System Center Configuration Manager 2012 SP1 and the new way of handling software updates...
-
Upload
microsoft-technet-belgium-and-luxembourg -
Category
Technology
-
view
9.094 -
download
6
description
Transcript of System Center Configuration Manager 2012 SP1 and the new way of handling software updates...
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
LiveMeeting:
System Center Configuration Manager 2012 SP1 and the new way handling of Software Updates explained
Kenny BuntinxConfiguration Manager MVP
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Agenda
• Introduction
• Infrastructure Changes
• Operational “Best Practices”
• Q&A
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
About me
Kenny Buntinx
Inovativ : Principal [email protected]
http://www.inovativ.be
@KennyBuntinx
http://be.linkedin.com/pub/kenny-buntinx/3/639/107
http://scug.be/blogs/sccm
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
SUM Top 5 Improvements wanted
SUM Top 5 "Needs Improvement"0%
50%
100%
76%
64%
46% 44%37%
Update CleanupInfrastructure Im-provementsAuto ApprovalSupersedenceUser Experience
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Infrastructure Changes since SP1
Multiple SUPs per Site with cross-forest SUP supportThe active software update point concept is deprecated in
Configuration Manager SP1
Source top level SUP off of internal WSUS servers
Optional client content download from Windows Update
Windows Embedded support
3X delivery of definitions through software updates
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Infrastructure needs
• WSUS 3.0 SP2 - WSUS-KB2720211
- WSUS-KB2734608
• You are allowed to put your WSUS db on the same SQL box as where your CM db lives.
• Use a custom Web site during WSUS 3.0 installation
• Installing SP1 will reset custom ports to 80/433• Store Updates locally = License agreement
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Multiple Software Update Points per site
• Add multiple SUP’s per site (8 per Site)• You can add SUP’s cross-forest• NLB no longer required (but still supported
through the SDK or Powershell)• Clients will automatically fail over to additional
SUPs in the same forest if scan fails (same mechanism as MP)
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
WSUS SOURCE FOR TOP LEVEL SUP
• No longer required to source top-level SUP from Windows Update / Microsoft Update
• Can specify an internal, independent WSUS server as an update catalog source
• The active software update point concept is deprecated.
• You no longer have the option to configure a software update point as an NLB in the Configuration Manager console (thru PowerShell with Set-CMSoftwareUpdatePoint)
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
OPTIONAL CLIENT CONTENT FROM WU/MU
• Support for using Windows Update / Microsoft Update as an update content source for clients
• Local content sources (distribution points) are still prioritized
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
3X PER DAY DEFINITIONS THROUGH SUM
• Architectural changes to improve SUP synch and client scans to support delivering Endpoint Protection definition updates 3X per day (delta synchs and category scans)
• Simplified out of box templates for :
• Endpoint Protection Auto Deployment • Patch Tuesday
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Operational Changes since SP1
• Not only related to SP1 !• Stop using the SMS 2003 -
ConfigMgr 2007 Methods !
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Configure: Superseded Updates
Publisher can expire or supersede
software updates
ConfigMgr 2007 did automatically expires superseded updates
In CM12, you control supersedence
behavior
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Deploy: Simplified update groups
Updates added to groups automatically deployed
Groups can be deployed and/or used for aggregate compliance
Lists and deployments combined into Update Groups
Improved search to find updates
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Deploy: Automated deployments
Automated deployment of desired updates
Schedule or run rules manually
Daily (Forefront) and monthly (Patch Tuesday) scenarios
Rules create update groups that can be further edited or used manually
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Maintain: Content optimization and cleanup
Updates optimized with new content model to reduce replication and
storage
Expired updates and content
automatically cleaned up
Expired updates
deleted by maintenanc
e task
Content for expired updates removed
from Distribution
Points
SUP Synchs with
Windows Update
Expired updates marked
“expired” in CM db
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Operational Best Practices
Keep your SUG’s Limited Keep them under 1000 Updates
Don’t split up products
Keep your SDP’s tightEnable delta replication
High priority for SDP’s
Multiple deployments of the same SUGDetail view thru reporting
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Software Update Group Best Practices
• Don’t split up SUG into products.• Split up per year and then per month
!• Stay under 1000 updates per SUG
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Software Update Icons
The icon with the red X represents an invalid software update.
The icon with the blue arrow represents a metadata-only software update.
The icon with the green arrow represents a software update group that contains only normal software updates.
The icon with the black X represents a software update group that contains one or more expired software updates.
The icon with the yellow star represents a software update group that contains one or more superseded software updates.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Software Update Deployment Packages Best Practices
• Don’t split up all SDP per month.• Split up per year and save all updates in
that SDP !• Enable “delta updates” for DP• Do the work once, also for yearly
maintenance.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Deployment Best Practices
• Pre-Production / Production• Create Templates • Required for workstations• Set your Alerting Target not too high !• Available for servers• No Reboot = Not patched in most cases.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Reporting Best Practices
• Split up per year and then per month !• Split up deployments per collection as you
want to know compliance per Month/Collection
• What you see isn’t always what you get ! Look at your deployment rates.
• Reporting is quite powerfull.
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Troubleshooting Server Side
Log Types of issuesSUPsetup.log Installation of SUP Site Role
WCM.log, WSUSCtrl.log Configuration of WSUS Server/SUP
WSyncMgr.log SMS/WSUS Updates Synchronization Issues
Objreplmgr.log Policy Issues for Update Assignments/CI Version Info policies
RuleEngine.log Auto Deployment Rules
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Troubleshooting Client Side
Log Types of issues
UpdatesDeployment.log Deployments, SDK, UX
UpdatesHandler.log Updates, Download
ScanAgent.log Online/Offline scans, WSUS location requests
WUAHandler.log Update status(missing/installed – verbose logging), WU interaction
UpdatesStore.log Update status(missing/installed)
%windir%\WindowsUpdate.log Scanning/Installation of updates
Click to edit Master title style
TechNet goes virtual© Microsoft Corporation. All Rights Reserved.
Next Steps
Microsoft System Center 2012 SP1:http://www.microsoft.com/en-us/server-cloud/system-center/default.aspx
• Virtual Machine Manager
• Operations Manager
• Orchestrator
• Service Manager
• Data Protection Manager
• Configuration Manager
System Center Marketplace: http://systemcenter.pinpoint.microsoft.com
Blogs: http://blogs.technet.com/systemcenter
http://scug.be/blogs/sccm
Download and Evaluate More Resources