Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
PROSUM CONSULTING CONSULTING TECHNOLOGY OUTSOURCING
Los Angeles
2321 Rosecrans Ave, Ste 4225
El Segundo, CA 90245
310-476-0600
Orange County
2211 Michelson Dr, Ste 840
Irvine, CA 92612
949-732-1122
Justin King, Architect
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
System Center Configuration Manager 2012
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
What’s New and what it Means
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
AGENDA
• Architecture Changes
• Security Changes
• Reporting
• User-centric Management
• Cross-Platform Support
• Software Distribution
• Configuration Settings
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
ARCHITECTURE CHANGES
• Flatter, unified Architecture
– No more “mixed mode” (removed)
– Clients are no longer “tied” to a site
– Schema must be extended, but schema extensions are unchanged from 2007
• More Scalable
– SCCM 2007 R3 scales up to 300,000 devices
– SCCM 2012 scales up to 500,000 (still 100k per Primary)
• Central Administration Site (CAS)
– Does not process client data
– Does not accept client assignments
– Does not support all site system roles
– Participates in database replication
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
ARCHITECTURE CHANGES – PRIMARY SITE
• Primary Sites manage clients in well-connected networks
– Additional primary sites allow the hierarchy to support more clients.
– Cannot be tiered below other primary sites
– No longer used as a boundary for client agent settings or security
– No longer supports NLB solutions, all fault tolerance is realized by introducing additional Primary Site Servers to the Site (and using a CAS to manage)
– Participates in database replication
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
ARCHITECTURE CHANGES – SECONDARY SITE
• Secondary Sites control content distribution for clients in remote locations across links that have limited network bandwidth
– SQL Server is required and SQL Server Express will be installed during site installation if required
– A proxy management point and distribution point are automatically deployed during the site installation to give clients a local check-in
– Secondary sites can be tiered to support content distribution to remote locations
– Participates in database replication.
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
SECURITY - RBAC
• No more Classes and Instances – Replaced with Security Roles, Security Scopes & Collections that can span sites
• Benefits:
– Sites are no longer administrative boundaries. – You create administrative users for the hierarchy and assign security to them one
time only – You create content for the hierarchy and assign security to that content one time
only – All security assignments are replicated and available throughout the hierarchy. – There are built-in security roles to assign the typical administration tasks and you can
create your own custom security roles. – Administrative users see only the objects that they have permissions to manage. – You can audit administrative security actions.
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
ADMINISTRATIVE SEGMENTATION
• Security Roles
– What types of objects can I see and what can I do to them?
– Example: the “Software Update Manager” role gives rights to read and deploy collections and Software Updates.
• Security Scopes
– Which instances can I see and interact with?
• Collections
– Which resources can I interact with?
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
CONFIGMGR 2007 – DATA SEGMENTATION
Montreal Primary Site
Toronto Primary Site
Meg Collins “Central Admin”
•French collections
•Create advertisement for French collections
•English collections
•Create advertisement for English collections
Meg wishes to distribute a
package to all of her users in
Eastern Canada
•Create and distribute package
Anthony “English Admin”
Louis “French Admin”
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
CONFIGMGR 2012 – SEGMENTATION USING RBAC
• French collection(s)
• Create deployment for French collection(s)
•English collection(s)
•Create deployment for English collection(s)
Meg wishes to distribute an application to all of her users in Eastern Canada
Meg Collins
“Central Admin” •Create and distribute application
Central
Admin Site
Louis
“French Admin”
Anthony
“English Admin”
New
Interface
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
REPORTING
• No More Reporting Point
– Only Reporting Services Point
• Tight Integration with Report Builder
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
COLLECTIONS
• Removed:
– No More Sub-collections
– Can’t combine devices and users in the same collection
• Added:
– Include and Exclude contents of another collection
– Incremental Collection evaluation
– Target for RBAC scopes
– Collections can span sites
– Collection limiting for all collections (must be subset of another collection)
Collections
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
CROSS PLATFORM SUPPORT
• Mobile Support in RTM
• Unix/Linux Support with SP1
OS Version Supported
AIX Version 7.1 (Power)
Version 6.1 (Power)
Version 5.3 (Power)
HP-UX
Version 11iv3 (IA64 & PA-RISC)
Version 11iv2 (IA64 & PA-RISC)
Solaris
Version 11(x86 and SPARC)
Version 10 (x86 & SPARC)
Version 9 (SPARC)
SUSE Linux Enterprise Server
Version 11 (x86 & x64)
Version 10 (x86 & x64)
Version 9 (x86)
Red Hat Enterprise Linux
Version 6 (x86 & x64)
Version 5 (x86 & x64)
Version 4 (x86 & x64)
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
EXCHANGE SERVER CONNECTOR
• Purpose
– light management for devices connected to Exchange Server
– Exposes majority of Exchange ActiveSync management features to SCCM
• Benefits
– Manage all of your devices (desktop, laptop, mobile devices) via SCCM console
– Smooth addition to SCCM infrastructure, with no device ‘touch’
– Enhanced reports over Exchange server experience
• Support
– On-premise Exchange 2010 and hosted Exchange
– All Exchange Active Sync capable devices
EXCHANGE CONNECTOR IN OPERATION
Primary Site
Configure Exchange Connector
Exchange Mailbox Server
Exchange Client Access Server
Apply Settings
Check access to
Exchange
Apply Settings
Mail Request Settings Policy Device Info Discover Mobile Devices
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
KEY FEATURES OF EXCHANGE CONNECTOR
• Easy configuration
– Simply enter exchange server/hosted URL and credentials
• Inventory
– Pulls data from Exchange Server
– Full and fast/delta synchronization
– Key info: user, deviceID, device type, last contact time
• Policy
– Parity with exchange: security, sync, device lockdown
– Define globally per Exchange Server
• Wipe
– Wipe a device from console action
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
SOFTWARE DISTRIBUTION
• Application
– Files
– Information
• Deployment Types
– Local
– Virtual
– Mobile
• Requirement Rules
• Global Conditions
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
CONTENT LIBRARY
• Single Instance Store for Content Files
– On each site server and DP
• Software Updates
• Applications
• Operating System Images
• Etc.
– Checks to see if file already in library before downloading
– Minimizes
• Bandwidth
• Processing
• disk space
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
SOFTWARE UPDATES
• Update Groups
– Replaces Update Lists
– Can be manually or automatically updated
– New Updates are automatically deployed when added to the group
• Automatic Deployment Rules
– E.g.. All Windows 7 updates in last 30 days
• More control over Superseded Updates
• Updates stored in Content library
– Single Instance Store
• More User Control
– Software Center
Software
Distribution
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
CONFIGURATION SETTINGS
• DCM -> Configuration Settings
• Alert to Drift from baseline
• Remediate
– Registry
– WMI
– Script
Configuration
Settings
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
UPGRADE FROM SCCM 2007 TO 2012?
• Upgrade not supported
• Migration is supported with the Migration Tool
Assistance with Migration of Objects
Assistance with Migration of Clients
Minimize WAN impact
Maximize Re-usability of x64 Server Hardware
Assistance with Flattening of Hierarchy
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
MIGRATION TOOL FEATURES
• Migration Job Types:
– Object Migration (Collections, software distribution packages, boundaries, metering rules etc.)
– Collection based Migration (Select a collection and migrate associated objects)
• Content functionality:
– Re-use of existing Configuration Manager 2007 content (Distribution point sharing)
– Distribution point upgrade
• Import of Configuration Manager 2007 inventory MOF files
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
MIGRATION PROCESS
Plan
Assess current environment
Test/Proof of Concept
Design
Requires ConfigMgr 2007 SP2
ConfigMgr 2012 HW Reqs: Windows Server 2008 x64*, SQL Server 2008 x64 (sp1 & Cumulative Update 10)
Deploy
Setup Initial 2012 Primary Site(s)
Configure Software Update Point & Synchronize Updates
Setup server roles
Make sure the hierarchy is operating and software deployment works
Migrate
Configure Migration Feature
•Enable Distribution Point Sharing
Migrate Objects
Migrate Clients
Upgrade Distribution points
Uninstall Configuration Manager 2007 sites
Rinse & Repeat
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
HELPFUL HINTS TO EASE MIGRATION
• Flatten hierarchy where possible
• Plan for Windows Server 2008, SQL 2008, and 64-bit
• Start implementing BranchCache™ with Configuration Manager 2007 SP2
• Move from web reporting to SQL Reporting Services
• Avoid mixing user & devices in collection definitions
• Use UNC (\\server\myapp\myapp.msi) in package source path instead of local path (d:\myapp)
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
RESOURCES
• www.microsoft.com/systemcenter
• www.systemcentercentral.com
• www.myitforum.com
Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com
WHY PROSUM?
30