SCCM 2012Features and Benefits

Or: How I learned to stop worrying and love Centralized Administration

System Centre Configuration Manager 2012• Unified Device Management• User Centric Application Delivery• Operating System Deployment• Software Updates• Integrated Endpoint Management• Configuration Compliance• Power Management• Role Based Administration• Software Metering, Asset Intelligence• Other features

2003

20122012

2011

2007

1999 SMS 2.0

1994SMS 1.0

Evolution of Microsoft Client Management

Client Management Infancy (NT Domain) Groups Model Comprehensive

Management

Laptops, Servers,

Enterprise Scale

Consumerization of IT

Management from the

Cloud

Unified Device Management

Me

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Single AdminConsole

Windows RT, Windows Phone 8

iOS, Android

Linux

System Centre Configuration Manager 2012 R2

Mac SupportSupported Releases: Mac OS X 10.6 (Snow Leopard), Mac OS X 10.7 (Lion), Mac OS X 10.8 (Mountain Lion)

Discovery Discovers Mac OS X system in Active Directory and through network discovery

Hardware/Software Inventory Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.

Settings Management Ensures computers running Mac OS X comply with company policies, i.e. patches and installed software

Application DeploymentDistributes required software via app model.

Software Updates ManagementDistributes patches utilizing Software Distribution and Settings management features.

Linux & UNIX SupportSupported Platforms: AIX, HP-UX, Red Hat Enterprise, Solaris, SUSE Enterprise

Hardware InventorySoftware InventorySoftware DeploymentConsolidated reports

User-centric Application DeliveryAdministrator

Delivery Evaluation Criteria• User• Device type• Network connection

User/Device RelationshipsPrimary Devices• MSI• App-VNon-primary Devices• VDI• Presentation Server• Remote Desktop

• Deliver best user experience on each device• Define application once

< >

Windows Embedded

User-centric Application DeliveryEnd User Self-service

Admin

Administrators publish software titles to catalog, complete with meta data to enable search• Deliver best user experience

on each device

Users can browse, select and install directly from Catalog• Application model determines

format and policies for deliveryUse

r

User Centric: End-User Experience“The Right End-User Experience”

Web based ‘Software catalog’Easily search, install or request software

User preferences to control ConfigMgr behaviors:

“My business hours” – used to control when to install softwarePresentation mode – don’t notify when presentingRemote control settings – when allowed, end user can control their experience

Application “Package”

User-centric Application DeliveryNew Application Model

Keep your apps organized and managed

App-V

Windows Script

CAB

Windows Installer

General InformationAdministrator Properties

End User Metadata The “friendly” information for your users (appears in Catalog)

Is app installed?

Deployment TypeDetection Method

Install Command

Requirement Rules

Dependencies

Supersedence

Command line and options

Can/cannot install app

Apps that must be present

Application version control

< >

User-centric Application Delivery cont.Manage applications with built-in mechanisms; not scriptsApplication Management:

Detection method – re-evaluated for presence:Required application – reinstall if missingProhibited application – uninstall if detected

Requirement rules – evaluated at install time to ensure the app only installs in places it can, and shouldDependencies – relationships with other apps that are all evaluated prior to installing anythingSupersedence – relationships with other apps that should be uninstalled prior to installing anythingUpdate an app – Automatic revision management

Client Settings

Application Delivery

End User Experience

DEMO

Operating System DeploymentNo-Touch, Manual or Lite-Touch imaging

Scheduled imaging for after-hoursNo more Sneaker-netOn-the-fly software and updates deployment

Deploy an image then update the software and/or OSStanding Advertisements

Offline Servicing of ImagesSupport for Component Based Servicing compatible updatesUses updates already approved

Full support for Windows 8, 8.1, Server 2012, 2012 R2

Security and ComplianceSoftware Updates

Auto Deployment RulesUse search criteria to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc.Schedule content download and deployment based on sync schedule or define a separate schedule per ruleDeploy updates individually or in groupsUpdates added to an update group automatically deploy to collections targeted with the group

Security and ComplianceEndpoint Protection

Unified Infrastructure• Simplified server

and client deployment• Streamlined updates• Consolidated reporting

Comprehensive Protection Stack• Behavior monitoring• Antimalware• Dynamic Translation• Windows and Firewall

Management

ConfigMgr MP

Security and ComplianceSettings Management (Desired Configuration Management)

Baseline ConfigMgr Agent

WMI XML

Registry IISMSI

Script SQL

SoftwareUpdatesFile

ActiveDirectory

Baseline Configuration Items

Auto RemediateOR

Create Alert (to Service Manager)!

Improved functionality• Copy settings• Trigger console alerts• Richer reporting

Enhanced versioning and audit tracking• Ability to specify versions to be used in baselines• Audit tracking includes who changed what

Pre-built industry standard baseline templates through IT GRC Solution Accelerator

Assignment to collections Baseline drift

Power Management• Create and manage power management

profiles• Enforce profiles based on usage statistics

• Different profiles “On Peak”, “Off Peak”• Create reports showing usage data and

power savings• Users can “opt-out” (if we let them)

Week 1: Monitor•Enable client management agent•Begin monitoring usage and activity

Power Management

Non-Peak & Peak

Week 2: Plan•Continue monitoring on usage and activity•Begin to develop Power Plan•VM awareness (new compared to 2007)•Copy power policies (new compared to 2007)Mid-Month:•Power Plan has been confirmed

Week 3: Apply Power policy•Begin applying Power Plan•End user opt-out (new compared to 2007)

Week 4: Compliance & Analyze•Review before and after usage and activity•Determine savings in Kwh and Co2 saved

Role Based Administration

John- IST Central System Administrator

Louis-Software Update Manager for France

Bob- US & France Security Admin

• Can see & update “France” desktops

• Cannot modify security settings on “France” desktops

• Cannot see “All Systems” or “U.S.” desktops

• Can see & modify security settings on “France” and “U.S.” desktops

• Cannot update “France” or “U.S.” desktops

• Cannot see “All Systems”

Map the faculty roles to defined security roles

• Applications Manager• OSD Manager• Updates Manager• Only “see” the computers and objects

they can manage

Reduces error, defines span of control for our environment

Asset Intelligence, Inventory, and Software Metering

Software Metering & License Reports Asset Intelligence Service

Asset Intelligence Catalog

Real-time Applicationand Hardware Intelligence

• Track application usage• Up to date, detailed inventory of both

hardware and software• Identify over or under licensing issues

ConfigMgr Inventory

Remote Control• What's New in Remote

Control• Ability to send Ctrl-Alt-Del

keystroke to host device• Granular client settings per

collection• Lock keyboard and Mouse• Ability to create Firewall

exception rule

Exchange Connector Integration• Easy configuration

• Simply enter exchange server/hosted URL and credentials• Inventory

• Pulls data from Exchange Server• Full and fast/delta synchronization• Key info: user, deviceID, device type, last contact time

• Policy• Parity with exchange: security, sync, device lockdown• Define globally per Exchange Server

• Wipe• Wipe a device from console action

Reduced Infrastructure RequirementsCentral Administration Site• Central primary site

administration • Reporting

Primary Sites• Client management and settings • Delegated administration

Secondary Sites• Content routing• Distribution points

Central Administration

Site

Primary Site Primary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Our Infrastructure

Primary Site• Client management and settings • Delegated administration

Secondary Sites (As required)• Content routing• Distribution points

Primary Site

Secondary Site

Client Computer

Client Computer

Client Computers• Directly Assigned• Report to Primary Site

jmayall@uwaterloo.ca