© 1E 2014 20140602

Contents

1 Overview ............................................................................................ 3

2 What is SCCM? ................................................................................... 4

3 How 1E Helps ..................................................................................... 6

3.1 Content Distribution ................................................................ 6

3.2 Software Asset Management and Licensing ............................. 8

3.3 Self-Service Application Portal ............................................... 11

3.4 PC Power Management ........................................................... 13

3.5 Wake-on-LAN ......................................................................... 16

3.6 Operating System Deployment ................................................ 17

4 The Evolution of ConfigMgr .............................................................. 20

4.1 Content Distribution .............................................................. 20

4.2 Software Asset Management and Licensing ........................... 22

4.3 Self-Service Application Portal .............................................. 22

4.4 PC Power Management ...........................................................23

4.5 Wake-on-LAN .........................................................................23

4.6 Operating System Deployment .............................................. 24

5 Into the Future ..................................................................................25

6 Resources ......................................................................................... 28

© 1E 2014 20140602

1 Overview 1E has been a Microsoft partner since 1997, and was a founding member

of the System Center Alliance, adding value through our consulting

services and software products to Microsoft’s computer management

solutions. That started with Microsoft’s Systems Management Server

and continued with System Center Configuration Manager (commonly

known as ConfigMgr or SCCM).

With many organizations now using, or planning to migrate to,

ConfigMgr 2012, this document is an analysis of how 1E’s

products/solutions and ConfigMgr are better together. It is technical and

not sales or marketing oriented, though it does make the case why you

should talk with 1E to make your SCCM implementation even better and

add even more value to your investment.

1E’s suite of disruptive IT operations management tools save billions,

solve problems and simplify the management of large, complex IT

environments – in record time. Designed with a singular focus to help

drive down costs, 1E’s solutions include tools for IT asset management,

Windows systems management and BYOPC. When you understand how

1E can help you run your IT for less, please do get in touch at

info@1E.com, or:

UK (HQ)

1E, CP House,

97-107 Uxbridge Road

London W5 5TL, UK

Tel: +44 20 8326 3888

USA

1E Inc., 5 Penn Plaza, 9th Floor

New York, NY 10001, USA

Tel: +1 866 592 4214

India

1E, 10th Floor, Tower A

Advant Navis Business Park

Sector 142, Noida - 201305, India

Tel: +91 120 402 4000

© 1E 2014 20140602

2 What is SCCM? No doubt you already know what System Center Configuration Manager

is, but sometimes it helps to look at the big picture. Overall, SCCM

provides:

An installation mechanism for all types of software

- Applications

- Operating System deployments

- OS and Application Updates (patching)

Software distribution – gets the software to where the computers

are

Portals to allow users to initiate software installation

Malware mitigation (endpoint protection)

Asset data collection (inventory) – hardware and software details

in depth, including software usage (metering)

Software asset analysis – including some license management

Configuration policy verification and enforcement – settings

management, including power settings, firewall policies, and

roaming user configuration

Wake-on-LAN – the ability to powers up computers when needed

Network Access Protection

Remote control

This is a lot for any system, and all of these are done on a wide diversity

of devices on almost any scale in often complex environments. Given all

that, it shouldn’t surprise anyone that there are opportunities for

improvement. That’s why Microsoft frequently provides new releases

and encourages a strong partner ecosystem.

Working with our customers, 1E has identified specific ConfigMgr

features that are sometimes challenging and often cause concern within

organizations:

1. Content Distribution

- Competition with other uses for Wide Area Network (WAN)

links can cause conflicts with other business priorities.

Traditional approaches of restricting SCCM traffic to avoid

that problem can cause deployments to take too long

- Organizations with many locations, as in dozens to

thousands, find that the standard Distribution Point model

introduces single points of failure, can be difficult to keep

running reliably, as well as being costly to deploy

2. Software Asset Management

- ConfigMgr does an excellent job of collecting a wide variety

of asset data but its features for turning data into practical

information and actions are limited

3. Self-Service Application Portal

- SCCM 2012 embraces a user-centric model but its end-user

portal provides only basic features and often does not meet

the expectations of today’s sophisticated users and

administrators

4. PC Power Management

- SCCM enables the deployment of power management

policies and the collecting of state data but it does little

more to maximize power savings

5. Wake-on-LAN

- Waking sleeping computers is a powerful mechanism to

expedite computer management and improve end-user

productivity, but ConfigMgr wake-on-LAN often does not

work well in production environments

6. Operating System Deployment

- Operating System Deployment (OSD) takes many steps and

requires a wide variety of resources, making it especially

complex. This is especially true in some scenarios such as

organizations with numerous remote locations or where it

© 1E 2014 20140602

can be difficult to justify deploying costly server

infrastructure

That list of concerns is fairly long as well but it is much narrower than

the rich solution set that SCCM provides. ConfigMgr provides great

value in many ways and in most scenarios for its customers.

If you are keen that your organization could get even more value from

SCCM by addressing any of these concerns then the 1E solutions would

likely be a good fit for your organization. Not only does 1E have the

experience and expertise to help, but we also have the advantage in

many solutions that build on ConfigMgr’s infrastructure. 1E has built

specific solutions for key scenarios that you might need help with. This

document details how these solutions assist SCCM; how they have

evolved as SCCM has evolved; and the future value they will continue to

provide.

© 1E 2014 20140602

3 How 1E Helps From the big picture perspective of the previous section we will now get

more specific and consider where and how 1E’s solutions enhance and

augment ConfigMgr features. This will also help us to consider, later in

this document, how specific features of the 1E products have improved

over time and continue to be relevant today and tomorrow.

1E’s content distribution, PC power management, and wake-on-LAN

products solutions also enhance two key ConfigMgr scenarios: patching

and after-hours software distribution. It can be important to be able to

apply updates (patches) or software distributions in the middle of the

night when user productivity will not be adversely impacted. Regular

patching and maintenance of PCs not only improves PC performance and

user productivity but is essential to ensure security of the endpoint. The

features of these 1E solutions make it possible to readily do that work

after-hours, even for computers that are asleep, have unsaved data, or

are remote.

3.1 Content Distribution One of the most fundamental features of SCCM is content distribution.

To make substantial changes to computers you have to get software to

them from a central origin – that’s content distribution. Content

distribution can be broken down to several core tasks:

The software must be defined – what it is, original location, files

to be included, how to use it, etc. That is done in the ConfigMgr

console or with equivalent scripts and store in the ConfigMgr

database

The software must be bundled up into a ‘package’ or an

‘application’ – this is for efficiency but also to ensure that the

software is not accidentally or intentionally modified in the rest

of the process

The package or application must be made available on at least

one server from which clients can get access to it

Clients must download the software for their own use and

possibly other clients

That is a high level summary of what ConfigMgr or any other computer

management system does with content. SCCM also has:

The ability to distribute the content amongst multiple ConfigMgr

“site” servers in order to allow for high degrees of scalability,

and mechanisms to control that distribution

Options to put the client-facing servers (distribution points) close

to the users in various scenarios, such as on the internet or in

small offices

Grouping of distribution points so that tasks related to DPs don’t

have to be done for every single DP

The ability of DPs to pull content from site servers, as opposed to

having it pushed to them, and options to control that level of

distribution

Facilities to efficiently coordinate package files

Integrity checking

Status reporting

That is a lot of functionality. 1E’s Nomad™ complements ConfigMgr

content distribution by improving and augmenting it’s functionality in

the following areas:

The download of the content to the clients from the DPs

Storage of the content near the clients, thus reducing the need for

DPs

Enhanced integrity checking and validation

Extra status reporting

© 1E 2014 20140602

We can see that Nomad’s benefits for content distribution, though

critical, are a small subset of SCCM content distribution mechanisms.

Therefore when we talk about the evolution of ConfigMgr content

distribution and the relevance of Nomad, we have to remember to focus

on the subset that Nomad addresses. We’ll do that in the next major

section of this document.

You might ask why Nomad helps with these particular subcomponents of

SCCM content distribution. The simple answer is that these are the

components that SCCM customers have asked us to help with. The other

ConfigMgr content distribution components work very well in

practically all scenarios, and these components work well in some

common scenarios. But there are other scenarios where ConfigMgr

needs help and the 1E solutions are needed.

Here’s where Nomad is able to help:

1. Fewer prerequisites, so Nomad can work on any supported

Windows Operating System, and without concern for the health

of other components. This includes embedded systems or WinPE.

2. Clients both receive and share content in a peer-to-peer model.

The choice of which client will share content on a subnet when

needed is determined by an election, so if a computer becomes

unavailable for any reason another computer will respond to the

election and continue the sharing. No preplanning or location-

specific settings are required, and no adjustments are needed by

an administrator as circumstances change

3. Network throttling looks at the entire end-to-end bandwidth

using a deterministic, statistical algorithm to calculate network

speed and congestion, irrespective of the network infrastructure

configuration or number of hops

a. Because Nomad operates at Layer 4 of the network stack no

networking hardware pre-requisites are necessary for

deployment or operations.

4. Years of deployment in many organizations and many

environments ensure that Nomad has all the edge-case features

required, such as cache management, multiple-subnet support,

multiple simultaneous hosts per subnet (“FanOut”), and many

others.

5. ConfigMgr is extremely robust for all the scenarios. No features

are lost, only improved when using Nomad.

ConfigMgr clients cannot share with each other, other than by using

BranchCache. BranchCache has a variety of limitations for computer

management so it is not a viable option for production environments.

See the BranchCache discussion in the next major section of this

whitepaper for more details.

ConfigMgr distribution points do have many prerequisites and are

deployed in a server-like manner (to specific computers, with specific

configurations). DPs also use a rudimentary throttling model that cannot

account for actual usage or changes over time in that actual usage (see

Figure 1), and must be set for each DP.

© 1E 2014 20140602

Figure 1: ConfigMgr DP throttling options

We can see that Nomad and ConfigMgr have large and fundamental

differences in their architectures when it comes to getting content to

clients. The native ConfigMgr approach works in smaller environments

but in large production environments Nomad’s provides a more robust

approach.

3.2 Software Asset Management

and Licensing ConfigMgr has always had software inventory, in both the form of

scanning for files on disks and in the form of related ‘hardware’ details

such as Add/Remove Programs or Windows Installer details.

As of SMS 2003 SP3, the “Asset Intelligence” feature was made available

for software asset management including some licensing. Software

usage has also been available in a few forms, most commonly using

software metering rules to provide detailed information about software

usage for specific applications. Collectively ConfigMgr does bring

together a wealth of substantial data about client software.

However, this abundance of data is overwhelming and difficult to use.

That’s why Microsoft introduced the Asset Intelligence (AI) feature.

However, if you look at the AI node in the console, even in a lab there’s

a huge amount of software found (over a thousand in the case of a lab

with 50+ clients). Although AI has categories and families and even

custom labels it lacks the ability to filter the data to find the most useful

information – admittedly this is not a tool designed for Software License

Optimization.

This is again apparent by the fact that secondary software (device

drivers, service packs, updates, etc.) and unidentified software are

listed equally with everything else. Every version is listed, every

executable, and there is no distinction between licensable and non-

licensable software, so your licensing specialists, if only using native

SCCM, need to approach software license optimization with a great deal

of caution. For example, one of the world’s largest technology

companies had been double counting software and therefore paying

double for some of their Microsoft licensing. Another customer who had

engaged an external auditor discovered that their auditors had not only

counted the licenses, but backups, archives and variants.

© 1E 2014 20140602

Asset Intelligence has a catalog but it is used to categorize software and

in some cases provide hardware requirements. It does not perform a

many-to-one type link of related software components. For example, if

you want to think of Nomad admin extensions, Nomad reports, Nomad

GUI, and Nomad tools as all just being 'Nomad', you can't link them to

Nomad itself. You could rename them but then you would not be able to

identify the components. Creating categories, families, or labels for this

purpose would result in huge lists of such items, making them

impractical.

If you were to try to build a process with ConfigMgr itself to optimize

software license compliance for this diverse software would soon face

some very considerable challenges. Consider the overall software

license optimization (SLO) process you need:

1. Identify software

a. This includes distinguishing suites, identifying licensable vs.

non-licensable, and filtering out service packs, device drivers,

utilities and other secondary software

2. Determine usage of the software

a. This must be done for all software all the time, since you can’t

predict what is unused and where the greatest compliance

issues are

b. To realistically understand usage of software the analysis

must be done for at least 60 days, and preferably 90 days.

Reactively monitoring usage would considerably delay the

license compliance processes

3. Import licenses and match with the software inventory

a. Often from multiple inconsistently formatted sources

4. Minimize software footprint according to usage

a. Continuously uninstall all unused software so that they don’t

use licenses unnecessarily

5. Report on the status of the software reclamation, software

footprint, and license compliance state and processes

SCCM provides the underlying platform for that process but to

practically perform all those tasks on an enterprise scale requires a

third party solution. 1E’s solution is AppClarity, which offers the

following features:

Application discovery and license import

- Accounts for all aspects of adding titles into the managed

software library is now a cooperative operational task

- Collects inventory data for all PCs and eliminates junk,

rationalizes variants, and filters licensable titles

- A fully supported entitlement import tool makes integrating

data a simple task

- Automatically ties inventory and entitlement together in an

easy-to-use console.

The tools and data linkage to allow integration into your current

operational process for accepting new software

- This integration ensures that not only deployment

availability is present but entitlement tracking becomes a

part of the process.

Application usage data linked to software titles

- Data which is not natively aligned or measured is now

exposed in a single view

- Default metering data aligned to normalized software titles

is swiftly handled by AppClarity. This means there is no

need for creating metering rules and no additional load on

the management infrastructure.

© 1E 2014 20140602

Usage categorization – usage trending is categorized and

actionable

- How effectively software is being used within your

environment is valuable when looking to harvest unused

software and lower entitlement requirements. This

information provides awareness of each software title’s

value proposition to the business – a very powerful tool

when negotiating maintenance agreements and true-ups

Software Reclaim

- At your discretion, by software title being reclaimed, the

end user is presented with three simple options:

1. Uninstall unused application

2. Keep software and provide justification for license

retention

3. Supress notification for a few days – make sure the

interaction is respectful of end users’ time and they

will respond.

- The Reclaimer makes sure the interaction with the end user

does not impact their productivity. With three simple

options for interaction, end users only spend seconds to

make a decision, as opposed to being fully interrupted to

provide responses which in turn could take days or months

to be acted upon (as with an e-mail based process, for

example).

- Customizable interface

AppClarity’s customizable UI ensures that internal IT imagery

and company branding is used along with relevant messaging,

familiarizing the experience.

Meaningful, individualistic interaction – Reclaimer does not use

any crowded form of communication with the end user. In a

small, self-contained UI, the Reclaimer provides familiar

messaging which can align to overall company goals.

Additionally, the Reclaimer’s function and task are completed in

a single window (no linking out to external resources).

- The Reclaimer shows the user only the top three wasted

titles

Additionally, Reclaim will cycle titles over a seven-day period to

ensure redundant titles are not presented

Single console for all data

- The AppClarity console allows relevant staff to view,

manage, and contribute to a well-managed software catalog

- In addition to the obvious value, AppClarity provides a

repository for all teams with interest in software footprint

and entitlement. The console has been designed for ease of

use and presentation of consumable data. Long gone are the

days of sitting in a room for hours, working to understand a

spreadsheet layout of software stance and how that matches

up to entitlement.

Device grouping – use your current methods of identifying PCs to

carve out your environment

- Whether it be through Active Directory Organizational

Units, local PC branding, or business specific software

which defines a grouping of PCs, AppClarity provides the

ability to target these differences and separate activities

appropriately.

Reporting, including:

- Unused Software Report

Exposes actionable information about your environment based on

synced inventory. This interactive report allows you to produce

variable information such as only forecasting a percentage of

rarely used installations as some users may opt out and keep

rarely used software. In the end, this reporting quickly tells the

story and paves the way to action.

- Per Device Reporting – you can focus on a single device

- Software Reclaim Savings Report

The number of hours to achieve what AppClarity brings to your

Configuration Manager environment is dramatically lower than

© 1E 2014 20140602

with Configuration Manager alone. It is still important to show

the value of the reclamation achieved. This report clearly

articulates where Reclaim actions have paved the way to savings.

Implementation of AppClarity in most organizations is straightforward

and can be done in a short time. AppClarity can enhance the value of

your SCCM infrastructure very quickly.

3.3 Self-Service Application

Portal With the introduction of ConfigMgr 2012, Microsoft started to address

an IT model that 1E has long served: user-oriented computing, also

known as the Consumerization of IT services. This especially meant the

inclusion of a software portal from which end users could initiate the

installation of software they need.

From the following figure we can see that that the SCCM software portal

is functional but basic, lacking many of the features that an enterprise

environment requires and that users expect.

© 1E 2014 20140602

1E’s Shopping provides a much more contemporary interface with

significantly more features:

Shopping is highly customizable, so the appearance can vary quite

dramatically from that depicted while still retaining key design features

such as the scrolling banner, highly interactive tiles, and easily

accessible full details on the offerings and processes.

As compared with ConfigMgr’s Application Catalog, Shopping provides

these additional features:

One-stop shopping

- Not just applications but also legacy packages, task

sequences, Active Directory changes, and general requests

(for hardware, etc.).

Approval workflow – flexible approval workflow out-of-the-box

- Shopping allows admins to setup group, chained and AD

manager-based approval workflows. End users can see via

the portal where their request sits in the approval chain.

This is built into the solution and does not require any third

party integration. Emails are sent to users and approvers to

inform them of changes in workflow status

Customizable look and feel

- Shopping can be customized to look like other intranet

portals in the customer’s environment. Because of its use of

CSS style sheets, it is possible to change all portal strings as

well as control the visibility of some items such as the cost

information for applications and the preferences page.

There are also a number of hidden labels and controls that

can be used on the portal pages to add additional

information for end users

Request tracking and notification

- Emails are sent at each point in the Shopping workflow to

keep users, approvers and admins informed about every

stage of the deployment. The Shopping user interface also

provides order status notifications and allows detailed

request tracking

Self-service Windows migrations

- Shopping enables end users to schedule their own Windows

migrations or re-images by selecting the time and date to

migrate as well as the applications to reinstall when the

new operating system is installed

- Administrators can block out times that are inappropriate

for migrations (such as weekends and holidays), and can

© 1E 2014 20140602

throttle the upgrade rate to a reasonable rate (such as 1000

per day)

Application Mapping

- Old software (existing on the old operating system) may not

be compatible or optimal for the new OS. 1E’s powerful

Application Mapping solution combines AppClarity’s

application inventory and normalization capabilities with

Shopping’s OSD features. Here applications are identified in

AppClarity’s inventory by their ID and mapped to software

titles available in Shopping’s software catalog. How

applications are mapped is controlled via an administrator-

defined rule set.

Shop for other machines – shop on behalf of others

- Shopping allows administrative users to shop and have

software installed on other machines. Admin users shop in

the usual way adding software into their baskets. On the

basket page users can search for other machines and have

the items in the basket installed on them. Branch admins

can also shop for a controlled set of machines that is

defined by the central administrator

Branch administration – delegated administration

- Branch administration in Shopping enables regionally

defined admins to select which applications to publish to

the machines that they manage. It is also possible to create

an approval workflow specific to the application on the

branch. Branch admins are also able to shop to have

software installed on the machines that they manage

Leasing software licenses – software rentals

- Users can rent applications for fixed terms. When the

rental period expires the software is automatically

uninstalled and handed back to the license pool. Licenses

are reclaimed and can be used by other shoppers. Users can

extend their rental period if enabled by the administrator.

Licenses can be held for a configurable quarantine period

after uninstall to meet the software vendor EULAs

Software usage – AppClarity integration

- AppClarity has rich inventory and usage information which

is leveraged by Shopping during a self-service Windows 7 or

Windows 8 migration. Users can see the applications that

they had installed in the past as well as the usage

information. Applications that were well used are marked

as recommended for reinstallation and those that were

unused are not recommended

License control – license management

- Shopping tracks the number of licenses that it has installed

as well as recording the maximum license count for a

particular application. If the number of installations

exceeds the count then it is not possible to install the

software from the portal. This prevents customers from

exceeding their license entitlements and becoming non-

compliant. A threshold can be set so that when the install

count reaches a certain percentage of the maximum license

count the relevant license managers are informed. License

counts can also be applied on a per site basis which reflects

the often distributed nature of license procurement

Integration with service desk solutions

- Shopping integrate with service desk solutions such as

ServiceNow, HP Service Manager, and BMC Remedy. This

enables the creation of tickets to track the entire Shopping

workflow through third party tools. Customers do not have

to change their service desk reporting practices and can

report in one place on all their service requests.

3.4 PC Power Management SCCM includes the basic power management options of distributing

power management plans to appropriate computers and collecting

© 1E 2014 20140602

computer state data for reporting. The options are configurable using

just two policy tabs:

SCCM reporting of power consumption and carbon dioxide production

are based on constant values (specified for the collection in the former

case and built into the report in the latter). Reports are available to

indicate which computers have not been powered off but there is no

override mechanism and the only details given are cryptic process

names for processes that were active (Requester00 column of the

POWER_MANAGEMENT_SUSPEND_ERROR_DATA table).

Those power management features give you an easy way to get power

plans to computers and then you can get some crude reports on their

effectiveness but otherwise you’re getting no more power management

than you get with Windows itself.

1E’s NightWatchman, in contrast, is the market leading power

management with many years of development to provide the following

additional features:

Cloud hardware catalog synchronisation

- NightWatchman has an up-to-date PC and display power

database so that power costs and CO2 impact are reported

based on the actual hardware you use, as an organization

and in specific divisions and other groupings

- Hardware power value models are shared and synchronised

by 1E to keep them up to date

- NightWatchman’s cloud hardware catalog sync means you

will have up to date power values for any new hardware

that is added to your environment ensuring reports are

accurate

Advanced reporting

- Comprehensive PC and monitor power database

- Location tariffs,

- Baselines, so that you can compare current consumption

with consumption prior to the implementation of power

management policies or policy changes

- What-if scenarios

- Senior management web-based dashboard

- Legislative grade reporting

Sleepless Client Detection (aka “PC Insomnia”)

- Some common causes of sleeplessness include screen

savers, system configurations, terminal emulation software,

© 1E 2014 20140602

media players, custom-developed applications, and device

drivers not written to the Advanced Configuration and

Power Interface (ACPI) specification. As a result of

sleeplessness, PCs stay on while not in use and subsequently

waste energy and result in increased CO2 emissions

- NightWatchman uses sleepless detection to ensure that PCs

go to sleep safely even when rogue processes or device

drivers are preventing this

- Identifies and reports processes that are keeping the

computer awake

- Defines which sleepless processes to overrule and forces

sleep if processes on this Sleepless Exclusion List are found

running

Highly accurate reporting that takes into account the actual

power consumption for any given make and model of PC, laptop

and monitor

- The electricity tariff and local greenhouse gas conversion

factors are applied for each geographical location enabling a

consolidated view of energy savings across the entire

enterprise. Savings are calculated against actual machine

behavior to ensure a precise tracking for the success of the

power management project

PC machine utilization

- NightWatchman has machine activity reporting, allowing

you to identify computers that are no longer used

- You save through the re-allocation or de-commissioning of

those PCs that are not in use

- Removing unused PCs automatically removes unused

licenses. In a hot-desking environment, you cannot

accurately identify software usage across all devices as

applications will most probably be launched on every

machine. This feature allows you to reclaim unused

hardware and hence the software on those machines

Applying effective power policies

- Policies are deployed as you specify but also enforced with

more vigour than the enforcement of Windows alone

- By tracking usage across a group of users can better

understand user behaviour and then tune power polices so

that machines are woken up and shut down sooner without

affecting user productivity

Deferred power management

- End-users can actively opt out of or defer power

management activities, ensuring happier, more empowered

end-users

- They specify the time period

Document saving

- Built-in technology cleanly closes applications such as

Outlook, Word, Excel and PowerPoint. User data is

protected

- NightWatchman Enterprise will ensure any open work is

saved before powering down or rebooting the PC. Users can

easily access their backed-up files the next time they use

their PC’s.

Application-aware power management

- Improved productivity as power management does not

affect important tasks

- With NightWatchman Enterprise, PC’s that are running

important tasks are not powered down until these tasks are

complete. This ensures these operations are not interrupted

while still power managing the machine to achieve

maximum savings.

Maintenance windows

- End-users are not impacted, increased productivity and

lower systems management costs

- NightWatchman Enterprise builds upon ConfigMgr

maintenance windows to enable the running of updates,

scans and defragment out-of-hours so as not to interrupt the

© 1E 2014 20140602

end-user. NightWatchman Enterprise can securely wake PCs

from off at the start of the maintenance period, apply any

updates and then turn the machine off again at the end of

the process. This ensures that the user does not have to

waste time rebooting their machine due to patches when

they first use their machine the next morning.

Alarm clocks

- Wake up all PCs at the start of the working day before users

arrive in the office increases productivity

- All PCs can be securely woken up at the start of the working

day, ready for use.

3.5 Wake-on-LAN Wake-on-LAN as a feature is most relevant to content distribution and

power management. In some cases it can also be used with Operating

System deployment in order to upgrade computers that have gone to

sleep. You can maximize power management when administrators and

users are confident that computers can be woken up when needed.

ConfigMgr has had a Wake-on-LAN (WOL) solution since ConfigMgr

2007 for appropriately flagged deployments or at administrator

direction. ConfigMgr WOL runs in one of two modes: subnet-directed

broadcast or unicast. ConfigMgr customers found that unicast did not

work once routers had dropped their MAC address (typically after four

hours). Subnet-directed broadcasts only worked if routers were set to

propagate subnet-directed broadcasts, which is normally not the case

due to security concerns. Therefore ConfigMgr WOL was generally found

to not be practical in production.

ConfigMgr 2012 SP1 added “WOL Proxies” to address the unicast

weakness by ensuring that at least one client on each subnet has the

MAC addresses for all its peers and is ready to send magic packets in

response to the unicast packets. It never drops the MAC addresses and

therefore should be ready at any time.

However, WOL Proxy is not solely controlled by SCCM – it will listen for

any network requests on any of the protocols that the clients were

using. Therefore computers will be frequently woken, counteracting any

power management policies you might have in place.

Furthermore, some organizations have found that WOL Proxy does not

work well in environments with intelligent switches that don’t accept

the same MAC address on different ports (the switches may shut down

the ports). Other organizations have seen issues with network storm

control. The frequent WOL client broadcasting caused the clients to have

their port shut off on the switch. Other organizations have observed that

Intel vPro-enabled computers will respond to pings even when the

computer is asleep, thus appearing to WOL proxy as being awake (and

thus not needing to be woken up) even when the computer itself is

actually asleep.

For these reasons, SCCM WOL continues to not be effective in most

production environments. 1E offers its “WakeUp” functionality as part

of both the Nomad and NightWatchman products to mitigate SCCM’s

WOL concerns. 1E WakeUp uses a client-based software solution to

listen for requests from SCCM servers to wake up peers. WakeUp

ensures that there is a ‘last man standing’ on every subnet, reading to

process these requests. There is also support for 802.1x network

environments to ensure patch cycles can occur, even if the PC is on the

Guest VLAN (and therefore unreachable from normal SCCM WOL).

WakeUp also includes “Web WakeUp”, an end-user portal for initiating

wakeups when users require one of their computers that has gone to

sleep. It allows using a web browser or mobile devices to enable remote

access.

© 1E 2014 20140602

3.6 Operating System Deployment Of all the computer management disciplines (such as patch

management, software distribution, and asset management) Operating

System deployment is certainly the most challenging. This is true for

multiple reasons:

The content required per client is the largest by far of the

disciplines. This includes Operating System images, updated

applications, software updates, and device drivers

The computer is essentially reset, so preservation and restoration

of user data and reinstallation and reconfiguration of

applications is crucial - whilst this is not always necessary with

the upcoming Windows 10, in both hardware refresh and

Break/Fix scenarios, a build from bare metal will still be needed.

Despite those two big challenges, OSD must be possible for all

clients at any time just like the other computer management

features

There are a variety of related but still significantly different

scenarios that must be covered, such as bare metal (new

computer) builds, minor upgrades, major upgrades, computer-to-

computer migration, rebuild, and encrypted disks

Because the computer is unavailable during the process, the user

cannot simultaneously work on it while the activities are

occurring. Therefore timing is critical

Also because the computer is unavailable, it should not be done

unexpectedly, especially on a large scale. OSD can be extremely

dangerous

With all these complexities, any OSD solution is going to take a

long time to implement and costs are going to be very

substantial.

Given all this complexity, once again we shouldn’t be surprised that

there are significant opportunities for improvements.

1E offers solutions to these specific challenges:

Content distribution, thanks to Nomad, in all locations

Application deployment, including repackaging, can be planned

and prioritized based on AppClarity data

Deployments can be made available, but not enforced, to as many

users or computers as you desire. The users can initiate the

actual deployment using Shopping, complete with scheduling so

that it’s done at the best time for the user and without risk of

impacting users who are not ready to upgrade

Server resources are not needed for OSD, including at your most

remote locations, because user state can be saved on peer

computers and PXE booting can be done from peers. Therefore

State Migration Points are not needed nor are server-based DPs.

These functions are provided by Nomad’s “PXE Everywhere” and

“Peer Backup Assistant” features, respectively

Appropriate applications can be automatically installed on users’

new operating systems based on their usage of applications on

their previous operating system using OSD integration to

AppClarity and Shopping

Reliably wake clients for upgrade using the WakeUp component

of Nomad or NightWatchman

Thanks to 1E’s long history of working with many of the world’s

largest organizations, we have the expertise in our Professional

Services division to help any organization build an amazing OSD

solution

Those are a combination of the solutions we’ve already discussed

but they particularly add value in this most complex set of

scenarios. They can be illustrated as:

© 1E 2014 20140602

Nomad integration into even your most complex OSD task sequence is

easy thanks to the Nomad task sequence actions integrated into your

ConfigMgr console, and listed here:

Providing users with appropriate applications is called “Application

Mapping”:

In this example, users that had Adobe Photoshope Creative Suite 5,

which is not compatible with Windows 7, would have received the

Creative Suite 6 version if they had used it within the last 30 days. If

they had not used it in the last 30 days but had used it in the last 90,

and thus occasionally, they would have the free program Paint.NET

installed, providing them with basic features that are likely to be

sufficient for their needs. If there were no record that they had used

Photoshop then no solution would be installed. In each of the latter

cases, $500 in licensing fees are saved per user.If they later determine

© 1E 2014 20140602

that they do need Photoshop, they can use Shopping to get it installed

automatically, with appropriate approvals.

For more details on the 1E OSD solution set, see

http://www.1e.com/zero-touch-windows-migration/, including our

“Accelerated Windows 7/8 Deployments with 1E” whitepaper.

© 1E 2014 20140602

4 The Evolution of

ConfigMgr Microsoft does a great job responding to evolving customer needs,

which has led to it having the market leading position for computer

management. After many major and minor releases, SCCM is a greatly

enhanced product as compared with its early versions. In some cases

Microsoft has started to address concerns that 1E has historically

addressed, so why are the 1E solutions still as relevant to you today as

they have ever been?

To best understand how 1E’s solutions continue to add great value, we

should consider specifically how ConfigMgr has evolved since ConfigMgr

2007 in the areas that 1E offers enhancements.

4.1 Content Distribution ConfigMgr 2012, including SP1 and R2, have added these content

distribution features:

1. One distribution point role

All DPs now require IIS for HTTP, HTTPS, or BITS

communications to client, so Microsoft discontinued

referencing DPs as either standard or branch DPs. In fact DPs

on workstations have considerations that are different DPs on

servers and they can’t provide PXE services, so not all DPs are

truly equivalent

Console administration is more consistent for all DPs

2. Package Transfer Manager

Used to send content from site server to remote DP, with

“sender”-like scheduling and throttling instead of just using

Background Intelligent Transfer Service (BITS)

“Senders” are the mechanism ConfigMgr has always used for

site-to-site communications

Includes logic to maintain history of files that are present on

DPs and does not resend the files, which does save some

bandwidth

Must be configured per location to ensure business traffic is

protected. This should be based on knowledge of the network

links and their usage and thus spare capacity available for

ConfigMgr. Every day has the same settings, so the worst case

capacity must be used. For example, if 10% capacity is

available 10 AM on Tuesday, and 10% capacity is available at

2 PM on Thursday, every day must be set to 10% capacity at

10 AM and 2 PM, including weekends. The same is true for all

hours of the day, potentially leading to very low network

utilization by ConfigMgr at all times, which in turn will

significantly delay deployments

3. Content Library

Provides single-instance storage of package files across all

packages is a more efficient use of disk space

4. Content validation

Scheduled maintenance task to validate content. Helps you to

ensure content is ready and available

But it is only validation – you still need to monitor it and

repair the faults

5. BranchCache integration

This can help reliability in that if a DP fails the clients can

still get cached content from their peers (on local subnet)

It also reduces downloads over WAN links

6. PXE role for DPs

Easier to deploy and configure PXE, increasing scalability as

compared to ConfigMgr 2007

Requires Windows Server operating system in every location

in order to install the WDS prerequisite

© 1E 2014 20140602

7. DP groups

Less administrative overhead for managing the relationship

between content and DPs – the administrator does not have to

specifically exactly which DPs receive every single package or

application

8. Pull DPs

Reduces the workload on the site server, which helps with the

reliability of getting content to distribution points.

However, this only helps with DPs that are peers on the same

level in the hierarchy to each other – DPs lower in the

hierarchy can pull from higher DPs but if they are set to pull

from multiple higher DPs then they will also pull from the

highest only. If the highest DP fails reliability is not increased

9. Cloud DPs

Azure servers can be used as ConfigMgr distribution points.

These changes show a considerable investment by Microsoft in

improving ConfigMgr content distribution. However, as discussed in the

“How 1E Helps” section, content distribution involves many functions.

1E’s Nomad focuses on a subset of those functions in order to add value

where it is most needed.

Most of the changes listed above are not relevant to the functions

Nomad helps with, as they reduce site server workload or simplify

administrator console tasks, both of which are important ConfigMgr

improvements. These changes do not improve your WAN utilization

issues or dramatically simplify your SCCM hierarchy, so Nomad

continues to benefit organizations as much as ever with its capabilities

to do so.

Two changes are relevant to the functions Nomad helps with: Package

Transfer Manager, and BranchCache integration. We saw earlier that the

Package Transfer Manager approach to content throttling must be based

on worst case scenario assumptions, and those apply to the whole week

including weekends.

This approach ensures that ConfigMgr content doesn’t compromise

business use of WAN links at the cost of stretching out content

deployment times dramatically and unnecessarily. A large package that

might have taken days to get to all your locations could take weeks

using Package Transfer Manager even though network capacity was

available (at unpredictable times).

BranchCache is a good technology for its original purpose, to speed user-

initiated downloads of web site materials, but for ConfigMgr content

distribution it has numerous key limitations, including:

Uses Background Intelligent Transfer Service (BITS), which has

poor WAN bandwidth throttling, which is one of the key

problems that most ConfigMgr using organizations struggle with.

BITS throttles based on worst-case preconfigurations that you set

and bases its throttling on what it sees at the client NIC and first

router. Activity at higher hops is not accounted for, leading to

network congestion at those higher levels

Has very limited operating system deployment (OSD) support.

BranchCache cannot be used in WinPE, and it offers no solution

to the need for PXE or state migration servers

Has no centralized status reporting. You cannot readily verify or

demonstrate that it is working as intended, nor can you find

problems in order to correct them

Cached content is only retained for 28 days, though much of your

ConfigMgr will be needed for long after that, such as for OSD,

patch new computers, or provide software to users as they

change roles

Is not enabled by default to run on computers running on battery.

The majority of your computers are probably laptops, and most of

the time when they’re available on your corporate network they

© 1E 2014 20140602

may be in meetings or other scenarios where they’re running on

batteries

Has no options to control elections in order to ensure that the

best, and never inappropriate, computers are used to supply

content to peers

4.2 Software Asset Management

and Licensing The only noteworthy change to ConfigMgr software asset management

or licensing since Asset Intelligence was introduced is that you can now

download the Microsoft Volume Licensing Service (MVLS) license

statement from the Microsoft Volume Licensing Service Center and then

import the license statement from the Configuration Manager console.

That is a nice and appropriate change for Microsoft software but does

not help with software from all your other vendors.

Other changes are:

You can enable Asset Intelligence hardware inventory classes

without editing the sms_def.mof file.

There is a new maintenance task (“Check Application Title with

Inventory Information”) that reconciles the software title

reported in software inventory with the software title in the

Asset Intelligence catalog

There is a new maintenance task (“Summarize Installed Software

Data”) that provides the information displayed in the Inventoried

Software node under the Asset Intelligence node in the Assets and

Compliance workspace.

The Client Access License reports have been deprecated

4.3 Self-Service Application Portal The ConfigMgr application portal itself has changed very little over

time, but Microsoft has added a “Company Portal” if you are using the

Intune integration with ConfigMgr. While the Company Portal is

attractive and modern, it is similar to ConfigMgr’s native Application

Catalog in that it has very limited customization options with only basic

features, and would be difficult to use with a large number of

applications. However, Microsoft is evolving the Company Portal by

making applications (as opposed to just web pages) available for it on

© 1E 2014 20140602

Android, and by allowing the some applications to be “featured”

(displayed more prominently).

For now the introduction of the Company Portal complicates the

ConfigMgr application portal story in that your users would have

dramatically different portal experiences depending on which device

they are using. Given that most users have multiple devices, they would

have to use each of the portals at different times, leading to confusion

and helpdesk calls.

The existence of two portals is also confusing strategically in that it is

unclear where you should put your greatest efforts, if you were to use

either. For now both would have to be used if you’re going to empower

users for both ConfigMgr-managed and Intune-managed devices, but

should you keep usage to a minimum with the Application Catalog given

that Microsoft seems to be making its greatest development efforts with

the Company Portal.

4.4 PC Power Management ConfigMgr power management has evolved little since it was first

introduced. This can be seen by reviewing the Microsoft documentation,

especially when looking at the “What’s New” topics:

ConfigMgr 2012 RTM:

http://technet.microsoft.com/en-

us/library/gg699359.aspx#WhatsNew_Client_Deployment

Changes: users can exclude themselves, virtual machines are

excluded, settings are easier to administer, and a new exclusions

report

These changes do not substantially change the effectiveness of

SCCM power management

ConfigMgr 2012 SP1:

http://technet.microsoft.com/library/jj591552.aspx

Changes: none listed

ConfigMgr 2012 R2:

http://technet.microsoft.com/en-us/library/dn236351.aspx

Changes: none listed

4.5 Wake-on-LAN As per the earlier “How 1E Helps” section, the addition of “WOL Proxy”

has been the only change of substance to ConfigMgr WOL. Therefore

NightWatchman continues to add considerable value, especially because,

unlike WOL Proxy:

© 1E 2014 20140602

NightWatchman does not wake clients when not needed, thus

maximizing power management savings

Security – NightWatchman masters only listen to NightWatchman

or ConfigMgr servers, and that communication can be encrypted.

No router-level activity is needed and MAC addresses are not

impersonated, so there is nothing to alert malware-detection

software or hardware

Policy refresh on wake up and stay-awake – ConfigMgr clients

can update their policies in order to ensure they do the

deployment they were woken for prior to returning to sleep or

clients are force to stay awake for a reasonable period to allow

policy updates and related changes to occur naturally

Maturity – NightWatchman readily handles scenarios such as

clients moving to different buildings (subnets) and it doesn’t

crash

Windows XP support (as managers, guardians, or clients that

could need to be woken up), though admittedly the significance

of this point should be rapidly decreasing

4.6 Operating System Deployment OSD continues to evolve rapidly, primarily due to the urgency of

upgrading Windows XP computers at its end-of-life, but also to

encourage Windows 8 and Windows 8.1 deployments. Related

technologies such as MDT and ADK have also changed rapidly, others

introduced, such as UEFI and Windows-to-Go. For these reasons

Microsoft has clearly invested greatly in updating OSD.

Specific changes include:

PXE now available on server-based DPs (as opposed to site

servers)

Zero-touch became much more practical: when you create media

that deploys an operating system, you can configure the Task

Sequence Media Wizard to suppress the Task Sequence wizard

during operating system installation. This configuration enables

you to deploy operating systems without end-user intervention

Keeping images current greatly improved: you can apply

Windows Updates by using Component-Based Servicing (CBS) to

update the Windows Imaging Format (WIM) files that are stored

in the Image node of the Software Library workspace

The Task Sequence Media Wizard includes steps to add prestart

command files (formerly pre-execution hooks) to prestaged

media, bootable media, and stand-alone media

UEFI support was added

BitLocker support was improved

Pre-staged media deployments were made smarter by looking for

local content first

Windows-to-Go support

General improvements in ease of use and flexibility, such as

numerous added built-in variables

And ConfigMgr 2012-specific changes were added:

- You can associate a user with the computer where the

operating system is deployed to support user device affinity

actions

- You can use the Install Application task sequence step to

deploy applications, as opposed to legacy packages, when

you deploy an operating system

- In this case content distribution (Nomad) has not changed,

nor are the challenging distributed scenarios, such as the

need for servers for state migration or PXE. Process-related

tools, such as software footprint analysis, waking

computers when needed, shutting them down cleanly, and

user-initiated deployments continue to be crude using

ConfigMgr by itself. Therefore you should still consider the

1E solutions to fully benefit and enhance the value of your

investment in it.

© 1E 2014 20140602

5 Into the Future To maintain the flexibility to respond to evolving customer needs and to

keep their competitive advantages, both Microsoft and 1E can only share

limited insight into the future changes of their products. However,

customers do need to plan for the future and therefore both companies

do share some guidance. And from history and current market

developments we can reasonably deduce some of what the future holds.

Overall we can expect that Microsoft must focus on large industry

trends, ensuring that it has mature solutions to offer when those trends

become prevalent. That means that Microsoft may not be able to spend

as much time as they would like to address scenarios where SCCM has

known challenges. Again, the strong partner ecosystem ensures that

Microsoft’s customers are successful in all cases, now and in the future.

There are some well-known trends that Microsoft must respond to:

1. Consumerization

a. People clearly like the hardware that has evolved in recent

years and the diversity of choices. Your end-users want the

benefits of those form factors in their work lives as well,

meaning with your IT infrastructures

b. To continue to be central to your IT technologies, Microsoft

must provide effective device management in addition to

device-appropriate versions of their applications.

2. Cloud

a. The continuing explosive evolution of the internet has led to

the era of “cloud” computing. While “cloud” can mean many

things, in general we can say that it is abstracted computing

resources provided everywhere

b. This is a particularly powerful model and Microsoft clearly

recognizes that it must provide effective solutions in this

space

3. Big Data

a. Trends suggest that “big” might be the wrong word – in some

cases the data is big by any standard, but in most cases it is

simply substantially large though on the scale that computer

specialists have long been able to manage. More to the point

is that data is increasingly easy to generate, access, and

manipulate, and therefore new possibilities are opening to

add great value based on effective data analysis

b. Microsoft has long supported developers in building a wide

variety of solutions and they are providing improved

solutions for sophisticated data analysis

4. The Internet of Things

a. While this is the newest of these trends, it is a natural

progression of the long-time reduction of cost and size for

electronics and the increasing power of networks and

processors. The inevitable ubiquity of such computing will be

transformative even if specific implications are not yet clear

b. While Microsoft may have been slow to adjust to the other

trends, it seems to be determined to not let that happen in

this case

Those trends present Microsoft with substantial challenges but it is

adapting itself to meet them. As Microsoft adds solutions in those

spaces, the industry transforms, and business requirements evolve, 1E

will continue to innovate, even disruptively, to lead with the best

products to address your challenges.

At the same time 1E will evolve its current products as appropriate,

addressing your needs while Microsoft adjusts its focus:

1. Content distribution

© 1E 2014 20140602

a. Networks continue to improve but network utilization

increases even more rapidly, making it ever more critical to

use network links intelligently

b. Proliferation of device types also increases the proliferation

of software variations, so more and more versions of software

must be made available wherever users may require them

c. Increasing user expectations, based on their consumer

experiences, increases the demand that all software be

available immediately everywhere

2. Software asset management

a. The proliferation of software variations will complicate

license reconciliation

b. Vendors will respond to new user behavior (such as using

apps on more than one device) by adjusting license models.

However the adjustments won’t be consistent

c. AppClarity already addresses such complications and thus can

readily be extended to address such changes

3. Portals

a. 1E will extend Shopping to device management as

organizations clarify their strategies. The specific options

that will be made available will depend on how you and other

customers decide to manage devices (tablets and phones

particularly)

b. The key point is that 1E will provide one interface for end-

users and administrators. The interface will be adjusted for

the form factor but the feel will be consistent and the

infrastructure will be Shopping

4. Power management

a. People are very power-conscious with their battery-powered

devices that they carry, so those devices will not need IT-

managed power management processes. But as those devices

serve more and more of their computing needs, the

centralized computing resources, such as desktops and

servers, will become less used. It will become harder to

justify wasting electricity to power those resources as they

are used less often, and so power management will become

more important

b. The computer state data that underlies effective power

management will also become more valuable for allocating

computer resources more efficiently. Each device type can be

very valuable in appropriate scenarios, but to maximize

efficiency you must know where devices are being used for

the relevant needs, and where they are not

c. Related data and device management presents numerous new

opportunities for 1E to address your needs in innovative ways

5. Wake-on-LAN and 802.1x

a. As IT organisations begin to adopt highly secure network

standards like 802.1x it becomes harder to patch machines

quickly and out of hours. Integration and automation of basic

security will become increasingly important.

6. Operating system development

a. OS deployment may see the most dramatic evolution in the

next few years. The complexity will finally be decreased and

OSD will truly become a business-as-usual function

b. Some of this change will be due to the commoditization of

hardware, but another key factor is the increased pace of

innovation. As Microsoft releases more frequent but less

dramatic updates to its operating systems, the ability to

deploy those upgrades will become more manageable.

We can see that the 1E products will continue their relevance through

these changing times. As we add new products and evolve the current

ones we look forward to addressing even more scenarios.

© 1E 2014 20140602

1E embraces the future with confidence that our products will continue

to add great value to the thousands of organizations we serve. As a

strong partner, 1E supports Microsoft through its transitions. We

passionately enjoy the challenges these changes present. We especially

look forward to working with you now and in the long term to address

your business’s challenges and to maximize your success.

© 1E 2014 20140602

6 Resources To better understand some of the observations in this whitepaper you

might like to use the following resources:

What’s New in Windows Intune:

http://technet.microsoft.com/en-us/library/dn292747.aspx

What’s new in ConfigMgr:

- ConfigMgr 2012 RTM: http://technet.microsoft.com/en-

us/library/gg699359.aspx

- ConfigMgr 2012 SP1:

http://technet.microsoft.com/library/jj591552.aspx

- ConfigMgr 2012 R2: http://technet.microsoft.com/en-

us/library/dn236351.aspx

About 1E

1E’s suite of disruptive IT operations management tools save billions,

solve problems and simplify the management of large, complex IT

environments – in record time. Designed with a singular focus to help

drive down costs, 1E’s solutions include tools for IT asset management,

Windows systems management and BYOPC.

Contact us

UK (HQ): +44 20 8326 3880

US: +1 866 592 4214

India: +91 120 402 4000

info@1e.com © Copyright 2014 1E. All rights reserved. The information contained herein is subject to change

without notice.