How Microsoft IT Deployed System Center 2012 Configuration ManagerPublished: April 2012

Read about the approach that Microsoft IT took to implement Microsoft System Center 2012 Configuration Manager in its client management environment. This paper discusses how the consumerization of IT led Microsoft IT to rethink its client management services, the implementation of a new client management infrastructure, lessons learned from the deployment, and the benefits that Microsoft IT obtained by deploying Configuration Manager to more than 280,000 systems across the globe.

SituationThe consumerization of IT is affecting how the Microsoft Information Technology department

(Microsoft IT) thinks about client management. As the group responsible for maintaining the

Microsoft corporate network and infrastructure, Microsoft IT is tasked with managing the

more than 280,000 computers and reporting on the 125,000 mobile devices that connect to

the network. Microsoft IT needed to enhance its client management environment in order to

better support the ever-increasing numbers of systems connecting to the network, and to

accommodate employees' requests for more control over their managed systems.

Microsoft IT had been using Microsoft System Center Configuration Manager 2007 to ensure

that managed systems comply with corporate policies and required configuration states. As

the numbers of connected systems increased throughout the company's regional domains,

Microsoft IT added servers on an as-needed basis to support the additional load. Microsoft IT

would also perform in-place updates as Configuration Manager 2007 evolved. However,

each update utilized the same underlying architectural model. Microsoft IT wanted to

redesign its infrastructure to reduce the number of physical servers and secondary sites, and

improve performance by reallocating resources according to client load.

With so many systems in the environment, maintaining the health of the Configuration

Manager 2007 clients became a daunting task. Microsoft IT depended on custom scripts to

monitor and remediate certain aspects of a client in order to keep it healthy. Not only did the

scripts require continual maintenance due to code revisions and updates to support the

functions, but they also lengthened users' system logon times.

Finally, Microsoft IT needed to evolve its application distribution services to meet the self-

service needs of Microsoft personnel. In the company's Configuration Manager 2007–based

environment, Microsoft IT used a custom packaging tool to deploy applications through

Configuration Manager 2007. Turnaround time for a complex package could require 7 to 10

days and the input of several IT personnel. Microsoft IT also had to maintain a separate

Configuration Manager 2007 site to ensure that production setup was completely isolated

from testing efforts.

Situation

The business of Microsoft IT is changing. Challenged by the growing number of computers and mobile devices connecting to the corporate network, requests for more end-user control over employees' managed systems, and the need to consolidate infrastructure, Microsoft IT needed to rethink client management services.

Solution

Using Microsoft System Center 2012 Configuration Manager, Microsoft IT designed a new client environment that provides user-centric services, reports on mobile devices, integrates health monitoring, and streamlines the client management infrastructure.

Benefits

Cost savings: Microsoft IT anticipates saving approximately U.S.$500,000 in the next two years due to a consolidation of servers and reduced costs for support, backup, custom tool development, and updates.

Empowered end users: Microsoft IT uses the Configuration Manager Application Catalog (the catalog website) and Software Center (the local utility) to offer users an unprecedented level of control over how and when their software installations occur.

Automatic client health monitoring: Using the Configuration Manager Health Evaluation feature, Microsoft IT has a robust reporting environment that not only enables them to monitor client health but also allows the client to proactively repair itself when it is not healthy.

Improved system efficiency: The redesigned client management environment has consolidated the number of physical servers while ensuring that client systems always take the shortest path to the closest server.

Products and Technologies

Microsoft System Center 2012 Configuration Manager

Microsoft SQL Server 2008 R2

SolutionAs the company’s first and best customer, Microsoft IT regularly adopts early releases of

Microsoft technologies, tests them in a real-world environment, and provides critical feedback

to improve products before they are generally available to the public. When the System

Center product team began developing the next generation of Configuration Manager,

Microsoft IT worked closely with the team to meet IT goals and to help ensure that System

Center 2012 Configuration Manager could provide an end-to-end IT management

experience.

ImplementationThe following sections describe the process that Microsoft IT undertook to implement System

Center 2012 Configuration Manager throughout the company’s client environment. The

overall approach that Microsoft IT used for this large-scale process was based on the

Microsoft Operations Framework, which provides guidelines for everyday IT practices and

activities.

As shown in Figure 1, Microsoft IT divided the System Center 2012 Configuration Manager

implementation process into four main phases: Envision, Plan, Test, and Deploy. Each of

these phases is described in more detail below.

Figure 1. The four implementation phases that Microsoft IT followed to implement

System Center 2012 Configuration Manager

Envision Phase

In this first phase, Microsoft IT scoped the project and clarified its vision for implementing

System Center 2012 Configuration Manager. Microsoft IT had three primary objectives that it

wanted to achieve by upgrading the system management environment to System Center

2012 Configuration Manager:

Embrace user-centric management. System Center 2012 Configuration Manager

brings a variety of user-centric initiatives that Microsoft IT wanted to offer employees.

Note: A Microsoft IT Showcase paper that discusses Microsoft IT's adoption of user-

centric client management is available at

http://technet.microsoft.com/en-us/library/hh925141.aspx.

Consolidate and minimize infrastructure. By adopting System Center 2012

Configuration Manager, Microsoft IT could consolidate its Configuration Manager 2007-

based infrastructure and reduce overall complexity.

Improve product quality. Microsoft IT wanted to validate its enterprise-scale

deployment and ensure that the release version of System Center 2012 Configuration

Manager was based on real-life results.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 2

Envision Plan Test Deploy

Current IT Infrastructure at Microsoft

To illustrate Microsoft IT's approach toward adopting System Center 2012 Configuration

Manager, this section provides a high-level summary of some of the key aspects of the

company's IT infrastructure. Readers can compare the numbers of users, machines,

distribution of systems, and network connections to their own infrastructure as a starting point

when determining the scope and scale of their own System Center 2012 Configuration

Manager deployment.

As shown in Figure 2, the Microsoft infrastructure (at the time of publishing this paper)

includes approximately 180,000 users and 280,000 computers in multiple regions around the

world. Microsoft focuses on a centralized administration model for most managed systems,

so all deployment and reporting are performed from a central site. The largest site at

Redmond contains approximately 120,000 systems. Other large regional sites hold

approximately 15,000 clients each, and the smallest site contains fewer than 50 clients.

Network performance varies by link. The fastest connections support 2.5 gigabytes per

second, whereas the slowest link supports 2 megabytes per second.

Figure 2. Microsoft IT infrastructure as of April 2012

Determining Which Configuration Manager Features to Use

Another task in the Envision phase was to review the complete set of Configuration Manager

2007 features and the additional new features available in System Center 2012 Configuration

Manager. The key existing desktop management features that Microsoft IT had been using

and planned to continue with the new System Center 2012 Configuration Manager–based

environment included:

Hardware and software asset reporting

Software deployment and update management

Operating system deployment

Microsoft Application virtualization (App-V) deployment

Malware protection

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 3

Power management

Microsoft IT also determined they would implement the following Configuration Manager

features – some of which were new in System Center 2012 Configuration Manager, some

were expanded feature sets, and others were existing features that Microsoft IT wanted to

implement as part of the new deployment:

Mobile device management

User-centric management

Auto deployment rules for updates

Alerts and reporting

Role-based administration (RBA)

Settings management

Note: For more information about the features available in System Center 2012

Configuration Manager, see http://technet.microsoft.com/en-us/library/gg699359.aspx.

Envisioning was straightforward for most of the new features. Microsoft IT's user-centric

management strategy is described in detail in the Microsoft IT Showcase paper at

http://technet.microsoft.com/en-us/library/hh925141.aspx. Microsoft IT's mobile device

management and endpoint protection implementation strategies are discussed below.

Defining a Mobile Device Management Implementation Strategy

In the Configuration Manager 2007-based environment, Microsoft IT did not report on mobile

devices using Configuration Manager. However, in System Center 2012 Configuration

Manager, the new mobile device management feature called Exchange Server connector

gives Microsoft IT the ability to report on mobile devices such as Windows Phones, Android-

based devices, and iPhones that connect to Microsoft Exchange Server by using Exchange

ActiveSync technology.

Microsoft IT wanted to implement the new Configuration Manager–based mobile device

management strategy in order to identify the different mobile devices that connect to the

corporate network. Using Configuration Manager, Microsoft IT could determine the type of

each connected device and its owner.

Note: For more information about Microsoft IT's Exchange Server Connector implementation,

see http://blogs.technet.com/b/system_center_in_action/archive/2011/09/02/configuration-

manager-2012-exchange-connector-implementation-in-microsoft-it.aspx.

Defining an Endpoint Protection Implementation Strategy

Microsoft IT wanted to replace Microsoft Forefront Endpoint Protection with the new System

Center 2012 Endpoint Protection solution that is integrated in System Center 2012

Configuration Manager. Because of this integration, Microsoft IT did not need to define a

separate implementation strategy for the Configuration Manager servers. All that was

required was some configuration on the servers to begin deployment of the client component

to targeted machines in the hierarchy.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 4

For the client strategy, the Endpoint Protection bits are automatically copied during the

Configuration Manager client installation. The Endpoint Protection client then installs after the

Configuration Manager client receives policies for installation.

Plan Phase

In the Plan phase, Microsoft IT determined the functional requirements for its System Center

2012 Configuration Manager system architecture and developed server and client migration

plans.

Architectural Review and Redesign

Recognizing that System Center 2012 Configuration Manager cannot be installed as an

upgrade on top of Configuration Manager 2007, Microsoft IT decided to take the time to

carefully review its existing Configuration Manager 2007 infrastructure.

A high-level view of Microsoft IT's Configuration Manager 2007–based infrastructure is

shown in Figure 3.

Figure 3. Microsoft IT's old Configuration Manager 2007–based infrastructure

Microsoft IT took a bottom-up approach to its new architectural plan. Microsoft IT performed

a detailed analysis of its worldwide Configuration Manager infrastructure and network loads

to identify places where it could improve efficiency, consolidate hardware, and reduce

complexity. Some of the key factors reviewed included:

Size of site (in terms of number of clients)

Speed of networks connecting a location to the nearest regional office or data

center

Numbers of servers at each site (both physical and virtual)

Mapping of Active Directory sites to Configuration Manager boundaries

Microsoft IT collated all this data into a single data set. After reviewing the information,

several sites were identified as having an imbalance in the number of servers to clients. In

some places, the number of clients did not merit a stand-alone server; other locations had no

server, but the number of clients merited one.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 5

Microsoft IT used the results of its architectural review to design a new topology that best

uses System Center 2012 Configuration Manager features and optimizes network bandwidth

across the globe. This new infrastructure is illustrated in Figure 4.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 6

Figure 4. Microsoft IT's new infrastructure based on

System Center 2012 Configuration Manager

The most significant changes between the old and new architectures include:

Co-location of the Central Administration Site (CAS) SQL Server and CAS

provider on a single server, replacing the two separate servers in

Configuration Manager 2007

Removal of the stand-alone Limited Services (Patching) site, with the help of

RBA and collection-level client settings

Splitting the large Redmond site into two smaller sites to bring the primary

site into compliance with the supported number of clients

Reduction of secondary sites because many locations that had secondary

sites in Configuration Manager 2007 for throttling bandwidth can be replaced

with Configuration Manager distribution points (DPs), which have the ability

to throttle bandwidth

Aligning of secondary sites with the network layout

Replacing the network load balancing solutions for management points

(MPs) used in Configuration Manager 2007 with the System Center 2012

Configuration Manager MPLIST feature

Table 1 summarizes the hardware that Microsoft IT implemented in its new client

environment.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 7

Table 1. Hardware specifications for the new client environment

Configuration Manager Roles

Server Model

Memory Processor Count

Processor Type

CAS Server HP ProLiant

SE326M1

64 GB 2 sockets

12 cores

24 threads (Hyperthreading)

Intel Xeon

CPU L5640

@ 2.26 GHz

Primary Site Server

Virtual Machine 12 GB 4 cores

4 threads

Intel Xeon

CPU UE7450

@ 2.40 GHz

Management Point

Virtual Machine 6 GB 4 cores

4 threads

Intel Xeon

CPU UE7450

@ 2.40 GHz

Software Update Point

Virtual Machine 6 GB 4 cores

4 threads

Intel Xeon

CPU UE7450

@ 2.40 GHz

Distribution Point Virtual Machine 4 GB 2 cores

2 threads

Intel Xeon

CPU UE7450

@ 2.40 GHz

SQL Server >50,000 Clients

HP ProLiant

DL 580 G5

64 GB 4 sockets

16 cores

16 threads

Intel Xeon

CPU E7330

@ 2.40 GHz

SQL Server <50,000 Clients

HP ProLiant

SE326M1

48 GB 2 sockets

8 cores

16 threads (Hyperthreading)

Intel Xeon

CPU L5520

@ 2.26 GHz

Note: For more information about Microsoft IT's use of hardware in the new Configuration

Manager deployment, see the blog at

http://blogs.msdn.com/b/shitanshu/archive/2012/04/10/configuration-manager-2012-

hardware-configuration-used-in-microsoft-it.aspx.

Server and Client Migration Planning

Once Microsoft IT formalized its new architecture plan, the next milestone was to properly

plan for the phased migration of servers and clients from the legacy Configuration Manager

2007 environment to the new environment. The top priority was to deploy in a manner that

would minimize content replication while allowing for uninterrupted service during system

migration.

Microsoft IT's approach to migration was to focus initially on the Redmond domain and

migrate small groups of clients. Group Policy Objects (GPOs) in Active Directory were the

mechanism used to define the specific group flagged for migration, and exclusion filters were

used to prevent potential conflicts between the existing Configuration Manager 2007

environment and the new System Center 2012 Configuration Manager environment.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 8

Note: For more information about Microsoft IT's Configuration Manager client migration, see

http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migration-

blog.aspx.

Microsoft IT designed some custom reports to monitor the prerelease server environment

and Configuration Manager data replication processes.

Note: Microsoft now offers a System Center Monitoring Pack for System Center 2012

Configuration Manager. For more information, see

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=29267.

Microsoft IT also developed pre-upgrade and post-upgrade checklists to help track the

migration progress and confirm that all critical processes were running as expected.

In terms of the mobile device implementation strategy, Microsoft IT wanted to implement

Exchange Server Connector with the appropriate rights to allow device information to be

discovered from Exchange Server computers across the corporate domains. Because most

mobile devices at Microsoft are owned by individuals, Microsoft IT limited the Exchange

Server Connector account to read-only access, which provides the desired inventory

reporting information.

Test Phase

During the Test phase, Microsoft IT built a virtual lab environment to validate the System

Center 2012 Configuration Manager implementation plan.

Building the Virtual Lab Environment

Microsoft IT configured a virtual lab environment for its proof-of-concept (POC) hierarchy.

The POC mirrored the existing Configuration Manager 2007 architecture, differing only in its

smaller scale. The components of the lab are displayed in Figure 5:

Figure 5. Virtual lab

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 9

In order for the virtual lab to accurately test the mobile implementation strategy, Microsoft IT

created two new connectors for Exchange Server Connector: one for the on-premises

Exchange Server Connector, and another for the cloud-based Exchange Server Connector.

Validating the Content Migration

To minimize client management downtime during Distribution Point and Secondary Site

migration, Microsoft IT tested two content migration strategies:

For validating migrating content from Configuration Manager 2007 to System Center

2012 Configuration Manager, Microsoft IT tested the System Center 2012

Configuration Manager migration feature to confirm it would move content

successfully and convert packages from the Configuration Manager 2007 format to

the System Center 2012 Configuration Manager format.

For validating replicating content for new packages created in System Center 2012

Configuration Manager, Microsoft IT devised and tested the following content pre-

staging strategy for upcoming Configuration Manager Distribution Points:

1. Export all critical package content from the existing System Center 2012

Configuration Manager hierarchy using the administrator console. Copy the

content through a Background Intelligent Transfer Service (BITS) job in

multiple phases (based on the network layout).

2. Migrate and install the Configuration Manager Distribution Point. The

Configuration Manager 2007 Distribution Point or secondary site can be

migrated to the System Center 2012 Configuration Manager Distribution

Point using the Upgrade feature within the Configuration Manager

Console. However, a Configuration Manager 2007 server that needed to

be converted to a System Center 2012 Configuration Manager secondary

site had to be uninstalled in Configuration Manager 2007 and reinstalled

with the new role in System Center 2012 Configuration Manager.

3. Enable the Distribution Point as Pre-Stage enabled, and then assign the

Distribution Point to a test boundary group.

4. Extract content from the pre-staged location using the ExtractContent.exe

utility, which is one of the tools available with the new Configuration

Manager installation.

5. After validating that all content is successfully pre-staged, remove the Pre-

Stage option and configure the boundaries on the Distribution Point.

Note: Microsoft IT wanted to keep some of the packages that were created in Configuration

Manager 2007 but also wanted new packages that were created in System Center 2012

Configuration Manager to be available on the new Configuration Manager Distribution Points

as soon as they were migrated. This meant Microsoft IT had to test and validate both

packages. However, this is not a required process. Customers can migrate all content from

their old Configuration Manager 2007 hierarchy directly to System Center 2012 Configuration

Manager without having to create new packages.

Validating the Client Migration

Client migration was tested in the following manner:

1. Create a GPO and target an empty security group.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 10

2. Add machines to that security group.

3. Point the machines to the new site and upgrade it.

Note: For more information about Microsoft IT's client migration testing, see

http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migration-

blog.aspx.

Validating Client Health

Once the machines applied the new GPO, Microsoft IT followed these steps to test the client

and confirm it was healthy.

1. Ensure the client installed successfully without any prerequisite issues.

a. Because the new Configuration Manager client requires Microsoft App-V

4.6 SP1, Microsoft IT had to either ensure that the client was upgraded

before installing the new client or use the

IGNOREAPPVVERSIONCHECK=TRUE option on the command line to

ignore the prerequisite check during the upgrade.

b. Microsoft IT included multiple Management Points (MPs) on the command

line to ensure that the client would be able to successfully contact an MP

and that the connections would be load-balanced across the different MPs.

Including multiple MPs also ensured that the client could download client

bits successfully.

c. Microsoft IT tested using the /forceinstall flag to ensure that the old client

was fully uninstalled and the new client installed.

2. Ensure the client registered correctly with the new site. Microsoft IT tested this by

using a forced site code through the command line.

3. Ensure that client agents were able to:

a. Request, receive, and apply policies correctly.

b. Send heartbeats to the server, which processes them successfully.

c. Execute hardware and software inventory cycles and confirm that the

server processes the hardware and software inventory data files

successfully.

4. Ensure that the client passes a client health evaluation scheduled task using

CCMEVAL.exe, and that it reports back to the site server that it completed

successfully. Microsoft IT used the CCMEVALSENDALWAYS=TRUE command line

option to ensure that the data was received every day for each client.

Validating Mobile Device Deployment

Microsoft IT tested the Exchange Server Connector in the following ways:

1. Test the Exchange Server Connector account's ability to access Exchange Server.

2. Configure the Exchange Server Connector in Configuration Manager and confirm

that devices are discovered through Full sync and Delta sync.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 11

3. Confirm that the mobile device data collected through Exchange Server Connector

synchronization is valid.

4. Run the mobile device management reports that list the inventory of various types of

discovered devices.

After validating that all features were functioning properly, Microsoft IT obtained approval

from stakeholders to move the Configuration Manager implementation from the test

environment into production.

Deploy Phase

In this phase, Microsoft IT finalized the worldwide rollout of the new Configuration Manager

infrastructure that includes five primary sites and approximately 280,000 systems. Due to the

scale of the rollout, Microsoft IT chose to migrate in batches in order to minimize impact to

the corporate network.

Microsoft IT stepped through the following sequence to deploy the new Configuration

Manager environment:

1. Set up the base infrastructure.

a. Establish a Central Administration Site Server for the entire architecture at

Redmond, which will serve as the administration and reporting site for the

new Configuration Manager hierarchy.

b. Create primary site and SQL Server installation on a remote server, which

will cater to Redmond-based clients. Install and configure all required roles,

including Management Point, Distribution Point, Software Update Point,

Fallback Status Point, and Application Catalog.

2. Migrate content.

a. In the Configuration Console under the Migration node, create an

association with the existing Configuration Manager 2007 environment.

b. Migrate objects (packages, collections, deployments) from the existing

Configuration Manager 2007 environment to the new environment using

the same process described in Validating the Content Migration in the

previous Test phase.

3. Populate the Application Catalog with appropriate applications based on the new

application model, and direct users to this self-service application management

portal.

4. Migrate clients.

a. Migrate a set of approximately 1,000 Redmond clients to the first Redmond

primary site using the same process described in Validating the Client

Migration in the previous Test phase.

b. Monitor the clients and confirm that they can obtain bits from their

distribution points and can communicate with multiple management points

before migrating another batch of clients.

c. Repeat this process until the Redmond primary site contains approximately

65,000 clients (or roughly half the total number of clients at Redmond), and

then migrate the remaining Redmond clients to the second Redmond site.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 12

5. Expand the rollout worldwide to the company's other regions, following the phased

approach as described in steps 2–4 above.

6. Use the Configuration Manager built-in wizard for Exchange Server Connector to

connect to Exchange Server for mobile device discovery.

Note: Discovery is configured at a primary site level. Using global data replication,

discovery data becomes available across all sites in the hierarchy.

ResultsThe results from deploying the new System Center 2012 Configuration Manager–based

client environment are as follows:

Microsoft IT successfully deployed the new solution across the client environment.

As of April 2012, more than 280,000 systems in eight domains across the globe are

making use of Configuration Manager.

More than 150,000 clients were migrated to the new Configuration Manager

environment within the first 100 days.

Consolidation of servers

Reduced Configuration Manager architecture to six physical servers—the

CAS server plus five SQL Server computers (one for each of the five primary

sites), representing a continuation of Microsoft IT's previous global

virtualization initiatives.

Removed the limited services site (six servers) that offered patch-only

service.

Reduced secondary sites from 38 to 13.

Phased out the Configuration Manager 2007 network load balancing

solutions for management points by using the Configuration Manager

MPLIST feature.

Client health monitoring

Confirmed that the client health evaluation scheduled task was installed as

part of the Configuration Manager client, and is scheduled to run at the

appropriate time each morning. This allows for detailed reporting of current

client health issues within Microsoft IT's environment.

Decreased dependence on scripted custom solutions that had been used to

manage client health.

User centric application delivery

With users accessing the new Application Catalog, Microsoft IT has begun

phasing out the legacy homegrown application management solution.

Microsoft IT has been able remove the custom scripting requirement for

approximately 70 percent of all application deployments. In the remaining

deployments, Microsoft IT is able to use the application model to prepare an

application for deployment in an average of 3 to 4 days—an activity that used

to require 7 to 10 days using Configuration Manager 2007 with custom-built

application packages.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 13

Mobile device management

Approximately 125,000 mobile devices were identified during the initial full

discovery.

Exchange Server connector automatically performs data collection in the

background. Administrators can easily run reports (including the custom

report that Microsoft built for identifying mobile devices) to review mobile

device information.

Best PracticesWhen working with System Center 2012 Configuration Manager to implement a new client

management environment, Microsoft IT developed and implemented these best practices:

Don't automatically base your new deployment on your existing topology.

Take the time to review your Configuration Manager infrastructure. Optimal

implementation and configuration of your new topology is derived from a detailed

review of your environment's needs. Make sure to inspect your primary sites,

distribution of systems, numbers and locations of client systems, and the network

paths that clients should use to access Configuration Manager servers.

Take time to review roles in RBA. You want to use roles that align to users’

responsibilities, so consider the set of responsibilities that each individual has. RBA

provides a great level of granularity and permissions control, but if you have

personnel working in multiple roles (such as test and production), consider changing

their responsibilities so that no individual can deploy to both test and production.

Use SQL Server database backup to manage your backup data and reduce

backup storage costs. System Center 2012 Configuration Manager stores data in

the site database and replicates it across sites. By using SQL Server compressed

data files for backup, Microsoft IT reduces backup storage costs when compared to

using the Configuration Manager 2007 Backup task.

Carefully review types and numbers of objects, data, and data replication

topology. This is especially critical for large-scale, geographically distributed

enterprises. Examine how you manage SQL Server data replication and object

management, and how you plan to migrate users and user objects without having

systems re-replicate all their data to the Configuration Manager database.

Consider separating mobile devices from other systems to prevent bloating

machine counts. Microsoft IT uses an “EAS_DeviceID” filter to remove mobile

devices from the department’s deployment collections and compliance reports.

Apply an appropriate mobile device synchronization threshold. Determine and

apply an appropriate mobile device synchronization threshold in your Exchange

Server Connector settings to reduce the volume of devices being synchronized at

any given time. Microsoft IT set its threshold to 90 days.

Use client health reporting to assist you in attacking issues that are most

prevalent. Client health evaluations can resolve many issues right away, but you

should also use the built-in reporting capabilities to gain insight into what issues

exist in your environment.

During migration, ensure your new Configuration Manager clients are not

assigned to Configuration Manager 2007. Microsoft IT uses GPOs and security

groups to manage this process and to deploy in phased migrations.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 14

Be familiar with the new SQL Server–based replication and use Replication

Link Analyzer for troubleshooting. There are significant replication differences

between Configuration Manager 2007 and System Center 2012 Configuration

Manager, so make sure you differentiate between site data and global data, and

know how this information is used for different Configuration Manager features.

BenefitsMicrosoft IT’s implementation of System Center 2012 Configuration Manager derived a

number of benefits:

Empowered end users. Microsoft IT uses the Configuration Manager Application

Catalog (the catalog website) and Software Center (the local utility) to offer users an

unprecedented level of control over how and when their software installations occur.

Cost savings. Microsoft IT estimates the new client environment will save the

company U.S.$200,000 in infrastructure savings from reduced server, support and

backup costs over the next two years. As described in the Microsoft IT Showcase

paper at http://technet.microsoft.com/en-us/library/hh925141.aspx, Microsoft IT

anticipates an additional estimated savings of U.S.$300,000 in custom tool

development and update costs from the new user-centric client management

implementation.

Automatic client health monitoring and reporting. Configuration Manager Health

Evaluation not only monitors client health, but the client can also proactively repair

an unhealthy system. Microsoft IT can define the client reporting frequency and

configure alerts to trigger when certain client health thresholds are reached. The in-

console reporting enables Microsoft IT to respond to any identified client health

issue.

Insight into mobile device usage. By implementing Exchange Server Connector,

Microsoft IT has gained insight into the types and numbers of mobile devices

connecting to the corporate network.

More efficient client installations. Client installations are performed through

software distribution instead of having to route back to the Management Point to

obtain client bits. And because client upgrade content is automatically distributed to

every Distribution Point in the hierarchy, content can be accessed more quickly and

with minimal network lag.

Improved system efficiency due to redesigned architecture. The new client

management infrastructure consolidates servers and improves client access to sites

throughout the company's global domains.

Simplified backup and recovery. Microsoft IT can more easily perform backup

and recovery now that all Configuration Manager bits are stored in SQL Server

databases.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 15

ConclusionSystem Center 2012 Configuration Manager is the cornerstone of Microsoft IT's improved set

of client management services that cater to today's consumerized, user-centric IT landscape.

This new client environment gives employees an unprecedented level of control over their

managed systems. For example, by making use of Configuration Manager Application

Catalog and Software Center, employees can set a variety of system management preferences,

including how and when mandatory software changes occur.

Additionally, built-in Health Evaluation actively monitors and reports on client health, and can even

remediate when a health issue is identified. Other Configuration Manager features are

enhancing Microsoft IT's ability to monitor, report on, and manage 280,000 systems—and for

the first time, report on more than 125,000 mobile devices.

By taking the opportunity to perform a detailed, bottom-up review of its older Configuration

Manager 2007–based infrastructure, Microsoft IT built a more efficient solution based on

System Center 2012 Configuration Manager that consolidates servers and improves client

access to sites throughout the company's global domains. Now that Microsoft IT has fully

rolled out the new client management environment, the department has begun phasing out

the old Configuration Manager 2007–based solution. Microsoft IT anticipates saving

approximately $500,000 in the next two years due to a consolidation of servers and reduced

costs for support, backup, custom tool development, and updates.

For More InformationFor more information about Microsoft products and services, call the Microsoft Sales

Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre

at (800) 933-4750. Outside the 50 United States and Canada, please contact your local

Microsoft subsidiary. To access information via the World Wide Web, go to:

http://www.microsoft.com /

http://www.microsoft.com/technet/itshowcase/

http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-

2012.aspx

http://blogs.technet.com/b/system_center_in_action/

© 2012 Microsoft Corporation. All rights reserved.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, ActiveSync, Forefront, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

How Microsoft IT Deployed System Center 2012 Configuration Manager Page 16