SMS 2003 R2 Update & Sneak Peak – SMS v4 Neil Hetherington Account Technology Specialist Microsoft...
Transcript of SMS 2003 R2 Update & Sneak Peak – SMS v4 Neil Hetherington Account Technology Specialist Microsoft...
SMS 2003 R2 Update &SMS 2003 R2 Update &Sneak Peak – SMS v4Sneak Peak – SMS v4
Neil HetheringtonNeil HetheringtonAccount Technology SpecialistAccount Technology SpecialistMicrosoft CorporationMicrosoft Corporation
Session OverviewSession Overview
SMS IntroductionSMS Introduction
SMS 2003 R2 Overview and EnhancementsSMS 2003 R2 Overview and Enhancements
Introduction to “SMSv4”Introduction to “SMSv4”
Deployment EnhancementsDeployment Enhancements
Software Update EnhancementsSoftware Update Enhancements
Security EnhancementsSecurity Enhancements
Demos!Demos!
SMS 2003 CapabilitiesSMS 2003 Capabilities
Application Application DeploymentDeployment
AssetAssetManagementManagement
SecuritySecurityPatchPatch
ManagementManagement
LeveragingLeveragingWindows Windows
Management Management ServicesServices
Support forSupport forthe Mobile the Mobile WorkforceWorkforce
OS Deployment Feature PackOS Deployment Feature Pack
Core scenariosCore scenariosIn-Place MigrationIn-Place Migration
Machine Replacement / New MachineMachine Replacement / New Machine
Help Desk Recovery Help Desk Recovery
Key FeaturesKey FeaturesFully integrated with SMS 2003 infrastructureFully integrated with SMS 2003 infrastructureUtilizes advanced Windows imaging formatUtilizes advanced Windows imaging formatEnables sophisticated custom sequencingEnables sophisticated custom sequencing
The end-to-end desktop operating system deployment The end-to-end desktop operating system deployment and upgrade imaging solution for Windowsand upgrade imaging solution for Windows
Device Management Feature PackDevice Management Feature PackExtend change and configuration management to Extend change and configuration management to Windows CE-based and Windows Mobile devicesWindows CE-based and Windows Mobile devices
Device Management Device Management Feature PackFeature Pack
Partner Add-onsPartner Add-ons
SMS 2003 R2 OverviewSMS 2003 R2 Overview
New point release of SMS 2003New point release of SMS 2003
Available for purchase to non-SA customersAvailable for purchase to non-SA customers
SA customers receive it as part of the SA SA customers receive it as part of the SA agreementagreement
Built on SMS 2003 SP2Built on SMS 2003 SP2
Similar to Windows Server 2003 R2Similar to Windows Server 2003 R2Smaller point release with featuresSmaller point release with features
Core changes are in Service Pack 2 so there will be Core changes are in Service Pack 2 so there will be no migration issuesno migration issues
SMS 2003 SP2 EnhancementsSMS 2003 SP2 Enhancements
SMS Setup ChangesSMS Setup ChangesUpdate.exeUpdate.exe
Platform ChangesPlatform ChangesDeprecating AC Support for:Deprecating AC Support for:
Windows 2000 SP3 systemsWindows 2000 SP3 systems
Windows XP RTMWindows XP RTM
Active Directory Security Group DiscoveryActive Directory Security Group Discovery
FQDN SupportFQDN Support
SQL Server Support (SQL 2005)SQL Server Support (SQL 2005)
Performance ImprovementsPerformance Improvements
Integrated ITMU for patch managementIntegrated ITMU for patch management
SMS 2003 SP2 EnhancementsSMS 2003 SP2 Enhancements
R2: Scan Tool for Vulnerability R2: Scan Tool for Vulnerability AssessmentAssessment
Uses MBSA 2.0 for vulnerability Uses MBSA 2.0 for vulnerability assessment (VA)assessment (VA)
Prior to a VA scan, MBSA 2.0 is deployed Prior to a VA scan, MBSA 2.0 is deployed to clientsto clients
Provides VA reporting for common Provides VA reporting for common software mis-configurations defined by the software mis-configurations defined by the MBSA 2.0 VA manifestMBSA 2.0 VA manifest
Administered identically to existing SMS Administered identically to existing SMS 2003 scan tools2003 scan tools
R2: Scan Tool For Vulnerability R2: Scan Tool For Vulnerability Assessment Assessment Reporting for nearly 100 critical software misconfigurationsReporting for nearly 100 critical software misconfigurations
Critical vulnerabilities includeCritical vulnerabilities includeAre unnecessary services installed Are unnecessary services installed and running?and running?
Do file shares have appropriate permissions?Do file shares have appropriate permissions?
Is Windows Firewall enabled?Is Windows Firewall enabled?
Are strong passwords enforced?Are strong passwords enforced?
Are unsecured Guest accounts enabled?Are unsecured Guest accounts enabled?
Are there too many local Administrators on a Are there too many local Administrators on a single machine?single machine?
R2: Inventory Tool for Custom R2: Inventory Tool for Custom UpdatesUpdates
Enables the detection and deployment of third-Enables the detection and deployment of third-party updates, security updates, service packs party updates, security updates, service packs and more to non-Microsoft applicationsand more to non-Microsoft applications
Integrates with existing SMS 2003 software Integrates with existing SMS 2003 software update managementupdate management
Enables importing software update catalogs Enables importing software update catalogs from outside sourcesfrom outside sources
Enables the creation of in-house software Enables the creation of in-house software update catalogs for line-of-business update catalogs for line-of-business applicationsapplications
Up and running in minutesUp and running in minutesSimplified UISimplified UIAdvanced Task SequencingAdvanced Task SequencingReduced SCCM infrastructure costs with branch office supportReduced SCCM infrastructure costs with branch office supportImproved scheduling and greater control including Wake-on-LANImproved scheduling and greater control including Wake-on-LANCommon processes for Windows Mobile and embedded devicesCommon processes for Windows Mobile and embedded devices
SimplicitySimplicity
Knowledge-driven desired configuration management based Knowledge-driven desired configuration management based on the System Definition Model (SDM)on the System Definition Model (SDM)IT policies for analyzing corporate and regulatory compliance IT policies for analyzing corporate and regulatory compliance Out of the box configuration policies for server workloads i.e. Out of the box configuration policies for server workloads i.e. ExchangeExchangeLicense and asset managementLicense and asset managementConfigurationConfiguration
Integration with “Longhorn” Network Access ProtectionIntegration with “Longhorn” Network Access ProtectionSimplified, comprehensive software updating w/ templates for Simplified, comprehensive software updating w/ templates for common taskscommon tasksEnterprise Vulnerability assessmentEnterprise Vulnerability assessmentSecurely managing devices across the InternetSecurely managing devices across the InternetSecure network storage of user state during Operating System Secure network storage of user state during Operating System deploymentdeployment
SecuritySecurity
Unified delivery of Windows operating system for clients and Unified delivery of Windows operating system for clients and serversserversOne worldwide image to manage with VistaOne worldwide image to manage with VistaBuilt on Windows Vista technologies including Windows ImagingBuilt on Windows Vista technologies including Windows ImagingVista and Office 12 upgrade assessment and resolution planningVista and Office 12 upgrade assessment and resolution planningOffline media support for full offline provisioningOffline media support for full offline provisioningDeploymentDeployment
Key Investments InKey Investments InSystem Center Configuration Manager 2007System Center Configuration Manager 2007
SimplicitySimplicity
Easier to get up/runningEasier to get up/runningEverything is in setup! When install is complete, SMS Everything is in setup! When install is complete, SMS is online to service clients!is online to service clients!
Redundant InfrastructureRedundant InfrastructureSupport for SQL clusteringSupport for SQL clustering
Easier to useEasier to useNew UI designed around key work areasNew UI designed around key work areas
Home Pages anchor work areas with latest status for Home Pages anchor work areas with latest status for the featurethe feature
Sizeable dialogs for large datasetsSizeable dialogs for large datasets
Drag-n-drop and multi-select for key Drag-n-drop and multi-select for key workflow scenariosworkflow scenarios
SimplicitySimplicity
Simplified and more cost Simplified and more cost effective infrastructureeffective infrastructure
Ability to use a workstation as a distribution Ability to use a workstation as a distribution point for branch officespoint for branch offices
Easier to mirror operational processEasier to mirror operational processAssociate operational change windows with a Associate operational change windows with a SMS collectionSMS collection
WOL built-inWOL built-inSubnet Directed BroadcastSubnet Directed Broadcast
Unicast (IPv6)Unicast (IPv6)
Non-proxied appraochNon-proxied appraoch
SimplicitySimplicity
Native Support for Device ManagementNative Support for Device ManagementFully Integrated with SMSFully Integrated with SMS
Smartphone supportSmartphone support
Internet Facing Device SupportInternet Facing Device Support
Over-the-air management of devices Over-the-air management of devices
Home Pages and ActionsHome Pages and Actions
Deploying WindowsDeploying Windows
Major upgrade to SMS OS deployment Major upgrade to SMS OS deployment functionalityfunctionality
Significant enhancements compared with SMS 2003 Significant enhancements compared with SMS 2003 OS Deployment Feature PackOS Deployment Feature Pack
Brings in server deployment scenarios from ADSBrings in server deployment scenarios from ADS
Integrated part of SMSv4Integrated part of SMSv4Not a Feature Pack add-onNot a Feature Pack add-on
Great deployments of existing Windows!Great deployments of existing Windows!Even better with Vista/Longhorn!Even better with Vista/Longhorn!
Deploying Windows GoalsDeploying Windows Goals
““Hands-off deployment”Hands-off deployment”
End-to-end, secure and flexible processesEnd-to-end, secure and flexible processes
Make upgrading to Vista/LH seamlessMake upgrading to Vista/LH seamless
Build on core Vista/Longhorn functionalityBuild on core Vista/Longhorn functionality
Unified client and server deploymentUnified client and server deployment
Fully automate the deployment process in a Fully automate the deployment process in a secure and highly flexible mannersecure and highly flexible manner
Deploying WindowsDeploying Windows
Vista and Office 12 centralized upgrade Vista and Office 12 centralized upgrade assessment and resolution planningassessment and resolution planning
Application Compatibility Toolkit 5.0Application Compatibility Toolkit 5.0Office 12 Migration ToolkitOffice 12 Migration Toolkit
Deployments driven by customizable task Deployments driven by customizable task sequencessequences
Wizards to generate standard task sequencesWizards to generate standard task sequencesGUI task sequence editor gives full control of the GUI task sequence editor gives full control of the deployment processdeployment process
Drive toward single worldwide imageDrive toward single worldwide imageIntegrated device driver catalogIntegrated device driver catalog
Deploying WindowsDeploying Windows
Side-by-side computer replacement with Side-by-side computer replacement with secure user state migrationsecure user state migration
Automation of build and capture Automation of build and capture reference machinereference machine
Deploy from offline media (CD/DVD/USB) Deploy from offline media (CD/DVD/USB) in locations with limited or no in locations with limited or no network connectivitynetwork connectivity
Integration with Windows Deployment Integration with Windows Deployment Services PXE server to handle bare-metalServices PXE server to handle bare-metal
SecuritySecurity
Raising the bar on security in the Raising the bar on security in the SMS infrastructureSMS infrastructure
Full mutual authentication between client/serverFull mutual authentication between client/server
https from client to serverhttps from client to server
Location awareness for client machines moving Location awareness for client machines moving between intranet and Internetbetween intranet and Internet
Securing WindowsSecuring WindowsNetwork Access Protection (NAP) integrationNetwork Access Protection (NAP) integration
Rebuilt Software Update ExperienceRebuilt Software Update Experience
SMS 2003 R2 – nativeSMS 2003 R2 – nativeInventory Tool for Custom UpdatesInventory Tool for Custom Updates
Scan Tool for Vulnerability AssessmentScan Tool for Vulnerability Assessment
Securing WindowsSecuring WindowsSoftware Updates ManagementSoftware Updates Management
Scope of updates extended to include all Scope of updates extended to include all Microsoft Update contentMicrosoft Update content
Simplified user experience thru template Simplified user experience thru template concepts (18 dialogs down to 6 clicks)concepts (18 dialogs down to 6 clicks)
Key compliance data presented on the Key compliance data presented on the home pagehome page
Improved client experience – support for both Improved client experience – support for both mandated and optional updates mandated and optional updates
Extensible to support third party and in house Extensible to support third party and in house LOB application updatesLOB application updates
Integrated with the Inventory Tool for Custom UpdatesIntegrated with the Inventory Tool for Custom Updates
Software Updates Software Updates ManagementManagement
Securing WindowsSecuring WindowsSoftware Updates ManagementSoftware Updates Management
Integrates with Service Windows Integrates with Service Windows
Task Sequence can install updatesTask Sequence can install updates
More efficient infrastructureMore efficient infrastructureState based for improved visibility of update State based for improved visibility of update installation lifecycle installation lifecycle
Updates are defined as CIs and rely on DCM Updates are defined as CIs and rely on DCM rather than standard software distributionrather than standard software distribution
Update synch as a core site role Update synch as a core site role
Support for custom severity definitionsSupport for custom severity definitions
How NAP And SMS How NAP And SMS Work TogetherWork Together
IAS ServerClient Network
Access Device(DHCP,
VPN)
SMS ServerSMS Server
May I have access?I don’t have any patches installed.
Should this client be restrictedbased on it’s health?
Can you vouch for this client? Is it up to date?
I can vouch for the client. It’s not up to date. Tell it to install
patches
You are being given restrictedaccess until patches are installed.
Requesting patch package.
Here is your patchpackage.
Requesting access.Patches are installed.
Quarantine client, requestit to install patches
Corporate Network
Restricted Network
I can vouch for the client. Yes, meets policy.
Grant access.
Client is granted access to full intranet.
Desired Configuration Desired Configuration ManagementManagementManage the configuration of Windows environments Manage the configuration of Windows environments and ensure system configuration compliance and ensure system configuration compliance against defined corporate standardsagainst defined corporate standards
Detect server configuration “drift”Detect server configuration “drift”
Improve Helpdesk (HD) troubleshooting Improve Helpdesk (HD) troubleshooting and “time-to-resolve” (TTR)and “time-to-resolve” (TTR)
Regulatory compliance reportingRegulatory compliance reporting
Change verificationChange verification
Desired Configuration Desired Configuration ManagementManagement
Built on System Definition Model (SDM)Built on System Definition Model (SDM)A modeling language that is used to capture A modeling language that is used to capture a model of a system including:a model of a system including:
Structure of the systemStructure of the system
Relationships between system’s componentsRelationships between system’s components
Relationships between the system and its Relationships between the system and its environmentenvironment
Configuration constraints and invariants Configuration constraints and invariants
SMS v4 will consume the configuration SMS v4 will consume the configuration portion of SDM modelsportion of SDM models
Desired Configuration Desired Configuration ManagementManagement
Tight integration with Software Updates Management Tight integration with Software Updates Management (SUM)(SUM)
Software Updates as configuration itemsSoftware Updates as configuration itemsSUM built over DCM infrastructureSUM built over DCM infrastructure
Flexible settings provider model with built-in support for:Flexible settings provider model with built-in support for:Installed Applications (MSI)Installed Applications (MSI)File system settingsFile system settingsSecurity settingsSecurity settingsRegistry settingsRegistry settingsWMIWMISQLSQLXMLXMLIIS MetabaseIIS MetabaseScriptsScripts
Get ready for SCCM 2007, deploy SMS 2003 SP2 today!Get ready for SCCM 2007, deploy SMS 2003 SP2 today!
Driven by feedback from customers and partnersDriven by feedback from customers and partners
Enterprise feature focus emphasizing operational simplicity, enterprise scale, Enterprise feature focus emphasizing operational simplicity, enterprise scale, security and corporate compliancesecurity and corporate compliance
Continued long-term commitments to investment in the following areas:Continued long-term commitments to investment in the following areas:
Lowest cost and best solution for deploying Windows and OfficeLowest cost and best solution for deploying Windows and Office
Continued investments in partner ecosystemContinued investments in partner ecosystem
Key component of the Dynamic Systems Initiative w/ support for SDMKey component of the Dynamic Systems Initiative w/ support for SDM
Download Systems Management Server v4 Open Beta 1 todayDownload Systems Management Server v4 Open Beta 1 today
http://connect.microsoft.comhttp://connect.microsoft.com
Request entry into the TAP or Rapid Deployment ProgramsRequest entry into the TAP or Rapid Deployment Programs
https://www.surveymonkey.com/s.asp?u=97751006343 https://www.surveymonkey.com/s.asp?u=97751006343
Feb 2006Beta 1
June/July 2006
Beta 1 Refresh
Q1 2007Beta 2
1H 20071H 2007Public Public
AvailabilityAvailability
System Center Configuration Manager 2007System Center Configuration Manager 2007Helping IT Drive Business ValueHelping IT Drive Business Value
ResourcesResourcesSMS Home PageSMS Home Pagewww.microsoft.com/smswww.microsoft.com/sms
System Center Family of productsSystem Center Family of productswww.microsoft.com/systemcenterwww.microsoft.com/systemcenter
Community SitesCommunity Siteshttp://www.microsoft.com/smserver/community/default.mspx http://www.microsoft.com/smserver/community/default.mspx MyITForum.comMyITForum.com
SMS 2003 Scripting CenterSMS 2003 Scripting Centerhttp://www.microsoft.com/technet/scriptcenter/default.mspx http://www.microsoft.com/technet/scriptcenter/default.mspx
SMS Download CenterSMS Download Centerhttp://www.microsoft.com/smserver/downloads/default.mspx http://www.microsoft.com/smserver/downloads/default.mspx
Partner Resources – SMS AlliancePartner Resources – SMS Alliancehttp://www.sms-alliance.com/http://www.sms-alliance.com/
WebcastsWebcastshttp://www.microsoft.com/events/webcasts/upcoming.mspxhttp://www.microsoft.com/events/webcasts/upcoming.mspx
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.