Embed Size (px)
Citation preview
Microsoft System Center 2012 Configuration Manager Overview
Wally MeadSenior Program ManagerMicrosoft Corporation
Mark FloridaPrincipal Program Manager LeadMicrosoft Corporation
MGT309
2003
20122012
2011
2007
1999 SMS 2.0
1994SMS 1.0
Evolution of Microsoft Client Management
Client Management Infancy (NT Domain) Groups Model Comprehensive
Management
Laptops, Servers,
Enterprise Scale
Consumerization of IT
Management from the
Cloud
I want to connect to people and be productive anywhere, anytime
Security and AccessHow can IT provide access to apps and data while maintaining security?
How can IT support and manage all those devices?
I want to use the device I prefer
Challenges to Enabling Consumerization
Management of diverse devices
Secure, anywhere access to apps & data
Application Experience
Devices User Corporate
Consumer
Infrastructure Considerations
System Center 2012 Configuration Manager
Empower Users
Empower people to be more productive
from almost anywhere on almost
any device.
Simplify Administration
Improve IT effectiveness and efficiency.
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Empower Users
Empower people to be more productive from anywhere on
any device.
Application DeliveryMobile Device Management
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Simplify Administration
Improve IT effectiveness and efficiency.
User-centric Application DeliveryAdministrator
Empower
Delivery Evaluation Criteria• User• Device type• Network connection
User/Device RelationshipsPrimary Devices• MSI• App-VNon-primary Devices• VDI• Presentation Server• Remote Desktop
• Deliver best user experience on each device• Define application once
< >
Windows Embedded
Application “Package”
User-centric Application DeliveryNew Application Model
Keep your apps organized and managed
App-V
Windows Script
CAB
Windows Installer
Empower
General InformationAdministrator Properties
End User Metadata The “friendly” information for your users (appears in Catalog)
Is app installed?
Deployment TypeDetection Method
Install Command
Requirement Rules
Dependencies
Supersedence
Command line and options
Can/cannot install app
Apps that must be present
Application version control
< >
User-centric Application DeliveryEnd User Self-service
IT
Empower
Administrators publish software titles to catalog, complete with meta data to enable search• Deliver best user experience
on each device
Users can browse, select and install directly from Catalog• Application model determines
format and policies for deliveryUse
r
Management for all Exchange ActiveSync (EAS) connected devices
• EAS-based policy delivery• Discovery and inventory• Settings policy• Remote Wipe
Empower
7
Mobile Device Management
People-Centric Software Distribution
DEMO
Upcoming Enhancements in SP1Platform Support:
Windows 8Windows 8 tablet (Intel SoC) supportMac OS XLinux and Unix
Operating System Deployment: Windows To Go supportApplication Delivery:
Metro style applicationsDeep link applicationsNetwork cost support
Empower
Linux & UNIX: Supported Operating Systems
• Version 5.3 (Power)• Version 6.1 (Power)• Version 7.1 (Power)
AIX
• Version 11iv2 (PA-RISC/IA64)• Version 11iv3 (PA-RISC/IA64)HP-UX
• Version 4 (x86/x64)• Version 5 (x86/x64)• Version 6 (x86/x64)
Red Hat Enterprise
Linux
• Version 9 (SPARC)• Version 10 (SPARC/x86)• Version 11 (SPARC/x86)
Solaris
• Version 9 (x86)• Version 10 SP1 (x86/x64)• Version 11 (x86/x64)
SUSE Linux Enterprise
Server
• Supported OS’s across both: • Configuration Manager• Operations Manager
• Newer versions of operating systems will be supported within 180 days of release
• Old versions will be supported as long as vendor provides support
• Broader Linux distro support being evaluated for future releases
Linux & UNIX: FeaturesHardware Inventory:
16 core classes viewable through Resource Explorer Extensible model – supports custom classes and pluggable providersARP shows all native installed software (e.g. rpm’s or pkg’s)Create collections of Linux/UNIX computers
Software DeploymentUsing the Package and Program modelDeploy/patch software, deploy OS patches and run maintenance scripts that target a collection
Secure and Authenticated communications
Consolidated reports
Metro Style Applications and MAC OS X Software Distribution
DEMO
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Reduced Infrastructure RequirementsUnified Management of Virtual Clients
Endpoint Protection
Software Update ManagementCompliance & Settings Management
Power Management
Internet-based Client Management
Reduced Infrastructure Requirements Unify
Central Administration Site• Central primary site
administration • Reporting
Primary Sites• Client management and settings • Delegated administration
Secondary Sites• Content routing• Distributions points
Central Administration
Site
Primary Site Primary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
CONNECTION BROKER
Unified Management of Virtual Clients
User-centric application delivery through App-V or Citrix XenApp.
Single admin experience for managing physical and virtual desktops. Integrates with RDS and XenDesktop. • Recognizes pooled and personal virtual
desktops • Randomizes tasks
Unify
HYPER-V
CONFIGMGRDP/MP
APP-VSEQUENCER
Security and ComplianceEndpoint Protection
Unified Infrastructure• Simplified server
and client deployment• Streamlined updates• Consolidated reporting
Comprehensive Protection Stack• Behavior monitoring• Antimalware• Dynamic Translation• Windows and Firewall
Management
Unify
Security and ComplianceSoftware Update
CAS
Primary SiteMP Role
Primary SiteDP Role
Assigns policy to scan for update status or to deploy update
Distributes updates Reports
compliance
Microsoft Update
Primary SiteSUP Role/WSUS
Unify
Identifies who needs updates and reports on complianceDownloads
updates
Auto Deployment• Faster deployment through search• Schedule content download and
deployment to avoid reboot during work hours
State-based Updates• Allows individual
or group deployment• Updates added to groups auto
deploy to targeted collections
Optimized for New Content Model• Reduce replication and storage• Expired updates and content
deleted
ConfigMgr MP
Security and ComplianceSettings Management
Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
SoftwareUpdatesFile
ActiveDirectory
Baseline Configuration Items
Auto RemediateOR
Create Alert (to Service Manager)!
Unify
Improved functionality• Copy settings• Trigger console alerts• Richer reporting
Enhanced versioning and audit tracking• Ability to specify versions to be used in baselines• Audit tracking includes who changed what
Pre-built industry standard baseline templates through IT GRC Solution Accelerator
Assignment to collections Baseline drift
Week 1: Monitor•Enable client management agent•Begin monitoring usage and activity
Power Management
Non-Peak & Peak
Week 2: Plan•Continue monitoring on usage and activity•Begin to develop Power Plan•VM awareness (new compared to 2007)•Copy power policies (new compared to 2007)Mid-Month:•Power Plan has been confirmed
Week 3: Apply Power policy•Begin applying Power Plan•End user opt-out (new compared to 2007)
Week 4: Compliance & Analyze•Review before and after usage and activity•Determine savings in Kwh and Co2 saved
Unify
Internet-based Client Management
PR1
MP DP
MP
DP
Non PKI enabled site system
PKI enabled site system
Unify
Intranet Internet Reduced Complexity• Single Primary site can manage both
Intranet clients (over HTTP) and Internet clients (over HTTPS)
Flexibility• Primary sites can be configured to either
support only HTTPS roles or both HTTP and HTTPS site roles
Reliability• Intelligent client behavior enables client to
communicate using the most secure option available
• Tighter security enforcement by only allowing clients with Enterprise-issued certificates to communicate with the ConfigMgr roles
Settings Management
DEMO
Upcoming Enhancements in SP1Flexible hierarchy management:
Ability to add a new Central Administration SiteMigration between ConfigMgr 2012 hierarchies
Hierarchy easier to control:When: Schedule replication for a given linkWhat: SQL Server distributed viewsHow much: Compression for SQL Server data
Setting Management: User Profile and Data ManagementClient Side CachingRoaming User ProfilesFolder Redirection
Unify
Flexible Hierarchy Management
Primary Site
Houston Primary Site10,000 Clients
Central Administration Site
What’s new in SP1
Scenario 1: Hierarchy Expansion Must be a
new installation
Scenario 2:Merger
Primary Site
Miami Primary Site5,000 Clients
Migration
Simplify Administration
Improve IT effectiveness and efficiency.
Modern GUI
Role-based Administration
Operating System Deployment
Asset Intelligence
Client Health
Remote Control
Modern GUI Simplify
• Intuitive ribbon interface• In-console alerts• Global search capability• New collection membership
rules allow better filtering of members
Role Based Administration
Functionality ConfigMgr 2007 ConfigMgr 2012What types of objects can I see and what can I do to them?
Class rights Security roles
Which instances can I see and interact with?
Object instance permissions Security scopes
Which resources can I interact with?
Site specific resource permissions Collection limiting
Simplify
Meg- WW Central System Administrator
Louis-Software Update Manager for France
Bob- US & France Security Admin
• Can see & update “France” desktops
• Cannot modify security settings on “France” desktops
• Cannot see “All Systems” or “U.S.” desktops
• Can see & modify security settings on “France” and “U.S.” desktops
• Cannot update “France” or “U.S.” desktops
• Cannot see “All Systems”
Map the organizational roles of your administrators to defined security roles
• Security organization role• Geography
Reduces error, defines span of control for the organization
Role Based Administration
DEMO
CAS
Primary SiteMP Role
Primary Site
DP Role
Image Task Sequence
Report
WDS PXE Server
Simplify
Multiple Deployment Method Support• PXE initiated deployment allows
client computers to request deployment over the network
• Multi-cast deployment to conserve network bandwidth
• Stand-alone media deployment for no network connectivity or low bandwidth
• Pre-staged media deployment allows you to deploy an operating system to a computer that is not fully provisioned
USMT 4.0 UI integration makes it easier transfer files and user settings from one machine to another
Operating System Deployment
BitLocker changes:TPM and PINUsed Space BitLocker
Prestage media now supports additional content types:
Before: WIMNow: WIM, Applications, Drivers, Package/Programs
What’s new in SP1Operating System Deployment
Client Activity and Health Simplify
• In-console view of client health• Threshold-based console alerts• Heartbeat DDRs• HW/SW inventory and status• Remediation (same as Setting
Mgmt)
Asset Intelligence, Inventory, and Software Metering
Software Metering & License Reports Asset Intelligence Service
Asset Intelligence Catalog
Real-time Applicationand Hardware Intelligence
Consolidated/simplified reporting that allows you to • Understand software installation profiles• Plan for hardware upgrades• Identify over or under licensing issues• Track custom apps or groups of titles
ConfigMgr Inventory
Simplify
Remote ControlWhat's New in Remote Control
Ability to send Ctrl-Alt-Del keystroke to host deviceGranular client settings per collectionLock keyboard and MouseAbility to create Firewall exception ruleCcmeval monitors and remediates Remote Control Service
Simplify
PowerShellPowerShell ProviderCmdlets:
Scope: Tasks exposed in the Administration ConsoleHow:
Suitable experience for administrator (not the SDK)Align with PowerShell general conventions
What’s new in SP1
Migration From Configmgr 2007 To 2012
Assist with Migration of Objects
Assist with Migration of Clients
Minimize WAN impactMaximize Re-usability of x64 Server
HardwareAssist with Flattening of Hierarchy
Built-in Migration FeatureMigration Job Types:
Object Migration (Collections, software distribution packages, boundaries, metering rules etc.)Collection based Migration (Select a collection and migrate associated objects)
Content functionality:Re-use of existing ConfigMgr 2007 content (Distribution Point sharing)Distribution Point upgrade
Import of ConfigMgr 2007 inventory MOF files
Prepare For Configuration Manager 2012Flatten hierarchy where possiblePlan for Windows Server 2008, SQL 2008, and 64-bitStart implementing BranchCache™ with Configuration Manager 2007 SP2Move from web reporting to SQL Reporting ServicesAvoid mixing user and devices in collection definitionsUse UNC (\\server\myapp\myapp.msi) in package source path instead of local path (d:\myapp)
SummaryEm
powe
rUn
ifySi
mpl
ify
Role-based Administration
Internet-based Client Management
Power Management
Software Update Management
Reduced Infrastructure Requirements
Mobile Device Management
Application Delivery
Compliance & Settings Management
Endpoint Protection
Unified Management of Virtual Clients
Operating System DeploymentAsset Intelligence, Client Health, and Inventory
End user platform support
Application Delivery 2007 R3Device Centric
MDM licensing
2012User Centric
Integrated
Windows and EAS
New
Improved
Integrated
Auto Remediation
Improved
New
2012 SP1Metro style
Windows 8,Mac,LinuxFlexible hierarchies
Real-time actionsUser Profile and DataImproved
Improved
Related ContentBreakout Sessions
MGT310 | Microsoft System Center 2012 Endpoint Protection OverviewMGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical OverviewMGT312 | Deep Application Management with Microsoft System Center 2012 Configuration ManagerMGT313 | Microsoft System Center 2012 Configuration Manager: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration ManagerWCL388 | Client Management Scenarios in the Windows 8 Timeframe
Related ContentHands-on Labs:
MGT23-HOL | Deploying Windows 7 to Bare Metal Systems with Microsoft System Center 2012 Configuration ManagerMGT24-HOL | Implementing Endpoint Protection 2012 in Microsoft System Center 2012 Configuration ManagerMGT12-HOL | Compliance and Settings Management in Microsoft System Center 2012 Configuration ManagerMGT25-HOL | Deep Dive: Microsoft System Center 2012 Configuration Manager SQL Replication LabsMGT21-HOL | Basic Software Distribution in Microsoft System Center 2012 Configuration ManagerMGT16-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to System Center 2012 Configuration ManagerMGT14-HOL | Implementing Role Based Administration in Microsoft System Center 2012 Configuration ManagerMGT15-HOL | Deploying a Microsoft System Center 2012 Configuration Manager HierarchyMGT11-HOL | Introduction to Microsoft System Center 2012 Configuration Manager
Resources
Connect. Share. Discuss.http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resourceswww.microsoft.com/learning
TechNet
Resources for IT Professionalshttp://microsoft.com/technet
Resources for Developershttp://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
MS Tag
Scan the Tagto evaluate thissession now onmyTechEd Mobile
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
