Why to Use MDT and SCCM or both or why to integrate SCCM with MDT?

As usual the windows networking site posts..are “the best”.. this time for advance deployment

I am trying to summarise here..



Few points to consider…
  • You should ALWAYS use MDT (not SCCM!) for building, capturing and testing your reference images.
  • You should PROBABLY NOT use MDT ALONE if you have more than a couple of sites you need to deploy Windows to (that is, you should ALSO use SCCM in this scenario).
  • You should ALSO use WDS if you have more than a few hundred computers to deploy Windows to (that is, you could use MDT and WDS together in this scenario).
  • While you COULD use MDT WITH WDS to deploy Windows to thousands or more computers, you PROBABLY want to consider using SCCM instead for such scenarios especially when your organization spans multiple geographical locations (that is, you should use MDT, WDS and SCCM in this scenario).

OSD Comparison Matrix


Area/Feature ADS 1.1 WDS Microsoft Deployment (Lite-Touch) ConfigMgr 2007 ConfigMgr 2007 with Microsoft Deployment
OS Deployment
Architectures x86, x64 x86, x64, IA-64 x86, x64 x86, x64 x86, x64
Operating systems Windows 2000 Server and Windows Server 2003 Windows 2000 and later Windows XP and later Windows 2000 and later; WePOS & WinFLP Windows 2000 and later; WePOS & WinFLP
Client and/or server Server only Client and server Client and server Client and server Client and server
Image-based vs. setup.exe Image only Image only, except setup.exe  in RIS  mode Image and setup.exe Image and setup.exe Image and setup.exe
HAL agnostic No Yes, for Vista/WS2008 and later Yes, for Vista/WS2008 and later Yes, for Vista/WS2008 and later Yes, for Vista/WS2008 and later
Source of Configuration Data ADS database (SQL) Active Directory .INI files or SQL database ConfigMgr database (SQL) ConfigMgr database (SQL)
Automatic generation of unattend files No No Yes Yes Yes
Image Management
Format of images IMG WIM.  Also RISETUP and RIPREP in RIS mode WIM WIM WIM
Image are interchangeable across products No Yes Yes Yes Yes
Replicate images to multiple locations No Manage externally via DFSR Manage externally via DFSR Yes Yes
Binary delta replication No Manage externally via DFSR Manage externally via DFSR Yes Yes
Pre-stage to target computer before starting deployment No No No Yes Yes
Multicast image to target computers Yes Yes Yes, using WDS Yes Yes
Bandwidth management of image xfer No Yes when multicasting No Yes when pre-staging Yes when pre-staging
Reference computer build & capture Manual Manual Automated via task sequence Automated via task sequence Automated via task sequence
Device Driver Management
Insert drivers into OS image No Install fixed set of drivers via unattend.xml commands Automatic at deployment time based on PnP ID Automatic at deployment time based on PnP ID Automatic at deployment time based on PnP ID
Insert drivers into WinPE No No Admin initiated Admin initiated Admin initiated
Reporting on driver availability for devices across an organization No No No Yes Yes
Disk Management
Complex repartitioning & formatting Yes Yes Via custom diskpart scripting Yes Yes
Deploy multiple partitions and data images Yes No Yes for multiple partitions; no for data images Yes Yes
Deploy and enable BitLocker configurations No Yes, as a start-up script in the OS image Yes Yes Yes
Automate setup of RAID/SAN/iSCSI Yes, with vendor tools No Yes, with vendor tools Yes, with vendor tools Yes, with vendor tools
Virtual floppy for pre-OS hardware setup Yes No No No No
Network Management
Migrate network settings No No No Yes Yes
Network connectivity assumptions Well-connected only Well-connected only Well-connected only Well-connected or poor/intermittent connection Well-connected or poor/intermittent connection
Works for static IPs with no DHCP No Yes with bootable media Yes, except PXE Yes, except PXE Yes, except PXE
IPv4 and IPv6 IPv4 only IPv4 only Works only in IPv4 environments; can configure some IPv6 settings IPv4 and IPv6 (except PXE) IPv4 and IPv6 (except PXE)
Deployment Models
PXE initiated Yes Yes Yes Yes Yes
Removable media (CD, DVD, USB) initiated No Yes Yes Yes Yes
Client OS initiated Yes No No Yes Yes
Push/pull model Push and pull Pull only Pull only Push and pull Push and pull
End user choice of image to deploy No Yes Yes Yes Yes
Fully unattended option Yes Yes after initial PXE boot No Yes Yes
Offline deployment from media No No Yes Yes, including CD/DVD spanning Yes, including CD/DVD spanning
Deploy to unrecognized computers Yes Yes Yes Yes Yes
End-to-end process
Task sequencing Yes No Yes Yes Yes
Task sequence conditions & groups No No No Yes Yes
Task sequence parameterization (with variables) Per-computer No Yes, from rules using LTI database Per-computer and per-collection with override Per-computer and per-collection with override
Migrate user state & settings No No Yes Yes Yes
Install patches No From a file share for Vista/WS2008 and later only via built-in OS capability Yes, from file share Yes, integrated with ConfigMgr Software Update Management Yes, integrated with ConfigMgr Software Update Management
Install applications Yes Yes, via unattend.xml  or startup scripts, from file share or baked into image Yes, from file share Yes, integrated with ConfigMgr software dist Yes, integrated with ConfigMgr software dist
Install Vista/WS2008 and later language packs No Yes Yes No Yes
Install server roles (AD, File/Print, DHCP, DNS, etc.) Yes, as custom actions Yes, as start-up scripts Yes Yes Yes
Obeys maintenance windows No No No Yes Yes
Works in a NAP environment No Post-deployment actions could fail if quarantined No Yes, task sequences wait for remediation before continuing Yes, task sequences wait for remediation before continuing
Wake-on-LAN integration No No No Yes Yes
Security
Encrypts “secrets” on the network Yes No No Yes Yes
Encrypts “secrets” on the target computer Yes No No Yes, except during Vista setup phase Yes, except during Vista setup phase
Strong authorization of target computer Yes No No Yes, except for PXE Yes, except for PXE
Encrypts user state during migration No No No Yes Yes
Encrypts images on the network Yes No No Yes Yes
Password protect deployment media No No No Yes Yes
Reporting
Aggregate status of all deployments Yes Via Crimson events Yes with OpsMgr Yes Yes
Detailed status of individual computers Yes Via Crimson events Yes with OpsMgr Yes Yes
Admin UI
Central monitoring of deployments Yes Only for multicast transmissions No Yes Yes
Task sequence editor Limited No Yes Yes Yes
Sophisticated targeting No No No Yes Yes
Multiple simultaneous IT admins Yes Yes No Yes Yes
User access controls Yes No No Yes Yes
Scriptable Yes, with WMI Partial via COM+ Scriptable .Net data layer Yes, with WMI Yes, with WMI
Localized No Yes, to Windows Server languages As funded by country subs Yes, to ConfigMgr server languages Yes
Framework technology MMC 2.0 MMC 2.0 MMC 3.0 MMC 3.0 MMC 3.0



For the above table summary would be …
  • Replication (MDT requires DFSR)
  • Multicast deployment (MDT requires WDS)
  • Bandwidth management of image transfer (not available with MDT but available with SCCM for pre-staging)
  • Reporting on driver availability for devices across an organization (not available with MDT)
  • Complex repartitioning and formatting of disks (requires custom diskpart scripting with MDT)
  • Network connectivity assumptions (MDT requires well-connected network while SCCM tolerates poor/intermittent connections)
  • Client OS initiated deployment and fully unattended option (not available with MDT)
  • Push/pull model (MDT supports pull only while SCCM supports both push and pull deployments)
  • Offline deployment from media (SCCM also supports CD/DVD spanning)
  • Security (SCCM supports encryption and password protection)

To answer the question of WHY you should use MDT and SCCM TOGETHER for your Windows deployments


quick summary:
  • Wizard to create all needed packages (USMT, scripts, client, OS, etc.) and task sequences from MDT templates.
  • Wizard to create new boot images (adding optional components, fonts, fixes, etc.).
  • Ability to dynamically determine user state location (local or network) based on estimate of USMT capture size.
  • Ability to modify any unattend.xml/sysprep.inf/unattend.txt value using task sequence variable values.
  • Task sequence templates that cover all scenarios from a single template: new computers, refreshes, replacements, with any OSes.
  • Ability to back up the computer as a WIM during backup (local or network based on available disk space).
  • Additional validation, prerequisite, and BIOS compatibility checks (e.g. don’t deploy Vista to a domain controller; make sure machines have more than 512MB RAM; etc.).
  • Capture and restore local group memberships.
  • Tattoo task sequence details into the registry and capture via ConfigMgr inventory for reporting purposes.
  • Move state store to a safe location before the task sequence ends.
  • Copy logs to a network location.
  • Scripting framework to make it easier to add additional scripts into a task sequence (“toolkit package”).
  • Action to install software updates offline for Vista and Server 2008.
  • Action to install language packs offline or online for Vista and Server 2008.
  • Action to install OS roles and features on Server 2003 and Server 2008.
  • Action to configure ADDS (DCPROMO) on Server 2003 and Server 2008.
  • Action to configure DHCP on Server 2003 and Server 2008.
  • Action to configure DNS on Server 2003 and Server 2008.
  • Unknown computer support for pre-ConfigMgr R2 installations.
  • Gathering process to set various variables based on information about the machine, retrieved from WMI and other sources.
  • Rules engine to set variables from databases, web services, etc.
  • A database for configuring location, make/model, role, and computer-based settings.
  • Stored procedure for reinstalling software packages that were installed in the old OS, based on ConfigMgr inventory details.
  • Script to merge disconnected lists (ZTICoalesce) to solve some issues with using collection and computer variables.
  • Script to enable all programs for dynamic installation via “install software” task sequence step.
Few More points on…ZTI

ZTI…(Zero Touch Installation) is a high-volume deployment strategy for midsize to large organizations that combines the use of MDT with System Center Configuration Manager (SCCM), which is part of the System Center family of products from Microsoft.  Compared to the LTI approach that uses MDT with Windows Deployment Services, the ZTI approach to deployment using SCCM provides the following additional benefits:

  • Support for replication. (MDT requires using Distributed File System Replication.)
  • Support for performing multicast deployment. (MDT requires using Windows Deployment Services.)
  • Support for the bandwidth management of image transfers.
  • Support for reporting on driver availability for devices across your organization.
  • Support for complex repartitioning schemes and the formatting of disks. (This can also be done using MDT, but it requires custom scripting using Diskpart.)
  • Tolerance of poor or intermittent network connectivity.
  • Support for client operating system–initiated deployment.
  • Support for fully unattended deployment.
  • Support for offline deployment from media and CD/DVD spanning.
  • Support for encryption and password protection.
 The biggest value of all of using SCCM together with MDT is that not only can you easily deploy Windows across your organization with no user interaction needed but you can also manage your computers using SCCM once you’ve deployed Windows onto them.

Of course, the downside is that the initial setup and configuration of your SCCM infrastructure takes some time, planning and expertise (plus licensing costs). But once you’ve got this up-front investment finished, deploying and managing Windows-based computers is straightforward.



Leave a Comment