Discover Great Reasons to move to ConfigMgr 2012 SP1
-
Upload
microsoft-technet-belgium-and-luxembourg -
Category
Technology
-
view
2.035 -
download
2
description
Transcript of Discover Great Reasons to move to ConfigMgr 2012 SP1
Configuration Manager 2012 SP1Overview
Nico [email protected] Center Program Lead
[email protected] Solutions Professional
@nsienaert
Configuration Manager Pilars
Empower Users
Empower people to be more productive from anywhere on
any device.
Simplify Administration
Improve IT effectiveness and efficiency.
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Empower Users
Empower people to be more productive from anywhere on
any device.
Windows 8 devices
Windows 8 deployment
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Simplify Administration
Improve IT effectiveness and efficiency.
Windows 8 apps
Windows Embedded and WTG
Heterogeneous devices
USE LITE TOUCH - LTI(MDT)
USE ZERO TOUCH - ZTI (SCCM & MDT)
DO YOU REQUIRE USER INPUT?
NO
USE ConfigMgr AND MDT WITH UDIYES
DO YOU HAVE ConfigMgr 2007?
Multiple Windows 8 Deployment Flavours
USE LITE TOUCH - LTI(MDT)
DO YOU HAVE ConfigMgr? YES
NO YES
NO
ConfigMgr & MDT better together!Before you start to script\create something on top of
ConfigMgr. Just have a look at MDT and there
is a big chance that the functionality is already in there!
OSD Specifics
• Windows PE 4.0
WinPE Components are listed
Only supported with SP1
• Task Sequence Deployment Types
Make Task Sequences visible (ex. Only via Windows PE)
• Skip Silverlight during Task Sequences
/SKIPPREREQ
• BitLocker ehancements
TPM and PIN
Used Space BitLocker
• Prestage Media
BEFORE only WIM; NOW Applications, Packages,...
Many types of devices
Windows 8
Heterogeneous Devices
Client Management: 2 solutions
Devices
Administrative Experience
Management Infrastructure
Windows PCs iOS, Android
EAS EAS
Client Management: Single Pane of Glass
Service Pack 1
Devices
Administrative Experience
Management Infrastructure
Windows RT, Windows Phone 8, iOS, Android
Windows 8(x86/64, Intel
SoC)
Mac OS X, Unix/Linux
Single pane of glass
Mobile Device Management in a glance
Feature iOS Windows RT Windows Phone 8
Android
Inventory Y Y Y Y
Settings Management
Y Y Y Y
Software Distribution
Y Y Y Y
Remote Wipe Y y Y y
Inventory and Remote Wipe specifics
• Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync (for Android)
• No software inventory for mobile devices to respect the Information Worker’s privacy on their own device
Wipe option depends on the platform and management type (EAS or native)
• Complete wipe and reset to factory defaults – iOS and WP8• EAS mailbox removal only - Android• Only EAS mailbox removal if managed through EAS - Windows RT or Pro (x86)• No wipe - Windows 7 and below (no change from wave C)
Inventory
Remote Wipe
App Delivery in the enterprise
Distribute applications to new platforms
• Support for Windows 8 , Windows RT and Windows Phone 8
• iOS devices managed through iOS MDM and can install LOB, Apple app store or web apps
• Android and WP7 devices are still managed by EAS, but can install LOB, Google play or web apps
TM
TM
Windows 8 App Delivery in the Enterprise
Self-Service Portal (SSP)
Side Load from Your Infrastructure
Windows 8
Download from Windows Store
Public Apps
Management Infrastructure Cloud
Custom LOB AppsApp Delivery
Windows RT
Troubleshoot Windows 8 App Deployment• Is side-loading enabled?
Make sure registry is enabled to allow trusted application installationHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1Right SKU, domain joined, or is it “activated”?
• Make sure code signing root certificate is installed on client“Trusted Root Certification Authorities” store
• Manually install signed application add-appxpackage \\fileserver\Contoso_Expense.appx [-DependencyPath <string[]>]
• Application management client side log files
About Side-Loading
• Can be enabled by joining machine to the domain
AllowAllTrustedApps = 1
• To enable sideloading on a Windows 8 Enterprise device that is not domain-joined, you must use a sideloading product activation key
Windows 8 Deep Link Deployment Type Goal: Enable ConfigMgr “enterprise application catalog” to help
discovery of business apps in Windows Store
Supports native application model features Targeting Recommendation: Users as available. Install/uninstall actions Dependency/Supersedence relationships User can browse the ConfigMgr application catalog and launch app installation from Windows
Store. Measure compliance on application with Windows app package DeepLink DT
Windows Store needs to be allowed and a Live ID is required
http://scug.be/nico/2012/10/31/configuration-manager-2012-sp1-windows-8-deep-link-issue/
Windows 8 AppsNico Sienaert
DEMO
Metered Connection Support
Block (default)• Treat a metered
network as disconnected
Limit• Allow policy polling • Uploads client state • User initiated
installations permitted (with warning)
• Deadline content downloads if deployment was set to allow
Allow• A metered network is
treated as if it were a non-metered network
• Still blocked while roaming
End User Experience
Windows To Go
Scenarios Contractors Bring Your Own Device Travel Light Shared PCs
Create Build a WTG image using
Configuration Manager
Provision Admin can push deploy WTG to a
removable device End User can pull provision WTG
Manage Updated and managed same as a
physical laptop/desktop Admin can determine if device is WTG
or not
Embedded Device Support in SP1
Natively extend to better support write filters
Embedded specific DCM extensions
OSD optimized for embedded devices
In short, WEDM 2012 is no more
User Data and Settings Management
• Consistent experience and access data on Windows
• New ConfigMgr feature to manage:• Client Side Caching• Roaming User Profiles• Folder Redirection
• ConfigMgr applies policies at user logon
• CcmUsrCse.log
Windows To Go &User Data Settings Mgmt
Nico Sienaert
DEMO
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Reduced Infrastructure Requirements
Flexible hierarchy management
Content distribution changes
Real-time administrative actions
Endpoint Protection enhancements
Hierarchy Expansion
Primary Site
Current CorpPrimary Site10,000 Clients
Central Administration Site
Scenario 1: Hierarchy Expansion Must be a
new installation
Scenario 2:Merger
Primary Site
New Corp Primary Site5,000 Clients
Migration
Hierarchy Expansion
Primary Site
Current CorpPrimary Site10,000 Clients
Central Administration Site
Scenario 1: Hierarchy Expansion
Scenario 2:Merger
Primary Site
New CorpPrimary Site5,000 Clients
Migration
Primary Site
New Server
http://technet.microsoft.com/en-us/video/configuration-manager-2012-plan-deploy-and-migrate-from-configuration-manager-2007.aspx
Distribution Point in Windows Azure
• Provision from the admin console
• Most capabilities as on-prem. Except:• OSD and task sequences• Custom updates• App-V streaming
• Full BranchCache support• In console content monitoring• Ability to monitor storage and traffic out usage• Content is fully encrypted
http://blog.coretech.dk/kea/configmgr-cloud-distribution-points/
PR1
MP
MP DP
Windows Azure
Distribution Point
Microsoft Update
Policy
Content
FIREWALL
Corporate Network
Database Replication Control
• When: Schedule replication for a given link
• What: SQL Server distributed views• Hardware Inventory• Software Inventory and Metering• Status
• How much: Compression for SQL Server data
Software Update Point
• Multiple SUPs per site, also for non-trusted forests• Elimination of the requirement of NLB• Somewhat like MPs (SUP on scan failures <> MP randomized)• Client Features
• Redirection of clients to Windows Update• Intergration with Windows 8 Secure Boot • Streamlined Definition Updates (3x /day)• Merged Policies• Disable Client UI Completly• Real-time actions from the console
Fast Channel Client Notification
http://blogs.technet.com/b/configmgrteam/archive/2012/09/27/fast-channel-for-system-management.aspx
• The communication channel is push-based instead of dependent on the client policy polling interval. By using client notification, clients can establish a persistent connection with a management point.
• In SP1, all System Center Endpoint Protection operations and the “Download Computer Policy” client action are implemented by using this channel.
• If the connection is dropped (e.g. because of a network issue), notification agent will attempt to reconnect.
Real-Time ActionsNico Sienaert
DEMO
Simplify Administration
Improve IT effectiveness and efficiency.
End user client UI improvements
App-V 5.0
PowerShell
Alerts
Cross Platform Support
End User UI specifics
• Software Center multi-select support• Except for Task Sequences
• Firefox support
• Application Catalog• Complelty relies on Silverlight 5, no ActiveX
anymore
Application Virtualization
App-V 4.6 SP2 support:Needed for Windows 8Same feature functionality
App-V 5.0:New Deployment Type for App-V 5.0 applicationsIntegrated with App-V Connection
• Easy “Dynamic Suite Composition” with Connection Groups
• 2 supported versions
Powershell & Alerts
• ConfigMgr PowerShell provider• Can be launched from the Admin Console • Requires PowerShell 3.0 • Examples:
• Get-CMDeployment• New-CMDeviceCollection• Set-CMAlert• Remove-CMSoftwareUpdate
• All alert types support email notifications
• not only antivirus anymore• Admin can ignore specific alerts
Connection Groups, multi-select & Powershell
Nico Sienaert
DEMO
Cross Platform principles
• All configuration management from ConfigMgr console and workflows
• Focus on Linux and UNIX server configuration management scenarios
• Manage company owned Macs and allow for personal Macs
• Stay current - support most recent and relevant platforms
• Prioritize machine centric scenarios
• Do not require domain join for management
Supported Operating Systems
Mac Client Linux Server UNIX Server
OS X Red Hat SUSE AIX HP-UX Solaris
Configuration Manager2012 SP1
Endpoint Protection2012 No Plans
MAC OS X Specifics Configuration Manager native client
10.6 (Snow Leopard) 10.7 (Lion)
PKI Required Deploy machine certs HTTPS Enrollment points CMENROLL
No Client PushNo Pull method for MACCMAPPUTIL
This tool will help to put MAC files (dmg, mpkg, pkg & app) into a format that ConfigMgr understands (DT MAC OS X)
http://www.jamesbannanit.com/2012/10/enrol-mac-os-x-clients-in-configuration-manager-2012-sp1/
http://www.jamesbannanit.com/2012/11/deploy-os-x-applications-with-configuration-manager-2012-sp1/
MAC OS X FeaturesFeatures :• Discovery – Find Mac’s in Active Directory and the Network• Hardware Inventory – Inventory and audit Mac OS X machines• Software Inventory – Determine list of installed software • Settings Mgmt - Ensure Mac OS X machines comply with
company policies• Application Deployment- required/push software distribution
via app model• Software Updates Mgmt – via Software Distribution and
Settings mgmt.
Out of scope:• Self Service Software Portal – Ability for user to select what
software to install• Operating System Deployment • Remote Control -> achieved through Lync (desktop sharing), or
other 3rd party solutions
Supported Linux\Unix OS’s
Solaris
Version 9 (SPARC)
Version 10 (SPARC/x86)
Version 11 (SPARC/x86)
Red Hat Enterprise Linux
Version 4 (x86/x64)
Version 5 (x86/x64)
Version 6 (x86/x64)
<all>
HP-UX
Version 11iv2
(PA-RISC/IA64)
Version 11iv3
(PA-RISC/IA64)
AIX
Version 5.3 (Power)
Version 6.1 (Power)
Version 7.1 (Power)
SUSE Linux Enterprise Server
Version 9 (x86)
Version 10 SP1
(x86/x64)
Version 11 (x86/x64)
<all>
Linux \ Unix
• Newer versions of OS will be supported within 180 days of release
• Old versions supported as long as vendor provides support
• Broader Linux support being evaluated for future releases
• Hardware Inventory
• Software Deployment• Using the Package and Program model• Deploy/patch software, deploy OS patches and run
maintenance scripts that target a collection
• No Settings Management (yet)
• Consolidated reports
Linux \ Unix
• Client Push is not supported• Mount the CM Client Files on a folder local to the Linux• Install the Agent• Unmount
• Commands• Install command: ./install -mp <Server FDQN> -sitecode <XXX>
INSTALLER.tar• Pol policy: same defaults (1 hour) or run Ccmexec -rs policy
• Ccmexec -rs hinv
Linux Red Hat 6.3
Endpoint Protection for MAC\Linux
Features:• Anti-virus and Anti-malware support• Machines connect directly to internet service for security content• Client UI for user visibility and control• SCOM monitoring pack for Linux with management control
Platforms:• Apple Mac (10.6-10.7). • Linux Server: Redhat Enterprise 6, SuSE Linux 11
Download, Support and License:• Available now on Microsoft Volume License site• Licensed as part of core CAL
SCEP Linux Monitoring Pack
Summary of cross platform supportFeature UNIX/Linux Mac
Hardware Inventory
Inventory of Installed Software (OS Native - like ARP)
Software Deployment: Software, Updates, OS patches
Secure and Authenticated communications Integrated reporting Settings Management (aka DCM) Internet-Based Client Management (IBCM) Remote Control 3rd party Lync client
Push Install of Native Agent OS Deployment with OS native tools ConfigMgr integrated Update management
Supported Not Supported
MISC
• Recover Secondary Site from the Sites node
• Always On Always Connected
• Support of SQL Server 2012
• Package Conversion Manager 2.0
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Thank you!