Where should SCCM be installed in a small system?

hyper-v windows-server-2012-r2 sccm sccm-2012-r2

Solution 1:

OK. It sounds like you are working with a pretty small environment. You might want to reconsider whether or not SCCM is an appropriately size toolset. Take a look at my answer to Is SCCM overkill for medium-sized organizations? and give it it some thought. You might be happier with Windows InTune or a smaller, less complex, less featureful endpoint management system.

I'm guessing that means it is not advisable to put SCCM on the host either.

Correctomundo! See the below reasoning which I pulled directly from the Windows Server 2012 Hyper-V Best Practices which I recommend you review along with Aidan Finn's Recommended Practices For Hyper-V.


Do not install any other Roles on a host besides the Hyper-V role and the Remote Desktop Services roles (if VDI will be used on the host).

When the Hyper-V role is installed, the host OS becomes the "Parent Partition" (a quasi-virtual machine), and the Hypervisor partition is placed between the parent partition and the hardware. As a result, it is not recommended to install additional (non-Hyper-V and/or VDI related) roles


You want your Hyper-V Host to be as clean and as simply configured as possible. It is highly recommended to not install other applications or roles onto your Hyper-V host, especially one as complex as ConfigMgr.


is it OK to have [SCCM] on the VM DC?

Nope! SCCM is complex and somewhat fidgety application. In order to install it you will need a whole bunch of prerequisites, not limited too IIS, Reporting Services, MS SQL, and WSUS. For such as small Site you would co-mingled these services and Site Rolls on a single server, your Domain Controller, which also happens to run a complex and somewhat fidgety application. I highly recommend you do not do this.

Take a look at can domain controllers also serve other functions?. It used to be fairly common to deploy a single physical server that had ADDS, DNS, DHCP, File and Print Roles all co-mingled. However, with the prevalence and low cost of virtualization in the Microsoft ecosystem it is becoming more common to deploy your domain controllers in single-purpose virtual machines to avoid problems and isolate them if they occur.

As an aside, note I said "domain controllers". You will want at least two Domain Controllers, one of which is a physical standalone machine if you plan on clustering your Hyper-V hosts. You should always have two domain controllers (see: Risks of having only one domain controller?). Furthermore you should pay particular attention to the caveats of running virtualized domain controllers, especially things like cloning and time synchronization.

I don't want to use up licenses too quickly

Yep. I understand that, but please consider some of the technical limitations and dangers you might find yourself in down the road. A datacenter license of Windows Server looks like mighty affordable if SCCM has exploded your site's only domain controller.

Related

MySQL 500% CPU Usage and Crashes Server
Resize RAID partition with GPT partition layout, without LVM
OpenDMARC with multiple MX: correct setup for trust between servers
Setting up Elastic Beanstalk application with HTTPS
Are Dell PowerVault MD3200 EMMs compatible with the MD1200 chassis/midplane?
How can I generate and use a third-party certificate on a Remote Desktop Server?
Finding local IP addresses using Python's stdlib under Debian jessie
IP Address is very slow compared to loopback address
Write permission to a specific file without changing ownership
Is it possible (how?) to Route incoming UDP packets with one target IP to a destination IP that is resolved through a DNS query for a static URL?
What exactly does nfs4_disable_idmapping parameter do?
sshd: logging client's public key