Solved

Secondary Sites vs Branch Distribution Points (BDP). Which is best for me?

Posted on 2010-11-12
6
3,168 Views
Last Modified: 2013-11-21
Our current configuration consists of our Primary Site server (Black), and 15 REMOTE servers (over a WAN link) setup as "Server Shares".  The "Server Shares" are the DC's at those remote locations. Some of my remote locations have >10 Pc's, while others have <50. The remote site are over a WAN and use a VPN connection that come over Comcast; I also have 2 branches which are a dedicated 1.5Mbps T1, and another branch which is an Verizon Internet 1.5Mbps T1. I've already established SCCM site boundaries based upon my Active Directory IP subnets, defined my IP subnets and sites in Active Directory, and used the AD sites to create boundaries in SCCM.


The issue is that whenever I sync Microsoft Updates or copy new software installation packages to the remote server shares, it KILLS all of our bandwidth; ping responses to our remote locations spike, and things come to a crawl. I have done some research (got some very good help on here) and found out that I should probably be implementing secondary sites or branch distribution points, but I have some questions before I go though the extra work of setting them up. I know I shouldn't be using a "server Share" configuration (even thought this is what Microsoft recomended me to use), but I don't know if I should "convert" my Server Shares" to Secondary Sites, or Branch Distribution Points.

1) Which configuration, Secondary Site or BDP will give me the GREATEST control over network consumption (time frame, data rates, etc)?

2) Which option is best for my enviroment? I would perfer that clients speak to their local site server, and then that site server  speaks to the primary site server. I'm guessing I would need a Secondary Site Server configuration to do this? However, between all my remote locations, I have >300 Pc's; as I said, some locations have >10 Pc's.

3) *IMPORTANT* Can a secondary site or BDP be installed on a Domain Controller? The only server I have available at my locations is also the Domain Controller for that location. Is having a DC running as a secondary site / BDP even supported? All of those DC's are running Windows 2008 R2, they're also the DHCP, DNS, WINS server for their location.  

4) Is it too late to add secondary sites or BDP to my environment since I've already started to use SCCM with just a primary site and server shares?

5) Does anything need to be configured with the Pc clients, or will they pick up the new settings?


If you need anymore informantion, please don't hesistate to ask!
0
Comment
Question by:DonaldWilliams
  • 2
  • 2
  • 2
6 Comments
 
LVL 3

Expert Comment

by:socrates2012
ID: 34124166
A secondary site you can configure the sender address to utilize a certain percentage of the network pipe at different times, like a 10% during production hours and much greater after hours.  The secondary site also has more options available to the clients there such as management proxy and ability to set up a PXE service point.  A windows server is required for a secondary site as well.

A BDP on the other hand can be any flavor of Windows (server, XP, 7) as long as it has the SCCM client loaded on it.  The only control you have for throttling a BDP is configuring BITS for the site and is only a straight kb per second limit.

For sites with more than 50 or so clients and you offer other services such as OSD, I'd recommend a secondary site, for less a BDP is good unless a really remote site that you wouldn't want to travel to twice for a workstation reimage.

The best way to make sure clients don't pull files over the WAN is to set up either the secondary or BDP as a protected site and choose as the boundary the subnet in question.  The clients, after checking into your primary/central site, will know to talk to the local DP once their policy gets updated.

You can add secondaries and BDPs at any point in the game, just make sure your boundaries don't overlap or things get all sorts of screwy and you gamble on what exactly happens during a deployment.

Hope that answers all your questions!
0
 

Author Comment

by:DonaldWilliams
ID: 34124445
I'm debating on whether or not to just make all my locations Secondary Sites as that seems to give me more flexability in the futer and more control with bandwidth. I just have a few more questions:

1) Can a secondary site be configured on a DC? Is there any conflict with things like DHCP, DNS, WINS etc?

2) What is the max number of clients a BDP can realistically support? Is there a specific "cutoff"?

3) Can you have a mixed environemnt; primary site, a couple secondary sites, and a couple BDP's? Would there be any "harm" in making even my small sites (>10 Pc's) secondary sites?

4) II we went with BDP; what about the rest of the network traffic that the agents generate? I'm really trying to minimize t he traffic that SCCM generates across my WAN. Am I safe in assumeing that secondary sites generate less traffic?

0
 
LVL 3

Accepted Solution

by:
socrates2012 earned 250 total points
ID: 34124813
The big draw for a BDP is that you can use a power user's workstation as the point, not having to add extra hardware or buying an extra windows server license if none there.  Since you already have servers at each site secondaries would be a better option there IMHO too.

To answer your questions:

1) There are no conflicts putting a secondary site on a device with other roles.  If using as a DP there will be more disk I/O so if it is also that site's Home drive or is servicing a large database, may degrade performance.

2) You can have as many clients talking to a BDP as you want, there is one drawback to a BDP though.  There can only be 10 concurrent transfers going on at once.  All other clients will have to wait their turn for a connection to clear before getting their distribution.

3) Mixed environments is specifically what SCCM is good at.  No harm in making a small site a secondary, and many benefits as if you use the tools other than software distribution.

4) The only other traffic clients generate besides file transfers is policy updates and inventory updates.  By utilizing a secondary site and setting it up as a management point you make it the proxy to which all clients send inventory and retrieve policies from.  The secondary site will then, using the throttled data flow configured, send all the information to the primary.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 34126364
The difference between secondary site & primary site is secondary site is very much like primary byt without sql database.

1) The benefit of Branch distribution point is it can be installed on the software,so creating a branch distribution point gives certain benefit like when pkg or update is pushed to client they are availbel to one system in the site which is configured as BDP & all the client in the site contact bdp to download the package. Else BDP doesn't provide any other benefits

If you install BDP on client the max client support is 10 but on server its 2000.
http://technet.microsoft.com/en-us/library/bb680869.aspx

2)  Secondary site can be configured but domain controller is not the server used for installing another role other than dc related to security & the role played with the dc, as all the request of clients process through secondary server in site for policy,inventory retrieval can overload the DC which can slow the login.

3) There is no harm in promoting small site as secondary site,but for secondary site you require a server & for 10 clients i don't think its wise.

4)  BDP will only acts a distribution point nothing else.

http://technet.microsoft.com/en-us/library/bb680853.aspx

You can make use of remote differential compression along with Bits to control traffic. I belive it requires proper planning.
You can use BranchCache which is new feature available with win7 & windows 2008 R2.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34126366
0
 

Author Closing Comment

by:DonaldWilliams
ID: 34155842
I'd like to thank you both for the valuable information. I also have a call in with Microsoft just to confirm a few things, but I think I have a decent handle on everything now.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now