What's New in System Center 2012
-
Upload
perficient-inc -
Category
Technology
-
view
2.170 -
download
5
description
Transcript of What's New in System Center 2012
What's New in System Center 2012
Changes from SCCM 2007 up to and including SCCM 2012 R2
Perficient is a leading information technology consulting firm serving
clients throughout North America.
We help clients implement business-driven technology solutions that
integrate business processes, improve worker productivity, increase
customer loyalty and create a more agile enterprise to better respond to
new business opportunities.
About Perficient
• Founded in 1997
• Public, NASDAQ: PRFT
• 2012 revenue of $327 million
• Major market locations throughout North America• Atlanta, Austin, Boston, Charlotte, Chicago, Cincinnati, Cleveland, Columbus, Dallas,
Denver, Detroit, Fairfax, Houston, Indianapolis, Minneapolis, New Orleans, New York, Northern California, Philadelphia, Southern California, St. Louis, Toronto, Washington D.C.
• Global delivery centers in China, Europe and India
• ~2,000 colleagues
• Dedicated solution practices
• ~85% repeat business rate
• Alliance partnerships with major technology vendors
• Multiple vendor/industry technology and growth awards
Perficient Profile
Business Solutions• Business Intelligence• Business Process Management• Customer Experience and CRM• Enterprise Performance Management• Enterprise Resource Planning• Experience Design (XD)• Management Consulting
Technology Solutions• Business Integration/SOA• Cloud Services• Commerce• Content Management• Custom Application Development• Education• Information Management• Mobile Platforms• Platform Integration• Portal & Social
Our Solutions Expertise
Our Microsoft Practice
Speaker
Bryon BurkhardtLead Microsoft Infrastructure Consultant | Perficient
What is SCCM 2012?
IT AssetIntelligence
Software Update Management
BitlockerSoftware Metering
Support forthe Mobile Workforce
Windows Intune Connector
Settings Management(aka DCM)
Network Access Protection
Power Management
OS Deployment
Antivirus
Self Service
Portal
Remote Control
2007 vs. 2012 Comparison
What was improved on?• Hardware & Software Inventory• Software Distribution• Computer-based targeting• User-based targeting • App-V Package Deployment• 3rd Party Application• Software Metering• Administrator Console• Status Reporting• Agent Managed• Integrate with Active Directory• Discovery of Computers• Operating System Deployment• Task Sequence• Maintenance Windows• Desired Configuration Management• Internet-based Client Management• Integration with Windows Server 2008 Network
Access Protection• Intel vPro Intergration• Power Management• Windows Mobile Device Management
What's new in 2012?• Automatic Client Health Remediation• State-based Application Distribution• Self-service Portal• Xen-App Package Deployment• Uninstallation Via Software Center• User-Device Affinity • Distribution Point Groups• Boundary Groups• Application Revision History• Content Management• Automatic Software Updates Deployment Rules• Automatic Clean-up of Superseded and Expired
Updates• Collection-Based Policies• User-friendly ribbon• Automatic Boundary Discovery• Forest Discovery• Offline Servicing of OS Image• Role-based Access Control• User Power Management Opt-out • Non-Windows Mobile Device Management
SCCM 2012 Hierarchy Redesign
Real World Examples 2007 Global Design
Real World 2012 Design
2007 vs. 2012 Comparison
Server Type Count License
Central Administration Site
1Configuration Manager Server 2012 with SQL Server Technology
Primary 3Configuration Manager Server 2012 with SQL Server Technology
Secondary 9 No SCCM license is required
Distribution Point 135No license is required above the Client ML
Workstation Clients
10,500
Configuration Manager Client ML
Child Primary 8Configuration Manager Server 2012 with SQL Server Technology
Server Type Count License
CAS (role changed)
0Configuration Manager Server 2012 with SQL Server Technology
Primary 1Configuration Manager Server 2012 with SQL Server Technology
Secondary 0 No SCCM license is required
Distribution Point 57No license is required above the Client ML
Workstation Clients
10,500
Configuration Manager Client ML
Child Primary (No More)
0
2007 2012
• No more cross WAN SQL replication• Major reduction in infrastructure• Major reduction in license cost • Simplified role-based management for secure delegation
Infrastructure Promises
Modernizing Architecture• Minimizing infrastructure for remote offices• Consolidating infrastructure for primary sites• Scalability and data latency improvements
• Central Administration Site is just for administration and reporting – other work distributed to the primaries as much as possible
• File processing occurs once at the primary site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)
• System-generated data (HW Inventory and Status) can be configured to flow to CAS directly
Infrastructure Promises
Be Trustworthy• Interactions with SQL DBA are consistent with ConfigMgr
2007• ConfigMgr admin can monitor and troubleshoot new
replication approach independently
• To manage any clients
• Add more primary sites for:
• Scale (more than 100,000 clients)
• Reduce impact of primary site failure
• Local point of connectivity for administration
• Political reasons
• Content regulation
• Decentralized administration
• Logical data segmentation
• Client settings
• Language
• Content routing for deep hierarchies
When Do I Need a Primary Site?
Reducing Primary Sites
Unique ConfigMgr 2007 primary site for:
ConfigMgr 2012 solutions (no unique primary sites):
Decentralized administration Role based administration
Logical data segmentation Role based administration
Client settings Client settings for the hierarchy and unique collections
Language Language packs
Content routing for deep hierarchies
Secondary sites or distribution points
• ONE Distribution Point– PXE Service Point – Increased scalability beyond the ConfigMgr 2007
limit of 75 PXE service points per site– Multicast option– Throttling and scheduling of content to that location– Pre-stage of content and specify specific drives for storage
• Improved Distribution Point Groups– Manage content distribution to individual distribution points or groups– Content automatically added or removed from distribution points based
on group membership– Associate distribution point groups with a collection to automate content
staging for software targeted to the collection
• No Branch DPs - DPs can be installed on clients and servers now
Infrastructure Changes: Content
Boundaries
• Boundaries represent network topology –used to optimized network utilization
• Clients use boundaries to:– Automatically determine site assignment– Locate the best management point (MP)– Locate the best distribution point (DP) or
state migration point (SMP)• Define separate boundaries for client activities
versus content
Boundary Management
• Automatically created with the Forest Discovery method– Discovers AD Sites, IP Subnets, IPv6 Prefix type boundaries– Can automatically add as boundaries immediately or add later
• Boundaries are members of one or more groups:– Groups support: site assignment, site system look-ups or both– Create group with boundaries in one step– Add boundaries to an existing group– Multi-select and reflective views supported
Simplified Hierarchical Infrastructure
Central Admin Site
Primary Sites Secondary Sites
Central primary site admin
Client management & settings
Content routing
Reporting 100K clients per site
Distributions points
Delegated Administration
Requires SQL server
Language Packs
Lack of local administrator
Support distributed organizational boundaries
Collection Enhancements
Resources security based on collection, not site• Collection
scopes
Reduce complex query logic• New
membership rules: exclude and include other collections
Easier to organize collections• Organizational
folders for collectionsImproved UI
validation for user-centric scenarios• Device and
User Collections
SCCM 2012 Collections
Role-Based Administration
• Central management for security• Role-based administration lets you map the organizational roles of
your administrators to defined security roles:
• Removes clutter from the console– Supports “Show me what’s relevant to me” based
on my security role and scope
Functionality ConfigMgr 2007 ConfigMgr 2012
What types of objects can I see and what can I do to them?
Class rights Security roles
Which instances can I see and interact with?
Object instance permissions Security scopes
Which resources can I interact with? Site specific resource permissions
Collection limiting
New Features for Software Distribution in Configuration Manager 2012
Application Model• Incorporates all supported software
types (MSI, Script, App-V, Mobile CAB)
• Greatly improved dependency handling
• Installation requirement rules • Installation detection methods• Application supersedence• Application uninstall
User Device Affinity
Unified monitoring experienceRich end user experience
• Application Catalog• Software Center
Content management• Distribution point groups• Content library• Improved content monitoring
experience• Content validation
Application Model Diagram
Deployment Type
Requirement Rules
Dependencies
Detection Method
End User Metadata
Content
Install Command
The “friendly” information for your users
Keep your apps organized and managed
Workhorse for application
Can/cannot install app
Source files for the app
Is app installed?
Command line and options
Apps that must be present
App-V
Windows Script
Windows Installer (MSI)
Mobile (CAB)
Administrator Properties
General information about the software application
Application Model
• Manage applications; not scripts• Application Management:
– Detection method – Re-evaluated for presence:• Required application – Reinstall if missing• Prohibited application – Uninstall if detected
– Requirement rules – Evaluated at install time to ensure the app only installs in places it can and should
– Dependencies – Relationships with other apps that are all evaluated prior to installing anything
– Supersedence – Relationships with other apps that should be uninstalled prior to installing anything
– Update an app – Automatic revision management
Feature Configuration Manager 2007 Configuration Manager 2012
Create/Model Software PackageProgram
Application and Deployment Types
Deploy Software Advertisement (Install Status) Deployment (state based) via detection method
Targeting Collection rules (Server) Requirement rules (Client)
User Targeting None or limited User Device Affinity
Client User Experience Run Advertised Programs Software Center
Software Install from Web site None Software Catalog
Content Management None or limited Content library
ConfigMgr 2007 to 2012 Comparison: App Model
• Browse and search for software– Fully localized for site and applications– Search via category or name
• Install software– Direct self-installation from software catalog– Leverages full infrastructure for content and status– Automatic installation upon approval
• Request applications– Request approval for software– View request history
Software Catalog:User Targeted Available Software
SCCM 2012: Software Catalog (Client)
SCCM 2012 Self Service Portal
User Driven Application Management
On Demand Installation
1 •User clicks “install” on catalog item
2 •Web site checks user’s permissions to install
3 •Web site requests Client ID from ConfigMgr client agent and passes it to site server
4 •Server creates policy for the specified client and app and passes it to client
5 •Client agent evaluates requirements from the policy and initiates installation
6 •Client agent completes installation process and reports statusAgent
Web Site
Melissa
Site ServerProcess Flow
Configuration Manager 2007 Configuration Manager 2012Optimized for system management scenarios Still committed and focused on system
management scenarios
Challenging to manage users:• Forced to translate a user to a device• Explicit: run a specific program on a specific
device
Embrace user-centric scenarios:• Moving to a state based design for apps,
deployments, content on DP’s• Full application lifecycle model. install,
revision mgmt., supersedence and uninstall
Software distribution is a glorified script execution
• Understand and intelligently target the relationships between user systems
• Management solution tailored for applications
System and User-Centric: Paradigm Shift
User-Centric – Operating System Deployment
Support for new software distribution features during operating system deployment
– Evaluate application requirement: Rules, dependencies and supersedence
– User device affinity support: Install applications deployed to the primary user
• As Citrix XenDesktop and Microsoft RDS integrates, then:– Conditional rules for application deployment are available
(Desktop Type, Pool Name)– Gather inventory from Guest VM for broker site name, desktop
type and pool name and exposed for compliance monitoring and inventory reports
– ConfigMgr uniqueness is persisted through pooled VM shutdown and startup
• Randomization of schedules automatically for any client:– Hardware inventory scan– Software inventory scan– Software update scan, download and install
User-Centric – Understanding Virtual Desktop Platform
• Offline Servicing of Images• Support for component based servicing compatible updates• Uses updates already approved
• Boot Media Updates• Hierarchy wide boot media – no longer need one per site• Unattended boot media mode – no longer need to press “next”• Use pre-execution hooks to automatically select a task sequence
– no longer see many optional task sequences
• USMT 4.0: UI integration and support for hard-link, offline and shadow copy features
Operating System Deployment
SCCM Task Sequences - The Cook Book
Phase 1: Monitor•Enable client management agent•Begin monitoring usage and activity
Phase 2: Plan•Continue monitoring on usage and activity•Begin to develop power plan
Mid-Month:•Power plan has been confirmed
Phase 3: Apply Power policy•Begin applying power plan
Phase 4: Compliance & Analyze•Review before and after usage and activity•Determine savings in Kwh and Co2 saved
Non-Peak & Peak
Power Management
Settings Management
• Unified settings management across servers, desktops and mobile devices
• ConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can “set” for registry, WMI and script-based
• Improved functionality: – Copy settings– Define compliance SLAs for baselines to trigger console alerts– Richer reporting to include troubleshooting, conflict, remediation
information• Enhanced versioning and audit tracking
– Ability to specify specific versions to be used in baselines– Audit tracking includes who changed what
Administrator Experience
• Common look and feel across system center products
• Improved discoverability• Only show what is relevant to
the administrative role• Complete scenarios within the
console• Simplified navigation• Manage App-v• Manage Bitlocker• Manage Virus Scan/Malware
Forefront Endpoint Protection 2010
• Built on top of Microsoft® System Center Configuration Manager
• Supports all System Center Configuration Manager topologies and scale
• Facilitates easy migration
• Deploy across various operating systems Windows® client and Server
• Protection against all type of malware
• Proactive security against zero day threats
• Productivity-oriented default configuration
• Integrated management of host firewall
• Backed by Microsoft Malware Protection Center
• Unified management interface for desktop administrators
• Effective alerts
• Simple, operation-oriented policy administration
• Historical reporting for security administrators
Ease of Deployment Enhanced Protection Simplified Desktop Management
One infrastructure for desktop management and protection
SQLReportingServices
(or File Share)
ConfigMgrSoftwareDistribution
ConfigMgrDesiredConfigurationManagement
ConfigMgr SiteServer & DB
DATA
Config. /Dashboard
Reports
EVENTS
Desktops, Laptops, and Servers running ConfigMgr Client & FEP 2010
TELEMETRY
SpyNet
FEP Architecture
What’s New in SCCM 2012 R2
Site Installation and the Configuration Manager Console
Sites and Hierarchies
Migration
Client Deployment and Operations
Software Deployment and Content Management
Monitoring and Reporting
IT
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows 8 RTWindows 8.1
Windows Phone 8iOS, Android
Single AdminConsole
Windows Intune Integrated with System Center 2012 R2 Configuration Manager
• Intune provides cloud-based infrastructure to provide settings management and software distribution to mobile devices.
• All administrative tasks are performed via Configuration Manager console.
Windows Intune Integrated with System Center 2012 R2 Configuration Manager
Platform Support
New Platforms• Windows 8 RT• Windows Phone 8• iOS (5.x, 6.x)• Android (2.1 and later)• Windows 8.1 (x86/x64 and RT)
Features fully integrated into ConfigMgr• Over the air device enrollment• Available user targeted applications• User and device settings management• Device inventory• Remote device retirement• Remote device wipe (full and selective)• Company branding• Web apps and remote apps• VPN/Wi-Fi/certificate profiles• Additional settings
OS Platform Management Agent End User Experience
Windows 8.1 PC ConfigMgr Agent Or
Management Agent(OMA-DM)
Software Center/Application Catalog
Windows Company Portal app
Windows PC (Win8,Win7,Vista,XP)
ConfigMgr Agent Software Center/Application Catalog
Windows RT Management agent (OMA-DM) Windows Company Portal app
Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app
iOS Apple MDM Protocol Native iOS Company Portal App
Android Android MDM agent (OMA-DM) Native Android Company Portal App
Mac ConfigMgr Agent Limited self service experience
Linux/Unix ConfigMgr Agent N/A
Platform Support in ConfigMgr
Questions?
Customized Microsoft Training for IT Pros & End Usersbit.ly/1cy8WV5
Webinar11.6Windows Azure for IT Prosbit.ly/19lyvFl
Our Microsoft blogblogs.perficient.com/microsoft
Follow us on Twitter@Perficient_MSFT
Webinar10.30Microsoft Lync: Integrating with Ciscobit.ly/15VFzIz
Connect with Perficient