by lerfran

Slides
68 slides

2011 11 28_SCCM_2012_Technical_Overview.pptx

Published Apr 22, 2013 in Business & Management
Direct Link :

2011 11 28_SCCM_2012_Technical_Overview.pptx... Read more

Read less


Comments

comments powered by Disqus

Presentation Slides & Transcript

Presentation Slides & Transcript

Configuration Manager 2012:
Technical Overview
Martin Weber
Technology Solution Professional (TSP)
Microsoft Switzerland

classic .msi
App-V Applications
IT Asset
Intelligence
Software Update Management
Software
Metering
Support for
the Mobile Workforce
What is in SCCM 2012?
Settings Management
(aka DCM)
Network Access Protection
Power Management
OS Deployment
Antivirus
Selfservice
Portal
Remote Control

Configuration Manager 2012

Unify Infrastructure
Empower Users
Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedom
Optimized, personalized
application experience
Application self-service
Mobile, physical, and virtual management
Security and compliance
Service management integration
Comprehensive client
management capabilities
Improved administrator
effectiveness
Reduced infrastructure complexity

New Features for Software Distribution in Configuration Manger 2012
Application Model
Incorporates all supported software types
(MSI, Script, App-V, Mobile CAB)
Greatly improved dependency handling
Installation requirement rules
Installation detection methods
Application supersedence
Application uninstall
User Device Affinity
Unified monitoring experience
Rich End user experience
Application Catalog
Software Center
Content management
Distribution Point groups
Content library
Improved content monitoring experience
Content validation

System and User-Centric

Embracing User Centric: Administrator Promises
Let the administrator think user first
Deploy applications to users
Manage users beyond the desktop
SCCM maintains relationships
Between Users, Systems and Apps to solve core user targeting
Set conditions to control installations
Schedule ‘Pre-deploy’ to users’ primary devices for WoL, off-hrs, workgroup, etc.
Application model captures ‘administrative intent’

Application Model
Manage applications; not scripts
Application Management:
Detection method – re-evaluated for presence:
Required application – reinstall if missing
Prohibited application – uninstall if detected
Requirement rules – evaluated at install time to ensure the app only installs in places it can, and should
Dependencies – relationships with other apps that are all evaluated prior to installing anything
Supersedence – relationships with other apps that should be uninstalled prior to installing anything
Update an app – Automatic revision management

Requirement Rules in 2012
State-based Application Management
Properties of users and/or devices that makes delivering software appropriate
Rules are per deployment type
Evaluated in real time on the client
Evaluated before content is downloaded to the client

Dependencies
Other deployment types that must be present in order for the current application deployment type to be installed
1 to n Dependencies
This AND this AND this OR this
.NET Framework either 3.5 or 4.0 and
Browser either IE7 or IE8, install IE8 if none present
Dependencies are modeled as applications and can also be
deployed independently
Two dependency uses:
Dependency not present, don’t install applications
Dependency not present, auto install dependent application

User Centric – Operating System Deployment
Support for new software distribution features during operating system deployment
Evaluate application requirement rules, dependencies
and supersedence
User Device Affinity support – install applications deployed to
the primary user


What is User Device Affinity?
Is the key to helping our customers move to
User Centric Software Distribution
Provides the ability to define a relationship between a user and a device
Allows the admin to think “user first”, while also ensuring the application
not installed everywhere the user logs on
Configuration Manager 2012 supports:
Single primary user to primary device
Multiple primary devices per user
Multiple primary users per device
The system allows both the administrator and user to define
this relationship

Benefits of User Device Affinity
Allows the deployment of software based on the nature of the relationship between the user and device
For example:
Only install the MSI version of Microsoft Visio if the device is a primary device of the targeted user, otherwise don’t install
Install the MSI or App-V version of Microsoft Office when the device is a primary device of the user targeted; install the Citrix XenApp version if the device is not a primary device
Enables Pre-Deployment of Software: Allows software to be pre-deployed on a user’s primary devices whether or not the user is logged in

Application Model Diagram
Deployment Type
Requirement Rules
Dependencies
Detection Method
End User Metadata
Content
Install Command
The “friendly” information for your users
Keep your apps organized and managed
Workhorse for application
Can/cannot install app
Source files for the app
Is app installed?
Command line and options
Apps that must be present
Administrator Properties
General information about the software application

ConfigMgr 2007 to 2012 Comparison – App Model

Enhanced Detection Methods
Provides more granular control over detecting the presence of an application
Includes File, Windows Installer, and Registry providers
File – File and folder properties including exists, version, date/time, size and more
Windows Installer – Product code and version
Registry – Key exists, value exists, comparisons of registry values
Complex expressions containing multiple rules can be built and grouping logic applied

Application Lifecycle
Application Installation
Application Revision
Application Retirement
Application Supersedence
Application Uninstall

What is Application Supersedence
Definition: The ability for the admin to create a relationship and declare one application newer than another previous application. Ultimately resulting in the newer application replacing the older application for a user on a device
Why is this feature important to our customers?
Provides the ability to ensure users have the latest version of software
Provides the ability in one process to migrate users from one application version to another version/application
Overall goals
Utilize supersedence conceptual models from Software Updates and WU
Allow admins to test/pilot newer application, prior to production release. While permitting the older application to continue to exist for the majority of users
Allow the admin to eventually halt installations of the older application and move users to the newer application
Provide the ability to uninstall OR upgrade previous version
Ability to offer users only the latest release of an app in the software catalog or software center.
Ability to create new application or version and make sure we do not get in a “race condition” between conflicting detection methods

Supersedence and the End User Experience
User only sees latest application version in Software
Catalog (by default)
Required applications are always the enterprise’s
latest version
Available Applications installed by user can be
automatically updated

Simple Example
Scenario and Assumptions
2 applications:
Adobe Reader 9 supersedes Adobe Reader 8
Both applications deployed to same device

If client has Adobe Reader 8 already installed
assuming requirements are met for Reader 9, Reader 8 will be replaced with Reader 9 (either uninstalled or updated)

If client has Adobe Reader 9 already installed
evaluates both 8 and 9 detection methods, 9 is present, 8 is not – but since 9 supersedes, it doesn’t try to install 8

If neither are installed, only Adobe Reader 9 will be installed

Create an Application
App-V Client or Adobe Flash Player ActiveX
Martin Weber
Technology Solution Pro
Microsoft Switzerland
demo

Content Monitoring
Compliance of content distributed in multiple views
Application, package, etc. level
Distribution point group level
Distribution point level
Ability to validate content on a distribution point
Available as a set schedule or
on demand
Updates package compliance in the monitoring node

Managing users means managing beyond desktops with “Single pane of glass” administration
Reaching beyond Windows platforms
User Centric – Device Management
“Depth”

Broad feature set
Common administration model for mobile devices, desktops, and servers
“Light”

Provides basic management for all Exchange ActiveSync (EAS) connected devices

Secure over-the-air enrollment
Monitor and remediate out-of-compliance devices
Deploy and remove applications
Inventory
Remote wipe
(WinCE 5.0, 6.0; Windows Mobile 6.0, 6.1, 6.5.x)
NOKIA
EAS-based policy delivery
Discovery and inventory
Settings policy
Remote Wipe
Light Management
Depth Management
Mobile Device Management

“Depth” Mobile Device Management
Establishes mutual trust between the device and the management server
Extend and align mobile device management
Integration Mobile Device Manager and SCCM features
Enable secure, compliant mobile devices
Secure over-the-air enrollment
Monitor and remediate out-of-compliance devices
Deploy and remove applications // Inventory
Devices enrolled and provisioned securely over-the-air

“Light” management via Exchange
Provide basic management for all Exchange ActiveSync (EAS) connected devices
Features Supported:
Discovery/Inventory
Settings policy
Remote Wipe
Supports on-premise Exchange 2010 and hosted Exchange

Embracing User Centric: End-User Promises
“A Fitting End-User Experience”
Web based ‘Software catalog’
Easily search, install or request software
Choose software intelligently:
Clear, consistent information about applications and their impact, supported by App model
User preferences to control ConfigMgr behaviors:
“My business hours” – used to control when to install software
Presentation mode – don’t notify when presenting
Remote control settings – when allowed, end user can control their experience

Software Catalog:
User Targeted Available Software
Browse and search for software
Fully localized for site and applications
Search via category or name
Install Software
Direct self-installation from software catalog
Leverages full infrastructure for content and status
Automatic installation upon approval
Request Applications
Request approval for software
View request history

On Demand Installation
Agent
Web Site
Melissa
Site Server
Process Flow

SCCM 2012: Software Catalog in Kiosk (Client)

Configuration Manager 2012

Unify Infrastructure
Empower Users
Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedom
Optimized, personalized
application experience
Application self-service
Mobile, physical, and virtual management
Security and compliance
Service management integration
Comprehensive client
management capabilities
Improved administrator
effectiveness
Reduced infrastructure complexity

Administrator Experience
Intuitive ribbon interface
Common look and feel across System Center products
Improved discoverability
Role-Based Administration: Only show what is relevant to
the administrative role
Complete scenarios within the console
Simplified navigation


Role-Based Administration
Central management for security
Role-Based Administration lets you map the organizational roles of your administrators to defined security roles:





Removes clutter from the console
Supports “Show me what’s relevant to me” based
on my Security Role and Scope

Simplified Hierarchical Infrastructure

Collection Enhancements

SCCM 2012 Collections

Collections
demo

Application Evaluation Flow
Requirements met?
New Policy App Install Schedule
Dependencies installed?
Yes
Install dependencies
No
No
Yes
Install Application
Is installed?
No
Yes
Dependencies installed

Benefits of Multiple Deployment Types
Flexible way to deliver different installation formats based
on conditions
No restrictions on the number and types of deployment types
Many of the same type of deployment types could be added to an application each representing a different flavor or transform
App-V or Remote Desktop Services app might go to a guest logged into a kiosk, full MSI to a users primary desktop machine
Built-in deployment types
MSI
Script
App-V
Windows Mobile 6.x

Infrastructure Promises
Modernizing Architecture
Minimizing infrastructure for remote offices
Consolidating infrastructure for primary sites
Scalability and Data Latency Improvements
Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possible
File processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)
System-generated data (HW Inventory and Status) can be configured to flow to CAS directly
Be Trustworthy
Interactions with SQL DBA are consistent with ConfigMgr 2007
ConfigMgr admin can monitoring and troubleshoot new replication approach independently




When Do I Need a Primary Site?
To manage any clients
Add more primary sites for:
Scale (more than 100,000 clients)
Reduce impact of primary site failure
Local point of connectivity for administration
Political reasons
Content regulation
Decentralized administration
Logical data segmentation
Client settings
Language
Content routing for deep hierarchies

Reducing Primary Sites

Infrastructure Changes: Content
ONE Distribution Point
PXE Service Point – Increased scalability beyond the ConfigMgr 2007 limit of 75 PXE service points per site
Multicast option
Throttling and scheduling of content to that location
Pre-stage of content and specify specific drives for storage

Improved Distribution Point Groups
Manage content distribution to individual Distribution Points or Groups
Content automatically added or removed from Distribution Points based on Group membership
Associate Distribution Point Groups with a collections to automate content staging for software targeted to the collection

No Branch DPs - DPs can be installed on clients and servers now



Boundaries
Boundaries represent network topology –
used to optimized network utilization
Clients use boundaries to:
Automatically determine site assignment
Locate the best management point (MP)
Locate the best distribution point (DP) or
state migration point (SMP)
Define separate boundaries for client activities
versus content

Boundary Management
Automatically created with the Forest Discovery method
Discovers AD Sites, IP Subnets, IPv6 Prefix type boundaries
Can automatically add as boundaries immediately or add later
Boundaries are members of one or more groups:
Groups support: site assignment, site system look-ups or both
Create group with boundaries in one step
Add boundaries to an existing group
Multi-select and reflective views supported

Hierarchy View and Site Status

Hierarchy View and Site Status
demo

Configuration Manager 2012

Unify Infrastructure
Empower Users
Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedom
Optimized, personalized
application experience
Application self-service
Mobile, physical, and virtual management
Security and compliance
Service management integration
Comprehensive client
management capabilities
Improved administrator
effectiveness
Reduced infrastructure complexity

Forefront Endpoint Protection 2010
One infrastructure for desktop management and protection
Built on top of Microsoft® System Center Configuration Manager
Supports all System Center Configuration Manager topologies and scale
Facilitates easy migration
Deploy across various operating systems Windows® client and Server

Protection against all type of malware
Proactive security against zero day threats
Productivity-oriented default configuration
Integrated management of host firewall
Backed by Microsoft Malware Protection Center
Unified management interface for desktop administrators
Effective alerts
Simple, operation-oriented policy administration
Historical reporting for security administrators


Ease of Deployment
Enhanced Protection
Simplified Desktop Management

FEP Architecture
(or File Share)
ConfigMgr
Software
Distribution
ConfigMgr
Desired
Configuration
Management
DATA
Config. /
Dashboard
Reports
EVENTS
TELEMETRY
SpyNet

Forefront Endpoint Protection 2010

Client Activity and Health
Product integrated health and remediation solution
Server side metrics for evaluating client activity:
Policy Requests
Hardwate and software Inventory
Heartbeat DDRs
Status Messages
Client side monitoring/remediation for:
Dependent Windows components and services
ConfigMgr client prerequisites
WMI Repository and namespace evaluation
In console and Web reporting
‘In-console’ alerts when healthy/unhealthy ratio drops below configurable threshold

Client Activity and Health

Client Activity and Health
demo

Content Monitoring
Compliance of content distributed in multiple views
Application, package, etc.. level
Distribution point group level
Distribution point level
Ability to validate content on a distribution point
Available as a set schedule or on demand
Updates package compliance in the monitoring node

Software Updates
Auto Deployment Rules
Use search criteria to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc.
Schedule content download and deployment based on sync schedule or define a separate schedule per rule
State-based Update Groups
Deploy updates individually or in groups
Updates added to an update group automatically deploy to collections targeted with the group


Operating System Deployment (OSD)
Offline Servicing of Images
Support for Component Based Servicing compatible updates
Uses updates already approved

Boot Media Updates
Hierarchy wide boot media – no longer need one per site
Unattended boot media mode – no longer need to press “next”
Use pre-execution hooks to automatically select a task sequence – no longer see many optional task sequences

USMT 4.0 - UI integration and support for hard-link, offline and shadow copy features

SCCM Task Sequences «The Cook Book»

Phase 1: Monitor
Enable client management agent
Begin monitoring usage and activity


Phase 2: Plan
Continue monitoring on usage and activity
Begin to develop Power Plan

Mid-Month:
Power Plan has been confirmed

Phase 3: Apply Power policy
Begin applying Power Plan


Phase 4: Compliance & Analyze
Review before and after usage and activity
Determine savings in Kwh and Co2 saved
Non-Peak & Peak
Power Management

Settings Management
Unified settings management across servers, desktops and mobile devices
ConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can “set” for Registry, WMI and Script-Based
Improved functionality:
Copy settings
Define compliance SLAs for Baselines to trigger console alerts
Richer reporting to include troubleshooting, conflict, remediation information
Enhanced versioning and audit tracking
Ability to specify specific versions to be used in baselines
Audit tracking includes who changed what

Settings Management

Settings Management
demo

Remote Control
Send Ctrl-Alt-Del to host device to regain previous
feature parity
IS BACK!

Migration from ConfigMgr 2007 to 2012

Built-in Migration Features
Migration Job Types:
Object Migration (Collections, software distribution packages, boundaries, metering rules etc.)
Collection based Migration (Select a collection and migrate associated objects)
Content functionality:
Re-use of existing ConfigMgr 2007 content (Distribution
Point sharing)
Distribution Point upgrade
Import of ConfigMgr 2007 inventory MOF files

Prepare for Configuration Manager 2012
Flatten hierarchy where possible
Plan for Windows Server 2008, SQL 2008, and 64-bit
Start implementing BranchCache with SCCM 2007 SP2
Move from web reporting to SQL Reporting Services
Avoid mixing user and devices in collection definitions
Use UNC (\\server\myapp\myapp.msi) in package source path instead of local path (d:\myapp)

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Related Sessions – Breakout
BA01 Configuration Manager: State of the Union
BA02 Configuration Manager 2007 R3: Technical Update
BA03 Configuration Manager 2012: Technical Overview
BA04 Configuration Manager 2012: Application Management (Part 1 of 2)
BA05 Configuration Manager 2012: Application Management (Part 2 of 2)
BA06 Configuration Manager 2012: Migrating from 2007 to 2012
BA07 Configuration Manager 2012: Deployment and Infrastructure Technical Overview (Part 1 of 2)
BA08 Configuration Manager 2012: Deployment and Infrastructure Technical Overview (Part 2 of 2)
BA09 Configuration Manager 2012: Software Update Management
BA11 Configuration Manager 2012: Settings management (aka DCM)
BA17 Virtualizing Configuration Manager – What you need to know and how to get there
BA18 Introduction to System Center Updates Publisher 2011
BA19 Configuration Manager 2012: Software Delivery Advanced Topics and Troubleshooting
BA24 Configuration Manager 2012: How to Get There and How Your Day Will Change
BA38 Deploying Configuration Manager 2012 in the Enterprise – Real World
BG02 Client Health in Configuration Manager 2012 – How Microsoft IT is Using It
BG03 Converting Your Existing Software Packages into the Configuration Manager 2012 Application Model
EA01 Configuration Manager 2012 – Ask the Panel of Experts
BI02 - Forefront Endpoint Protection Overview: Managing desktop security and antimalware solution with System Center Configuration Manager