configuration manager 2012 technical overview

7/31/2019 Configuration Manager 2012 Technical Overview

1/39


2/39

peaker ScriptWelcome to the technical overview of Microsoft System Center 2012 Configuration Manager.


3/39

peaker Scriptn this session, we will help you to understand the new IT trends and challenges and how the upcoming version ofonfiguration Manager helps you to address those challenges. You will get an overview of major new enhancements included

n the product.


4/39

peaker Script

ets look at the latest trends and the challenges they pose to enterprises. Consumerization of IT is a growing trend. Theariety of new devices, personal applications, and mobile platforms place new demands on the IT organization. Employeesoday expect anytime, anywhere access and increasing levels of access to corporate data. They want choice in their mobileevices and may even expect to use their own devices in your IT environment.

o IT departments need to enable worker productivity while also protecting corporate data and assets. IT departments alsoeed to manage operational costs, keeping them down especially in this economy.

ets see how System Center2012 Configuration Manager addresses these challenges and helps IT admins embraceonsumerization.


5/39

peaker Script

onfiguration Manager 2012 provides a balance of end user demands and IT requirements. The solution puts IT in control ofosts and compliance, providing an evolutionary path to new capabili ties that take advantage of existing people, processes,nd technologies.

We will highlight three areas of focus for Configuration Manager 2012 that help the IT organization. The first area is aboutmpowering the end users. Configuration Manager 2012 delivers a new user-centric approach to client management. Itnables IT to empower users with applications and services they need to be productive from anywhere, on whatever devicehey choose.

he second area is about consolidation of your infrastructure. Configuration Manager 2012 enables IT to streamlineperations with a unified infrastructure. It integrates client management and protection across physical and virtual Windowsnvironments.

he third area is about simplified administration. Configuration Manager 2012 makes it easier to administer client systems,ith improved visibili ty and with new enforcement options for maintaining system compliance.

n the following sections, we will see how these benefits are delivered by Configuration Manager 2012.


6/39

peaker Script

efore we check out all the benefits, lets first look at the new design changes introduced in Configuration Manager2012. Itntroduces a new paradigm in systems management, which we call user-centric management.

n a traditional client management model, machines are targeted and managed. There is no direct knowledge of the userctivity. Configuration Manager 2007 thus is optimized to manage systems. So we run scripts and programs on a machine.his practice becomes challenging with the new trend where users are accessing corporate resources using variety ofevices. You end up manually correlating end-user activity between different devices, and management becomes moreomplex.

ystem Center 2012 Configuration Manager introduces a new and efficient way to manage users and their devices. Its calledser-centric management. It still services the traditional systems management scenarios but additionally it understands thesers relationships with different systems and lets IT deliver the best user experience based on the type of the device.

Moving from device-centric to user-centric enables administrators to focus on users first. Configuration Manager 2012 willemember the relationship between the user and their applications. Admins deploy applications to users just like the functionn the slide shows. For example, a user could access an application from her corporate laptop and Configuration Manager012 could make this application available locally, but when she tries to access it from a remote location using her ownersonal device, Configuration Manager 2012 would understand the context and could stream an App-V instance instead.


7/39

peaker Script

ow lets look at how Configuration Manager 2012 enables IT to empower end users. First, it provides management for aide range of devices. Second, it delivers applications in the most optimal way for the user by automatically assessing deviceonditions and capabilities, including user and location information. And third, it empowers people to securely self-provisionpplications with an easy to use web catalog.


8/39

peaker Script

onfiguration Manager 2012 provides a single administrative console to manage your mobile devices, as well as comprehensive asset andompliance reporting. This helps in keeping your environment secure while providing the device freedom that people expect. This ischieved at two levels.

he first level is full or in-depth management capabilities, such as integrating the capabilities of Mobile Device Manager and Configurationanager 2007. Configuration Manager 2012 will place a client on these platforms and will offer management capabilities that we wouldassically do to any hardware client, such as settings management, inventory, application management, and remote wipe. In-depthanagement is supported for Windows Mobile 6.5 or earlier platforms, as well as for the Nokia Symbian platform.

he other level enables basic management of all mobile platforms that connect to Microsoft Exchange ActiveSync technology. Thiscludes Windows Phone 7, iOS devices such as iPad or iPhone, and Android devices. This is achieved by using the Exchange ActiveSynconnector on the Configuration Manager server.


9/39

peaker Script

he Exchange Server connector in Configuration Manager 2012 allows you to consolidate the management of devices andients in your enterprise in a single console. This frees up the Exchange administrators to focus on messaging operations. It

ets the admin gain visibility on the mobile device inventory, configure ActiveSync security policies such as device settings orassword settings, and lets you remote wipe the device. This connector will work with Exchange 2010 and Exchange Online.


10/39

peaker Script

1


11/39

peaker Script

ow lets take a look at how the new application model in Configuration Manager 2012 enables the user-centric approach.he new model allows us to create applications as global objects. We can then create some conditions below that object that

will determine what type of application format is delivered to the user. Lets review a few of the relevant terms.

irst theres detection method. Because the new application model is a state -based model, it is able to detect the existingresence of the application on the machine. You can define if it is a required application, or in case of a prohibited applicationou could uninstall it from the machine.

equirement rules evaluate whether the install can happen on that machine or not, and its done at the time of install so theser has minimum error experience.

We can also check for any dependencies with other applications. For example, before deploying some kind of application

rtualization, we require App-V client to be there. Other examples could be web browser plug-ins or Microsoft .NETramework requirements.

We also provide a feature called supersedence here. It is the ability of an administrator to deploy the most current version ofn application, with a relationship to detect and uninstall the older version before deploying the latest version. This allow s uso manage automatic revisions of apps and also enables IT to manage only one version of the application out there.


12/39

peaker Script

he new application model allows the deployment of software based on the nature of the relationship between the user andevice. This is enabled with the support of user device affinity and allows the admin to think user first. It also ensures thathe application is not installed everywhere the user logs on.

onfiguration Manager 2012 is able to understand the user context and various other conditions such as location, networkandwidth, and type of devices. For example, it can only install the MSI version of Microsoft Visio drawing and diagrammingoftware if the device is a primary device like a corporate laptop of the targeted user, otherwise it wont install. Anotherxample is that you can install the MSI or App-V version of Microsoft Office when the device is a primary device of the userargeted, and install the Citrix XenApp version if the device is not a primary device.

also enables software to be pre-deployed on a users primary devices whether or not the user is logged in.

o the IT admins are able to provide the best application experience for the user, which is optimized for the specific deviceype.

1


13/39

peaker Script

here are two sides of the user-centric management approach. We just saw the administrative side, lets talk about the userromises in Configuration Manager 2012.

oftware Catalog is a new feature introduced in this release. Software Catalog enables the users to search, install, or requestpplications through a web portal. Applications are published through the admin console, and there is a workflow and anpproval process if required. Users can choose and install software just like they do on their home machines. They dont need o wait for IT to push these applications down anymore.

sers can also control and set many settings here. For example, they can define their working hours. They can also setresentation mode, where you will not get any notification pop-ups while presenting.

1


14/39


15/39

peaker Script

ow well discuss the second area of focus for Configuration Manager2012: the unification of infrastructure. The underlyingoals were to enable consolidation of server infrastructure, improve operational efficiencies, and reduce costs. From thaterspective, Configuration Manager 2012 unifies the infrastructure across Windows physical and virtual client managementnvironments while improving on the infrastructure requirements. It also provides a consolidated solution for client

management and security. And finally it frees up help desk resources through the integration with other System Centeromponents.

ets dig deeper into each one of these components.

1


16/39

peaker Script

When we talk about user-centric management, we also have to recognize that the virtual client experience is becoming morerevalent. This comes in a few different flavors. We work heavily with Citrix XenDesktop and XenApp, and Configuration

Manager 2012 builds on Microsoft Remote Desktop Services to deliver an experience with Citrix VDI solution that includes ourpplication model. Within this environment, we sti ll provide conditional rules, the desktop type, whether the virtual machine isooled or personal, and other information. We can gather inventory from that VM to ensure whether we are providing the rightpplication or not.

We also provide protection against virtual desktop interface (VDI) storms. For example, you can randomize updates andcans within the virtual environment so that all VMs dont start the update process at the same time and create resourceontention.

1


17/39

peaker Script

One of the major investments we made was to modernize the Configuration Manager architecture. So you will see that theonfiguration Manager hierarchy is flatter than the earlier versions.

We also made improvements in primary site structures and how the content is distributed to remote sites more efficiently. Inonfiguration Manager 2012, the central administration site is only used for administration and reporting. The next layer downf primary sites is where file processing happens.

We are also improving our concepts of being trustworthy. We are providing stronger relationships with Microsoft SQL Serveratabase software through SQL Server Reporting Services, and a much more robust management replication toolset for ourata in the back end. These changes allow far more efficient monitoring and troubleshooting.

1


18/39

peaker Script

very common question that we get from organizations that we wanted to cover here is, when do I need a primary site? Inonfiguration Manager 2007, primary site requirements were a little different that they are now with Configuration Manager012.

n Configuration Manager 2012, you would need a primary site for scale, for redundancy or fault tolerance, a local point ofonnectivity for the admin, for geopolitical reasons and content regulation. All other reasons on the right side of the slide , likeecentralized administration and content routing, required primary sites in Configuration Manager 2007. However, inonfiguration Manager 2012, you do not have to use additional primary sites for these purposes.

1


19/39

peaker Script

We just saw that primary sites are now not required for many scenarios. Lets see how we have reduced these requirementsn Configuration Manager 2012. The unique physical primary site for decentralized administration goes away in ConfigurationManager 2012; now you can use the role-based administration to provide appropriate access to different groups. Next are

ient settings. Sometimes enterprises separated primary sites for servers versus desktops, to maintain separate settings forervers. Now you can create client settings at the hierarchy level and create exceptions for client settings, thus you dont needo invest in a separate primary site.

imilarly, multiple language packs on primary sites can be installed now, so you dont have to install different primary sites forfferent language support. And finally, you can get rid of the third or fourth tier primary sites you had for content routing. Youan use secondary or distribution points for content.

1


20/39

peaker Script

ets talk about efficiencies in content distribution. All things like the branch distribution point, PXE service point, andstribution point can now be combined in one distribution point.

he PXE service point will be more scalable than the earlier version of 75 points per site and it will support a multicast op tion.

n the past you might have a secondary site with no proxy management point but a distribution point on it. Now you can get ri df that secondary site and use the distribution point to throttle and schedule content.

istribution point grouping is also improved. You can now manage distribution to individual distribution points or groups ofstribution points. Content can be automatically managed based on group membership.

nd lastly, distribution points can now be installed on both server and client operating systems.

ll of these steps simplify the server hierarchy.

2


21/39

peaker Script

ow a little bit about boundaries and how these are used to optimize network utilization. Boundaries represent networkopology and help in search, site assignment, and policy assignments. Boundaries are also used to find the most proximalstribution points. Now you can define separate boundaries for client activities versus content. This helps in remote office s:

or example, you can define boundaries for specific distribution points and break up the content distribution more granularlyhile using a different boundary for site assignment.

2


22/39

peaker Script

oundary management is automatically created with forest discovery, so as you are doing the Configuration Manager 2012nstall, the boundaries are set during the discovery process. We can discover Microsoft Active Directory sites and IPubnets. You can add boundaries later as well, so as organizations change, you have the ability to pick up the latestnformation there.

ou can also group these boundaries with simple wizard steps, and group them according to site assignment as well as siteystem look ups.

2


23/39

peaker Script

o we saw the client management server efficiencies in the previous section. Other consolidation that has happened is theonvergence of client management and security in one infrastructure. Let us understand the trend here. In a traditionalecurity and management structure, you have two different teams, one managing desktops and the other managing securityor these desktops. This has two major issues. One, the security admins are frequently bogged down in day to day operationsf maintaining security and dont have time to focus on the upcoming security strategies. Two, operational costs are highecause of two different infrastructures for client management and security.

he latest trend is called operationalizing desktop security: that is, combining desktop management and security in onenfrastructure. Microsoft has successfully implemented this strategy with System Center 2012 Endpoint Protection, which wasreviously known as Microsoft Forefront client security. Endpoint Protection 2012 is tightly integrated with Configuration

Manager 2012. This solution reduces cost by consolidating the infrastructure, and provides better protection because security

olicies and compliance visibility is now in the same desktop management console. It also frees up the security admins fromay to day tasks like updating antivirus definitions. These can be managed by the desktop admins using their existing updaterocesses, while security admins can focus on end to end security strategies.

he tight integration of these two products starts at the setup, which is unified. Once Endpoint Protection 2012 is enabled, theonfiguration Manager console provides monitoring, reporting, and policy administration capabilities for client security. Yournterprise can use the existing infrastructure to centrally manage endpoint security now.

2


24/39

peaker Script

2


25/39

peaker Script

nother aspect of infrastructure consolidation is how well Configuration Manager works with other processes in yournterprise. For example, because client management affects the user activity and productivity, it is extremely important toave an efficient help desk system. Through its connectors, Microsoft Service Manager 2010 integrates the information fromystem Center 2012 Configuration Manager, forming a baseline configuration management database. This databasestablishes relationships among the reason, priority, and impact of changes and incidents.

his ensures that the service desk personnel have all of the information they need at their fingertips to make help desk callsast and efficient. Self-service portal integration helps users to manage incident requests and troubleshoot their own issues,eeing up service desk resources and improving user satisfaction.

2


26/39

peaker Script

he third area of focus was about simplifying the administration experience. Again, the goal was to make the day to dayperations easier for the admins. There was a lot of investment in redesigning and improving the interface. Configuration

Manager 2012 continues to deliver world-class assessment, deployment, updating, and setting enforcements to provide morefficient and effective client management.

n this section, we will discuss the new improvements in the administrative tasks.

2


27/39

peaker Script

onfiguration Manager 2012 has a new, redesigned administration interface. It is a modern application and not an MMC-ased application like in the past. The user interface has improvements all around. For example, it now allows role-basedccess. Admins can now perform global searches, and the organization of objects is more efficient, enabling thedministrators to get all the relevant data quickly.

2


28/39

peaker Script

onfiguration Manager 2012 uses role-based administration to secure objects such as collections deployment and sites. Itlows IT to organize tasks by business roles, and ensures that only the relevant features are visible to any given role.

his administration model centrally defines and manages hierarchy-wide access for all sites. Security roles group typicaldministrative tasks that are assigned to admin users. Security scopes group the permissions that are applied to object

nstances.

he combination of security roles, scopes, and collections define what an administrator can view and manage.

2


29/39

peaker Script

lient health monitoring is a critical feature and you will see many improvements here. In the admin interface, you can nowet information on policy requests, heartbeat information, and status messages; its similar to System Center Operations

Manager 2012. We also have improved client side monitoring and remediation. There are 21 different rule checks that can beone on the client, including WMI, Configuration Manager client health, and anti-malware service. The client health is seen asve data in the console; you dont need to run summarization of the data anymore.

nd you can define in-console alerts for your own customized thresholds for acceptable client health parameters.

2


30/39

peaker Script

nother simplification we have done is in the software update area. In Configuration Manager 2007, this was built onWindows Server Update Services (WSUS) and we had a role called software update point, with the ability to define and rollut software updates. There was a heavy administrative workflow to get patches approved and deployed.

n Configuration Manager 2012, auto deployment rules (ADR) simplify and can help you automate the update deploymentrocess. For example, ADR will help you define and automate Endpoint Protection definition updates in the Configuration

Manager console. System Center Endpoint Protection definition updates are provided three times a day; with ADR, you noonger have to manually approve these updates.

We also have something called state based update groups, where we can deploy updates in groups, such as for Windowsnternet Explorer Internet browser, or for laptop security. Relevant updates can be added to these groups automatically andhey deploy to the collections targeted in those groups. So you can pre-specify an update process almost like a template.

3


31/39

peaker Script

ou will also see some enhancements in operating system deployments in Configuration Manager 2012. W e have a fewreas to highlight here.

Offline servicing of images is component-based servicing, like Windows OS updates. If the updates are already approved,hey can be deployed against the images in the library offline. So as soon as the updates are available on a Patch Tuesday,hese images are also made up to date.

We also have improved the boot media environment. You dont have to be site specific, boot media can be defined at aerarchy level. This will simplify the management of your boot media. No matter where the boot media connects from, it wille able to find the right management point and right operating system images.

We have enabled pre-execution hooks to automatically select a task sequence. This helps in that the end user doesnt have

o choose from a menu; you can automate the selection.or Windows User State Migration Tool (USMT) 4.0 simplification, features like shadow copy and hardlinking are supported.he command line parameters that USMT 4.0 scans are integrated in the console so it minimizes the syntax errors for thedministrators.

3


32/39

peaker Script

We had a feature called Desired Configuration Manager in Configuration Manager 2007; that feature has been improved and now called Settings Management. You can define compliance baselines across servers and clients. Configuration Manager012 will report on configuration drifts, and now it will also be able to automatically remediate the settings to bring the c lientack into compliance. Additional improvements include the abili ty to copy settings, and richer reporting.

3


33/39

peaker Script

he ability to remotely control the client from the admin console was part of Microsoft Systems Management Server 2003 butwasnt included in Configuration Manager2007. With Configuration Manager 2012, admins can once again remotely controlhe clients. We have greatly improved the security of that process.

3


34/39

peaker Script

ower management was introduced in Configuration Manager 2007 R3 as a core functionality. Configuration Manager 2012arries this forward. It helps enable operational efficiency in the enterprise and helps in cost reduction. First, it enables the ITdmins to monitor power usage. Here you see a typical graph in an enterprise and we can see that the peak hours for userctivity seem to be between 8 A.M. to 8 P.M. This graph is before defining a power policy, so the computer activity does not

match the user activity peak hours. Understanding this will help us streamline the power usage in our environment.

ext, we see a screenshot of power policy options. We can get very granular in defining power usage options here. Once theolicies are defined, we can see a report of computer and user activity again. In this case, the user and computer activitiesollow the bell curve. Last, we get visibility into our environmental impact and power usage. The left-side graph shows CO2missions savedthe higher the graph, the better it isand you can see that after the power policy has been implemented,oth CO2 emissions as well as power usage has improved.

3


35/39

peaker Script

One of the biggest areas we have focused on is migration. The goal was to simplify the migration process and assistrganizations in moving from existing Configuration Manager 2007 deployments to Configuration Manager 2012. This isroken down into a collection of steps. It starts with assisting with migration of objects from the 2007 version to 2012,ssisting with migration of managed clients, minimizing the impact to the network when that happens, and also reusingardware where possible. Through all of that, we want to assist with flattening the hierarchy as much as possible.

3


36/39

peaker Script

We have some migration technology built in to Configuration Manager 2012. Some migration job types allow us to look atbject type migrations; this would be done at the level of collections and packages. We can also create collection -based

migration: we can simply select a collection and migrate the objects under that collection.

We also have assistance for content migration, which is about moving applications and user who are touching thosepplications to the Configuration Manager 2012 format as seamlessly as possible. One of the ways we achieve that is throughstribution point sharing. This allows the existing distribution points of Configuration Manager 2007 to participate in theontent distribution process for Configuration Manager 2012. And when that location is ready, we can move that distributionoint to Configuration Manager 2012.

Many customers have their own MOF files. You will have a nice interface experience to import your customer MOF files inonfiguration Manager 2012.

3


37/39

peaker Script

ere are some basic points to keep in mind while you plan to migrate to Configuration Manager 2012. Flatten your hierarchys much as possible; getting rid of third or fourth tier primary sites, if you have them, would be useful before migration. While

make hardware purchasing decisions, make sure you plan for 64-bit and appropriate Windows Server and SQL Serverersions.

lso look at implementing Microsoft BranchCache technology. It provides tremendous improvements on the bandwidthtilization. In Configuration Manager 2012, the reporting infrastructure is based fully on SQL Server, so switch to SQL Servereporting Services i f you havent done already. Also avoid mixing users and devices in collections; in Configuration Manager012, the collections for users and devices are managed separately and mixed collections wont be migrated to the 2012ormat.

nd finally, move to UNC paths. That would make your migration a lot smoother.

3


38/39

peaker Script

ust to wrap up: you can download the later trial version or VHDs, try out the online labs. You can also join an activeommunity of peers who are evaluating the product together by sharing best practices and by getting guidance from theroduct team every two weeks. This program is called the community evaluation program and it could connect you to manyeers in the industry.

3


39/39

peaker Scripthats it from us in this session. Thank you for joining the technical overview of System Center 2012 Configuration Manager.

configuration manager 2012 technical overview

Documents