contentsdocs.media.bitpipe.com/io_12x/io_121042/item_1101161/1e... · 2015. 3. 3. · clients must...
TRANSCRIPT
© 1E 2014 20140602
Contents
1 Overview ............................................................................................ 3
2 What is SCCM? ................................................................................... 4
3 How 1E Helps ..................................................................................... 6
3.1 Content Distribution ................................................................ 6
3.2 Software Asset Management and Licensing ............................. 8
3.3 Self-Service Application Portal ............................................... 11
3.4 PC Power Management ........................................................... 13
3.5 Wake-on-LAN ......................................................................... 16
3.6 Operating System Deployment ................................................ 17
4 The Evolution of ConfigMgr .............................................................. 20
4.1 Content Distribution .............................................................. 20
4.2 Software Asset Management and Licensing ........................... 22
4.3 Self-Service Application Portal .............................................. 22
4.4 PC Power Management ...........................................................23
4.5 Wake-on-LAN .........................................................................23
4.6 Operating System Deployment .............................................. 24
5 Into the Future ..................................................................................25
6 Resources ......................................................................................... 28
© 1E 2014 20140602
1 Overview 1E has been a Microsoft partner since 1997, and was a founding member
of the System Center Alliance, adding value through our consulting
services and software products to Microsoft’s computer management
solutions. That started with Microsoft’s Systems Management Server
and continued with System Center Configuration Manager (commonly
known as ConfigMgr or SCCM).
With many organizations now using, or planning to migrate to,
ConfigMgr 2012, this document is an analysis of how 1E’s
products/solutions and ConfigMgr are better together. It is technical and
not sales or marketing oriented, though it does make the case why you
should talk with 1E to make your SCCM implementation even better and
add even more value to your investment.
1E’s suite of disruptive IT operations management tools save billions,
solve problems and simplify the management of large, complex IT
environments – in record time. Designed with a singular focus to help
drive down costs, 1E’s solutions include tools for IT asset management,
Windows systems management and BYOPC. When you understand how
1E can help you run your IT for less, please do get in touch at
[email protected], or:
UK (HQ)
1E, CP House,
97-107 Uxbridge Road
London W5 5TL, UK
Tel: +44 20 8326 3888
USA
1E Inc., 5 Penn Plaza, 9th Floor
New York, NY 10001, USA
Tel: +1 866 592 4214
India
1E, 10th Floor, Tower A
Advant Navis Business Park
Sector 142, Noida - 201305, India
Tel: +91 120 402 4000
© 1E 2014 20140602
2 What is SCCM? No doubt you already know what System Center Configuration Manager
is, but sometimes it helps to look at the big picture. Overall, SCCM
provides:
An installation mechanism for all types of software
- Applications
- Operating System deployments
- OS and Application Updates (patching)
Software distribution – gets the software to where the computers
are
Portals to allow users to initiate software installation
Malware mitigation (endpoint protection)
Asset data collection (inventory) – hardware and software details
in depth, including software usage (metering)
Software asset analysis – including some license management
Configuration policy verification and enforcement – settings
management, including power settings, firewall policies, and
roaming user configuration
Wake-on-LAN – the ability to powers up computers when needed
Network Access Protection
Remote control
This is a lot for any system, and all of these are done on a wide diversity
of devices on almost any scale in often complex environments. Given all
that, it shouldn’t surprise anyone that there are opportunities for
improvement. That’s why Microsoft frequently provides new releases
and encourages a strong partner ecosystem.
Working with our customers, 1E has identified specific ConfigMgr
features that are sometimes challenging and often cause concern within
organizations:
1. Content Distribution
- Competition with other uses for Wide Area Network (WAN)
links can cause conflicts with other business priorities.
Traditional approaches of restricting SCCM traffic to avoid
that problem can cause deployments to take too long
- Organizations with many locations, as in dozens to
thousands, find that the standard Distribution Point model
introduces single points of failure, can be difficult to keep
running reliably, as well as being costly to deploy
2. Software Asset Management
- ConfigMgr does an excellent job of collecting a wide variety
of asset data but its features for turning data into practical
information and actions are limited
3. Self-Service Application Portal
- SCCM 2012 embraces a user-centric model but its end-user
portal provides only basic features and often does not meet
the expectations of today’s sophisticated users and
administrators
4. PC Power Management
- SCCM enables the deployment of power management
policies and the collecting of state data but it does little
more to maximize power savings
5. Wake-on-LAN
- Waking sleeping computers is a powerful mechanism to
expedite computer management and improve end-user
productivity, but ConfigMgr wake-on-LAN often does not
work well in production environments
6. Operating System Deployment
- Operating System Deployment (OSD) takes many steps and
requires a wide variety of resources, making it especially
complex. This is especially true in some scenarios such as
organizations with numerous remote locations or where it
© 1E 2014 20140602
can be difficult to justify deploying costly server
infrastructure
That list of concerns is fairly long as well but it is much narrower than
the rich solution set that SCCM provides. ConfigMgr provides great
value in many ways and in most scenarios for its customers.
If you are keen that your organization could get even more value from
SCCM by addressing any of these concerns then the 1E solutions would
likely be a good fit for your organization. Not only does 1E have the
experience and expertise to help, but we also have the advantage in
many solutions that build on ConfigMgr’s infrastructure. 1E has built
specific solutions for key scenarios that you might need help with. This
document details how these solutions assist SCCM; how they have
evolved as SCCM has evolved; and the future value they will continue to
provide.
© 1E 2014 20140602
3 How 1E Helps From the big picture perspective of the previous section we will now get
more specific and consider where and how 1E’s solutions enhance and
augment ConfigMgr features. This will also help us to consider, later in
this document, how specific features of the 1E products have improved
over time and continue to be relevant today and tomorrow.
1E’s content distribution, PC power management, and wake-on-LAN
products solutions also enhance two key ConfigMgr scenarios: patching
and after-hours software distribution. It can be important to be able to
apply updates (patches) or software distributions in the middle of the
night when user productivity will not be adversely impacted. Regular
patching and maintenance of PCs not only improves PC performance and
user productivity but is essential to ensure security of the endpoint. The
features of these 1E solutions make it possible to readily do that work
after-hours, even for computers that are asleep, have unsaved data, or
are remote.
3.1 Content Distribution One of the most fundamental features of SCCM is content distribution.
To make substantial changes to computers you have to get software to
them from a central origin – that’s content distribution. Content
distribution can be broken down to several core tasks:
The software must be defined – what it is, original location, files
to be included, how to use it, etc. That is done in the ConfigMgr
console or with equivalent scripts and store in the ConfigMgr
database
The software must be bundled up into a ‘package’ or an
‘application’ – this is for efficiency but also to ensure that the
software is not accidentally or intentionally modified in the rest
of the process
The package or application must be made available on at least
one server from which clients can get access to it
Clients must download the software for their own use and
possibly other clients
That is a high level summary of what ConfigMgr or any other computer
management system does with content. SCCM also has:
The ability to distribute the content amongst multiple ConfigMgr
“site” servers in order to allow for high degrees of scalability,
and mechanisms to control that distribution
Options to put the client-facing servers (distribution points) close
to the users in various scenarios, such as on the internet or in
small offices
Grouping of distribution points so that tasks related to DPs don’t
have to be done for every single DP
The ability of DPs to pull content from site servers, as opposed to
having it pushed to them, and options to control that level of
distribution
Facilities to efficiently coordinate package files
Integrity checking
Status reporting
That is a lot of functionality. 1E’s Nomad™ complements ConfigMgr
content distribution by improving and augmenting it’s functionality in
the following areas:
The download of the content to the clients from the DPs
Storage of the content near the clients, thus reducing the need for
DPs
Enhanced integrity checking and validation
Extra status reporting
© 1E 2014 20140602
We can see that Nomad’s benefits for content distribution, though
critical, are a small subset of SCCM content distribution mechanisms.
Therefore when we talk about the evolution of ConfigMgr content
distribution and the relevance of Nomad, we have to remember to focus
on the subset that Nomad addresses. We’ll do that in the next major
section of this document.
You might ask why Nomad helps with these particular subcomponents of
SCCM content distribution. The simple answer is that these are the
components that SCCM customers have asked us to help with. The other
ConfigMgr content distribution components work very well in
practically all scenarios, and these components work well in some
common scenarios. But there are other scenarios where ConfigMgr
needs help and the 1E solutions are needed.
Here’s where Nomad is able to help:
1. Fewer prerequisites, so Nomad can work on any supported
Windows Operating System, and without concern for the health
of other components. This includes embedded systems or WinPE.
2. Clients both receive and share content in a peer-to-peer model.
The choice of which client will share content on a subnet when
needed is determined by an election, so if a computer becomes
unavailable for any reason another computer will respond to the
election and continue the sharing. No preplanning or location-
specific settings are required, and no adjustments are needed by
an administrator as circumstances change
3. Network throttling looks at the entire end-to-end bandwidth
using a deterministic, statistical algorithm to calculate network
speed and congestion, irrespective of the network infrastructure
configuration or number of hops
a. Because Nomad operates at Layer 4 of the network stack no
networking hardware pre-requisites are necessary for
deployment or operations.
4. Years of deployment in many organizations and many
environments ensure that Nomad has all the edge-case features
required, such as cache management, multiple-subnet support,
multiple simultaneous hosts per subnet (“FanOut”), and many
others.
5. ConfigMgr is extremely robust for all the scenarios. No features
are lost, only improved when using Nomad.
ConfigMgr clients cannot share with each other, other than by using
BranchCache. BranchCache has a variety of limitations for computer
management so it is not a viable option for production environments.
See the BranchCache discussion in the next major section of this
whitepaper for more details.
ConfigMgr distribution points do have many prerequisites and are
deployed in a server-like manner (to specific computers, with specific
configurations). DPs also use a rudimentary throttling model that cannot
account for actual usage or changes over time in that actual usage (see
Figure 1), and must be set for each DP.
© 1E 2014 20140602
Figure 1: ConfigMgr DP throttling options
We can see that Nomad and ConfigMgr have large and fundamental
differences in their architectures when it comes to getting content to
clients. The native ConfigMgr approach works in smaller environments
but in large production environments Nomad’s provides a more robust
approach.
3.2 Software Asset Management
and Licensing ConfigMgr has always had software inventory, in both the form of
scanning for files on disks and in the form of related ‘hardware’ details
such as Add/Remove Programs or Windows Installer details.
As of SMS 2003 SP3, the “Asset Intelligence” feature was made available
for software asset management including some licensing. Software
usage has also been available in a few forms, most commonly using
software metering rules to provide detailed information about software
usage for specific applications. Collectively ConfigMgr does bring
together a wealth of substantial data about client software.
However, this abundance of data is overwhelming and difficult to use.
That’s why Microsoft introduced the Asset Intelligence (AI) feature.
However, if you look at the AI node in the console, even in a lab there’s
a huge amount of software found (over a thousand in the case of a lab
with 50+ clients). Although AI has categories and families and even
custom labels it lacks the ability to filter the data to find the most useful
information – admittedly this is not a tool designed for Software License
Optimization.
This is again apparent by the fact that secondary software (device
drivers, service packs, updates, etc.) and unidentified software are
listed equally with everything else. Every version is listed, every
executable, and there is no distinction between licensable and non-
licensable software, so your licensing specialists, if only using native
SCCM, need to approach software license optimization with a great deal
of caution. For example, one of the world’s largest technology
companies had been double counting software and therefore paying
double for some of their Microsoft licensing. Another customer who had
engaged an external auditor discovered that their auditors had not only
counted the licenses, but backups, archives and variants.
© 1E 2014 20140602
Asset Intelligence has a catalog but it is used to categorize software and
in some cases provide hardware requirements. It does not perform a
many-to-one type link of related software components. For example, if
you want to think of Nomad admin extensions, Nomad reports, Nomad
GUI, and Nomad tools as all just being 'Nomad', you can't link them to
Nomad itself. You could rename them but then you would not be able to
identify the components. Creating categories, families, or labels for this
purpose would result in huge lists of such items, making them
impractical.
If you were to try to build a process with ConfigMgr itself to optimize
software license compliance for this diverse software would soon face
some very considerable challenges. Consider the overall software
license optimization (SLO) process you need:
1. Identify software
a. This includes distinguishing suites, identifying licensable vs.
non-licensable, and filtering out service packs, device drivers,
utilities and other secondary software
2. Determine usage of the software
a. This must be done for all software all the time, since you can’t
predict what is unused and where the greatest compliance
issues are
b. To realistically understand usage of software the analysis
must be done for at least 60 days, and preferably 90 days.
Reactively monitoring usage would considerably delay the
license compliance processes
3. Import licenses and match with the software inventory
a. Often from multiple inconsistently formatted sources
4. Minimize software footprint according to usage
a. Continuously uninstall all unused software so that they don’t
use licenses unnecessarily
5. Report on the status of the software reclamation, software
footprint, and license compliance state and processes
SCCM provides the underlying platform for that process but to
practically perform all those tasks on an enterprise scale requires a
third party solution. 1E’s solution is AppClarity, which offers the
following features:
Application discovery and license import
- Accounts for all aspects of adding titles into the managed
software library is now a cooperative operational task
- Collects inventory data for all PCs and eliminates junk,
rationalizes variants, and filters licensable titles
- A fully supported entitlement import tool makes integrating
data a simple task
- Automatically ties inventory and entitlement together in an
easy-to-use console.
The tools and data linkage to allow integration into your current
operational process for accepting new software
- This integration ensures that not only deployment
availability is present but entitlement tracking becomes a
part of the process.
Application usage data linked to software titles
- Data which is not natively aligned or measured is now
exposed in a single view
- Default metering data aligned to normalized software titles
is swiftly handled by AppClarity. This means there is no
need for creating metering rules and no additional load on
the management infrastructure.
© 1E 2014 20140602
Usage categorization – usage trending is categorized and
actionable
- How effectively software is being used within your
environment is valuable when looking to harvest unused
software and lower entitlement requirements. This
information provides awareness of each software title’s
value proposition to the business – a very powerful tool
when negotiating maintenance agreements and true-ups
Software Reclaim
- At your discretion, by software title being reclaimed, the
end user is presented with three simple options:
1. Uninstall unused application
2. Keep software and provide justification for license
retention
3. Supress notification for a few days – make sure the
interaction is respectful of end users’ time and they
will respond.
- The Reclaimer makes sure the interaction with the end user
does not impact their productivity. With three simple
options for interaction, end users only spend seconds to
make a decision, as opposed to being fully interrupted to
provide responses which in turn could take days or months
to be acted upon (as with an e-mail based process, for
example).
- Customizable interface
AppClarity’s customizable UI ensures that internal IT imagery
and company branding is used along with relevant messaging,
familiarizing the experience.
Meaningful, individualistic interaction – Reclaimer does not use
any crowded form of communication with the end user. In a
small, self-contained UI, the Reclaimer provides familiar
messaging which can align to overall company goals.
Additionally, the Reclaimer’s function and task are completed in
a single window (no linking out to external resources).
- The Reclaimer shows the user only the top three wasted
titles
Additionally, Reclaim will cycle titles over a seven-day period to
ensure redundant titles are not presented
Single console for all data
- The AppClarity console allows relevant staff to view,
manage, and contribute to a well-managed software catalog
- In addition to the obvious value, AppClarity provides a
repository for all teams with interest in software footprint
and entitlement. The console has been designed for ease of
use and presentation of consumable data. Long gone are the
days of sitting in a room for hours, working to understand a
spreadsheet layout of software stance and how that matches
up to entitlement.
Device grouping – use your current methods of identifying PCs to
carve out your environment
- Whether it be through Active Directory Organizational
Units, local PC branding, or business specific software
which defines a grouping of PCs, AppClarity provides the
ability to target these differences and separate activities
appropriately.
Reporting, including:
- Unused Software Report
Exposes actionable information about your environment based on
synced inventory. This interactive report allows you to produce
variable information such as only forecasting a percentage of
rarely used installations as some users may opt out and keep
rarely used software. In the end, this reporting quickly tells the
story and paves the way to action.
- Per Device Reporting – you can focus on a single device
- Software Reclaim Savings Report
The number of hours to achieve what AppClarity brings to your
Configuration Manager environment is dramatically lower than
© 1E 2014 20140602
with Configuration Manager alone. It is still important to show
the value of the reclamation achieved. This report clearly
articulates where Reclaim actions have paved the way to savings.
Implementation of AppClarity in most organizations is straightforward
and can be done in a short time. AppClarity can enhance the value of
your SCCM infrastructure very quickly.
3.3 Self-Service Application
Portal With the introduction of ConfigMgr 2012, Microsoft started to address
an IT model that 1E has long served: user-oriented computing, also
known as the Consumerization of IT services. This especially meant the
inclusion of a software portal from which end users could initiate the
installation of software they need.
From the following figure we can see that that the SCCM software portal
is functional but basic, lacking many of the features that an enterprise
environment requires and that users expect.
© 1E 2014 20140602
1E’s Shopping provides a much more contemporary interface with
significantly more features:
Shopping is highly customizable, so the appearance can vary quite
dramatically from that depicted while still retaining key design features
such as the scrolling banner, highly interactive tiles, and easily
accessible full details on the offerings and processes.
As compared with ConfigMgr’s Application Catalog, Shopping provides
these additional features:
One-stop shopping
- Not just applications but also legacy packages, task
sequences, Active Directory changes, and general requests
(for hardware, etc.).
Approval workflow – flexible approval workflow out-of-the-box
- Shopping allows admins to setup group, chained and AD
manager-based approval workflows. End users can see via
the portal where their request sits in the approval chain.
This is built into the solution and does not require any third
party integration. Emails are sent to users and approvers to
inform them of changes in workflow status
Customizable look and feel
- Shopping can be customized to look like other intranet
portals in the customer’s environment. Because of its use of
CSS style sheets, it is possible to change all portal strings as
well as control the visibility of some items such as the cost
information for applications and the preferences page.
There are also a number of hidden labels and controls that
can be used on the portal pages to add additional
information for end users
Request tracking and notification
- Emails are sent at each point in the Shopping workflow to
keep users, approvers and admins informed about every
stage of the deployment. The Shopping user interface also
provides order status notifications and allows detailed
request tracking
Self-service Windows migrations
- Shopping enables end users to schedule their own Windows
migrations or re-images by selecting the time and date to
migrate as well as the applications to reinstall when the
new operating system is installed
- Administrators can block out times that are inappropriate
for migrations (such as weekends and holidays), and can
© 1E 2014 20140602
throttle the upgrade rate to a reasonable rate (such as 1000
per day)
Application Mapping
- Old software (existing on the old operating system) may not
be compatible or optimal for the new OS. 1E’s powerful
Application Mapping solution combines AppClarity’s
application inventory and normalization capabilities with
Shopping’s OSD features. Here applications are identified in
AppClarity’s inventory by their ID and mapped to software
titles available in Shopping’s software catalog. How
applications are mapped is controlled via an administrator-
defined rule set.
Shop for other machines – shop on behalf of others
- Shopping allows administrative users to shop and have
software installed on other machines. Admin users shop in
the usual way adding software into their baskets. On the
basket page users can search for other machines and have
the items in the basket installed on them. Branch admins
can also shop for a controlled set of machines that is
defined by the central administrator
Branch administration – delegated administration
- Branch administration in Shopping enables regionally
defined admins to select which applications to publish to
the machines that they manage. It is also possible to create
an approval workflow specific to the application on the
branch. Branch admins are also able to shop to have
software installed on the machines that they manage
Leasing software licenses – software rentals
- Users can rent applications for fixed terms. When the
rental period expires the software is automatically
uninstalled and handed back to the license pool. Licenses
are reclaimed and can be used by other shoppers. Users can
extend their rental period if enabled by the administrator.
Licenses can be held for a configurable quarantine period
after uninstall to meet the software vendor EULAs
Software usage – AppClarity integration
- AppClarity has rich inventory and usage information which
is leveraged by Shopping during a self-service Windows 7 or
Windows 8 migration. Users can see the applications that
they had installed in the past as well as the usage
information. Applications that were well used are marked
as recommended for reinstallation and those that were
unused are not recommended
License control – license management
- Shopping tracks the number of licenses that it has installed
as well as recording the maximum license count for a
particular application. If the number of installations
exceeds the count then it is not possible to install the
software from the portal. This prevents customers from
exceeding their license entitlements and becoming non-
compliant. A threshold can be set so that when the install
count reaches a certain percentage of the maximum license
count the relevant license managers are informed. License
counts can also be applied on a per site basis which reflects
the often distributed nature of license procurement
Integration with service desk solutions
- Shopping integrate with service desk solutions such as
ServiceNow, HP Service Manager, and BMC Remedy. This
enables the creation of tickets to track the entire Shopping
workflow through third party tools. Customers do not have
to change their service desk reporting practices and can
report in one place on all their service requests.
3.4 PC Power Management SCCM includes the basic power management options of distributing
power management plans to appropriate computers and collecting
© 1E 2014 20140602
computer state data for reporting. The options are configurable using
just two policy tabs:
SCCM reporting of power consumption and carbon dioxide production
are based on constant values (specified for the collection in the former
case and built into the report in the latter). Reports are available to
indicate which computers have not been powered off but there is no
override mechanism and the only details given are cryptic process
names for processes that were active (Requester00 column of the
POWER_MANAGEMENT_SUSPEND_ERROR_DATA table).
Those power management features give you an easy way to get power
plans to computers and then you can get some crude reports on their
effectiveness but otherwise you’re getting no more power management
than you get with Windows itself.
1E’s NightWatchman, in contrast, is the market leading power
management with many years of development to provide the following
additional features:
Cloud hardware catalog synchronisation
- NightWatchman has an up-to-date PC and display power
database so that power costs and CO2 impact are reported
based on the actual hardware you use, as an organization
and in specific divisions and other groupings
- Hardware power value models are shared and synchronised
by 1E to keep them up to date
- NightWatchman’s cloud hardware catalog sync means you
will have up to date power values for any new hardware
that is added to your environment ensuring reports are
accurate
Advanced reporting
- Comprehensive PC and monitor power database
- Location tariffs,
- Baselines, so that you can compare current consumption
with consumption prior to the implementation of power
management policies or policy changes
- What-if scenarios
- Senior management web-based dashboard
- Legislative grade reporting
Sleepless Client Detection (aka “PC Insomnia”)
- Some common causes of sleeplessness include screen
savers, system configurations, terminal emulation software,
© 1E 2014 20140602
media players, custom-developed applications, and device
drivers not written to the Advanced Configuration and
Power Interface (ACPI) specification. As a result of
sleeplessness, PCs stay on while not in use and subsequently
waste energy and result in increased CO2 emissions
- NightWatchman uses sleepless detection to ensure that PCs
go to sleep safely even when rogue processes or device
drivers are preventing this
- Identifies and reports processes that are keeping the
computer awake
- Defines which sleepless processes to overrule and forces
sleep if processes on this Sleepless Exclusion List are found
running
Highly accurate reporting that takes into account the actual
power consumption for any given make and model of PC, laptop
and monitor
- The electricity tariff and local greenhouse gas conversion
factors are applied for each geographical location enabling a
consolidated view of energy savings across the entire
enterprise. Savings are calculated against actual machine
behavior to ensure a precise tracking for the success of the
power management project
PC machine utilization
- NightWatchman has machine activity reporting, allowing
you to identify computers that are no longer used
- You save through the re-allocation or de-commissioning of
those PCs that are not in use
- Removing unused PCs automatically removes unused
licenses. In a hot-desking environment, you cannot
accurately identify software usage across all devices as
applications will most probably be launched on every
machine. This feature allows you to reclaim unused
hardware and hence the software on those machines
Applying effective power policies
- Policies are deployed as you specify but also enforced with
more vigour than the enforcement of Windows alone
- By tracking usage across a group of users can better
understand user behaviour and then tune power polices so
that machines are woken up and shut down sooner without
affecting user productivity
Deferred power management
- End-users can actively opt out of or defer power
management activities, ensuring happier, more empowered
end-users
- They specify the time period
Document saving
- Built-in technology cleanly closes applications such as
Outlook, Word, Excel and PowerPoint. User data is
protected
- NightWatchman Enterprise will ensure any open work is
saved before powering down or rebooting the PC. Users can
easily access their backed-up files the next time they use
their PC’s.
Application-aware power management
- Improved productivity as power management does not
affect important tasks
- With NightWatchman Enterprise, PC’s that are running
important tasks are not powered down until these tasks are
complete. This ensures these operations are not interrupted
while still power managing the machine to achieve
maximum savings.
Maintenance windows
- End-users are not impacted, increased productivity and
lower systems management costs
- NightWatchman Enterprise builds upon ConfigMgr
maintenance windows to enable the running of updates,
scans and defragment out-of-hours so as not to interrupt the
© 1E 2014 20140602
end-user. NightWatchman Enterprise can securely wake PCs
from off at the start of the maintenance period, apply any
updates and then turn the machine off again at the end of
the process. This ensures that the user does not have to
waste time rebooting their machine due to patches when
they first use their machine the next morning.
Alarm clocks
- Wake up all PCs at the start of the working day before users
arrive in the office increases productivity
- All PCs can be securely woken up at the start of the working
day, ready for use.
3.5 Wake-on-LAN Wake-on-LAN as a feature is most relevant to content distribution and
power management. In some cases it can also be used with Operating
System deployment in order to upgrade computers that have gone to
sleep. You can maximize power management when administrators and
users are confident that computers can be woken up when needed.
ConfigMgr has had a Wake-on-LAN (WOL) solution since ConfigMgr
2007 for appropriately flagged deployments or at administrator
direction. ConfigMgr WOL runs in one of two modes: subnet-directed
broadcast or unicast. ConfigMgr customers found that unicast did not
work once routers had dropped their MAC address (typically after four
hours). Subnet-directed broadcasts only worked if routers were set to
propagate subnet-directed broadcasts, which is normally not the case
due to security concerns. Therefore ConfigMgr WOL was generally found
to not be practical in production.
ConfigMgr 2012 SP1 added “WOL Proxies” to address the unicast
weakness by ensuring that at least one client on each subnet has the
MAC addresses for all its peers and is ready to send magic packets in
response to the unicast packets. It never drops the MAC addresses and
therefore should be ready at any time.
However, WOL Proxy is not solely controlled by SCCM – it will listen for
any network requests on any of the protocols that the clients were
using. Therefore computers will be frequently woken, counteracting any
power management policies you might have in place.
Furthermore, some organizations have found that WOL Proxy does not
work well in environments with intelligent switches that don’t accept
the same MAC address on different ports (the switches may shut down
the ports). Other organizations have seen issues with network storm
control. The frequent WOL client broadcasting caused the clients to have
their port shut off on the switch. Other organizations have observed that
Intel vPro-enabled computers will respond to pings even when the
computer is asleep, thus appearing to WOL proxy as being awake (and
thus not needing to be woken up) even when the computer itself is
actually asleep.
For these reasons, SCCM WOL continues to not be effective in most
production environments. 1E offers its “WakeUp” functionality as part
of both the Nomad and NightWatchman products to mitigate SCCM’s
WOL concerns. 1E WakeUp uses a client-based software solution to
listen for requests from SCCM servers to wake up peers. WakeUp
ensures that there is a ‘last man standing’ on every subnet, reading to
process these requests. There is also support for 802.1x network
environments to ensure patch cycles can occur, even if the PC is on the
Guest VLAN (and therefore unreachable from normal SCCM WOL).
WakeUp also includes “Web WakeUp”, an end-user portal for initiating
wakeups when users require one of their computers that has gone to
sleep. It allows using a web browser or mobile devices to enable remote
access.
© 1E 2014 20140602
3.6 Operating System Deployment Of all the computer management disciplines (such as patch
management, software distribution, and asset management) Operating
System deployment is certainly the most challenging. This is true for
multiple reasons:
The content required per client is the largest by far of the
disciplines. This includes Operating System images, updated
applications, software updates, and device drivers
The computer is essentially reset, so preservation and restoration
of user data and reinstallation and reconfiguration of
applications is crucial - whilst this is not always necessary with
the upcoming Windows 10, in both hardware refresh and
Break/Fix scenarios, a build from bare metal will still be needed.
Despite those two big challenges, OSD must be possible for all
clients at any time just like the other computer management
features
There are a variety of related but still significantly different
scenarios that must be covered, such as bare metal (new
computer) builds, minor upgrades, major upgrades, computer-to-
computer migration, rebuild, and encrypted disks
Because the computer is unavailable during the process, the user
cannot simultaneously work on it while the activities are
occurring. Therefore timing is critical
Also because the computer is unavailable, it should not be done
unexpectedly, especially on a large scale. OSD can be extremely
dangerous
With all these complexities, any OSD solution is going to take a
long time to implement and costs are going to be very
substantial.
Given all this complexity, once again we shouldn’t be surprised that
there are significant opportunities for improvements.
1E offers solutions to these specific challenges:
Content distribution, thanks to Nomad, in all locations
Application deployment, including repackaging, can be planned
and prioritized based on AppClarity data
Deployments can be made available, but not enforced, to as many
users or computers as you desire. The users can initiate the
actual deployment using Shopping, complete with scheduling so
that it’s done at the best time for the user and without risk of
impacting users who are not ready to upgrade
Server resources are not needed for OSD, including at your most
remote locations, because user state can be saved on peer
computers and PXE booting can be done from peers. Therefore
State Migration Points are not needed nor are server-based DPs.
These functions are provided by Nomad’s “PXE Everywhere” and
“Peer Backup Assistant” features, respectively
Appropriate applications can be automatically installed on users’
new operating systems based on their usage of applications on
their previous operating system using OSD integration to
AppClarity and Shopping
Reliably wake clients for upgrade using the WakeUp component
of Nomad or NightWatchman
Thanks to 1E’s long history of working with many of the world’s
largest organizations, we have the expertise in our Professional
Services division to help any organization build an amazing OSD
solution
Those are a combination of the solutions we’ve already discussed
but they particularly add value in this most complex set of
scenarios. They can be illustrated as:
© 1E 2014 20140602
Nomad integration into even your most complex OSD task sequence is
easy thanks to the Nomad task sequence actions integrated into your
ConfigMgr console, and listed here:
Providing users with appropriate applications is called “Application
Mapping”:
In this example, users that had Adobe Photoshope Creative Suite 5,
which is not compatible with Windows 7, would have received the
Creative Suite 6 version if they had used it within the last 30 days. If
they had not used it in the last 30 days but had used it in the last 90,
and thus occasionally, they would have the free program Paint.NET
installed, providing them with basic features that are likely to be
sufficient for their needs. If there were no record that they had used
Photoshop then no solution would be installed. In each of the latter
cases, $500 in licensing fees are saved per user.If they later determine
© 1E 2014 20140602
that they do need Photoshop, they can use Shopping to get it installed
automatically, with appropriate approvals.
For more details on the 1E OSD solution set, see
http://www.1e.com/zero-touch-windows-migration/, including our
“Accelerated Windows 7/8 Deployments with 1E” whitepaper.
© 1E 2014 20140602
4 The Evolution of
ConfigMgr Microsoft does a great job responding to evolving customer needs,
which has led to it having the market leading position for computer
management. After many major and minor releases, SCCM is a greatly
enhanced product as compared with its early versions. In some cases
Microsoft has started to address concerns that 1E has historically
addressed, so why are the 1E solutions still as relevant to you today as
they have ever been?
To best understand how 1E’s solutions continue to add great value, we
should consider specifically how ConfigMgr has evolved since ConfigMgr
2007 in the areas that 1E offers enhancements.
4.1 Content Distribution ConfigMgr 2012, including SP1 and R2, have added these content
distribution features:
1. One distribution point role
All DPs now require IIS for HTTP, HTTPS, or BITS
communications to client, so Microsoft discontinued
referencing DPs as either standard or branch DPs. In fact DPs
on workstations have considerations that are different DPs on
servers and they can’t provide PXE services, so not all DPs are
truly equivalent
Console administration is more consistent for all DPs
2. Package Transfer Manager
Used to send content from site server to remote DP, with
“sender”-like scheduling and throttling instead of just using
Background Intelligent Transfer Service (BITS)
“Senders” are the mechanism ConfigMgr has always used for
site-to-site communications
Includes logic to maintain history of files that are present on
DPs and does not resend the files, which does save some
bandwidth
Must be configured per location to ensure business traffic is
protected. This should be based on knowledge of the network
links and their usage and thus spare capacity available for
ConfigMgr. Every day has the same settings, so the worst case
capacity must be used. For example, if 10% capacity is
available 10 AM on Tuesday, and 10% capacity is available at
2 PM on Thursday, every day must be set to 10% capacity at
10 AM and 2 PM, including weekends. The same is true for all
hours of the day, potentially leading to very low network
utilization by ConfigMgr at all times, which in turn will
significantly delay deployments
3. Content Library
Provides single-instance storage of package files across all
packages is a more efficient use of disk space
4. Content validation
Scheduled maintenance task to validate content. Helps you to
ensure content is ready and available
But it is only validation – you still need to monitor it and
repair the faults
5. BranchCache integration
This can help reliability in that if a DP fails the clients can
still get cached content from their peers (on local subnet)
It also reduces downloads over WAN links
6. PXE role for DPs
Easier to deploy and configure PXE, increasing scalability as
compared to ConfigMgr 2007
Requires Windows Server operating system in every location
in order to install the WDS prerequisite
© 1E 2014 20140602
7. DP groups
Less administrative overhead for managing the relationship
between content and DPs – the administrator does not have to
specifically exactly which DPs receive every single package or
application
8. Pull DPs
Reduces the workload on the site server, which helps with the
reliability of getting content to distribution points.
However, this only helps with DPs that are peers on the same
level in the hierarchy to each other – DPs lower in the
hierarchy can pull from higher DPs but if they are set to pull
from multiple higher DPs then they will also pull from the
highest only. If the highest DP fails reliability is not increased
9. Cloud DPs
Azure servers can be used as ConfigMgr distribution points.
These changes show a considerable investment by Microsoft in
improving ConfigMgr content distribution. However, as discussed in the
“How 1E Helps” section, content distribution involves many functions.
1E’s Nomad focuses on a subset of those functions in order to add value
where it is most needed.
Most of the changes listed above are not relevant to the functions
Nomad helps with, as they reduce site server workload or simplify
administrator console tasks, both of which are important ConfigMgr
improvements. These changes do not improve your WAN utilization
issues or dramatically simplify your SCCM hierarchy, so Nomad
continues to benefit organizations as much as ever with its capabilities
to do so.
Two changes are relevant to the functions Nomad helps with: Package
Transfer Manager, and BranchCache integration. We saw earlier that the
Package Transfer Manager approach to content throttling must be based
on worst case scenario assumptions, and those apply to the whole week
including weekends.
This approach ensures that ConfigMgr content doesn’t compromise
business use of WAN links at the cost of stretching out content
deployment times dramatically and unnecessarily. A large package that
might have taken days to get to all your locations could take weeks
using Package Transfer Manager even though network capacity was
available (at unpredictable times).
BranchCache is a good technology for its original purpose, to speed user-
initiated downloads of web site materials, but for ConfigMgr content
distribution it has numerous key limitations, including:
Uses Background Intelligent Transfer Service (BITS), which has
poor WAN bandwidth throttling, which is one of the key
problems that most ConfigMgr using organizations struggle with.
BITS throttles based on worst-case preconfigurations that you set
and bases its throttling on what it sees at the client NIC and first
router. Activity at higher hops is not accounted for, leading to
network congestion at those higher levels
Has very limited operating system deployment (OSD) support.
BranchCache cannot be used in WinPE, and it offers no solution
to the need for PXE or state migration servers
Has no centralized status reporting. You cannot readily verify or
demonstrate that it is working as intended, nor can you find
problems in order to correct them
Cached content is only retained for 28 days, though much of your
ConfigMgr will be needed for long after that, such as for OSD,
patch new computers, or provide software to users as they
change roles
Is not enabled by default to run on computers running on battery.
The majority of your computers are probably laptops, and most of
the time when they’re available on your corporate network they
© 1E 2014 20140602
may be in meetings or other scenarios where they’re running on
batteries
Has no options to control elections in order to ensure that the
best, and never inappropriate, computers are used to supply
content to peers
4.2 Software Asset Management
and Licensing The only noteworthy change to ConfigMgr software asset management
or licensing since Asset Intelligence was introduced is that you can now
download the Microsoft Volume Licensing Service (MVLS) license
statement from the Microsoft Volume Licensing Service Center and then
import the license statement from the Configuration Manager console.
That is a nice and appropriate change for Microsoft software but does
not help with software from all your other vendors.
Other changes are:
You can enable Asset Intelligence hardware inventory classes
without editing the sms_def.mof file.
There is a new maintenance task (“Check Application Title with
Inventory Information”) that reconciles the software title
reported in software inventory with the software title in the
Asset Intelligence catalog
There is a new maintenance task (“Summarize Installed Software
Data”) that provides the information displayed in the Inventoried
Software node under the Asset Intelligence node in the Assets and
Compliance workspace.
The Client Access License reports have been deprecated
4.3 Self-Service Application Portal The ConfigMgr application portal itself has changed very little over
time, but Microsoft has added a “Company Portal” if you are using the
Intune integration with ConfigMgr. While the Company Portal is
attractive and modern, it is similar to ConfigMgr’s native Application
Catalog in that it has very limited customization options with only basic
features, and would be difficult to use with a large number of
applications. However, Microsoft is evolving the Company Portal by
making applications (as opposed to just web pages) available for it on
© 1E 2014 20140602
Android, and by allowing the some applications to be “featured”
(displayed more prominently).
For now the introduction of the Company Portal complicates the
ConfigMgr application portal story in that your users would have
dramatically different portal experiences depending on which device
they are using. Given that most users have multiple devices, they would
have to use each of the portals at different times, leading to confusion
and helpdesk calls.
The existence of two portals is also confusing strategically in that it is
unclear where you should put your greatest efforts, if you were to use
either. For now both would have to be used if you’re going to empower
users for both ConfigMgr-managed and Intune-managed devices, but
should you keep usage to a minimum with the Application Catalog given
that Microsoft seems to be making its greatest development efforts with
the Company Portal.
4.4 PC Power Management ConfigMgr power management has evolved little since it was first
introduced. This can be seen by reviewing the Microsoft documentation,
especially when looking at the “What’s New” topics:
ConfigMgr 2012 RTM:
http://technet.microsoft.com/en-
us/library/gg699359.aspx#WhatsNew_Client_Deployment
Changes: users can exclude themselves, virtual machines are
excluded, settings are easier to administer, and a new exclusions
report
These changes do not substantially change the effectiveness of
SCCM power management
ConfigMgr 2012 SP1:
http://technet.microsoft.com/library/jj591552.aspx
Changes: none listed
ConfigMgr 2012 R2:
http://technet.microsoft.com/en-us/library/dn236351.aspx
Changes: none listed
4.5 Wake-on-LAN As per the earlier “How 1E Helps” section, the addition of “WOL Proxy”
has been the only change of substance to ConfigMgr WOL. Therefore
NightWatchman continues to add considerable value, especially because,
unlike WOL Proxy:
© 1E 2014 20140602
NightWatchman does not wake clients when not needed, thus
maximizing power management savings
Security – NightWatchman masters only listen to NightWatchman
or ConfigMgr servers, and that communication can be encrypted.
No router-level activity is needed and MAC addresses are not
impersonated, so there is nothing to alert malware-detection
software or hardware
Policy refresh on wake up and stay-awake – ConfigMgr clients
can update their policies in order to ensure they do the
deployment they were woken for prior to returning to sleep or
clients are force to stay awake for a reasonable period to allow
policy updates and related changes to occur naturally
Maturity – NightWatchman readily handles scenarios such as
clients moving to different buildings (subnets) and it doesn’t
crash
Windows XP support (as managers, guardians, or clients that
could need to be woken up), though admittedly the significance
of this point should be rapidly decreasing
4.6 Operating System Deployment OSD continues to evolve rapidly, primarily due to the urgency of
upgrading Windows XP computers at its end-of-life, but also to
encourage Windows 8 and Windows 8.1 deployments. Related
technologies such as MDT and ADK have also changed rapidly, others
introduced, such as UEFI and Windows-to-Go. For these reasons
Microsoft has clearly invested greatly in updating OSD.
Specific changes include:
PXE now available on server-based DPs (as opposed to site
servers)
Zero-touch became much more practical: when you create media
that deploys an operating system, you can configure the Task
Sequence Media Wizard to suppress the Task Sequence wizard
during operating system installation. This configuration enables
you to deploy operating systems without end-user intervention
Keeping images current greatly improved: you can apply
Windows Updates by using Component-Based Servicing (CBS) to
update the Windows Imaging Format (WIM) files that are stored
in the Image node of the Software Library workspace
The Task Sequence Media Wizard includes steps to add prestart
command files (formerly pre-execution hooks) to prestaged
media, bootable media, and stand-alone media
UEFI support was added
BitLocker support was improved
Pre-staged media deployments were made smarter by looking for
local content first
Windows-to-Go support
General improvements in ease of use and flexibility, such as
numerous added built-in variables
And ConfigMgr 2012-specific changes were added:
- You can associate a user with the computer where the
operating system is deployed to support user device affinity
actions
- You can use the Install Application task sequence step to
deploy applications, as opposed to legacy packages, when
you deploy an operating system
- In this case content distribution (Nomad) has not changed,
nor are the challenging distributed scenarios, such as the
need for servers for state migration or PXE. Process-related
tools, such as software footprint analysis, waking
computers when needed, shutting them down cleanly, and
user-initiated deployments continue to be crude using
ConfigMgr by itself. Therefore you should still consider the
1E solutions to fully benefit and enhance the value of your
investment in it.
© 1E 2014 20140602
5 Into the Future To maintain the flexibility to respond to evolving customer needs and to
keep their competitive advantages, both Microsoft and 1E can only share
limited insight into the future changes of their products. However,
customers do need to plan for the future and therefore both companies
do share some guidance. And from history and current market
developments we can reasonably deduce some of what the future holds.
Overall we can expect that Microsoft must focus on large industry
trends, ensuring that it has mature solutions to offer when those trends
become prevalent. That means that Microsoft may not be able to spend
as much time as they would like to address scenarios where SCCM has
known challenges. Again, the strong partner ecosystem ensures that
Microsoft’s customers are successful in all cases, now and in the future.
There are some well-known trends that Microsoft must respond to:
1. Consumerization
a. People clearly like the hardware that has evolved in recent
years and the diversity of choices. Your end-users want the
benefits of those form factors in their work lives as well,
meaning with your IT infrastructures
b. To continue to be central to your IT technologies, Microsoft
must provide effective device management in addition to
device-appropriate versions of their applications.
2. Cloud
a. The continuing explosive evolution of the internet has led to
the era of “cloud” computing. While “cloud” can mean many
things, in general we can say that it is abstracted computing
resources provided everywhere
b. This is a particularly powerful model and Microsoft clearly
recognizes that it must provide effective solutions in this
space
3. Big Data
a. Trends suggest that “big” might be the wrong word – in some
cases the data is big by any standard, but in most cases it is
simply substantially large though on the scale that computer
specialists have long been able to manage. More to the point
is that data is increasingly easy to generate, access, and
manipulate, and therefore new possibilities are opening to
add great value based on effective data analysis
b. Microsoft has long supported developers in building a wide
variety of solutions and they are providing improved
solutions for sophisticated data analysis
4. The Internet of Things
a. While this is the newest of these trends, it is a natural
progression of the long-time reduction of cost and size for
electronics and the increasing power of networks and
processors. The inevitable ubiquity of such computing will be
transformative even if specific implications are not yet clear
b. While Microsoft may have been slow to adjust to the other
trends, it seems to be determined to not let that happen in
this case
Those trends present Microsoft with substantial challenges but it is
adapting itself to meet them. As Microsoft adds solutions in those
spaces, the industry transforms, and business requirements evolve, 1E
will continue to innovate, even disruptively, to lead with the best
products to address your challenges.
At the same time 1E will evolve its current products as appropriate,
addressing your needs while Microsoft adjusts its focus:
1. Content distribution
© 1E 2014 20140602
a. Networks continue to improve but network utilization
increases even more rapidly, making it ever more critical to
use network links intelligently
b. Proliferation of device types also increases the proliferation
of software variations, so more and more versions of software
must be made available wherever users may require them
c. Increasing user expectations, based on their consumer
experiences, increases the demand that all software be
available immediately everywhere
2. Software asset management
a. The proliferation of software variations will complicate
license reconciliation
b. Vendors will respond to new user behavior (such as using
apps on more than one device) by adjusting license models.
However the adjustments won’t be consistent
c. AppClarity already addresses such complications and thus can
readily be extended to address such changes
3. Portals
a. 1E will extend Shopping to device management as
organizations clarify their strategies. The specific options
that will be made available will depend on how you and other
customers decide to manage devices (tablets and phones
particularly)
b. The key point is that 1E will provide one interface for end-
users and administrators. The interface will be adjusted for
the form factor but the feel will be consistent and the
infrastructure will be Shopping
4. Power management
a. People are very power-conscious with their battery-powered
devices that they carry, so those devices will not need IT-
managed power management processes. But as those devices
serve more and more of their computing needs, the
centralized computing resources, such as desktops and
servers, will become less used. It will become harder to
justify wasting electricity to power those resources as they
are used less often, and so power management will become
more important
b. The computer state data that underlies effective power
management will also become more valuable for allocating
computer resources more efficiently. Each device type can be
very valuable in appropriate scenarios, but to maximize
efficiency you must know where devices are being used for
the relevant needs, and where they are not
c. Related data and device management presents numerous new
opportunities for 1E to address your needs in innovative ways
5. Wake-on-LAN and 802.1x
a. As IT organisations begin to adopt highly secure network
standards like 802.1x it becomes harder to patch machines
quickly and out of hours. Integration and automation of basic
security will become increasingly important.
6. Operating system development
a. OS deployment may see the most dramatic evolution in the
next few years. The complexity will finally be decreased and
OSD will truly become a business-as-usual function
b. Some of this change will be due to the commoditization of
hardware, but another key factor is the increased pace of
innovation. As Microsoft releases more frequent but less
dramatic updates to its operating systems, the ability to
deploy those upgrades will become more manageable.
We can see that the 1E products will continue their relevance through
these changing times. As we add new products and evolve the current
ones we look forward to addressing even more scenarios.
© 1E 2014 20140602
1E embraces the future with confidence that our products will continue
to add great value to the thousands of organizations we serve. As a
strong partner, 1E supports Microsoft through its transitions. We
passionately enjoy the challenges these changes present. We especially
look forward to working with you now and in the long term to address
your business’s challenges and to maximize your success.
© 1E 2014 20140602
6 Resources To better understand some of the observations in this whitepaper you
might like to use the following resources:
What’s New in Windows Intune:
http://technet.microsoft.com/en-us/library/dn292747.aspx
What’s new in ConfigMgr:
- ConfigMgr 2012 RTM: http://technet.microsoft.com/en-
us/library/gg699359.aspx
- ConfigMgr 2012 SP1:
http://technet.microsoft.com/library/jj591552.aspx
- ConfigMgr 2012 R2: http://technet.microsoft.com/en-
us/library/dn236351.aspx
About 1E
1E’s suite of disruptive IT operations management tools save billions,
solve problems and simplify the management of large, complex IT
environments – in record time. Designed with a singular focus to help
drive down costs, 1E’s solutions include tools for IT asset management,
Windows systems management and BYOPC.
Contact us
UK (HQ): +44 20 8326 3880
US: +1 866 592 4214
India: +91 120 402 4000
[email protected] © Copyright 2014 1E. All rights reserved. The information contained herein is subject to change
without notice.