Unified device management_the_royal_albert_hall_v4_public

Preview:

Citation preview

Unified Device Management

Herman Arnedo Mahr Business Unit Manager - System CenterSystem Professional - UK@hermanarnedo

What is System Center ?

?

Service ManagementProvisioningConfigurationMonitoring ProtectionAutomation

Service Managemen

t

Provisioning

ConfigurationMonitoring

Protection

Automation

Managing & automating the private cloud / datacenter

Service ManagerOrchestrator

App Controller

Endpoint protection

HybridCloud

PrivateCloud

System Center Time Line

07-NOV- 1994?

How do I keep users productive whilst protecting company information?

AppsUsers

DataDevices

What we want

Reality

Unify Enable

Protect

Mobile Device Management

Unify your environment

On-premises and cloud-based management of devices within a single console.

Simplified, user-centric application management across devices

Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles

Enable users

Access to company resources consistently across devices

Simplified registration and enrollment of devices

Synchronized corporate data

Protect your data

Protect corporate information by selectively wiping apps and data from retired/lost devices

A common identity for accessing resources on-premises and in the cloud

Identify which mobile devices have been compromised

One solution for multiple platforms!

Herman ♥ SCCM

Unified Device Management

IT

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows 8 RTWindows 8.1

Windows Phone 8.xiOS, Android

Single AdminConsole

Domain joined PCs

Mobile devices

BYOD

Overview of Configuration Manager

Deploying and Managing Applications

Deploying an Application to a User or a Device

• If you deploy an application to users, the application shortcuts are only created for the targeted users, regardless of who logs onto the system

• If you deploy the application to a system, the application is installed for all users of the system

You can deploy applications to users or devices

What Are Deployment Types?A deployment type contains information about the files, commands, and programs used to install software by using a particular method or command. The Create Deployment Type Wizard provides you with the following settings:

What Is a Detection Method?

Detection rules:• Perform evaluation

before content is requested

• Can examine the registry, file system, and Windows Installer database or use a custom script

• Are evaluated when an application is deployed and periodically thereafter to detect missing applications

A procedure that enables the deployment process to determine whether an application is present on a system

What Are Dependencies?• Dependencies are defined on a deployment type

• Dependencies allow you to ensure that application requirements can be enforced or remediated

• Dependencies define the application deployment types that must be installed before the deployed deployment type can be installed

• After the dependencies are fulfilled, the application will install

• Dependent applications can be configured to install automatically

What Are Requirements?• Requirements specify

the conditions that must be met before an application can be installed

• Requirements are defined in a deployment type

• When a deployment type is evaluated, the requirement must be satisfied for that deployment type to apply

• Requirements can be created for reasons such as:• Hardware

requirements• Users primary

device

Meets requirements?

How User Device Affinity Affects Deployments • User device affinity allows a user to

be associated with a device• Users can have an affinity with

multiple devices• User device affinity can be a

requirement in an application so that applications are installed automatically on users’ systems if the systems meet any other requirements

• When a user accesses a device without an affinity relationship:• Applications could be configured not

to install• Applications could use a different

deployment type such as deploying a virtualized application

What Is Software Center?

Software Center is the users’ default interface for managing software deployments

Application Catalog Web Site

The End User Experience Family

What Is Application Supersedence? • You use application

supersedence to specify an upgrade path for applications

• When you configure application supersedence, the old application is no longer available

• You can leave the old application on the system, upgrade it, or completely uninstall it

• You can view the relationships with the View Relationships button on the ribbon

Uninstalling Applications• You can uninstall an application by creating a deployment with the uninstall action

• An uninstall will not execute if the client is the target of a deployment with the install action

What Is Application Revision History?

• You can view a previous version by using the View button

• You can restore previous versions of an application if you need to; restoring a previous version creates a new revision of the application

Whenever an application is modified, Configuration Manager tracks the changes and stores them in the Configuration Manager database

Hardware and Software Inventory

Software Metering

Patch Management

What about SUM*?

*Software Update Management

Determining Systems to UpdateTypes of systems to update include:

Physical Desktops and Servers Virtual Desktops and Servers

Stored Images and Virtual Machine Templates

Manual Deployment of Software Updates

1. Create a software update group:• Add required software updates

2. Create and distribute deployment packages:• Start the Download Software Updates Wizard• Specify the package source and download location of the software

updates• Specify distribution points

3. Deploy the software update group:• Start the Deploy Software Updates Wizard• Specify the target collection• Select whether the update is required or available• Specify the deployment schedule and user experience

What Are Automatic Deployment Rules?

Automatic Deployment Rules automate:• Selecting specific software updates based upon criteria• Creating a software update group containing the list of updates• Downloading the update content to a deployment package• Distributing the deployment package• Deploying the software updates to clients

Software Update Reports

Report categories related to software updates include:• Software Updates – A Compliance• Software Updates – B Deployment Management• Software Updates – C Deployment States• Software Updates – D Scan• Software Updates – E Troubleshooting

Extended functionality with Partner solutions

25% of all OpsMgr installations monitor

Linux and UNIX computers

Microsoft

Clouds Linux

Endpoint Protection

System Center 2012 Endpoint Protection Architecture

Management Point

Configuration Manager Site Server

Software Update Point

Endpoint Protection point

Managed clients run Endpoint Protection agent

Clients report back scan status

Endpoint Protection

deploymentEndpoint Protection operationsEndpoint

Protection policy

Endpoint Protection policies, firewall and antimalware definition files

Definition files

Device Compliance

Security and ComplianceSettings Management

ConfigMgr MP Baseline ConfigMgr Agent

WMI XML

Registry IISMSI

Script SQL

SoftwareUpdates

File

ActiveDirectory

Baseline Configuration Items

Auto RemediateOR

Create Alert (to Service Manager)

!

Improved functionalityCopy settingsTrigger console alertsRicher reporting

Enhanced versioning and audit trackingAbility to specify versions to be used in baselinesAudit tracking includes who changed what

Pre-built industry standard baseline templates through IT Governance, Risk & Compliance(GRC) Solution Accelerator

Assignment to collections Baseline drift

VPN Profile Management

Support for major SSL VPN vendors

DNS name-based initiation support for Windows 8.1 and iOSApplication ID based initiation support for Windows 8.1

Automatic VPN connection

Support for VPN standards

SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows Windows RT VPN plug-in

PPTP ,L2TP, IKEv2

Wi-Fi and Certificate Profiles

Wi-Fi settings Manage and distribute certificatesDeploy trusted root certificates

Support for Security Center Endpoint Protection(SCEP) protocol

Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connectSpecify certificate to be used for Wi-Fi connection

Power Management

Benefits of Implementing Power Management

• The power management feature provides a centralized, enterprise-wide power management solution • The benefits of the power management feature include:• Reducing energy costs• Performing off-hour maintenance tasks efficiently• Minimizing the carbon footprint on the environment• Maximizing energy and utility rebates

Power Management Plan Settings

Default power plans include: • Balanced • High Performance • Power Saver • Customized

Power Management Reports

Power Management Reports

Remote Control

Administering a Client Computer Remotely by Using Remote Control ViewerMethods include:

• Configuration Manager console • Remote Control Viewer Start menu item • CmRcViewer.exe

Auditing Remote Access

Report Description

Remote Control –

All computers remote controlled by a specific user

Summary of status messages indicating remote control of client computers by a single specified user

Remote Control –

All remote control information

Summary of status messages indicating remote control of client computers

Operating System Deployment

What Is Operating System Deployment?

Drivers

Drivers Packages

Images

Task Sequence Editor

Operating System Deployment Scenarios

#1 Refresh

#2 Replace

#3 In-Place Upgrade

#4 New Computer

What Is User State Migration?A user state migration captures all of the custom settings on source computers and restores these settings on destination computers

Replace Refresh

Maintaining Updates for System Images

Use the Update Operating System Image Wizard to schedule updates to keep the images in your .wim file updated and current

Do you love ♥ SCCM / Intune?

Yes Congrats! You can have a free drink

No

Any plans for tonight?

Follow me @hermanarnedo

Recommended