Embed Size (px)
Citation preview
Unified Device Management
Herman Arnedo Mahr Business Unit Manager - System CenterSystem Professional - UK@hermanarnedo
What is System Center ?
?
Service ManagementProvisioningConfigurationMonitoring ProtectionAutomation
Service Managemen
t
Provisioning
ConfigurationMonitoring
Protection
Automation
Managing & automating the private cloud / datacenter
Service ManagerOrchestrator
App Controller
Endpoint protection
HybridCloud
PrivateCloud
System Center Time Line
07-NOV- 1994?
How do I keep users productive whilst protecting company information?
AppsUsers
DataDevices
What we want
Reality
Unify Enable
Protect
Mobile Device Management
Unify your environment
On-premises and cloud-based management of devices within a single console.
Simplified, user-centric application management across devices
Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles
Enable users
Access to company resources consistently across devices
Simplified registration and enrollment of devices
Synchronized corporate data
Protect your data
Protect corporate information by selectively wiping apps and data from retired/lost devices
A common identity for accessing resources on-premises and in the cloud
Identify which mobile devices have been compromised
√
One solution for multiple platforms!
Herman ♥ SCCM
Unified Device Management
IT
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows 8 RTWindows 8.1
Windows Phone 8.xiOS, Android
Single AdminConsole
Domain joined PCs
Mobile devices
BYOD
Overview of Configuration Manager
Deploying and Managing Applications
Deploying an Application to a User or a Device
• If you deploy an application to users, the application shortcuts are only created for the targeted users, regardless of who logs onto the system
• If you deploy the application to a system, the application is installed for all users of the system
You can deploy applications to users or devices
What Are Deployment Types?A deployment type contains information about the files, commands, and programs used to install software by using a particular method or command. The Create Deployment Type Wizard provides you with the following settings:
What Is a Detection Method?
Detection rules:• Perform evaluation
before content is requested
• Can examine the registry, file system, and Windows Installer database or use a custom script
• Are evaluated when an application is deployed and periodically thereafter to detect missing applications
A procedure that enables the deployment process to determine whether an application is present on a system
What Are Dependencies?• Dependencies are defined on a deployment type
• Dependencies allow you to ensure that application requirements can be enforced or remediated
• Dependencies define the application deployment types that must be installed before the deployed deployment type can be installed
• After the dependencies are fulfilled, the application will install
• Dependent applications can be configured to install automatically
What Are Requirements?• Requirements specify
the conditions that must be met before an application can be installed
• Requirements are defined in a deployment type
• When a deployment type is evaluated, the requirement must be satisfied for that deployment type to apply
• Requirements can be created for reasons such as:• Hardware
requirements• Users primary
device
Meets requirements?
How User Device Affinity Affects Deployments • User device affinity allows a user to
be associated with a device• Users can have an affinity with
multiple devices• User device affinity can be a
requirement in an application so that applications are installed automatically on users’ systems if the systems meet any other requirements
• When a user accesses a device without an affinity relationship:• Applications could be configured not
to install• Applications could use a different
deployment type such as deploying a virtualized application
What Is Software Center?
Software Center is the users’ default interface for managing software deployments
Application Catalog Web Site
The End User Experience Family
What Is Application Supersedence? • You use application
supersedence to specify an upgrade path for applications
• When you configure application supersedence, the old application is no longer available
• You can leave the old application on the system, upgrade it, or completely uninstall it
• You can view the relationships with the View Relationships button on the ribbon
Uninstalling Applications• You can uninstall an application by creating a deployment with the uninstall action
• An uninstall will not execute if the client is the target of a deployment with the install action
What Is Application Revision History?
• You can view a previous version by using the View button
• You can restore previous versions of an application if you need to; restoring a previous version creates a new revision of the application
Whenever an application is modified, Configuration Manager tracks the changes and stores them in the Configuration Manager database
Hardware and Software Inventory
Software Metering
Patch Management
What about SUM*?
*Software Update Management
Determining Systems to UpdateTypes of systems to update include:
Physical Desktops and Servers Virtual Desktops and Servers
Stored Images and Virtual Machine Templates
Manual Deployment of Software Updates
1. Create a software update group:• Add required software updates
2. Create and distribute deployment packages:• Start the Download Software Updates Wizard• Specify the package source and download location of the software
updates• Specify distribution points
3. Deploy the software update group:• Start the Deploy Software Updates Wizard• Specify the target collection• Select whether the update is required or available• Specify the deployment schedule and user experience
What Are Automatic Deployment Rules?
Automatic Deployment Rules automate:• Selecting specific software updates based upon criteria• Creating a software update group containing the list of updates• Downloading the update content to a deployment package• Distributing the deployment package• Deploying the software updates to clients
Software Update Reports
Report categories related to software updates include:• Software Updates – A Compliance• Software Updates – B Deployment Management• Software Updates – C Deployment States• Software Updates – D Scan• Software Updates – E Troubleshooting
Extended functionality with Partner solutions
25% of all OpsMgr installations monitor
Linux and UNIX computers
Microsoft
♥
Clouds Linux
Endpoint Protection
System Center 2012 Endpoint Protection Architecture
Management Point
Configuration Manager Site Server
Software Update Point
Endpoint Protection point
Managed clients run Endpoint Protection agent
Clients report back scan status
Endpoint Protection
deploymentEndpoint Protection operationsEndpoint
Protection policy
Endpoint Protection policies, firewall and antimalware definition files
Definition files
Device Compliance
Security and ComplianceSettings Management
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
SoftwareUpdates
File
ActiveDirectory
Baseline Configuration Items
Auto RemediateOR
Create Alert (to Service Manager)
!
Improved functionalityCopy settingsTrigger console alertsRicher reporting
Enhanced versioning and audit trackingAbility to specify versions to be used in baselinesAudit tracking includes who changed what
Pre-built industry standard baseline templates through IT Governance, Risk & Compliance(GRC) Solution Accelerator
Assignment to collections Baseline drift
VPN Profile Management
Support for major SSL VPN vendors
DNS name-based initiation support for Windows 8.1 and iOSApplication ID based initiation support for Windows 8.1
Automatic VPN connection
Support for VPN standards
SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows Windows RT VPN plug-in
PPTP ,L2TP, IKEv2
Wi-Fi and Certificate Profiles
Wi-Fi settings Manage and distribute certificatesDeploy trusted root certificates
Support for Security Center Endpoint Protection(SCEP) protocol
Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connectSpecify certificate to be used for Wi-Fi connection
Power Management
Benefits of Implementing Power Management
• The power management feature provides a centralized, enterprise-wide power management solution • The benefits of the power management feature include:• Reducing energy costs• Performing off-hour maintenance tasks efficiently• Minimizing the carbon footprint on the environment• Maximizing energy and utility rebates
Power Management Plan Settings
Default power plans include: • Balanced • High Performance • Power Saver • Customized
Power Management Reports
Power Management Reports
Remote Control
Administering a Client Computer Remotely by Using Remote Control ViewerMethods include:
• Configuration Manager console • Remote Control Viewer Start menu item • CmRcViewer.exe
Auditing Remote Access
Report Description
Remote Control –
All computers remote controlled by a specific user
Summary of status messages indicating remote control of client computers by a single specified user
Remote Control –
All remote control information
Summary of status messages indicating remote control of client computers
Operating System Deployment
What Is Operating System Deployment?
Drivers
Drivers Packages
Images
Task Sequence Editor
Operating System Deployment Scenarios
#1 Refresh
#2 Replace
#3 In-Place Upgrade
#4 New Computer
What Is User State Migration?A user state migration captures all of the custom settings on source computers and restores these settings on destination computers
Replace Refresh
Maintaining Updates for System Images
Use the Update Operating System Image Wizard to schedule updates to keep the images in your .wim file updated and current
Do you love ♥ SCCM / Intune?
Yes Congrats! You can have a free drink
No
Any plans for tonight?
Follow me @hermanarnedo
