Microsoft Assessment and Planning Deep Dive Series: Part 1 - Agent-less Discovery
On a snowy, rainy Saturday afternoon, sipping a cup of my favorite latte, I decide to start the multi-part blog series of the Microsoft Assessment and Planning (MAP) Solution Accelerator that we are about to release to the web in about 4 weeks. I hope this will be useful to you as you gear up to plan for your next IT migration project.
In this Deep Dive Series, we will explore different features of the Microsoft Assessment and Planning (formerly Windows Vista Hardware Assessment) , from agent-less discovery, inventory, and readiness assessment to report generation. We will also dedicate at least a couple of posts on how to use the MAP tool to generate virtualization recommendation for server virtualization candidates and application virtualization infrastructure.
Deep Dive Series Part 1 - Computer Discovery
As you may know, understanding the IT network infrastructure from servers to desktops is KEY to success of any IT migration project. Unfortunately, not every organization has asset management and IT management software tools deployed.
What that means is that even to answer the following questions might be difficult to many of you (or at least that it would take a lot of your manual labor to find out the answers):
- How many servers and desktops do I have across my workgroups and AD-managed domains?
- Which of my existing servers are ready to migrate to Windows Server 2008 right away without much hardware upgrades?
- Which of my existing desktops can run Windows Vista as is without significant IT investments/PC refresh dollars?
- Can I virtualize some of my servers to save energy, cooling and real estate in the server room?
Clearly seeing these as major challenges, our team has decided to embark the journey to develop an agent-less infrastructure assessment platform that would allow IT professionals and Microsoft Partners/consultants like you to quickly identify and inventory the IT landscape and generate actionable recommendations and proposals for migration to Microsoft products and technologies.
For the past 2 years, we have launched 5 releases of this platform and it has now morphed into a highly scalable and multi-technology assessment platform, designed to help you accelerate the assessment and planning phases of your IT project life-cycle. From the first release called Assessment and Planning Solution (ADS) , to the recent release of Windows Vista Hardware Assessment tool (WVHA) , we have collected huge amount of feedback from IT professionals and Microsoft Partners around the world on the different important functionalities that are required to make this a powerful engine and we did.
The Microsoft Assessment and Planning solution accelerator is now considered the tool of choice for early planning or pre-sales engagement tool for key products from Microsoft including Windows Server 2008, Windows Vista, 2007 Microsoft Office and Microsoft Virtualization technologies such as Virtual Server 2005 R2, Hyper-V and Microsoft Application Virtualization (formerly SoftGrid).
How does MAP work?
Through the use of a sophisticated, agent-less and network-wide inventory engine, Microsoft Assessment and Planning will be able to discover machines on your network whether they are in workgroups or managed AD environments. By way of AD, WMI, Win32, SNMP and other protocols, we can then securely collect hardware and device attributes of each machine and auto-generate migration readiness reports in Microsoft Word and Excel for the user.
What do I mean by AGENT-LESS inventory? Simply put, it means
that you do not need to launch any software agents on any of those
machines you want this tool to inventory and query - so no more security concerns and user interruption!
The MAP operation consists of 3 major steps:
- Network Inventory
- Readiness Assessment
- Recommendation/Proposal Generation
More on Computer Discovery
In the future parts of this series, we will explain more about the last 2 processes. In the mean-time, let's go deeper on the computer inventory of this tool.
Unlike other tools in the marketplace, Microsoft Assessment and Planning does not rely on agents installed on each inventoried computer to tell the tool what each of those computers have including hardware specs, installed devices and performance data. Using a host of smart discovery methods such as:
- Active Directory Domain Services
- Win32 networking protocol
- IP range scanning and more
MAP will allow you to remotely via a SINGLE computer, securely locate computers across your AD-managed domains as well as workgroups and NT 4.0 domains.
This is really powerful because this tool does not leave ANY footprint on individual computers to be inventoried. In addition, it scales very well to 100,000 machines making it a great tool for companies from enterprises to SMB organizations.
Once the computers are found, this tool then goes through a sophisticated multi-threaded process to collect data about each computer (desktop or server depending your choice). This data collection is done through a series of secured WMI calls from the central MAP computer to those on the network.
What do I mean by SECURED WMI calls? It means that only local administrators with the right credentials of each machine can have the rights to access and inventory their own machines via this tool. Even more importantly, we do not save or, more accurately, persist the set of local machine credentials after the inventory. When you try the network inventory again next time, you'll be required to re-enter your local admin credentials. And, we're not done yet. The credentials entered are encrypted end to end from the inventory machine to the inventoried machines. So now you can rest easy!
Anything I should pay attention to about the WMI traffic coming through my firewall?
Yes, you do. The most frequently question is: What ports need to be open to allow the WMI traffic come through?
- Enable Remote Administration exception
- The "remote administration exception" needs to be enabled for computers when the Windows Firewall is enabled. This exception opens TCP port 135. If you have another host firewall installed then you will need to allow network traffic through this port.
- Enable File and Printer Sharing exception
- The "File and Printer Sharing" exception must be enabled for computers when the Windows Firewall is enabled. This exception opens TCP ports 139 and 445, and UDP ports 137 and 138. If you have another host firewall installed then you will need to allow network traffic through these ports.
How about scanning a very large network?
For environments, with more than 20,000 machines, we recommend
that you configure Microsoft Assessment and Planning in "Scale Out Mode." Scale out mode is a
configuration option with that enables you to use many machines
to inventory remote computers in parallel and store the inventory data back to
a full version of SQL Server 2005. You can follow the steps below to configure this scale out option:
- Install SQL Server 2005 using the "MAPS"
- Install Microsoft Assessment and Planning on your "Master" server
- Configure SQL Server 2005 and the "Master"
server to allow remote connections to the MAPS named instance
- Configure the "Helper" computers that will perform
inventory and store the data on the "Master" server
- Perform an inventory in Scale Out Mode
Of course, we highly recommend that you read the Getting Started Guide that came with the MAP download here (see file path):
C:\Program Files\Microsoft Assessment and Planning Solution Accelerator\Help\
If you are the "I don't need to read the manual" type people, I don't blame you either. Well, if you've already read through this post down to the end, you should be impressed by yourself.
So, why wait? Download the MAP beta tool now, kick back, relax, treat yourself a cup of latte, earl grey tea, energy drink or oolong tea, and let this solution accelerator tool does it magic for you. :-)
Baldwin Ng (email@example.com)
Microsoft Assessment and Planning Team