What´s New in Microsoft System Center Configuration Manager SP1 and R2

Jacques MostertSolutions ConsultantChisa TechnologiesSession Code: MGT301

Agenda

Configuration Manager Capability overview

Service Pack 1Capability additions

Release 2Capability additions

Service Pack 2Upcoming release details

A Quick Assumption...

You have seen Configuration Manager 2007 in actionThis is a summary session of what has changed since RTM (Release to Manufacture)

Site Role Maximum # of Client SystemsHierarchy (Central Site Server) 200,000Primary Site Server 100,000System Health Validator 200,000Management Point 25,000Distribution Point (Non OSD) 4,000Distribution Point (OSD) Limited by Network & Disk I/OState Migration Point Limited by Network & Disk I/OSoftware Update Point (WSUS) 25,000Fallback Status Point 100,000Branch Distribution Point Limited by OS License, Network & Disk I/O

Supported Client Numbers

Platform/ Feature HW/SW

InventoryOS

DeploymentSoftware

DistributionSoftware

Update MgmtDesired Config Mgmt

Windows ‘7’

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows XP SP3

Windows 2000

Windows Server 2008

Windows Server 2008 R2

Windows Server 2003

Windows Server 2000

WFLOP

WePOS

XP Embedded

Windows Embedded Standard 2009*

Windows CE

Windows Mobile

Platform Support Supported

ConfigMgr SP2

Supported with SP1

Not Supported

* Sysprep now supported

Configuration Manager Site Systems

PXE Service Point

State Migration Point

Software Update Point

Fallback Status Point

Branch DP

Primary Site Server

Configuration Manager Role

SMS 2003 Equivalent Role

System Health Validator

SQL Server

SQL Server

New Role with Service Pack 1

• Multicast• AVM Streaming

New R2 Capability

Management Point

Distribution Point

Reporting Point

Server Locator Point

Asset Intelligence sync point

Out of band service point

•Reporting Services Point

Service Pack 1

Intel AMT Integration

Intel® Q35 Express Chipset

with ICH9-DO

Intel Platform Software

Ecosystem Solutions

Intel Key Platform

Technologies

• Intel® Active Management Technology (AMT) is a function of the chipset & network controller

• Hardware-based management for clients• Desktop: Intel® vProTM Processor Technology

Intel® 82566DM

Gigabit Network

Connection

Intel vProComponents

Intel® Core ™ 2 Duo Processor

ConfigMgr 2007 Features for AMT out of Band Management

Secure Setup and Configure AMTZero Touch – Certificate HashZero Touch – In band via agentTies to OSD w/targeting

Provisioning

Remote Console

Helpdesk / Interactive sessionSerial over LANIDE RedirectionBIOS password bypassManual power control

Scheduled Power OnSWDist, SUM, OSD

On Demand Power ControlWake, restart, shutdown

Interactive via OOB Console

Discovery / Inventory

Power Control

Discover On Demand per machine / per collection

Scheduled DiscoveryIn band Discovery via agent

Intel vPro IntegrationJacques MostertSolutions ConsultantChisa Technologies

demo

Out of Band Management

Asset IntelligenceConsole Improvements

Rich interface in Configuration Manager Admin ConsoleNew Catalog and License management toolsEnhanced UI for all Asset Intelligence WMI Classes

System Center Online ConnectionCertificate requirement removed in Service Pack 2Keep software asset categorization up-to-dateOn-demand or scheduled catalog synchronization w/On-line ServiceNew Configuration Manager site role: The Asset Intelligence Synchronization PointUpload requests for software categorization to On-line Service

Basic Replication to Distribute AI Content to Other Configuration Manager sitesAbility to Import Licensing Data and Compare to Inventory

Microsoft MVLS Site3rd Party Licenses (http://technet.microsoft.com/en-us/library/cc431362.aspx)

Local Edit Support Allows Customers to Categorize Software Assets

Asset IntelligenceJacques MostertSolutions ConsultantChisa Technologies

demo

Release 2

Operating System Deployment

Service Pack 1 Brought a Platform Support UpdateWindows Vista Service Pack 1

Upgrade Advisor report supportOS package supportAIK updates, WinPE etc.

Windows Server 2008 Managed Client OSHost for Site Roles

R2 Opened New FeaturesMulticastUnknown Computer Support‘Run As’ support added

Unknown Computer SupportAllows unmanaged systems to be recognized and receive an OS DeploymentAllows computers without a ConfigMgr ‘07 client to be provisioned with an OS by ConfigMgr ‘07 OSDExclusion list for unknown computer support availability

A list of computer MAC addresses to which the PXE server should not send task sequences to install an operating systemExclusion list members are ignored

Multicast Services OverviewSimultaneously send data to multiple clients rather than sending a copy of the data to each client over a separate connectionAllows multiple computers to download an OS image package as it is multicast by the DPClients can join a multicast session already in progressThe multicast feature must be enabled on the specific ConfigMgr ‘07 DPBranch DP cannot use multicastConfigMgr ‘07 Requirements

ConfigMgr SP1 and R2 installed to siteWDS extension installed on Windows Server 2008 site systems

Multicast Prerequisites Prerequisite Description

Windows Server 2008 - Must be running on DP enabled for multicast

Windows Deployment Services (WDS) -Must be installed before multicast is enabled on the distribution point server- WDS transport server role service is required for multicast operating system deployment support

Internet Information Services (IIS) with extensions -must be installed before multicast is enabled on the distribution point server- ISAPI extensions and IIS 6 management compatibility must be installed

Network firewall configuration -UDP ports used by multicast are accessible by ConfigMgr ‘07 clients- Port config link

Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS

- Operating system deployment package transfer using IIS requires that Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS (required for device clients and Internet-based clients) be enable

'Run As' in the Task SequenceIn ConfigMgr ‘07, task sequences run only in the context of the local system accountNetwork Access account is used to access required packages located on DPsNetwork Access account needs to access DP or Task Sequence will failIn R2…

Now possible in task sequences to run with credentials other than the local system accountPowerful way to deliver elevation to special situations Run As feature cannot be imported by a Configuration Manager 2007 site server due to Task Sequence schema changesThis account is required if you add the step Run Command Line to a task sequence, but want to not use Local System

Operating System Deployment UpdatesJacques MostertSolutions ConsultantChisa Technologies

demo

Application Virtualization Management System Center builds on the full Application Virtualization Infrastructure

Integrates with existing Active Directory relationshipsProvides a scalable infrastructure to support a distributed networkBroad scenario support to support workers wherever and however they work; desktops, laptops, mobile across LAN/WAN/Branch and Internet connectionsCentralized management and reporting for physical and virtual applicationsReduce costs for deployment, and align to organizational requirements by targeting both user and computer systems for applicationsAsset Intelligence brings meaningful business terminology for software titles, categories and families, with full support for Virtual Applications

Integrate Virtual Application delivery with everyday management operations

OS deploymentPatch managementInventory

Application Virtualization Management

Based on Application Virtualization 4.5 feature setUses System Center Configuration Manager 2007 R2 Admin approachNew in ConfigMgr 2007 R2:

ConfigMgr can manage and deploy virtual applicationsClient roaming is supported so the client is always going to the “closest” server

Dynamic nature of Application virtualization preservedVersion checking, user-based targeting, streaming

Core Scenarios for Application Virtualization Management

•Create virtual application packages and copy them to distribution points

Packaging and distribution of virtual

applications

•Advertise the packages to clientsDeployment of virtual applications to clients

(connected and offline)

•After the application is advertised and made available, end-users run the applications from their desktop computers

Launching and running virtual applications

(connected and offline)

•ConfigMgr inventory and reports enable administrators to report on packages, applications and their usage within the ConfigMgr hierarchy

Inventory and Reporting of virtual

applications

System Center Requirements

Configuration Manager 2007 SP1 is a prerequisiteA customer must have purchased MDOP and be licensed to use App Virtualization 4.5

4.5 Sequencer to build virtual applications4.5 Client to interact with the ConfigMgr client on the desktop

A customer must be licensed to use ConfigMgr 2007 R2‘Software Assurance’

Additional Configuration Manager client requirements (min OS, etc)System Center Operations Manager is optional

Infrastructure Requirements

Some key areas to be aware of when deploying Virtual Applications in ConfigMgrDistribution Point

Virtual Applications Tab Enable Virtual Application Streaming

Client Agent ConfigAdvertised Programs Client Agent

Set to allow Virtual Application Package Advertisement

Application Virtualization ManagementJacques MostertSolutions ConsultantChisa Technologies

demo

SQL Reporting Services Integration

New server role called the “Reporting Services Point”Ability to convert / copy classic SMS reports to Report Definition Language format and publish them to a Reporting Services Point (report server)New node under “Computer Management -> Reporting” for accessing the SRS ConfigMgr reportsAbility to manage, browse and run SRS ConfigMgr reports from the ConfigMgr Console

SQL Reporting Services IntegrationJacques MostertSolutions ConsultantChisa Technologies

demo

Client Status ReportingBuilt upon the scenarios in the SMS 2003 Client Health ToolExternal service which queries site systems and ConfigMgr clients for client status on agent activity and overall healthReports on key indicators of client activity to help administrators monitor and maintain the health of their ConfigMgr clientsClient Status Reporting can:

Identify clients that are online but are not requesting policyProvide a number of reports that detail the status of clients on your siteIdentify clients that are online but have nonfunctioning client componentsIdentify clients that are online but do not have up-to-date discovery or inventory recordsIdentifies clients that are offlineIs not dependent on ConfigMgr ‘07 site systems

CSR will not be affected by problems with backlogged site systems which could cause traditional reporting mechanisms to generate inaccurate results

Uses a number of data sources for its analysis, including:Data from ConfigMgr ‘07 site database - inventory, discovery, and heartbeat dataGather and analyze policy request log files from MPsCan also check the status and activity of ConfigMgr ‘07 client components

Client Status ReportingJacques MostertSolutions ConsultantChisa Technologies

demo

Forefront Client Security IntegrationForefront Client Security

Provides unified malware protection for business desktops, laptops and server systemsProvides critical visibility into threats and vulnerabilities

Lightweight Integration Between Forefront Client Security and ConfigMgr 2007 R2

An FCS Configuration Pack will assess the states of FCS agents on machines that are managed by ConfigMgr 2007 R2Admin gets the reports of overall states of FCS clients through the existing DCM reporting infrastructure

Import the Configuration Pack Included on the ConfigMgr ‘07 R2 CD

Forefront Client Security IntegrationJacques MostertSolutions ConsultantChisa Technologies

demo

Service Pack 2

Configuration Manager SP2 Summary • Windows 7

• Windows Server 2008 R2 • Windows Server 2008 SP2 • Windows Vista Sp2

Operating System Support updates

• Site role support for Windows Server 2008 R2

Site Role support for Windows Server 2008

R2

• OOB Wireless Management: Wireless Profile Management • End Point Access Control: 802.1x support • Persistent Data Storage: Non Volatile Memory or Third Party Data Store (3PDS) • Access Monitor: Audit Log • Remote Power Management: Power State Configuration from ConfigMgr Console

Intel AMT Integration Enhancements

• Requires Win7 client and W2K8 R2 backendBranch Cache

Support

• X64 support for Operations Manager 2007 Client Agent

Operations Manager 64bit support

Service Pack 2

Smaller, but Still Important StuffUpdate to Management Pack for 64-bit OS’s – SP2 will ship 64-bit perf countersRemote control added in for (x64 XP and Server 2003)Multi-select and delete driver catalog drivers from the consoleBetter feedback on AD extension success / failure

Certificate Requirement Removal for Asset IntelligenceHotfix Data

36 QFE merges

iAMTSupports Intel vPro Chipset and iAMT Firmware Versions 4 & 5Feature Parity with SP1 and iAMT Firmware Versions 3.2.1, 4 & 5New Features

Wireless profilesWireless profiles associated with all Intel® vPro™ clients in the siteSet the wireless information on a per-collection basis during provisioning.

802.1x support - configuration of 802.1x settings on a per-collection basis during provisioning.Audit Logs - Retrieve, store and clear the security audit log on a periodic basisPower Package - Enable configuration of the power package settings with the core provisioning settings for the site.3rd party data storage - Enable SCCM to store specific information into the NVM data area for inventory or t-shooting.

SummaryConfiguration Manager R2 is Now AvailableService Pack 2 Public Beta June 2009In addition to Traditional Features Such as Software distribution, Inventory and OS Deployment R2 Brings:

Support for Vista SP1 and Windows Server 2008 (added at SP1)Asset Intelligence (added at SP1)Intel AMT integration (added at SP1)Application VirtualizationSQL ReportingClient Status ReportingOS Deployment enhancementsForefront Client Security Reporting

Download the Evaluation at http://technet.microsoft.com/en-us/configmgr/cc761485.aspx Download the Virtual Machine at

http://www.microsoft.com/downloads/details.aspx?FamilyID=e0fadab7-0620-481d-a8b6-070001727c56&displaylang=en

ResourcesSystem Center Website

http://www.microsoft.com/systemcenter/configmgr/default.mspx Application Virtualization Website

http://www.microsoft.com/systemcenter/softgrid/default.mspx Management Techcenter

http://www.microsoft.com/systemcenter/softgrid/default.mspx Windows Vista

http://www.microsoft.com/windows/products/windowsvista/default.mspx

Windows Server Resources

http://www.microsoft.com/servers/default.mspx System Center Team Blog

http://blogs.technet.com/systemcenter/ Website for Microsoft Desktop Optimization Pack for Software Assurance

http://www.windowsvista.com/optimizeddesktop Microsoft Virtualization 360

http://www.microsoft.com/virtualization MYITForum

http://www.myitforum.com/

question & answer

www.microsoft.com/teched

International Content & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

Complete a session evaluation and enter to win!

10 pairs of MP3 sunglasses to be won

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.