Embed Size (px)
Citation preview
Avoid Systems Management Mistakes in the CloudPart 2 of the “Tackle IT Trouble” Webinar Series
Today’s speakersCameron Fuller, MVP
Director of Solutions @ Catapult Systems
@CFullerMVP
Shaun Cassells, MVP
Principal Solutions Engineer @ 1E
@cassells
@cassells
4x Windows & Security MVP
20+ years
Opportunivore
@CFullerMVP
13X Cloud & Datacenter MVP
20+ years
White castles, Gyros, Deep dish
Shaun CassellsCameron Fuller
Which Microsoft Systems management solutions to use when?
Things to avoid
The world is evolving
It’s not onlyConfiguration
Manager…
Which Microsoft Systems management solutions to use when?
66
What tool(s) do you use for Systems Management?
• Microsoft tools (SCCM, Intune, WUfB, Azure Update Management)
• Non-Microsoft tools
• We don’t have one
Poll slide
77
• Systems must be managed whether they are on-prem, in the cloud, or hybrid
• Systems management tools can run on-prem, hybrid, or in the cloud
• Systems must be managed if they are physical or virtual (Windows Virtual Desktop (WVD) as an example)
• Systems management tools cannot be isolated they have to work with IT Service Management (ITSM)
Systems Management doesn’t care if you are in the cloud or not
88
What Microsoft tools are available for Systems Management & what do they do well?
• System Center Configuration Manager (SCCM)
• Strong all-around control of Systems Management for Windows clients and servers including:
• Operating Systems Deployment
• Update management
• Software & Hardware Inventory
• Software distribution with approvals
• Endpoint protection
• Reporting
• Device Management (when integrated with Intune)
99
What Microsoft tools are available for Systems Management & what do they do well?
• Intune
• Cloud based Systems Management for Windows clients & devices including:
• Graph API
• [MDM] Device and Application management (Android, IoS)
• Microsoft Defender ATP
• Autopilot
• Reporting
• Software distribution
• Cloud based with an agent and does not require the on-prem server footprint of SCCM
1010
1111
Security: Staying Current with PatchesMicrosoft gives you options
WSUS
Update management for Windows clients
Includes approval of updates & reduced
bandwidth
Windows Update for Business
(WUfB)
Update management for Windows clients &
servers
Reporting via Update Compliance
Automatic updates
Automatically download and apply updates on
clients or servers
No approvals or controls to when these occur
(really not a good idea especially on servers)
1313
• Azure Update Management
• Patch management for Windows & Linux servers
• Reporting / Dashboarding
Security: Staying Current with PatchesMicrosoft gives you options
Demo
Azure Update Management
1515
• Get the basics working first in your Systems Management
• Apply automation to manual processes
• Then add the spiny things and chrome rims
Start simple
1616
• Everything changes, including Systems Management
• Know which tools are in your toolbox
• Identify what you are trying to do first and then see what tool best does the job
• Use the right tool for the job
• Use existing Systems Management solutions as much as possible IE: You could use PowerShell to update workstations, but why would you?
• The hammer isn’t always the right tool
• Don’t assume that just because you use one tool that it’s the right one for use cases (not everything can/should be done in SCCM)
• There are exceptions
• Sometimes the built-in tools are not sufficient. In those cases use Azure Automation or Azure Functions for a temporary investment to supplement existing tools.
Best practice for which tools to use
1717
What Microsoft tools are available for Systems Management & when to use them?
Things to avoid…
Mistakes we’ve made so you don’t have to
1919
• Modern Desktop management is only as good as your environment:
• DNS
• Active Directory
• Networks
• Cloud Computing
• OS versions
• Implement effective grooming/cleanup
• Modern Management is about doing best practices of everyone
Don’t forget the prerequisites
2020
Top Blockers
2121
With great power comes great responsibility
Powerful != Dangerous?
Intune <> SCCM = Better Together
You are there to enable users, not impact
2222
• Systems Management takes care of itself
• SaaSification! SCCM updates how often – Gotta do that
• Patch management can be automated but still requires some level of human interaction
• What software goes where?
• When IT says.
• When Business needs it?
Systems Management does not take care of itself
2323
• Being cheap pays off dividends (sometimes)
• Right-size on-prem hardware
• Be frugal about designing in Azure (cost risks, etc)
• Azure Update Management is free and kinda like a puppy?
Being frugal pays off Sometimes
2525
Logging/Monitoring
• You must monitor every tool you use and assume it will break
• Log everything to Log Analytics (or Azure Data Explorer, or Event Grid)
• In the case of SCCM, leverage local logs heavily (these can be ingested to Log Analytics)
• If you are an MSP write to the customer tenant and your own tenant
• Transparency and effective auditing is accomplished through this approach
• You can write logs to multiple logging solutions which span different regions
2626
Alerting & Dashboards
• Alerting:
• Use Azure Monitor for your alerting
• Enhance via Azure Automation or Logic Apps if that is not enough
2727
• What is visibility?
• Use Azure Dashboards, Power BI or Grafana to visualize health and performance
• What we know today is not always what is in the DB
• When do you need to know
• Schedules
• On Demand
• Ad Hoc
Dashboards and shiny things
2828
Of the things that we just talked about, is there something you want to know more about?
• Modern Desktop Assessment
• Being frugal (Free Money)
• Visualizing Data
Poll slide
The world is evolving
Lead, follow, or obstruct
3030
• Do NOT assume that Systems Management will be finished at go-live
• Systems Management requires maintenance & enhancement – forever
• Know what’s available in the solutions you have and have a roadmap to deploy new features which are relevant to your company
• Someone needs to own Systems Management
Planning for the future
3131
How much do Systems Management tools cost? It depends on how much you use them…
https://azure.microsoft.com/en-us/pricing/calculator/
Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing
– Denis Waitley
3232
Overcoming Quicksand
Embracing Current Branch and WaaS as SaaS
The one off 6-month project is now a daily process!
Work requirements have increased, and we have automated even more
You have leveraged hard-earned in-house process to make your whole environment automated!
End User must be empowered with a great experience that moves everything Left
3333
IT Service Management?(ITSM)
• Change Control Drives Tasks
• Repeatable means measured
• Move the solution LEFT
Time
Vo
lum
e
Daily change Volume
Capacity
Reduce
volume
Increase
capacity
3434
How much do you live in ITSM?
• ServiceNow (ITSM) is Life
• My Todo list has a Todo list
• Change Control is for the Weak
Poll slide
3636
Summary
Build Build a solution that empowers the business
Change Change is the only constant
Start Start simple and add capabilities over time
Use Use the right tool for the right job
Know Know what tools are available for Systems Management
Q&A
