2011 11-28 sccm-2012_technical_overview
description
Transcript of 2011 11-28 sccm-2012_technical_overview
Configuration Manager 2012: Technical Overview
Martin WeberTechnology Solution Professional (TSP)Microsoft Switzerland
classic .msi
App-V Applications
IT AssetIntelligence Software Update
Management Software Metering
Support forthe Mobile Workforce
What is in SCCM 2012?
Settings Management(aka DCM)
Network Access Protection
Power Management
OS Deployment
Antivirus
Selfservice
Portal
Remote Control
Configuration Manager 2012
Unify InfrastructureEmpower Users Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedomOptimized, personalized application experienceApplication self-service
Mobile, physical, and virtual managementSecurity and complianceService management integration
Comprehensive client management capabilitiesImproved administrator effectivenessReduced infrastructure complexity
New Features for Software Distribution in Configuration Manger 2012
Application ModelIncorporates all supported software types (MSI, Script, App-V, Mobile CAB)Greatly improved dependency handlingInstallation requirement rules Installation detection methodsApplication supersedenceApplication uninstall
User Device Affinity
Unified monitoring experienceRich End user experience
Application CatalogSoftware Center
Content managementDistribution Point groupsContent libraryImproved content monitoring experienceContent validation
System and User-Centric Configuration Manager 2007 Configuration Manager 2012Optimized for Systems Management scenarios • Still committed and focused on System
Management scenarios
• Challenging to manage users• Forced to translate a user to a device• Explicit: run a specific program on a specific
device
• Embrace User Centric Scenarios• Moving to a state based design, for apps,
deployments, content on DPs.• Full application lifecycle model. Install,
Revision Mgt, Supersedence and Uninstall
• Software Distribution is a glorified script execution • Understand and intelligently target the relationships between user systems
• Management solution tailored for applications
Embracing User Centric: Administrator Promises
Let the administrator think user firstDeploy applications to usersManage users beyond the desktop
SCCM maintains relationships Between Users, Systems and Apps to solve core user targetingSet conditions to control installations Schedule ‘Pre-deploy’ to users’ primary devices for WoL, off-hrs, workgroup, etc.
Application model captures ‘administrative intent’
Application Model
Manage applications; not scriptsApplication Management:
Detection method – re-evaluated for presence:Required application – reinstall if missingProhibited application – uninstall if detected
Requirement rules – evaluated at install time to ensure the app only installs in places it can, and shouldDependencies – relationships with other apps that are all evaluated prior to installing anythingSupersedence – relationships with other apps that should be uninstalled prior to installing anythingUpdate an app – Automatic revision management
Requirement Rules in 2012State-based Application Management
Properties of users and/or devices that makes delivering software appropriateRules are per deployment typeEvaluated in real time on the clientEvaluated before content is downloaded to the client
Dependencies
Other deployment types that must be present in order for the current application deployment type to be installed1 to n DependenciesThis AND this AND this OR this
.NET Framework either 3.5 or 4.0 andBrowser either IE7 or IE8, install IE8 if none present
Dependencies are modeled as applications and can also be deployed independentlyTwo dependency uses:
Dependency not present, don’t install applicationsDependency not present, auto install dependent application
User Centric – Operating System Deployment
Support for new software distribution features during operating system deployment
Evaluate application requirement rules, dependencies and supersedenceUser Device Affinity support – install applications deployed to the primary user
What is User Device Affinity?
Is the key to helping our customers move to User Centric Software Distribution
Provides the ability to define a relationship between a user and a device Allows the admin to think “user first”, while also ensuring the application not installed everywhere the user logs on
Configuration Manager 2012 supports:Single primary user to primary deviceMultiple primary devices per userMultiple primary users per device
The system allows both the administrator and user to define this relationship
Benefits of User Device Affinity
Allows the deployment of software based on the nature of the relationship between the user and device
For example:Only install the MSI version of Microsoft Visio if the device is a primary device of the targeted user, otherwise don’t installInstall the MSI or App-V version of Microsoft Office when the device is a primary device of the user targeted; install the Citrix XenApp version if the device is not a primary device
Enables Pre-Deployment of Software: Allows software to be pre-deployed on a user’s primary devices whether or not the user is logged in
Application Model Diagram
Deployment Type
Requirement Rules
Dependencies
Detection Method
End User Metadata
Content
Install Command
The “friendly” information for your users
Keep your apps organized and managed
Workhorse for application
Can/cannot install app
Source files for the app
Is app installed?
Command line and options
Apps that must be present
App-V
Windows Script
Windows Installer (MSI)
Mobile (CAB)
Administrator Properties
General information about the software application
ConfigMgr 2007 to 2012 Comparison – App Model
Feature Configuration Manager 2007 Configuration Manager 2012
Create/Model Software PackageProgram
Application and Deployment Types
Deploy Software Advertisement (Install Status)
Deployment (state based) via detection method
Targeting Collection rules (Server) Requirement rules (Client)
User-targeting None or limited User Device Affinity
Client User Experience Run Advertised Programs Software Center
Software Install from Web site
None Software Catalog
Content Management None or limited Content library
Enhanced Detection Methods
Provides more granular control over detecting the presence of an applicationIncludes File, Windows Installer, and Registry providers
File – File and folder properties including exists, version, date/time, size and moreWindows Installer – Product code and versionRegistry – Key exists, value exists, comparisons of registry values
Complex expressions containing multiple rules can be built and grouping logic applied
Application Lifecycle
New Application
Update Application
Replace ApplicationRetire Application
Remove Application
Application Installation
Application Revision
Application Retirement Application Supersedence
Application Uninstall
What is Application Supersedence
Definition: The ability for the admin to create a relationship and declare one application newer than another previous application. Ultimately resulting in the newer application replacing the older application for a user on a deviceWhy is this feature important to our customers?
Provides the ability to ensure users have the latest version of softwareProvides the ability in one process to migrate users from one application version to another version/application
Overall goals Utilize supersedence conceptual models from Software Updates and WUAllow admins to test/pilot newer application, prior to production release. While permitting the older application to continue to exist for the majority of usersAllow the admin to eventually halt installations of the older application and move users to the newer applicationProvide the ability to uninstall OR upgrade previous versionAbility to offer users only the latest release of an app in the software catalog or software center. Ability to create new application or version and make sure we do not get in a “race condition” between conflicting detection methods
Supersedence and the End User Experience
User only sees latest application version in Software
Catalog (by default)Required applications are always the enterprise’s latest versionAvailable Applications installed by user can be automatically updated
Simple Example
Scenario and Assumptions2 applications:
Adobe Reader 9 supersedes Adobe Reader 8
Both applications deployed to same device
If client has Adobe Reader 8 already installedassuming requirements are met for Reader 9, Reader 8 will be replaced with Reader 9 (either uninstalled or updated)
If client has Adobe Reader 9 already installedevaluates both 8 and 9 detection methods, 9 is present, 8 is not – but since 9 supersedes, it doesn’t try to install 8
If neither are installed, only Adobe Reader 9 will be installed
Create an ApplicationApp-V Client or Adobe Flash Player ActiveX
Martin WeberTechnology Solution ProMicrosoft Switzerland
demo
Content Monitoring
Compliance of content distributed in multiple views
Application, package, etc. levelDistribution point group levelDistribution point level
Ability to validate content on a distribution point
Available as a set schedule or on demandUpdates package compliance in the monitoring node
Managing users means managing beyond desktops with “Single pane of glass” administration Reaching beyond Windows platforms
User Centric – Device Management
“Depth”
Broad feature setCommon administration model for mobile devices, desktops, and servers
“Light”
Provides basic management for all Exchange ActiveSync (EAS) connected devices
• Secure over-the-air enrollment
• Monitor and remediate out-of-compliance devices
• Deploy and remove applications
• Inventory
• Remote wipe
(WinCE 5.0, 6.0; Windows Mobile 6.0, 6.1, 6.5.x)
7NOKIA
• EAS-based policy delivery
• Discovery and inventory
• Settings policy
• Remote Wipe
Light Management
Depth Management
Mobile Device Management
“Depth” Mobile Device Management
Establishes mutual trust between the device and the management serverExtend and align mobile device management
Integration Mobile Device Manager and SCCM featuresEnable secure, compliant mobile devices
Secure over-the-air enrollmentMonitor and remediate out-of-compliance devicesDeploy and remove applications // Inventory
Devices enrolled and provisioned securely over-the-air
“Light” management via Exchange
Provide basic management for all Exchange ActiveSync (EAS) connected devicesFeatures Supported:
Discovery/InventorySettings policyRemote Wipe
Supports on-premise Exchange 2010 and hosted Exchange
Embracing User Centric: End-User Promises
“A Fitting End-User Experience”Web based ‘Software catalog’Easily search, install or request softwareChoose software intelligently:
Clear, consistent information about applications and their impact, supported by App model
User preferences to control ConfigMgr behaviors:
“My business hours” – used to control when to install softwarePresentation mode – don’t notify when presentingRemote control settings – when allowed, end user can control their experience
Software Catalog:User Targeted Available Software
Browse and search for softwareFully localized for site and applicationsSearch via category or name
Install SoftwareDirect self-installation from software catalogLeverages full infrastructure for content and statusAutomatic installation upon approval
Request ApplicationsRequest approval for softwareView request history
On Demand Installation
1• User clicks “install” on Catalog item
2• Web site checks user’s permissions to
install
3
• Web site requests Client ID from ConfigMgr client agent and passes it to Site server
4• Server creates policy for the specified
client and app and passes it to client
5• Client agent evaluates requirements
from the policy and initiates installation
6• Client agent completes installation
process and reports status Agent
Web Site
Melissa
Site ServerProcess Flow
SCCM 2012: Software Catalog in Kiosk (Client)
Configuration Manager 2012
Unify InfrastructureEmpower Users Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedomOptimized, personalized application experienceApplication self-service
Mobile, physical, and virtual managementSecurity and complianceService management integration
Comprehensive client management capabilitiesImproved administrator effectivenessReduced infrastructure complexity
Administrator Experience
• Intuitive ribbon interface• Common look and feel
across System Center products
• Improved discoverability• Role-Based
Administration: Only show what is relevant to the administrative role
• Complete scenarios within the console
• Simplified navigation
Role-Based Administration
Central management for securityRole-Based Administration lets you map the organizational roles of your administrators to defined security roles:
Removes clutter from the consoleSupports “Show me what’s relevant to me” based on my Security Role and Scope
Functionality ConfigMgr 2007 ConfigMgr 2012
What types of objects can I see and what can I do to them?
Class rights Security roles
Which instances can I see and interact with?
Object instance permissions Security scopes
Which resources can I interact with? Site specific resource permissions
Collection limiting
Simplified Hierarchical Infrastructure
Central Administration Site
Primary Sites Secondary Sites
Central primary site administration
Client management & settings
Content routing
Reporting 100K clients per site
Distributions points
Delegated Administration
Requires SQL server
Language Packs Lack of local administrator
Support distributed organizational boundaries
Collection Enhancements
Resources security based on collection, not site• Collection
scopes
Reduce complex query logic• New
membership rules: Exclude and include other collections
Easier to organize collections• Organizationa
l folders for collectionsImproved
UI validation for user centric scenarios• Device and
User Collections
SCCM 2012 Collections
Collections
demo
Application Evaluation Flow
Requirements met?
New Policy App Install Schedule
Dependencies installed?
Yes
Install dependenciesNo
No
Yes
Install Application
Is installed?
No
Yes
Dependencies installed
Benefits of Multiple Deployment Types
Flexible way to deliver different installation formats based on conditionsNo restrictions on the number and types of deployment types
Many of the same type of deployment types could be added to an application each representing a different flavor or transformApp-V or Remote Desktop Services app might go to a guest logged into a kiosk, full MSI to a users primary desktop machine
Built-in deployment typesMSI ScriptApp-VWindows Mobile 6.x
Infrastructure Promises
Modernizing ArchitectureMinimizing infrastructure for remote officesConsolidating infrastructure for primary sitesScalability and Data Latency Improvements
Central Administration Site is just for administration and reporting – Other work distributed to the primaries as much as possibleFile processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)System-generated data (HW Inventory and Status) can be configured to flow to CAS directly
Be TrustworthyInteractions with SQL DBA are consistent with ConfigMgr 2007ConfigMgr admin can monitoring and troubleshoot new replication approach independently
When Do I Need a Primary Site?
To manage any clients
Add more primary sites for: Scale (more than 100,000
clients)
Reduce impact of primary site failure
Local point of connectivity for administration
Political reasons
Content regulation
Decentralized administration
Logical data segmentation
Client settings
Language
Content routing for deep hierarchies
Reducing Primary Sites
Unique ConfigMgr 2007 Primary Site for:
ConfigMgr 2012 solutions (no unique primary sites):
Decentralized administration Role Based Administration
Logical data segmentation Role Based Administration
Client settings Client settings for the hierarchy and unique collections
Language Language packs
Content routing for deep hierarchies Secondary Sites or Distribution Points
Infrastructure Changes: Content
ONE Distribution PointPXE Service Point – Increased scalability beyond the ConfigMgr 2007 limit of 75 PXE service points per siteMulticast optionThrottling and scheduling of content to that locationPre-stage of content and specify specific drives for storage
Improved Distribution Point GroupsManage content distribution to individual Distribution Points or GroupsContent automatically added or removed from Distribution Points based on Group membershipAssociate Distribution Point Groups with a collections to automate content staging for software targeted to the collection
No Branch DPs - DPs can be installed on clients and servers now
Boundaries
Boundaries represent network topology –used to optimized network utilization Clients use boundaries to:
Automatically determine site assignmentLocate the best management point (MP)Locate the best distribution point (DP) or state migration point (SMP)
Define separate boundaries for client activities versus content
Boundary Management
Automatically created with the Forest Discovery method
Discovers AD Sites, IP Subnets, IPv6 Prefix type boundariesCan automatically add as boundaries immediately or add later
Boundaries are members of one or more groups:Groups support: site assignment, site system look-ups or bothCreate group with boundaries in one stepAdd boundaries to an existing groupMulti-select and reflective views supported
Hierarchy View and Site Status
Hierarchy View and Site Status
demo
Configuration Manager 2012
Unify InfrastructureEmpower Users Simplify Administration
Empower people to be productive from anywhere on whatever device they choose
Reduce costs by unifying IT management infrastructure
Improve IT effectiveness and efficiency
Device freedomOptimized, personalized application experienceApplication self-service
Mobile, physical, and virtual managementSecurity and complianceService management integration
Comprehensive client management capabilitiesImproved administrator effectivenessReduced infrastructure complexity
Forefront Endpoint Protection 2010One infrastructure for desktop management and protection
• Built on top of Microsoft® System Center Configuration Manager
• Supports all System Center Configuration Manager topologies and scale
• Facilitates easy migration
• Deploy across various operating systems Windows® client and Server
• Protection against all type of malware
• Proactive security against zero day threats
• Productivity-oriented default configuration
• Integrated management of host firewall
• Backed by Microsoft Malware Protection Center
• Unified management interface for desktop administrators
• Effective alerts
• Simple, operation-oriented policy administration
• Historical reporting for security administrators
Ease of Deployment Enhanced Protection Simplified Desktop Management
FEP Architecture
SQLReportingServices
(or File Share)
ConfigMgrSoftwareDistribution
ConfigMgrDesiredConfigurationManagement
ConfigMgr SiteServer & DB
DATA
Config. /Dashboard
Reports
EVENTS
Desktops, Laptops, and Servers running ConfigMgr Client & FEP 2010
TELEMETRY
SpyNet
Forefront Endpoint Protection 2010
Client Activity and Health
Product integrated health and remediation solutionServer side metrics for evaluating client activity:
Policy RequestsHardwate and software InventoryHeartbeat DDRsStatus Messages
Client side monitoring/remediation for: Dependent Windows components and servicesConfigMgr client prerequisitesWMI Repository and namespace evaluationIn console and Web reporting
‘In-console’ alerts when healthy/unhealthy ratio drops below configurable threshold
Client Activity and Health
Client Activity and Health
demo
Content MonitoringCompliance of content distributed in multiple views
Application, package, etc.. levelDistribution point group levelDistribution point level
Ability to validate content on a distribution point Available as a set schedule or on demand Updates package compliance in the
monitoring node
Software Updates
Auto Deployment RulesUse search criteria to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc.Schedule content download and deployment based on sync schedule or define a separate schedule per rule
State-based Update GroupsDeploy updates individually or in groupsUpdates added to an update group automatically deploy to collections targeted with the group
Operating System Deployment (OSD)
Offline Servicing of ImagesSupport for Component Based Servicing compatible updatesUses updates already approved
Boot Media UpdatesHierarchy wide boot media – no longer need one per siteUnattended boot media mode – no longer need to press “next”Use pre-execution hooks to automatically select a task sequence – no longer see many optional task sequences
USMT 4.0 - UI integration and support for hard-link, offline and shadow copy features
SCCM Task Sequences «The Cook Book»
Phase 1: Monitor•Enable client management agent•Begin monitoring usage and activity
Phase 2: Plan•Continue monitoring on usage and activity•Begin to develop Power Plan
Mid-Month:•Power Plan has been confirmed
Phase 3: Apply Power policy•Begin applying Power Plan
Phase 4: Compliance & Analyze•Review before and after usage and activity•Determine savings in Kwh and Co2 saved
Non-Peak & Peak
Power Management
Settings Management
Unified settings management across servers, desktops and mobile devicesConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can “set” for Registry, WMI and Script-Based Improved functionality:
Copy settingsDefine compliance SLAs for Baselines to trigger console alertsRicher reporting to include troubleshooting, conflict, remediation information
Enhanced versioning and audit trackingAbility to specify specific versions to be used in baselinesAudit tracking includes who changed what
Settings Management
Settings Management
demo
Remote Control
Send Ctrl-Alt-Del to host device to regain previous feature parity
IS BACK!
Migration from ConfigMgr 2007 to 2012
Assist with Migration of Objects
Assist with Migration of Clients
Minimize WAN impact
Maximize Re-usability of x64 Server Hardware
Assist with Flattening of Hierarchy
Built-in Migration Features
Migration Job Types:Object Migration (Collections, software distribution packages, boundaries, metering rules etc.)Collection based Migration (Select a collection and migrate associated objects)
Content functionality:Re-use of existing ConfigMgr 2007 content (Distribution Point sharing)Distribution Point upgrade
Import of ConfigMgr 2007 inventory MOF files
Prepare for Configuration Manager 2012
Flatten hierarchy where possiblePlan for Windows Server 2008, SQL 2008, and 64-bitStart implementing BranchCache with SCCM 2007 SP2Move from web reporting to SQL Reporting ServicesAvoid mixing user and devices in collection definitionsUse UNC (\\server\myapp\myapp.msi) in package source path instead of local path (d:\myapp)
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Related Sessions – Breakout
BA01 Configuration Manager: State of the UnionBA02 Configuration Manager 2007 R3: Technical UpdateBA03 Configuration Manager 2012: Technical OverviewBA04 Configuration Manager 2012: Application Management (Part 1 of 2)BA05 Configuration Manager 2012: Application Management (Part 2 of 2)BA06 Configuration Manager 2012: Migrating from 2007 to 2012BA07 Configuration Manager 2012: Deployment and Infrastructure Technical Overview (Part 1 of 2)BA08 Configuration Manager 2012: Deployment and Infrastructure Technical Overview (Part 2 of 2)BA09 Configuration Manager 2012: Software Update ManagementBA11 Configuration Manager 2012: Settings management (aka DCM)BA17 Virtualizing Configuration Manager – What you need to know and how to get thereBA18 Introduction to System Center Updates Publisher 2011BA19 Configuration Manager 2012: Software Delivery Advanced Topics and TroubleshootingBA24 Configuration Manager 2012: How to Get There and How Your Day Will ChangeBA38 Deploying Configuration Manager 2012 in the Enterprise – Real WorldBG02 Client Health in Configuration Manager 2012 – How Microsoft IT is Using ItBG03 Converting Your Existing Software Packages into the Configuration Manager 2012 Application ModelEA01 Configuration Manager 2012 – Ask the Panel of ExpertsBI02 - Forefront Endpoint Protection Overview: Managing desktop security and antimalware solution with System Center Configuration Manager