What's New in System Center 2012

Changes from SCCM 2007 up to and including SCCM 2012 R2

Perficient is a leading information technology consulting firm serving

clients throughout North America.

We help clients implement business-driven technology solutions that

integrate business processes, improve worker productivity, increase

customer loyalty and create a more agile enterprise to better respond to

new business opportunities.

About Perficient

• Founded in 1997

• Public, NASDAQ: PRFT

• 2012 revenue of $327 million

• Major market locations throughout North America• Atlanta, Austin, Boston, Charlotte, Chicago, Cincinnati, Cleveland, Columbus, Dallas,

Denver, Detroit, Fairfax, Houston, Indianapolis, Minneapolis, New Orleans, New York, Northern California, Philadelphia, Southern California, St. Louis, Toronto, Washington D.C.

• Global delivery centers in China, Europe and India

• ~2,000 colleagues

• Dedicated solution practices

• ~85% repeat business rate

• Alliance partnerships with major technology vendors

• Multiple vendor/industry technology and growth awards

Perficient Profile

Business Solutions• Business Intelligence• Business Process Management• Customer Experience and CRM• Enterprise Performance Management• Enterprise Resource Planning• Experience Design (XD)• Management Consulting

Technology Solutions• Business Integration/SOA• Cloud Services• Commerce• Content Management• Custom Application Development• Education• Information Management• Mobile Platforms• Platform Integration• Portal & Social

Our Solutions Expertise

Our Microsoft Practice

Speaker

Bryon BurkhardtLead Microsoft Infrastructure Consultant | Perficient

What is SCCM 2012?

IT AssetIntelligence

Software Update Management

BitlockerSoftware Metering

Support forthe Mobile Workforce

Windows Intune Connector

Settings Management(aka DCM)

Network Access Protection

Power Management

OS Deployment

Antivirus

Self Service

Portal

Remote Control

2007 vs. 2012 Comparison

What was improved on?• Hardware & Software Inventory• Software Distribution• Computer-based targeting• User-based targeting • App-V Package Deployment• 3rd Party Application• Software Metering• Administrator Console• Status Reporting• Agent Managed• Integrate with Active Directory• Discovery of Computers• Operating System Deployment• Task Sequence• Maintenance Windows• Desired Configuration Management• Internet-based Client Management• Integration with Windows Server 2008 Network

Access Protection• Intel vPro Intergration• Power Management• Windows Mobile Device Management

What's new in 2012?• Automatic Client Health Remediation• State-based Application Distribution• Self-service Portal• Xen-App Package Deployment• Uninstallation Via Software Center• User-Device Affinity • Distribution Point Groups• Boundary Groups• Application Revision History• Content Management• Automatic Software Updates Deployment Rules• Automatic Clean-up of Superseded and Expired

Updates• Collection-Based Policies• User-friendly ribbon• Automatic Boundary Discovery• Forest Discovery• Offline Servicing of OS Image• Role-based Access Control• User Power Management Opt-out • Non-Windows Mobile Device Management

SCCM 2012 Hierarchy Redesign

Real World Examples 2007 Global Design

Real World 2012 Design

2007 vs. 2012 Comparison

Server Type Count License

Central Administration Site

1Configuration Manager Server 2012 with SQL Server Technology

Primary 3Configuration Manager Server 2012 with SQL Server Technology

Secondary 9 No SCCM license is required

Distribution Point 135No license is required above the Client ML

Workstation Clients

10,500

Configuration Manager Client ML

Child Primary 8Configuration Manager Server 2012 with SQL Server Technology

Server Type Count License

CAS (role changed)

0Configuration Manager Server 2012 with SQL Server Technology

Primary 1Configuration Manager Server 2012 with SQL Server Technology

Secondary 0 No SCCM license is required

Distribution Point 57No license is required above the Client ML

Workstation Clients

10,500

Configuration Manager Client ML

Child Primary (No More)

0 

2007 2012

• No more cross WAN SQL replication• Major reduction in infrastructure• Major reduction in license cost • Simplified role-based management for secure delegation

Infrastructure Promises

Modernizing Architecture• Minimizing infrastructure for remote offices• Consolidating infrastructure for primary sites• Scalability and data latency improvements

• Central Administration Site is just for administration and reporting – other work distributed to the primaries as much as possible

• File processing occurs once at the primary site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)

• System-generated data (HW Inventory and Status) can be configured to flow to CAS directly

Infrastructure Promises

Be Trustworthy• Interactions with SQL DBA are consistent with ConfigMgr

2007• ConfigMgr admin can monitor and troubleshoot new

replication approach independently

• To manage any clients

• Add more primary sites for:

• Scale (more than 100,000 clients)

• Reduce impact of primary site failure

• Local point of connectivity for administration

• Political reasons

• Content regulation

• Decentralized administration

• Logical data segmentation

• Client settings

• Language

• Content routing for deep hierarchies

When Do I Need a Primary Site?

Reducing Primary Sites

Unique ConfigMgr 2007 primary site for:

ConfigMgr 2012 solutions (no unique primary sites):

Decentralized administration Role based administration

Logical data segmentation Role based administration

Client settings Client settings for the hierarchy and unique collections

Language Language packs

Content routing for deep hierarchies

Secondary sites or distribution points

• ONE Distribution Point– PXE Service Point – Increased scalability beyond the ConfigMgr 2007

limit of 75 PXE service points per site– Multicast option– Throttling and scheduling of content to that location– Pre-stage of content and specify specific drives for storage

• Improved Distribution Point Groups– Manage content distribution to individual distribution points or groups– Content automatically added or removed from distribution points based

on group membership– Associate distribution point groups with a collection to automate content

staging for software targeted to the collection

• No Branch DPs - DPs can be installed on clients and servers now

Infrastructure Changes: Content

Boundaries

• Boundaries represent network topology –used to optimized network utilization

• Clients use boundaries to:– Automatically determine site assignment– Locate the best management point (MP)– Locate the best distribution point (DP) or

state migration point (SMP)• Define separate boundaries for client activities

versus content

Boundary Management

• Automatically created with the Forest Discovery method– Discovers AD Sites, IP Subnets, IPv6 Prefix type boundaries– Can automatically add as boundaries immediately or add later

• Boundaries are members of one or more groups:– Groups support: site assignment, site system look-ups or both– Create group with boundaries in one step– Add boundaries to an existing group– Multi-select and reflective views supported

Simplified Hierarchical Infrastructure

Central Admin Site

Primary Sites Secondary Sites

Central primary site admin

Client management & settings

Content routing

Reporting 100K clients per site

Distributions points

Delegated Administration

Requires SQL server

Language Packs

Lack of local administrator

Support distributed organizational boundaries

Collection Enhancements

Resources security based on collection, not site• Collection

scopes

Reduce complex query logic• New

membership rules: exclude and include other collections

Easier to organize collections• Organizational

folders for collectionsImproved UI

validation for user-centric scenarios• Device and

User Collections

SCCM 2012 Collections

Role-Based Administration

• Central management for security• Role-based administration lets you map the organizational roles of

your administrators to defined security roles:

• Removes clutter from the console– Supports “Show me what’s relevant to me” based

on my security role and scope

Functionality ConfigMgr 2007 ConfigMgr 2012

What types of objects can I see and what can I do to them?

Class rights Security roles

Which instances can I see and interact with?

Object instance permissions Security scopes

Which resources can I interact with? Site specific resource permissions

Collection limiting

New Features for Software Distribution in Configuration Manager 2012

Application Model• Incorporates all supported software

types (MSI, Script, App-V, Mobile CAB)

• Greatly improved dependency handling

• Installation requirement rules • Installation detection methods• Application supersedence• Application uninstall

User Device Affinity

Unified monitoring experienceRich end user experience

• Application Catalog• Software Center

Content management• Distribution point groups• Content library• Improved content monitoring

experience• Content validation

Application Model Diagram

Deployment Type

Requirement Rules

Dependencies

Detection Method

End User Metadata

Content

Install Command

The “friendly” information for your users

Keep your apps organized and managed

Workhorse for application

Can/cannot install app

Source files for the app

Is app installed?

Command line and options

Apps that must be present

App-V

Windows Script

Windows Installer (MSI)

Mobile (CAB)

Administrator Properties

General information about the software application

Application Model

• Manage applications; not scripts• Application Management:

– Detection method – Re-evaluated for presence:• Required application – Reinstall if missing• Prohibited application – Uninstall if detected

– Requirement rules – Evaluated at install time to ensure the app only installs in places it can and should

– Dependencies – Relationships with other apps that are all evaluated prior to installing anything

– Supersedence – Relationships with other apps that should be uninstalled prior to installing anything

– Update an app – Automatic revision management

Feature Configuration Manager 2007 Configuration Manager 2012

Create/Model Software PackageProgram

Application and Deployment Types

Deploy Software Advertisement (Install Status) Deployment (state based) via detection method

Targeting Collection rules (Server) Requirement rules (Client)

User Targeting None or limited User Device Affinity

Client User Experience Run Advertised Programs Software Center

Software Install from Web site None Software Catalog

Content Management None or limited Content library

ConfigMgr 2007 to 2012 Comparison: App Model

• Browse and search for software– Fully localized for site and applications– Search via category or name

• Install software– Direct self-installation from software catalog– Leverages full infrastructure for content and status– Automatic installation upon approval

• Request applications– Request approval for software– View request history

Software Catalog:User Targeted Available Software

SCCM 2012: Software Catalog (Client)

SCCM 2012 Self Service Portal

User Driven Application Management

On Demand Installation

1 •User clicks “install” on catalog item

2 •Web site checks user’s permissions to install

3 •Web site requests Client ID from ConfigMgr client agent and passes it to site server

4 •Server creates policy for the specified client and app and passes it to client

5 •Client agent evaluates requirements from the policy and initiates installation

6 •Client agent completes installation process and reports statusAgent

Web Site

Melissa

Site ServerProcess Flow

Configuration Manager 2007 Configuration Manager 2012Optimized for system management scenarios Still committed and focused on system

management scenarios

Challenging to manage users:• Forced to translate a user to a device• Explicit: run a specific program on a specific

device

Embrace user-centric scenarios:• Moving to a state based design for apps,

deployments, content on DP’s• Full application lifecycle model. install,

revision mgmt., supersedence and uninstall

Software distribution is a glorified script execution

• Understand and intelligently target the relationships between user systems

• Management solution tailored for applications

System and User-Centric: Paradigm Shift

User-Centric – Operating System Deployment

Support for new software distribution features during operating system deployment

– Evaluate application requirement: Rules, dependencies and supersedence

– User device affinity support: Install applications deployed to the primary user

• As Citrix XenDesktop and Microsoft RDS integrates, then:– Conditional rules for application deployment are available

(Desktop Type, Pool Name)– Gather inventory from Guest VM for broker site name, desktop

type and pool name and exposed for compliance monitoring and inventory reports

– ConfigMgr uniqueness is persisted through pooled VM shutdown and startup

• Randomization of schedules automatically for any client:– Hardware inventory scan– Software inventory scan– Software update scan, download and install

User-Centric – Understanding Virtual Desktop Platform

• Offline Servicing of Images• Support for component based servicing compatible updates• Uses updates already approved

• Boot Media Updates• Hierarchy wide boot media – no longer need one per site• Unattended boot media mode – no longer need to press “next”• Use pre-execution hooks to automatically select a task sequence

– no longer see many optional task sequences

• USMT 4.0: UI integration and support for hard-link, offline and shadow copy features

Operating System Deployment

SCCM Task Sequences - The Cook Book

Phase 1: Monitor•Enable client management agent•Begin monitoring usage and activity

Phase 2: Plan•Continue monitoring on usage and activity•Begin to develop power plan

Mid-Month:•Power plan has been confirmed

Phase 3: Apply Power policy•Begin applying power plan

Phase 4: Compliance & Analyze•Review before and after usage and activity•Determine savings in Kwh and Co2 saved

Non-Peak & Peak

Power Management

Settings Management

• Unified settings management across servers, desktops and mobile devices

• ConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can “set” for registry, WMI and script-based

• Improved functionality: – Copy settings– Define compliance SLAs for baselines to trigger console alerts– Richer reporting to include troubleshooting, conflict, remediation

information• Enhanced versioning and audit tracking

– Ability to specify specific versions to be used in baselines– Audit tracking includes who changed what

Administrator Experience

• Common look and feel across system center products

• Improved discoverability• Only show what is relevant to

the administrative role• Complete scenarios within the

console• Simplified navigation• Manage App-v• Manage Bitlocker• Manage Virus Scan/Malware

Forefront Endpoint Protection 2010

• Built on top of Microsoft® System Center Configuration Manager

• Supports all System Center Configuration Manager topologies and scale

• Facilitates easy migration

• Deploy across various operating systems Windows® client and Server

• Protection against all type of malware

• Proactive security against zero day threats

• Productivity-oriented default configuration

• Integrated management of host firewall

• Backed by Microsoft Malware Protection Center

• Unified management interface for desktop administrators

• Effective alerts

• Simple, operation-oriented policy administration

• Historical reporting for security administrators

Ease of Deployment Enhanced Protection Simplified Desktop Management

One infrastructure for desktop management and protection

SQLReportingServices

(or File Share)

ConfigMgrSoftwareDistribution

ConfigMgrDesiredConfigurationManagement

ConfigMgr SiteServer & DB

DATA

Config. /Dashboard

Reports

EVENTS

Desktops, Laptops, and Servers running ConfigMgr Client & FEP 2010

TELEMETRY

SpyNet

FEP Architecture

What’s New in SCCM 2012 R2

Site Installation and the Configuration Manager Console

Sites and Hierarchies

Migration

Client Deployment and Operations

Software Deployment and Content Management

Monitoring and Reporting

IT

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows 8 RTWindows 8.1

Windows Phone 8iOS, Android

Single AdminConsole

Windows Intune Integrated with System Center 2012 R2 Configuration Manager

• Intune provides cloud-based infrastructure to provide settings management and software distribution to mobile devices.

• All administrative tasks are performed via Configuration Manager console.

Windows Intune Integrated with System Center 2012 R2 Configuration Manager

Platform Support

New Platforms• Windows 8 RT• Windows Phone 8• iOS (5.x, 6.x)• Android (2.1 and later)• Windows 8.1 (x86/x64 and RT)

Features fully integrated into ConfigMgr• Over the air device enrollment• Available user targeted applications• User and device settings management• Device inventory• Remote device retirement• Remote device wipe (full and selective)• Company branding• Web apps and remote apps• VPN/Wi-Fi/certificate profiles• Additional settings

OS Platform Management Agent End User Experience

Windows 8.1 PC ConfigMgr Agent Or

Management Agent(OMA-DM)

Software Center/Application Catalog

Windows Company Portal app

Windows PC (Win8,Win7,Vista,XP)

ConfigMgr Agent Software Center/Application Catalog

Windows RT Management agent (OMA-DM) Windows Company Portal app

Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app

iOS Apple MDM Protocol Native iOS Company Portal App

Android Android MDM agent (OMA-DM) Native Android Company Portal App

Mac ConfigMgr Agent Limited self service experience

Linux/Unix ConfigMgr Agent N/A

Platform Support in ConfigMgr

Questions?

Customized Microsoft Training for IT Pros & End Usersbit.ly/1cy8WV5

Webinar11.6Windows Azure for IT Prosbit.ly/19lyvFl

Our Microsoft blogblogs.perficient.com/microsoft

Follow us on Twitter@Perficient_MSFT

Webinar10.30Microsoft Lync: Integrating with Ciscobit.ly/15VFzIz

Connect with Perficient