UD-B325 Enabling users to be productive, responsibly Finding the right balance Devices & Experiences...
-
Upload
earl-wilcox -
Category
Documents
-
view
217 -
download
0
Transcript of UD-B325 Enabling users to be productive, responsibly Finding the right balance Devices & Experiences...
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
System Center 2012 Configuration Manager and Service Pack 1 OverviewMaayan Bar-Niv and Mark FloridaProgram ManagersMicrosoft
UD-B325
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Session Objectives And TakeawaysSession Objective(s): Consumerization of IT and how to manage all these devices with Configuration Manager SP1Review improvements in Configuration Manager SP1
Windows 8 deployment and support is hereBetter with both ConfigMgr SP1 and Windows IntuneSP1 full of improvements
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Configuration Manager 2012 SP1Top Administrative Console ActionsCollection ManagementApplication ManagementPackage/ProgramSoftware UpdatesReports
OS Deployment higher than normalSP1 CU Top Issues Addressed:Replication Configuration Manager reports link status as “Degraded” for one minute then “Active”The Schedule Updates Wizard does not list content for Windows Server 2012New and revised Windows PowerShell cmdletsServer-side support for Mac OS X Mountain Lion clients (version 10.8)Mac client support for Mac OS X Mountain Lion (version 10.8) Microsoft Download Center.
Enabling users to be productive, responsiblyFinding the right balanceDevices & Experiences Users Want
Applications and data across devices, anywhere
Empower User Productivity
Unified Management Infrastructure
Common IdentityAccess and Information Protection
Controlled access to data with seamless authentication
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Unified Device Management
• Single management interface• Integrated security and
compliance• Improve IT efficiency• Reduced infrastructure complexity
Unified Management Infrastructure
+
Empower User Productivity
• Device choice• Application self-service• Personalized application
Experience• Non-intrusive management
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Simplifying Management Across Platforms
Devices & Platforms
IT
Single adminconsole
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
AndroidMac OS X
Windows RT Windows Phone 8
iOSAndroid
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Client Management ApproachEnd user in control of the experiencePersonally controlled device vs. IT controlled deviceNot about device ownershipPull Software Distribution vs. Push
IT Pro can meet IT policiesConstrain vs. controlling an entire deviceEnsure complianceManage access to apps, data and network resources
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
System Center 2012 Configuration Manager
Empower Users
Empower people to be more productive
from almost anywhere on almost
any device.
Simplify Administration
Improve IT effectiveness and efficiency.
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Empower Users
Empower people to be more productive from anywhere on
any device.
Windows 8 devices
Windows 8 deployment
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Simplify Administration
Improve IT effectiveness and efficiency.
Application Management
Windows Embedded
Heterogeneous devices
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Many Types of Devices for IWs
Windows 8
Heterogeneous DevicesHow do I meet my IT policies?
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Managing these IW Devices - Unified ConfigMgr and Windows Intune Design Goals
Empower IWs / Protect your Organization
Manage essential controls to allow IWs to access corporate resources
One product to operate
Single pane of glass management console
Quick onboarding
Learn the feature once and use across different devices
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Windows 8 and Windows Phone 8 Management CapabilitiesWindows 8, Windows RT and Windows Phone 8Windows 8 AppsWindows 8 Apps in the Windows StorePull Software DistributionSettings ManagementCompliance Monitoring
In addition on Intel x86/64Win32 AppsOS DeploymentPush Software DistributionSoftware Update Managements(and more…)
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Core OS Deployment ScenariosScenario Key Functionality
New computer• Fresh install of a new operating system on client or server
system• New or repurposed hardware
PXE boot• Integrate with WDS PXE server• Self-provisioning via F12
Wipe-and-load• Install new version of operating system• Reinstall applications and user state under new operating
system Side-by-side
• Similar to Wipe-and-load, except between two different devices
Offline with removable media
• With low bandwidth or no connectivity• Large software packages are on the media
Prestaged Media• Optimized for network bandwidth• Speeds up end to end deployment
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Windows To Go
ScenariosContractorsBring Your Own DeviceTravel LightShared PCs
#1 – CreateBuild a WTG image using Configuration Manager
#2 – ProvisionAdmin can push deploy WTG to a removable deviceEnd User can pull provision WTG
#3 – ManageUpdated and managed same as a physical laptop/desktopAdmin can determine if device is WTG or not
Process
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Operating System DeploymentBitLocker EnhancementsTPM and PINUsed Space BitLocker
Prestage media now support additional content typesBefore: WIMNow: WIM, Applications, Drivers, Package/Programs
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Always on Always ConnectedAOAC helps to optimize the end user experienceHelp preserve battery lifeFast experience switching from low power state to up-and-running
ConfigMgr client acts a good citizenOn Battery onlyUser IdleNetwork ConnectedWindows Maintenance Hour
Application Delivery
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
User-centric Application DeliveryAdministrator
Delivery Evaluation Criteria• User• Device type• Network connection
User/Device Relationships
Primary Devices• MSI• App-V• Windows 8 Apps (SP1)• Windows 8 Apps in the
Windows Store (SP1)Non-primary Devices• VDI• Remote Desktop
• Deliver best user experience on each device• Define application once
< >
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Windows 8 Apps
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Windows 8 Apps in the Windows StoreAdministrators do not need to repackage apps
End users have one location for all enterprise apps
Windows Store Self-Service Portal (SSP)
Redirects
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Integration with App-V
Needed for Windows 8
Same feature functionality
App-V 4.6 SP2New Deployment Type for App-V 5.0 applications
Virtual connection groups replace dynamic suite composition
App-V 5.0
4.6 SP2 and 5.0 can coexist for easy migration
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
App-V Connection GroupsOne action versus twoConnection Group configuration is separate from the packages Create relationships between apps in the ConfigMgr console
Connection for optional relationships Example: Lync and Office are better together ConfigMgr will create a connection group only if both are present
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Metered Connection SupportTrendsIncreased use of devices connecting via paid networksMobile end users
Admin with Windows 8 is able to control trafficBlock network impactful client management activitiesAvoid being unpleasantly surprised with their network bill
End user can opt-in
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
User Data and Settings ManagementNew ConfigMgr feature to manage Windows 8:
Client Side CachingRoaming User ProfilesFolder Redirection
Manage and monitor from the ConfigMgr consoleConfigMgr applies policies at user logon
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Embedded Device Support in SP1Write Filter Orchestration Natively extend to better support write filtersWrite Filter orchestration for SUM, App, Package and Program, Task Sequences SCEP client installation and SCEP updates are Write Filter aware
Feature EnhancementsEmbedded-specific DCM extensionsOSD optimized for embedded devices
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Mac OS XConfiguration Manager native client10.6 (Snow Leopard)10.7 (Lion)10.8 (Mountain Lion) up to 10.8.3 with Cumulative Update 1
Key management capabilitiesPush Software DistributionSettings ManagementHardware InventorySoftware Inventory (install software list via hardware inventory)Software Updates (via software distribution)
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Mac OS X Software Distribution
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
iOS and Android Management Capabilities iOS Android
On premiseExchange Active Sync based management
Cloud InfrastructureSingle pane of glass
Settings Management
Device Wipe
Pull Software Distribution
More settings
Detailed compliance
Through EAS and MDM
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Linux & UNIXKey management capabilitiesHardware InventorySoftware Inventory (installed software list via hardware inventory)Software Distribution • Using the Package and Program model• Software install, patch install and maintenance scriptsIntegrated reports
Secure and authenticated communications
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Linux & UNIX
Version 4 (x86/x64)Version 5 (x86/x64)Version 6 (x86/x64)
Red Hat Enterprise
Linux
OS Support Model • Consistent support across Configuration
Manager and Operations Manager
• Newer OS versions will be supported within 180 days of release
• Old versions supported as long as vendor provides support
Broader OS Support for ConfigMgr will be available in Cumulative Update 1 of the Linux\UNIX agent
Version 9 (SPARC)Version 10 (SPARC/x86)Solaris
Version 9 (x86)Version 10 SP1 (x86/x64)
Version 11 (x86/x64)
SUSE Linux Enterprise
Server
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Reduced Infrastructure Requirements
Flexible hierarchy management
Content distribution changes
Real-time administrative actions
Endpoint Protection enhancements
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Reduced Infrastructure RequirementsCentral Administration Site
• Scale• Support multiple
primary sites
• Future proofing your hierarchy (SP1)
Primary Sites
• Client assignment (up to 100k)
• Reduce impact of a primary site failing
• Political reasons
• Delegated administration
• Different client agent settings
• Language packs• DMZ/Internet
Facing
Secondary Sites
• Content fan-out• Manage upward
flow of WAN traffic
• Content routing
• Throttling (now in Distribution Points)
Reaso
ns
Why
Ob
sole
te R
easo
ns
Distribution Points
• Distribute Content
• Branch Distribution Points
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Flexible Hierarchy Management
Primary Site
Central Administration Site
Must be a new installation
Primary Site
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Distribution Point for Windows Azure
Rich feature setProvision from the admin consoleMost capabilities as on-premNotable Exceptions:• OSD and task sequences• Custom updates• App-V streamingFull BranchCache supportSoftware Updates from Microsoft Update
Integrated monitoringIn console content monitoringAbility to monitor storage and traffic out usage
Content is fully encrypted
MP
DP
Windows AzureDistribution Point
Microsoft Update
Policy
Content
FIREWALL
Corporate Network
PR1 MP
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Database Replication Controls
• When: Schedule replication for a given link• What: Use SQL Server distributed views• How much: Reduce replication data size using compression for SQL Server data
Make the hierarchy data replication easier to control
Applies to • Hardware Inventory• Software Inventory and Metering• Status Messages
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Wake-up Proxy
A reliable WoL capability that can work in a subnet. Scenarios include:
Software updatesTask sequencesSoftware distributionApp ManagementRemote Control / Remote DesktopFile share (net use)
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
How Wake-up Proxy Works
Subnet Router
WoL / Magic Packet00:11:22:33:44:55 …
SYN-ACK
Remote User
Machine info00:11:22:33:44:55
1.2.3.4Listing ports: 445,
3389
TCP SYN1.2.3.4:3389
Client Machine
Ping
Manager
WAN
TCP SYN1.2.3.4:3389
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Considerations/IssuesThree machines on one subnet stay awakeSupported Platforms:
Windows 7Windows Server 2008 R2Windows Server 2012Windows 8
Network admin should be consultedMAC flap: MAC addresses will appear to moveICMPv4 (ping) cannot be blocked by firewall inside the enterpriseThe following network configurations are not supported:• 802.1X with port authentication• Wireless networks• Network switches that bind MAC addresses to specific ports• IPv6-only networks• DHCP lease durations less than 24 hours
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Unified Infrastructure
• Simplified server and client deployment
• Streamlined updates (3x/day in SP1)
• Consolidated reporting• Real-time alerts• Real-time admin. actions (SP1)• Client side policy merge (SP1)Comprehensive Protection Stack
• Behavior monitoring• Antimalware• Dynamic Translation• Windows and Firewall Management
Endpoint Protection
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Real-time Administrative Actions
Administrator
“Dial tone”• Active TCP Session
with the MP• Client Checking for
urgent tasks
1
2
In administrative console selects “Run Full Scan” on a collection
“Call is placed”• Client via this TCP
connection is told there are urgent tasks to run
• Client then connects to the MP to get policy
• Client runs the Full Scan Task
4
Client
Task = “Run Full Scan”
• A task is created• MP is told that new
urgent task has been requested
3
Site Server and MP
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Real-time Operational Actions
Simplify Administration
Improve IT effectiveness and efficiency.
End user client UI improvements
PowerShell
Alerts
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
End User Client UI ImprovementsSoftware Center support multi-select install
All object types (Applications, updates, etc)Except for OS Deployment Task Sequences
No more ActiveX controlApplication Catalog depends on Silverlight 5
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
PowerShellScopePowerShell Provider500+ cmdlets delivered to dateTasks exposed in the Administration Console
DocumentationUpdated help content for SP1 + CU1 cmdletsNew TechNet reference material with Admin UI Action mappings
Integration with:System CenterTask SchedulerWindows, WMI
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Alerts• All alert types support email notifications• Admin can choose to ignore specific types of alerts
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
SummaryEm
pow
er
Un
ify
Sim
plif
y Role-based Administration
Internet-based Client Management
Software Update Management
Reduced Infrastructure Requirements
Mobile Device Management
Application Delivery
Compliance & Settings Management
Endpoint Protection
Unified Management of Virtual Clients
Operating System DeploymentAsset Intelligence, Client Health, and Inventory
End user platform support
Application Delivery 2007 R3
Device Centric
MDM licensing
2012
User Centric
Integrated
Windows and EAS
New
Improved
Integrated
Auto Remediation
Improved
New
2012 SP1
Win 8 apps
Windows 8,Mac,LinuxFlexible hierarchies
Real-time actionsUser Profile and DataImproved
Improved
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
In Review: Session Objectives And TakeawaysSession Objective(s): Consumerization of IT and how to manage all these devices with Configuration Manager SP1Review improvements in Configuration Manager SP1
Windows 8 deployment and support is hereBetter with both ConfigMgr SP1 and Windows IntuneSP1 full of improvements
People Centric ITCome to Booth 1 in the Expo Hall for your chance
to win a Surface RT bundle worth $699
Answer four questions correctly and you’ll be entered in our prize draw.
Draw will take place at 4pm on April 10 2013
NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Related ContentBreakout Sessions
UD-B309 Deploying and Configuring Mobile Device Management Infrastructure
UD-B310 Deploying and Managing Windows 8 with Configuration Manager 2012 SP1
UD-B317 Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1
UD-B318 Managing Embedded Devices with Configuration Manager 2012
UD-B325 System Center 2012 Configuration Manager SP1 Overview
UD-B330 System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management
UD-B331 System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1
UD-B332 What’s New with Microsoft Deployment Toolkit 2012 Update 1
UD-B333 What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design
UD-B335 Windows Intune Overview
UD-B403 Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Related ContentInstructor-led and Hands-on Labs
UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.