System Center 2016 - download.microsoft.com€¦ · Generally available on 10/12/2016. No new...
Transcript of System Center 2016 - download.microsoft.com€¦ · Generally available on 10/12/2016. No new...
System Center 2016
10 nyheder på 60 min
Per LarsenMicrosoft MVP – Enterprise Mobility
Solution Architect | [email protected] | m: +45 3078 1828 | f: +45 7025 2575
Co-Organizer - Everything Windows User Group Denmark | www.ewug.dk
Microsoft Partner Technology Solutions Professional (P-TSP)
in: http://www.linkedin.com/in/perlarsen1975 | t: @PerLarsen1975
Blog: http://osddeployment.dk
P
Mikael Bach JakobsenSenior Consultant | [email protected] |
m: +45 3078 0471 | f: +45 7025 2575
in: https://www.linkedin.com/in/mbjakobsen| t: @MikaelbJakobsen
System Center 2016 – 10 nyheder på 60 min
1. Config Manager CB & LTSB
2. Optimized on Azure
3. Windows Store for Business
4. Windows Defender Advanced Threat Protection
5. Health Attestation
System Center 2016 – 10 nyheder på 60 min
6. SC 2016 SCVMM
7. SC 2016 SCOM
8. SC 2016 SCDPM
9. SC 2016 SM & SCO
10. Operations Management Suite (OMS)
1511
• Deploy, upgrade, and manage Windows 10, including new features
• Manage Windows as a Service
• Servicing model for ConfigMgr Current Branch
• Combined end-user portal
1602
• Client online status
• Support for SQL Server Always On
• Windows 10 Device Health Attestation reporting
• Office 365 update management
• Conditional Access support for PC management
1606
• Windows Anniversary Edition support
• Windows Information Protection
• Windows Defender Advanced Threat Protection
• Windows Store for Business integration
• Windows Hello for Business
• Content status links in admin console
• End user portal improvements
4.142
6.10510.286
Configuration Manager Current Branch tenants by version
1511 1602 1606
20,533 total tenants
9,47
13,86
17,17
Configuration Manager Current Branch clients by version
1511 1602 1606
40,497,142 million total clients
Configuration Manager
Current branch (version 1511) CB (1602) CB (1606)
Fall 2015 2016
Branch Availability Windows 10 features supported Support Windows Servicing
Model supported
Current BranchGenerally available on 12/8/2015 with updates released periodically throughout the year
New features, security updates, and bug fixes
Can defer updates for up to 12 months before you must deploy updates to maintain support
Windows 10 Current Branch, Current Branch for Business, and Long Term Servicing Branch
CB (1610) CB (17xx)
2017
LTSB (1606)
CB (1602) CB (1606)
Fall 2015 2016
CB (17xx)
2017
LTSB (1606)
Long-Term Servicing Branch (LTSB)
Generally available on 10/12/2016. No new features and support for new OS releases. Security fixes only.
Only the Windows 10 mgmt. features released up to ConfigMgr version 1606. No new Windows features will be supported in the future.
10-year fixed support; different from traditional 5+5.
Only up to Windows Server 2016 and Windows 10 LTSB (1607). CB/CBB is not supported. New OS releases won’t be supported.
Is this “Configuration Manager 2016” ?
• No. The Configuration Manager release included with System
Center 2016 should not be considered as “System Center 2016
Configuration Manager”.
• The included release is a baseline version of 1606 with two
installation options:
• Configuration Manager (current branch - version 1606)
(default)
• Configuration Manager (LTSB – version 1606)
What is removed from LTSB?
• Support for the future releases of Windows 10 LTSB and
Windows Server
• Support for Windows 10 CB/CBB
• The ability to add a Microsoft Intune Subscription, which prevents
the use of
• Hybrid MDM
• On-premise MDM
• Windows 10 Servicing Dashboard and Servicing Plans
• Asset Intelligence
• Cloud-based Distribution Point
• Support for Exchange Online as an Exchange Connector
• Any pre-release features available in ConfigMgr (current branch)
What is LTSB intended for?
• LTSB of Configuration Manager is intended for a scenario when
customers allow their Software Assurance (SA) or equivalent
subscription rights (such as EMS) to expire as of Oct 1st 2016.
• Per product terms, customers cannot use the Current Branch.
• In the past, customers could install System Center 2012 R2
Configuration Manager.
• Starting on Oct 1st 2016, LTSB provides an alternative install
option with a 10-year fixed support lifecycle policy.
Should customers use Current Branch or LTSB?
It simple…..
Unless customer’s SA or equivalent subscription rights are expired,
they should use the Current Branch of Configuration Manager.
Manage traditional clients that roam on the Internet
• Without additional infrastructure
• Without exposing infrastructure to the Internet
• Easily configured through the Configuration Manager console
• Key features continue to work on the device when not on the corporate network
• Settings
• Software updates
• Applications
• Hardware and software inventory
• Endpoint protection
Cloud-based management service
Cloud-based management service
architecture
AD CA
Windows
Update
Find, acquire, manage, and
distribute apps on Windows
10
Windows Store for BusinessONE PLACE FOR YOU
Volume acquisition
and distribution
Acquire Store apps and
Line-of-Business apps
Flexible deployment
to meet your needs
Designed for
organizations
Curated for business or
for education
Apps owned and
managed
by your organization
Easy and familiar
for your users
Simple discovery and
installation of apps
Automatic app updates
by default
To find, acquire, manage, and distribute apps on Windows 10
Option 1
Assign app licenses directly to users
Option 2
Use a private store page
Option 3
Integrate with management tools
For organizations and departments that
do not want to use app management
tools
Simple invitation model targeting
specific users
Users receive an email or can go to My
Library in Windows Store to install and
launch organizational apps
For organizations and departments that
do not want to use app management
tools
Provides users flexibility to choose
organization apps to install
Admin chooses apps to appear in
company tab in the Windows Store;
users self-discover
For organizations that want to leverage
existing app management tools
Supports complex management options
including dynamic groups, update
management, push installation, etc.
Users can find and use Windows Store
for Business apps pushed to their
device(s) or on a company-approved
portal
App distribution options
Application Distribution via System Center Configuration
Manager (CM) and/or Intune
WINDOWS DEFENDER
ADVANCED THREAT PROTECTION
D E T E C T , I N V E S T I G A T E A N D R E S P O N D T O T A R G E T E D
A T T A C K S
Unique threat intelligence knowledge base
Rich timeline for investigation
Behavior-based, breach detection
Built in to Windows, cloud powered
ADDING A POST-BREACH MINDSET TO THE WINDOWS 10 DEFENSE STACK
PRE-BREACH POST-BREACH
Windows Defender ATP
Breach detection
investigation &
response
Breach detection
investigation and
response
Windows Defender Advanced Threat Protection (ATP)
Device protection
Device Health attestation
Device Guard
Device Control
Security policies
Device protection
Device Health Attestation
Device Guard
Device Control
Security policies
Information protection
Device protection / Drive encryption
Enterprise Data Protection
Conditional access
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Identity protection
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello :)
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello ;)
Identity protection
Device protection / Drive encryption
Windows Information Protection
Conditional access
Information protection
TODAY HEALTH
IS ASSUMED
Unknown PC health
Important resources
1
Authenticated access request
2
You’re in
ConfigMgr and
Intune TO GATE
ACCESS BASED ON
DEVICE INTEGRITY
AND HEALTH
Device Health Attestation enables:
1
Authenticated access request
2
Prove you are healthy
5
Here is the proof
Important resources
Windows Cloud Attestation
and Intune
Attestation
request3
Attestation
response4
45
Cluster Rolling Upgrade
Seamless
Zero downtime for hosted VMs
Effortless
VMM orchestrates the process
Safe
Maintain backup SLA using DPM
Upgrade WS 2012 R2 host cluster to WS 2016
•Nano Server• New minimal-footprint installation option in
WS2016
• Better resource utilization
• Faster reboots
• Fewer updates
•Bare metal to Nano Server• Compute clusters
• Storage clusters (hyper-converged or
disaggregated)
Nano Server provisioning
Hyper-converged cluster creation
• Use VMM to create cluster
and check S2D checkbox
• A hyper-converged cluster
gets provisioned with a
global pool and up to two
tiers – capacity and
performance
• Use VMM to create CSV for
use as VM storage
Storage Pool
Storage Space Virtual Disks
Virtual Machines
Cluster Shared Volumes
Software Storage Bus
Shielded VMs
• VMs whose data, at rest or in transit,
can’t be snooped by malware or
malicious fabric admins
• Create new shielded VMs or shield
existing unshielded VMs
Shielded VM
Admin
No access w/o credentials
No access to VM data
Operational simplicity
Monitoring
Experience
• MP discoverability
• Data-driven alert management (alert noise reduction)
• Schedule maintenance mode
• In-place upgrade
Improved Fundamentals
• Scale improvements for X-Plat
• Performance improvements
• Improved UI responsiveness
• Removing Silverlight dependencies
• Nano server compatible SCOM agent
• Agent installation experience is at par with
full agent installation
• Supported workloads - DNS, IIS, Failover
Cluster, and Base OS (more to come…)
• MPs of Nano compliant workloads is
updated, to use PowerShell instead of VB
Script/JScript
Nano server monitoring
Storage monitoring reimagined
System Center 2016 Operations Manager
PowerShell
Actions
Windows Server
Health Service
Storage System
Discovery
User Notifications Dashboards
Focus on relevant objects
(Cluster/Storage
subsystem, volumes and
file shares)
No dependency on VMM
Management Pack
New visualizations
HTML5 Web Console
No Silverlight
dependencies
Access Web Console
from different browsers
Faster web console
HTML5-based dashboard
views
SC 2016 DPM
• ReFS Cloning
• Deduplication
• VHDX
• Workload-Volume Affinity
Reduced TCO
WS 2016
Private Cloud
• 3X Faster Backups
• 50% storage savings
• 2X scale
• Reduced storage costs
Modern DPM Storage• Resilient VM backups
with RCT
• Backup VMs stored on S2D
• Rolling Cluster Upgrade – Don’t miss backup SLA
PowerShell ISE plugin for authoring
Support for PowerShell scripts in
SMA
Windows Management Framework
5.0 support
HTML Self Service Portal
Significant Performance
Improvements
Service catalog, including support
for Lync 2013 & Skype for Business
Integrate people, process, and knowledge
Efficient resource utilization and SLA tracking
Easy publishing andconsumption of IT services
Deploy cloud services and process automatically
SM 2016 performance improvements
Creating WI
10xfaster
Workflows
1.5xfaster
Portal page load
<2s
WI capacity
45+/min
each taking <0.5s
AD connectorSCCM connector
Groups n Queues
2xfaster
ECL grooming
67%faster
50%faster
3xfaster
• Log analytics• Use OMS log analytics to gain insight and troubleshoot
•Network performance monitoring• Live-monitor performance parameters of networks within and across datacenters using OMS
NPM. Works with and complements SCOM network fault monitoring
• SCOM assessment• Get insights into the health of your SCOM deployment, and remediation assistance using OMS
SCOM Assessment
Available now
MicrosoftOperations Management Suite
Premises Datacenter
WINDOWSHYPER-V WINDOWS
VMWare WINDOWS
SC and OMS – Enabling new capabilities
System
Center 2016
• Comprehensive management
of heterogeneous
infrastructure and workloads
• Breadth of coverage
• Integration
• Rich ecosystem
• Rich analytics
• Scale and agility
• Operational simplicity
• New services
• Reach from anywhere
Network Performance Monitor
Physical Network
SDN Controller
BGP
Agent Agent Agent
Auto detect
subnets & paths
Custom
alert rules
Detect faults
Analytics-driven
monitoring
Determine e2e
loss & latency
NPM Service
Agents can be placed
across DC/clouds
Live intra and inter-network
performance monitor
Device
Agnostic
Application Dependency Monitor
Feature description
Brings big picture applications to
OMS and System Center
Delivers seamless visibility into
Azure Hybrid Cloud and on-
premises workloads
Built on BlueStripe Software’s
market leading technology
Status: Private Preview
Patch management
Grouping and Orchestration
• Grouping (AD, WSUS, SCCM collections)
• Hybrid proxy support
• On-demand/recurring schedule
• Patch reporting using Log Analytics telemetry
• Linux patching Reporting/Installation
Patch Insights
• Patch dashboards, searching. Time estimates applying patches
• One time parallel execution
• Patch Orchestration
• Ability to do pre/post actions
• Sequence: Applying patches to a group of servers
Workload Aware/Approvals
• Workload aware patching leveraging ADM
• Linux patching extended
• Patch approvals and management
• Microsoft products patching
• Patch co-ordination across workload owners/patch owner
Windows Upgrade Analytics
• Workflow visualization from pilot to deployment
• Powerful upgrade readiness insights and recommendations about the computers, applications and drivers
• Risk based approach to app rationalization
• Microsoft guidance on app and driver compatibility issues
http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics
Allows the enterprise IT to quickly identify and focus on the critical issues impeding upgrades; provides data driven insights to plan and manage the upgrade process end to end
Windows Upgrade Analytics and ConfigMgr
© 2015 Atea A/S. All rights reserved.
This presentation is for informational purposes only. Atea A/S makes no warranties, express or implied, in this summary.
Thank you