NLIT 2009 Microsoft Deployment Using MDT and SCCM Chad DeGuira Oak Ridge National Laboratory Information Technology Services Division Systems Management

2Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Presentation Focus Something for everyone Extension from last years presentation on MDT Deployment Benefits ORNL History and Environment ORNL Deployment Philosophies Microsoft Desktop Deployment (MDT) and System Center Configuration Manager (SCCM) at ORNL Introduction

3Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Deployment Benefits

4Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM How long does it take to deploy a computer manually? 1 hour:Backup computer 1 hour:Find and save User Data to backup location hour:Find, save, and document User Settings 1 hour: Load operating system 1 hour:Download and install latest drivers hour:Load operating system patches (Windows Updates) hour:Load all required applications hour:Load optional applications 1 hour:Restore user data and settings TOTAL = 7 hours Why is imaging and deployment so important?

5Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Questions to ask yourself: How much manual intervention does your process take at each step? What does technical knowledge cost? What is the cost of training when things change? Every time a new application, application version, OS, computer model, driver, security mechanism, etc.how do we get anything done? How often do you deploy? Why is imaging and deployment so important? (Continued)

6Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM New machines Replacing existing machines Replacement and push downs (1 new machine can mean many deployments) Decommissioning Reloading machines as a function of purpose Conference rooms, training rooms, interns, etc. Testing Environments A clean environment to test in Migration to new operating systems Support tool Fixing that needle in a haystack Refreshing Application deployment Task Sequences I need to perform 15 processes on 3000 computers. Why do we image and deploy?

7Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Capture the knowledge in one place Training requirements are simplified User Support Personnel can focus on real problems Faster migrations Disaster Recovery Improved Security due to reloading versus re-using Productivity gains using User State Migration Computer support simplification fixing needle in the haystack problems Standardization And many, many more More benefits? Think of the possibilities.

8Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM The ORNL History and Environment

9Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Approximately 10,000 machines Approximately 8,000 are Windows desktop machines All current Windows Operating Systems are supported 2500 Vista operating systems running today Managed Hardware Program ORNL loads approximately 140 machines per week using Operating System Deployment tools ORNL Computing Environment

10Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Complex Deployment Environment

18Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM ORNLs History of Imaging and Deployment

19Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Example of ORNLs (CLEAN) Deployment Wizard

28Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM The ORNL Philosophy

29Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM We never perform upgrades on computers at ORNL Increases overall support costs rather than reducing migration costs Adequate backups, User State Migration and effective application deployment compensate for not using upgrading mechanisms The ORNL Philosophy: NO Upgrades

30Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Leave it natural Perception that the image is hacked when visibly modified Dont customize look and feel items Everybody can NEVER be satisfied Standardize on the only basis pointNOTHING Simplify or prevent OOBE window popups Group Policy preferred method for modification Per user, group, machine Only exceptions are security modifications, customizations or requirements Enhancements before domain policy is applied The ORNL Philosophy: NO Operating System Tweaks

31Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM For standard users Choices are bad For technicians Choices are good Find a compromise If I can answer all the IFs, ANDs, and BUTs. If I can re-word the technical questions THEN ANYONE can do it The ORNL Philosophy: So easy the end user can do it!

32Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM How do you reduce management of image creation process? How do you improve security of images being deployed? Always have the latest Windows and application updates applied Always have the latest Virus Definitions applied The ORNL Philosophy: Image Creation Automation Create your image daily through automation!

33Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Only install drivers provided by the COMPUTER manufacturer except in severe cases Proper support from the COMPUTER manufacturer requires this Drivers are often tweaked by a COMPUTER manufacturer for their computers (although P&P IDs may be the same) SMALL Driver Pools Many SMALL pools rather than one LARGE pool MODEL then OPERATING SYSTEM then BIT (Mixing OS or BIT doesnt work) Unknown or OTHER models should not fish from the large pool either. They should get nothing ExceptionHard disk controller and network drivers OEM Applications But NO Bell and Whistle Software May provide advanced functionality for devices but typically not used by end users (Video Control Panels) Training and support (i.e. Wireless Managers) Consumes resources Can conflict with productivity applications Can cause migration issues (such as a move to Vista) Can introduce exploits The ORNL Philosophy: Manufacturer Drivers and Applications

34Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Microsoft OS Deployment Tools: Microsoft Deployment Toolkit and SCCM Operating System Deployment

35Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Lite Touch Deployment Human intervention will be required at the computer Associated with Microsoft Deployment Toolkit (MDT) Zero Touch Deployment The process does not require human touch at the computer Associated with SCCM Operating System Deployment These definitions fail to adequately or correctly define either deployment tool Zero Touch versus Lite Touch

36Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Microsoft Deployment Toolkit (MDT) Excellent GUI interface to ask questions (variables) prior to deployment Alternatively, can be fully automated during deployment if variables predefined No built in mechanism to schedule and initiate itself for deployment System Center Configuration Manager (SCCM) Operating System Deployment (OSD) Non-existent GUI interface All variables configured on SCCM prior to deployment Excellent built in scheduling and initiating of deployments MDT versus SCCM

37Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Microsoft Deployment Toolkit (MDT) Great for GUI driven installations Out-of-Box Technician installations requiring choices SCCM Operating System Deployment Great for scheduling and initiation Conference Rooms Training Room Large Migrations Deployment Tool Usage

38Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Migration of daily image creation responsibilities to SCCM More secure Integrated with current patching infrastructure Better integrated with current package infrastructure Looking at ways to create GUI for SCCM for our environment Desire to simplify to one deployment tool GUI front end is the easy part, Collection manipulation more difficult Replacing the MDT Refresh scenario with SCCM OSD Advertisements SCCM Operating System Deployment at ORNL

39Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Distribution Points for MDT for improved redundancy Task Sequences Great for complex system management To be effective, needs scheduling and initiating piece SCCM provides Reduces scripting effort Offsite computer OSD installations SCCM Operating System Deployment at ORNL

40Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Scripting

41Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Task Sequences

42Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Task Sequences

43Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Although MDT integrates into SCCM, it is not a migration, just an extension MDT can be modified to pull same SCCM packages Can be redundant as described previously ORNLs methods for driver support has been simplified to support both systems ORNL has radically modified the approach to drivers Working With MDT and SCCM Simultaneously

44Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM You will find bugs requiring fixes or workarounds Pre-execution hook versus R2 Unknown Computer Support SCCM typically requires the computer be known before security will allow OSD Task Sequences are not migratable Incredibly complex because incredibly powerful SCCM Gripes

45Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Windows 7 Dell Deployment Pack for Configuration Manager SCCM OSD GUI Microsoft Deployment 2010 Beta 2 Windows 7 RC USMT 4 SCCM Service Pack 2 Where are we going now?

46Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM Each Deployment Scenario is Unique Two main goals to balance Keep management simple Keep usability simple Deployment is a Collaborative Effort Open Forum Discussion Blogs Forums Colleagues Contact Info [email protected] Thank You! Closing

47Managed by UT-Battelle for the U.S. Department of Energy Questions or Discussion

48Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM SCCM Distribution Points Improve Redundancy

49Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM MDT is not designed to handle redundancy

50Managed by UT-Battelle for the U.S. Department of Energy Microsoft Deployment Using MDT and SCCM SCCM Distribution Points Improve MDT Redundancy

Documents

NLIT 2009 Microsoft Deployment Using MDT and SCCM Chad DeGuira Oak Ridge National Laboratory Information Technology Services Division Systems Management