How to Manage Linux Clients with SCCM

System Center Logo

System Center Configuration Manager 2012 added support to manage a range of *nix based machines which is rather handy if you want to keep under control any *nix machine deployed in your infrastructure, once you install the SCCM Linux client on a machine the following features will be available:

  • Hardware Inventory
  • Software Inventory (via Software Inventory)
  • Software Distribution
  • Endpoint Protection
  • SCCM Reporting
  • Maintenance Windows (useful when the machines are monitored via SCOM and to deploy software on the client)

While software updates are not natively supported you can extend SCCM through third-party add-ons or write your own scripts deployed through software distribution which will take care of updating the Linux OS.

SCCM Linux Client Architecture

Before moving to the actual SCCM Linux Client installation I would like to spend a few words on the client’s architecture and how this interact with the Linux OS as while how this happens in the Windows world is probably clear the same does not hold true for *nix machines, so let’s have a look at an image courtesy of Technet:

SCCM Linux Client Architecture

As you can see in the image above in addition to installing the SCCM Linux client itself the installation package will also deploy something called OMI which is the Linux equivalent of WMI in the Windows world together with a bunch of providers that are used by the client to gather information that will be reported back the Management Point server, all communications will happen via either HTTP or HTTPS depending on your site configuration, of course SMB is not an option in this case.

As every *nix OS can be architecturally different in terms of features or characteristics Microsoft build up different SCCM Client packages for the different OSes which can be downloaded from here. If you want to know which *nix OSes are supported you can refer to this article on Technet , throughout the article I will be using a CentOS 7 machine for the purpose of demonstrating the installation but using different distribution will not be much different.

Last but not least it has to be noted that while SCCM will treat any *nix machine as a Workgroup automatic client deployment will not be available so you will have to either install manually or use custom scripts to deploy the client.

SCCM Linux Client Installation

The first logical step in deploying the Linux SCCM client is of course downloading it, as I wrote Microsoft released multiple clients for the various *nix OSes supported which can be downloaded from this link, extract the exe content to a location of your choice and transfer the package to the Linux machine where the SCCM client will be installed (I personally used SCP via cygwin but an NFS/Samba share or FTP will do equally well):

SCCM Linux Client Transfer

SCCM Linux Client Packages

Once you’ve transferred the needed packages, I’ve just transferred everything to be quicker, you can use the supplied install bash script which has the following syntax:

# SCCM Linux Client installation script syntax

./install -mp   -sitecode

The scripts support multiple command line arguments and describing them here would impractical but you can find a full reference here. Below you can see a screenshot of the command I’ve used to install the Linux SCCM Client in my lab environment:

SCCM Linux Client Install

As you can see the installation process is completely automated and no interaction from your side is generally needed, there are parameters that can be modified to, for example, change logging level but I’ll leave that for another post.

Once the Linux SCCM client is installed the machine will appear in the SCCM Console in the All Systems default collection as Client Not Approved all you have to do is to manually approve the client so that it can start communicating with the SCCM Server:

SCCM Linux Client Approaval

SCCM Linux Client Confirm

Once you have approved the new client you can force a policy refresh and hardware inventory cycle with the following commands:

# Force policy refresh for a SCCM Linux client

/opt/microsoft/configmgr/bin/ccmexec -rs policy

# Once Policy refresh is comeplted force a hardware inventory

/opt/microsoft/configmgr/bin/ccmexec -rs hinv

You can even check the SCCM client activity log with the following command:

# Check SCCM Linux Client Log file

tailf /var/opt/microsoft/scxcm.log

# If your system does not have the tailf alias use

tail -f /var/opt/microsoft/scxcm.log

Once the Hardware Inventory cycle is complete you can start Resource Explorer from the SCCM Administration console and data gathered from the client:

SCCM Linux Client HW Inventory

As you can see managing Windows and Linux SCCM clients is not that different, probably you are wondering why you should care about *nix machines in your role as SCCM administrator, I know for experience that even in most Microsoft centric environment there are more often than not AIX or Linux machines lying around while these machines are probably managed by a dedicated team, or that mythological “admin” that nobody ever meet but you know is hiding somewhere, being able to manage all systems through a single pane of glass is a big advantage.

In a future post I will dig deeper into customizing inventory and how to distribute software to Linux clients like, for example, scripts that will carry on tasks like updates deployment.

I hope you enjoyed the post if so please take a second to leave me a comment or share it with your social network.

Advertisements

2 thoughts on “How to Manage Linux Clients with SCCM

  1. Hey I like your example how to install the SCCM client on RHEL. when you installed
    ./install -mp -sitecode

    Have you encountered the following error during installation? it seems to be happen to some people.

    sed: can’t read /opt/microsoft/configmgr/bin/reset_policy.sh: No such file or directory
    sed: can’t read /opt/microsoft/configmgr/bin/reset_hinv.sh: No such file or directory
    Starting Configuration Manager…
    Installation complete.

    Like

    1. Hey Mighty,

      yes that error is displayed but is not terminal so you can simply ignore it, I think the installer package tries to run the files through sed before they’re actually created as if you look into /opt/ you’ll see files (which are bash scripts used to refresh hardware inventory and reset policies) are indeed there.

      I have just reproduced this in the lab and can confirm the message is displayed on a CentOS6 machine but apart from this I could not find any other issue.

      Are you facing a specific error or strange behavior?

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s