfer of deployment content to sites lower in the hierarchy

    • You must manage client information that is sent to sites higher in the hierarchy

      If you do not want to install a secondary site and you have clients in remote locations, consider using Windows BranchCache or installing distribution points that are enabled for bandwidth control and scheduling. You can use these content management options with or without secondary sites, and they can help you to reduce the number of sites and servers that you must install. For information about content management options in Configuration Manager, see Determine when to use content management options.

+

The following information can help you decide when to install a secondary site: +

    • Secondary sites automatically install SQL Server Express during site installation if a local instance of SQL Server is not available

    • Secondary site installation is initiated from the Configuration Manager console, instead of running Configuration Manager Setup directly on a computer

    • Secondary sites use a subset of the information in the site database which reduces the amount of data that replicates by database replication between the parent primary site and secondary site

    • Secondary sites support the routing of file-based content to other secondary sites that have a common parent primary site

    • Secondary site installations automatically deploy a management point and distribution point that are located on the secondary site server

+

Determine when to use content management options

If you have clients in remote network locations, consider using one or more content management options instead of a primary or secondary site. You can often remove the need to install a site when you use Windows BranchCache, configure distribution points for bandwidth control, or manually copy content to distribution points (prestage content). +

Consider deploying a distribution point instead of installing another site if any of the following conditions apply: +

    • Your network bandwidth is sufficient for client computers at the remote location to communicate with a management point to download client policy, and send inventory, reporting status, and discovery information

    • Background Intelligent Transfer Service (BITS) does not provide sufficient bandwidth control for your network requirements

      For more information about content management options in Configuration Manager, see Fundamental concepts for content management in System Center Configuration Manager.

+

Beyond hierarchy topology

In addition to an initial hierarchy topology, consider what services or capabilities will be available from different sites in the hierarchy (site system roles), and how hierarchy wide configurations and capabilities will be managed in your infrastructure. The following are the more common considerations and are covered in separate topics. These should be considered as they can influence or be influenced by your hierarchy design: +

+

Review the following resources for site specific configurations: +

+

Consider configurations that span sites and hierarchies: +

What's new in SCCM 1606

Update 1606 for System Center Configuration Manager is an update that is available as an in-console update for previously installed sites that run version 1511 or 1602. Version 1511 is the initial baseline version you use to install new Configuration Manager sites.+

Tip

Learn more about: +

+

The following sections provide details about changes and new capabilities introduced in version 1606 of Configuration Manager. +

Updates and Servicing

Changes for the Updates and Servicing Node

The following are changes to Updates and Servicing in the Configuration Manager console:+

Note

These changes are not available until after you install version 1606.+

    • Node name change:

      In the Monitoring workspace, the Site Servicing status node has been renamed to Updates and Servicing Status.

    • More installation status:

      When you view the update installation status for a site, the console now displays separate details for the following actions:

      • Download (This applies only to the top-tier site where the service connection point site system role is installed)
      • Replication
      • Prerequisites Check
      • Installation

      Additionally, there is now more detailed information for each step, including in which log file you can view for more information.

    • New option to retry prerequisite failures:

      In both the Administration and Monitoring workspaces, the Updates and Servicing node includes a new button on the Ribbon named Ignore prerequisite warnings.

      When you install updates without using the option to Ignore prerequisite warnings (from within the Updates Wizard), and that update installation halts with a State of Prereq warning, you can then select Ignore prerequisite warnings from the ribbon to trigger an automatic continuation of that update install that ignores the prerequisite warnings.

    • Cleaner view of updates:

      When you view the Updates and Servicing node, you now see only the most recently installed update, and any new updates that are available for you to install. To view previously installed updates, you click the new History button which appears in the Ribbon.

    • Renamed option for pre-production:

      In the Updates and Servicing node, the button what was named Client options is now renamed to Promote Pre-production Client.

+

Pre-release features

Beginning with 1606, you must give consent to use Pre-Release features in System Center Configuration Manager before you can select and enable their use. For more information, see Use pre-release features from updates.+

New distribution point update behavior

Update 1606 introduces changes that improve the availability of distribution points when installing future updates.+

After update 1606 is installed, when you next install an update at that site that requires the automatic reinstallation of standard and pull-distribution point site system roles, all distribution points no longer go off-line to update at the same time. Instead, the site server uses the site’s content distribution settings to distribute the update to a subset of distribution points at a time. The result is that only some distribution points go off-line to install the update. This allows distribution points that have not yet begun to update or that have completed the update to remain on-line and able to provide content to clients.+

Accessibility

Beginning with version 1606, to navigate between the different nodes of a workspace, you can enter the first letter of a nodes name. Each key press moves the cursor to the next node that begins with that letter, and when using a screen reader, the reader reads out the name of that node. For more information about Accessibility options, see Accessibility features in System Center Configuration Manager.+

Administration

The following are changes to Administration in the Configuration Manager console:+

OMS Connector

You can now connect Configuration Manager as collections from System Center Configuration Manager to the Microsoft Operations Management Suite (OMS). This makes data such as collections from your Configuration Manager deployment visible in OMS. Find out more about syncing data from Configuration Manager to the Microsoft Operations Management Suite here.+

The OMS Connector is a prerelease feature. To enable it, see Use pre-release features from updates.+

Support for cache size in Client Settings

You can now configure the size of the cache folder on client computers with Client Settings in the Configuration Manager console. Previously, you could only set the client cache size when installing or reinstalling the client software (using the SMSCACHESIZE property). Now you can specify the cache size as a client setting (either default or custom), and then have those settings applied with the next policy update on the client without requiring a client reinstall. For more information, Configure the Client Cache for Configuration Manager Clients.+

On-premises Mobile Device Management

Support for multiple device management points

On-premises Mobile Device Management (MDM) now supports a new capability in Windows 10 Anniversary Update that automatically configures an enrolled device to have more than one device management point available for use. This capability allows the device to fallback to another device management point when the one it normal uses is not available. This capability only works for PCs and devices with Windows 10 Anniversary Update installed.+

Application management

Manage apps from the Windows Store for Business

The Windows Store for Business is where you can find and purchase Windows apps for your organization, individually or in volume. By connecting the store to Configuration Manager, you can synchronize the list of apps you've purchased with Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app.+

For details, see Manage apps from the Windows Store for Business with System Center Configuration Manager.+

Manage iOS volume-purchased apps

The work flow for managing volume-purchased iOS apps and deploying these with Configuration Manager has been improved.+

For details, see Manage volume-purchased iOS apps with System Center Configuration Manager.+

Software Center User Interface

The Software Center interface has been streamlined to make the end user experience easier to navigate.+

    • The Installation Status and Installed Software tabs have been combined into a single Installation Status tab.
    • Updates, Operating Systems and Applications have been separated into three separate tabs.
    • Multiple updates can now be selected for installation at once, or all updates can be installed at once by clicking the Install All button.

+

Content status links

When viewing the properties of an application or package, there is now a link that takes you to the status for that object.+

Software updates

Client setting to manage the Office 365 client agent

You can now use a Configuration Manager client setting to manage the Office 365 client agent. After you configure this setting and deploy Office 365 updates, the Configuration Manager client agent communicates with the Office 365 client agent to download Office 365 updates from a distribution point and install them.+

For details, see Manage Office 365 ProPlus updates with Configuration Manager.+

Manually switch clients to a new software update point

You can now enable the option for Configuration Manager clients to switch to a new software update point when there are issues with the active software update point. Once enabled, the clients will look for another software update point at the next scan.+

For details, see Plan for software updates in Configuration Manager.+

Restart options for Windows 10 clients after software update installation

When a software update that requires a restart is deployed using Configuration Manager and installed on a computer, a pending restart is scheduled and a restart dialog box is displayed. Beginning in Configuration Manager version 1606, the option to Update and Restart, and Update and Shutdown is available on Windows 10 computers in the Windows Power options whenever there is a pending restart for a Configuration Manager software update. After using one of these options, the restart dialog will not display after the computer restarts.+

For details, see Plan for software updates in System Center Configuration Manager.+

Run software updates compliance scan immediately after a client installs software updates and restarts

You can now run a software updates compliance scan immediately after a client installs software updates and restarts. To configure this for a deployment, on the User Experience page of the Deploy Software Updates Wizard, select the If any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart option. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. For details, see Automatically deploy software updates or Manually deploy software updates+

Operating system deployment

Improvements to the Install Software Updates task sequence step

There is a new setting, Evaluate software updates from cached scan results that gives you the option to do a full scan for software updates instead of using the cached scan results. For details, see Task sequence steps in System Center Configuration Manager.+

Also, a new task sequence variable, SMSTSSoftwareUpdateScanTimeout is available to give you the ability to control the timeout for the software updates scan during the Install software updates task sequence step. The default value is 30 minutes. For details, see Task sequence built-in variables in System Center Configuration Manager.+

OSDPreserveDriveLetter task sequence variable has been deprecated

Beginning in Configuration Manager version 1606, The OSDPreserveDriveLetter task sequence variable has been deprecated. Starting in Configuration Manager version 1606, Windows Setup determines the best drive letter to use (typically C:) during an operating system deployment, by default.+

For details, see Task sequence built-in variables in System Center Configuration Manager.+

Customize the RamDisk TFTP window size for PXE-enabled distribution points

You can now customize the RamDisk window size for PXE-enabled distribution points. If you have customized your network, it could cause the boot image download to fail with a time-out error because the window size is too large. The RamDisk TFTP window size customization allow you to optimize TFTP traffic when using PXE to meet your specific network requirements.+

For details, see Prepare site system roles for operating system deployments with System Center Configuration Manager.+

Compliance settings

Smart Lock setting for Android devices

A new setting, Allow Smart Lock and other trust agents has been added to the Android and Samsung KNOX Standard configuration item.+

This setting lets you control the Smart Lock feature on compatible Android devices. This phone capability, sometimes known as trust agents lets you disable or bypass the device lock screen password if the device is in a trusted location such as when it is connected to a specific Bluetooth device, or when it is near to an NFC tag. You can use this setting to prevent end users from configuring Smart Lock.+

For details, see How to create configuration items for Android and Samsung KNOX Standard devices managed without the System Center Configuration Manager client.+

Device configuration and protection

Product name changes

    • Microsoft Passport for Work is now known as Windows Hello for Business.
    • Enterprise data protection is now known as Windows Information Protection.

+

Deployment of Windows Hello for Business (Passport for Work)

You can now deploy Windows Hello for Business policies to domain-joined Windows 10 devices managed by the Configuration Manager client.+

The Configuration Manager console has been updated to reflect these changes.+

iOS Activation Lock

Configuration Manager can help you manage iOS Activation Lock, a feature of the Find My iPhone app for iOS 7.1 and later devices. When Activation Lock is enabled, the user's Apple ID and password must be entered before anyone can:+

    • Turn off Find My iPhone
    • Erase the device
    • Reactivate the device

+

Configuration Manager can help you manage Activation Lock in two ways:+

    1. Enable Activation Lock on supervised devices.
    2. Bypass Activation Lock on supervised devices.

+

For details, see Manage iOS Activation Lock with System Center Configuration Manager+

Windows Defender Advanced Threat Protection

Endpoint Protection can help manage and monitor Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP is a new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks. Configuration Manager policies can help you onboard and monitor managed Windows 10, version 1607 (build 14328) or later.+

For details, see Windows Defender Advanced Threat Protection.+

Device categories

You can create device categories, which can be used to automatically place devices in device collections when you are using Configuration Manager with Microsoft Intune. Users are then required to choose a device category when they enroll a device in Intune. You can additionally change the category of a device from the Configuration Manager console.+

For details, see How to automatically categorize devices into collections with System Center Configuration Manager.+

Predeclare devices with IMEI or iOS serial numbers

You can identify corporate-owned devices by importing their international station mobile equipment identity (IMEI) numbers or iOS serial numbers. You can upload a comma-separated values (.csv) file containing device IMEI numbers or you can manually enter device information. Imported information will set Ownership of the devices that enroll as “Corporate” in lists of devices. An Intune license is still required for each user that accesses the service.+

For more details, see Predeclare devices with IMEI or iOS serial numbers.+

On-premises Health Attestation service communication

You can now enable Health Attestation services monitoring for Windows 10 PCs using only on-premises infrastructure so that computers without internet access can report Device Health Attestation (DHA).+

For details, see Health attestation for System Center Configuration Manager. +

Remote Control

Allow your end-users the opportunity to accept or deny file transfers before transferring content from the shared clipboard in a remote control session. End-users will only need to grant permission once per session, and the viewer will not have the ability to give themselves permission to proceed with the file transfer. You can find this new setting in the Administration workspace, then navigating to Client Settings, then opening the Remote Tools panel in Default Settings.

Size and scale numbers for SCCM 2016

Each System Center Configuration Manager deployment will have a maximum number of sites, site system roles, and devices that it can support. These numbers vary depending on your hierarchy structure (what types and numbers of sites you use) and the site system roles you deploy. The information in the following subjects can help you identify the number of site system roles and sites you will need to support the devices you expect to manage with your environment.+

Use the information in this topic with the information in the following articles:+

These support numbers in this article are based on using the recommended hardware for Configuration Manager. When you do not use the recommended hardware, the performance of site systems can be degraded and might not meet the stated levels of support.+

Site types

Central administration site: +

  • A central administration site supports up to 25 child primary sites.

Primary site:

    • Each primary site supports up to 250 secondary sites.

    • The number of secondary sites per primary site is based on continuously connected and reliable wide area network (WAN) connections. For locations that have fewer than 500 clients, consider a distribution point instead of a secondary site.

      For information about the numbers of clients and devices a primary site can support, see Client numbers for sites and hierarchies in this topic.

+

Secondary site:

  • Secondary sites do not support child sites.

  • A central administration site supports up to 25 child primary sites.

Application Catalog website point: +

  • You can install multiple instances of the Application Catalog website point at primary sites.

    Tip

    As a best practice, install the Application Catalog website point and Application Catalog web service point together on the same site system when they provide service to clients that are on the intranet.

    • For improved performance, plan to support up to 50,000 clients per instance.

    • Each instance of this site system role supports the maximum number of clients supported by the hierarchy.

Site system roles

Application Catalog web service point: +

  • You can install multiple instances of the Application Catalog web service point at primary sites.

    Tip

    As a best practice, install the Application Catalog website point and Application Catalog web service point together on the same site system when they provide service to clients that are on the intranet.

    • For improved performance, plan to support up to 50,000 clients per instance.

    • Each instance of this site system role supports the maximum number of clients supported by the hierarchy.

Distribution Point: +

  • Distribution points per site:

    • Each primary and secondary site supports up to 250 distribution points.

    • Each primary and secondary site supports up to 2000 additional distribution points configured as pull-distribution points. For example, a single primary site supports 2250 distribution points when 2000 of those distribution points are configured as pull-distribution points.

    • Each distribution point supports connections from up to 4,000 clients.

    • A pull-distribution point acts like a client when it accesses content from a source distribution point.

  • Each primary site supports a combined total of up to 5,000 distribution points. This total includes all the distribution points at the primary site and all distribution points that belong to the primary site’s child secondary sites.

  • Each distribution point supports a combined total of up to 10,000 packages and applications.

Warning

The actual number of clients that one distribution point can support depends on the speed of the network, and the hardware configuration of the distribution point computer. +

The number of pull-distribution points that one source distribution point can support similarly depends on the speed of the network and hardware configuration of the source distribution point computer, but is also affected by the amount of content you have deployed. This is because unlike clients that typically access content at different times over the course of a deployments window, all pull-distribution point request content at the same time and can request all available content and not just the content that is applicable to them, as would a client. When too much of a processing load is placed on a source distribution point, this can cause unexpected delays in distributing the content to the expected distribution points in your environment. +

Fallback status point:

  • Each fallback status point can support up to 100,000 clients.

Management point:

  • Each primary site supports up to 15 management points.

    Tip

    Do not install management points on servers that are across a slow link from the primary site server or from the site database server.

  • Each secondary site supports a single management point that must be installed on the secondary site server.

    For information about the numbers of clients and devices a management point can support, see the Management points section in this topic.

Software update point:

  • A software update point that is installed on the site server can support up to 25,000 clients.

  • A software update point that is remote from the site server can support up to 150,000 clients when the remote computer meets the WSUS requirements to support this number of clients.

  • By default, Configuration Manager does not support configuring software update points as NLB clusters. However, you can use the Configuration Manager SDK to configure up to four software update points on a NLB cluster.

Client numbers for sites and hierarchies

Use the following information to determine how many clients, and of which types, you can support at a site or in a hierarchy. +

Hierarchy with a central administration site

A central administration site supports a total number of devices that includes up to the number of devices listed for the following three groups: +

  • 700,000 desktops (computers that run Windows, Linux and UNIX)

  • 25,000 devices that run Mac and Windows CE 7.0

  • One of the following, depending on how your deployment supports mobile device management:

    • 100,000 devices you manage with On-Premises MDM

    • 300,000 cloud-based devices

    For example, in a hierarchy you can support 700,000 desktops, up to 25,000 Mac and Windows CE 7.0 clients, and up to 300,000 cloud-based devices when you integrate Microsoft Intune, for a total of 1,025,000 devices. If you support devices managed by on-premises MDM, the total for the hierarchy is 825,000 devices.

Important

In a hierarchy where the central administration site uses a Standard edition of SQL Server, the hierarchy supports a maximum of 50,000 desktops and devices. The edition of SQL Server in use at a stand-alone primary site does not limit that sites capacity to support up to the stated number of clients.

Child primary site

Each child primary site in a hierarchy with a central administration site supports the following: 

  • 150,000 total clients and devices, not limited to a specific group or type, so long as support does not exceed the number supported for the hierarchy

For example, a primary site that supports 25,000 computers that run Mac and Windows CE 7.0 (because that is the limit for a hierarchy), can then support an additional 125,000 desktop computers, which brings the total number of supported devices up to the child primary sites supported maximum limit of 150,000.

Stand-alone primary site

A stand-alone primary site supports the following number of devices: 

  • 175,000 total clients and devices, not to exceed:

    • 150,000 desktops (computers that run Windows, Linux and UNIX)

    • 25,000 devices that run Mac and Windows CE 7.0

    • One of the following, depending on how your deployment supports mobile device management:

      • 50,000 devices you manage with On-Premises MDM

      • 150,000 cloud-based devices

For example, a stand-alone primary site that supports 150,000 desktops and 10,000 Mac or Windows CE 7.0 clients can support only an additional 15,000 devices. Those devices can be either cloud-based or managed using on-premises MDM. +

Secondary sites

Secondary sites support the following: 

  • 15,000 desktops (computers that run Windows, Linux and UNIX)

Management points

Each management can support the following number of devices:  

  • 25,000 total clients and devices, not to exceed:

    • 25,000 desktops (computers that run Windows, Linux and UNIX)

    • One of the following (not both):

      • 10,000 devices managed using On-Premises MDM

      • 10,000 devices that run Mac and Windows CE 7.0

SCCM 2016 Design

SCCM 2016 Design considerations

First off all you need to consider the SCCM maximum number and limitations so please check: Size and scale numbers for SCCM 2016

Now for different type of scenarios you can have a different number of servers or jus one. For example for a large enterprise you can have: One SQL Cluster, two or more Management Point, two or more Distribution Point,  two or more Update Point, etc. Please find more details here  Design a hierarchy of sites for SCCM 2016.

In our scenario we will cover a medium company with 700 client computers and 300 servers split in 6 geographical locations.

In Data Center or in the biggest branch or head quarter we will deploy only server with all important roles installed plus SQL Server and one Distribution Point in each site location, 5 in our case. Only one primary site with multiple DP is the most recommended deployment even for larger corporation. With SCCM 2012 the design was simplified a lot and secondary site are not required any more.

For this tutorial I will use in my lab

Server role Server name Memory GB v-CPU
Domain Controller DUBDC01.SCCM.IE 1 1
SCCM + SQL DUBSCCM01.SCCM.IE 6 2
File Server DUBFS01.SCCM.IE 2 1
Win7 client1.SCCM.IE 1 1
Total   10 5

In a real scenario I will recommend for SCCM server 16 GB of RAM and 2-4 v-CPU with multiple disks.

More Articles ...

  1. Install SCCM 2016 step by step