It is not always easy to divide Low-level Design and High-Level Design. How to differentiate between high-level and low-level design depends on the entity that we refer to. When we need to design our cloud then high-level decision could be for example choice of the technology that makes our SQL Servers highly-available. But when we talk about our business or company (the entity) then SQL Servers are in Low-level Design category. This means that following division to High-level Design and Low-level Design are only within our entity.
As I wrote in the first article we will not speak about the high-level design because we cannot do any high-level design in our simple environment that is not modeled according needs of the business. I will just point you to a few important questions that you should ask during low-level design of your environment.
Questions you need to ask
Group Managed Service Accounts
Unfortunately it is not possible to use Group Managed Service Accounts (gMSA) introduced in Microsoft Windows Server 2012. System Center Unified Installer do not allow to set accounts without passwords and it is not possible to change service account for System Center Virtual Machine Manager after installation. That is mean that it is possible to use gMSA for some System Center products (for example it is well documented how to use gMSA for Orchestrator) but from my point of view there are not too much reasons to use gMSA when you cannot use it for all System Center products.
Container in Active Directory for Virtual Machine Manager
For the not clustered deployment of the VMM you can choose to store encryption keys on a local server or use configure distributed key management that require container in the AD. The clustered deployment of the VMM require distributed key management because the cluster nodes needs a central store for the keys.
Distributed key management is preferred even for the not clustered deployment because in the case you install VMM on a new server without encryption keys you will have to correct a lot of VMM objects (Run As account credentials, passwords and product keys) and that could have serious impact on your business.
Extend the Active Directory Schema for Configuration Manager
When you extend the AD schema for Configuration Manager you can publish site information to AD. The extension is not required but after extension you will be able easily use all Configuration Manager features.