System center part 2

Los Angeles: 310-426-0600 I Orange County: 949-732-1122 I www.prosum.com

PROSUM CONSULTING CONSULTING TECHNOLOGY OUTSOURCING

Los Angeles

2321 Rosecrans Ave, Ste 4225

El Segundo, CA 90245

310-476-0600

Orange County

2211 Michelson Dr, Ste 840

Irvine, CA 92612

949-732-1122

Justin King, Architect

Sheena.Graham

Stamp


System Center Configuration Manager 2012


What’s New and what it Means


AGENDA

• Architecture Changes

• Security Changes

• Reporting

• User-centric Management

• Cross-Platform Support

• Software Distribution

• Configuration Settings


ARCHITECTURE CHANGES

• Flatter, unified Architecture

– No more “mixed mode” (removed)

– Clients are no longer “tied” to a site

– Schema must be extended, but schema extensions are unchanged from 2007

• More Scalable

– SCCM 2007 R3 scales up to 300,000 devices

– SCCM 2012 scales up to 500,000 (still 100k per Primary)

• Central Administration Site (CAS)

– Does not process client data

– Does not accept client assignments

– Does not support all site system roles

– Participates in database replication


ARCHITECTURE CHANGES – PRIMARY SITE

• Primary Sites manage clients in well-connected networks

– Additional primary sites allow the hierarchy to support more clients.

– Cannot be tiered below other primary sites

– No longer used as a boundary for client agent settings or security

– No longer supports NLB solutions, all fault tolerance is realized by introducing additional Primary Site Servers to the Site (and using a CAS to manage)

– Participates in database replication


ARCHITECTURE CHANGES – SECONDARY SITE

• Secondary Sites control content distribution for clients in remote locations across links that have limited network bandwidth

– SQL Server is required and SQL Server Express will be installed during site installation if required

– A proxy management point and distribution point are automatically deployed during the site installation to give clients a local check-in

– Secondary sites can be tiered to support content distribution to remote locations

– Participates in database replication.


SECURITY - RBAC

• No more Classes and Instances – Replaced with Security Roles, Security Scopes & Collections that can span sites

• Benefits:

– Sites are no longer administrative boundaries. – You create administrative users for the hierarchy and assign security to them one

time only – You create content for the hierarchy and assign security to that content one time

only – All security assignments are replicated and available throughout the hierarchy. – There are built-in security roles to assign the typical administration tasks and you can

create your own custom security roles. – Administrative users see only the objects that they have permissions to manage. – You can audit administrative security actions.


ADMINISTRATIVE SEGMENTATION

• Security Roles

– What types of objects can I see and what can I do to them?

– Example: the “Software Update Manager” role gives rights to read and deploy collections and Software Updates.

• Security Scopes

– Which instances can I see and interact with?

• Collections

– Which resources can I interact with?


CONFIGMGR 2007 – DATA SEGMENTATION

Montreal Primary Site

Toronto Primary Site

Meg Collins “Central Admin”

•French collections

•Create advertisement for French collections

•English collections

•Create advertisement for English collections

Meg wishes to distribute a

package to all of her users in

Eastern Canada

•Create and distribute package

Anthony “English Admin”

Louis “French Admin”


CONFIGMGR 2012 – SEGMENTATION USING RBAC

• French collection(s)

• Create deployment for French collection(s)

•English collection(s)

•Create deployment for English collection(s)

Meg wishes to distribute an application to all of her users in Eastern Canada

Meg Collins

“Central Admin” •Create and distribute application

Central

Admin Site

Louis

“French Admin”

Anthony

“English Admin”

New

Interface


REPORTING

• No More Reporting Point

– Only Reporting Services Point

• Tight Integration with Report Builder


COLLECTIONS

• Removed:

– No More Sub-collections

– Can’t combine devices and users in the same collection

• Added:

– Include and Exclude contents of another collection

– Incremental Collection evaluation

– Target for RBAC scopes

– Collections can span sites

– Collection limiting for all collections (must be subset of another collection)

Collections


CROSS PLATFORM SUPPORT

• Mobile Support in RTM

• Unix/Linux Support with SP1

OS Version Supported

AIX Version 7.1 (Power)

Version 6.1 (Power)

Version 5.3 (Power)

HP-UX

Version 11iv3 (IA64 & PA-RISC)

Version 11iv2 (IA64 & PA-RISC)

Solaris

Version 11(x86 and SPARC)

Version 10 (x86 & SPARC)

Version 9 (SPARC)

SUSE Linux Enterprise Server

Version 11 (x86 & x64)


Version 9 (x86)

Red Hat Enterprise Linux





EXCHANGE SERVER CONNECTOR

• Purpose

– light management for devices connected to Exchange Server

– Exposes majority of Exchange ActiveSync management features to SCCM

• Benefits

– Manage all of your devices (desktop, laptop, mobile devices) via SCCM console

– Smooth addition to SCCM infrastructure, with no device ‘touch’

– Enhanced reports over Exchange server experience

• Support

– On-premise Exchange 2010 and hosted Exchange

– All Exchange Active Sync capable devices

EXCHANGE CONNECTOR IN OPERATION

Primary Site

Configure Exchange Connector

Exchange Mailbox Server

Exchange Client Access Server

Apply Settings

Check access to

Exchange

Apply Settings

Mail Request Settings Policy Device Info Discover Mobile Devices


KEY FEATURES OF EXCHANGE CONNECTOR

• Easy configuration

– Simply enter exchange server/hosted URL and credentials

• Inventory

– Pulls data from Exchange Server

– Full and fast/delta synchronization

– Key info: user, deviceID, device type, last contact time

• Policy

– Parity with exchange: security, sync, device lockdown

– Define globally per Exchange Server

• Wipe

– Wipe a device from console action


SOFTWARE DISTRIBUTION

• Application

– Files

– Information

• Deployment Types

– Local

– Virtual

– Mobile

• Requirement Rules

• Global Conditions


CONTENT LIBRARY

• Single Instance Store for Content Files

– On each site server and DP

• Software Updates

• Applications

• Operating System Images

• Etc.

– Checks to see if file already in library before downloading

– Minimizes

• Bandwidth

• Processing

• disk space


SOFTWARE UPDATES

• Update Groups

– Replaces Update Lists

– Can be manually or automatically updated

– New Updates are automatically deployed when added to the group

• Automatic Deployment Rules

– E.g.. All Windows 7 updates in last 30 days

• More control over Superseded Updates

• Updates stored in Content library

– Single Instance Store

• More User Control

– Software Center

Software

Distribution


CONFIGURATION SETTINGS

• DCM -> Configuration Settings

• Alert to Drift from baseline

• Remediate

– Registry

– WMI

– Script

Configuration

Settings


UPGRADE FROM SCCM 2007 TO 2012?

• Upgrade not supported

• Migration is supported with the Migration Tool

Assistance with Migration of Objects

Assistance with Migration of Clients

Minimize WAN impact

Maximize Re-usability of x64 Server Hardware

Assistance with Flattening of Hierarchy


MIGRATION TOOL FEATURES

• Migration Job Types:

– Object Migration (Collections, software distribution packages, boundaries, metering rules etc.)

– Collection based Migration (Select a collection and migrate associated objects)

• Content functionality:

– Re-use of existing Configuration Manager 2007 content (Distribution point sharing)

– Distribution point upgrade

• Import of Configuration Manager 2007 inventory MOF files


MIGRATION PROCESS

Plan

Assess current environment

Test/Proof of Concept

Design

Requires ConfigMgr 2007 SP2

ConfigMgr 2012 HW Reqs: Windows Server 2008 x64*, SQL Server 2008 x64 (sp1 & Cumulative Update 10)

Deploy

Setup Initial 2012 Primary Site(s)

Configure Software Update Point & Synchronize Updates

Setup server roles

Make sure the hierarchy is operating and software deployment works

Migrate

Configure Migration Feature

•Enable Distribution Point Sharing

Migrate Objects

Migrate Clients

Upgrade Distribution points

Uninstall Configuration Manager 2007 sites

Rinse & Repeat


HELPFUL HINTS TO EASE MIGRATION

• Flatten hierarchy where possible

• Plan for Windows Server 2008, SQL 2008, and 64-bit

• Start implementing BranchCache™ with Configuration Manager 2007 SP2

• Move from web reporting to SQL Reporting Services

• Avoid mixing user & devices in collection definitions

• Use UNC (\\server\myapp\myapp.msi) in package source path instead of local path (d:\myapp)


RESOURCES

• www.microsoft.com/systemcenter

• www.systemcentercentral.com

• www.myitforum.com


WHY PROSUM?

30

Technology

System center part 2