• Like
TechNet Live spor 1   sesjon 2 - sc-forefront 2
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

TechNet Live spor 1 sesjon 2 - sc-forefront 2


Best practice Windows Update integrert i Configuration Manager sammen med Custom Update Publisher. …

Best practice Windows Update integrert i Configuration Manager sammen med Custom Update Publisher.

Gode eksempler på bruk av Desired Configuration Management. Vi ser også på nyheter som kommer i neste versjon.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Nicolai Henriksen Chief Infrastructure Architect VELKOMMEN TIL TECHNET LIVE SYSTEM CENTER OG FOREFRONTNicolai.Henriksen@ErgoGroup.no DEL2
  • 2. Agenda• Del 1 – Configuration Manager 2007 SP2 R3 – Forefront Endpoint Protection 2010 – OS Deployment Best Practise• Del 2 – Windows Update Integrated in SCCM – Custom Update Publisher – Desired Configuration Management
  • 3. • Default Migration Scripts USMT• User State Migration Toolkit (USMT) 4.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts:• MigApp.XML. Rules to migrate application settings.• MigDocs.XML. Rules that use the MigXmlHelper.GenerateDocPatterns helper function can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files.• MigUser.XML. Rules to migrate user profiles and user data. MigUser.xml gathers everything in a user’s profile and then does a file name extension- based search of most of the system for other user data. If data does not match either of these criteria, the data will not be migrated. For the most part, this file describes a “core” migration. The following data does not migrate with MigUser.xml: – Files outside the user profile that do not match one of the file name extensions in MigUser.xml. – Access control lists (ACLs) for folders outside the user profile.
  • 4. • User Data• This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate access control lists (ACLs).• Folders from each user profile. When you specify the MigUser.xml file, USMT migrates everything in a user’s profiles including the following: My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.• Folders from the All Users and Public profiles. When you specify the MigUser.xml file, USMT also migrates the following from the All Users profile in Windows® XP, or the Public profile in Windows Vista® or Windows® 7: Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures, Shared Start menu, and Shared Favorites.• File types. When you specify the MigUser.xml file, the ScanState tool searches the fixed drives, collects and migrates files that have any of the following file name extensions: .accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp, .one*, .oqy, .or6, .pot*, .ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl*, .vsd, .wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, .xls*.• http://technet.microsoft.com/en-us/library/dd560792(WS.10).aspx
  • 5. • Windows Update integrated – Mer avansert, flere muligheter,• Custom Update Publisher – HP, Dell, Citrix, Adobe,• Desired Configuration Management – Gir en helt annen kontroll over maskiner.
  • 6. Configuration Manager 2012
  • 7. Migrering In the past the easiest way of migrating SMS 2003 to SCCM 2007 was a side by side migration. With SCCM 2012 things are going to change for the best, the very best!With the new Migration Feature in SCCM 2012 the CM Team wants to reach the followinggoals:• Assist with the migration of Objects• Assist with the migration of Clients• Minimize WAN impact• Assist with flattening of the hierarchy• Maximize reusability of x64 server hardware• The migration process of SCCM 2007 to SCCM 2012 can be split up in three phases: Plan, Deploy and Migrate.Plan:• Assess current environment• Test/Proof of Concept• Design• Requires SCCM 2007 SP2• SCCM 2012 requirements: Windows 2008 x64, SQL 2008 x64 (sp1 & cumulative update 10)
  • 8. • Deploy:• Setup initial SCCM 2012 site(s)• Configure Software Update Point and Synchronize Updates• Setup server roles• Make sure the hierarchy is operating and software deployment works• Migrate:• Enable data gathering process to acquire information from the existing SCCM 2007 environment• Migrate objects• Migrate Clients• Migrate DP• Uninstall Configuration Manager 2007 sites• Rinse & RepeatMigration rules and prepare your environment:• Never use the same Site Code in the SCCM 2007 and SCCM 2012 environments• Always use UNC paths as packet sources for packages• Avoid mixing user and devices in one collection, this is not supported anymore• Don’t use collections with multiple query rules
  • 9. Microsoft Mobile device ManagementThere are two sorts of mobile device management in SCCM, light mobile devicemanagement and depth mobile device management.Single “pane of glass” for managing desktops, servers, mobile devices;Exchange connectorDepth management of WinCE 6.0, WM 6.0/6.1, WP 6.5 and Nokia Symbian baseddevicesSecure over the air enrollmentMonitor and remediate non-compliant devicesDeploy applications and configuration policies to users or devicesMobile VPN is not required anymore to connect to the Device ManagementenvironmentExchange Connector for SCCM 2012Light Mobile device management via Exchange connector:Provides a single pane of glass for all assets in the enterpriseTransfers mobile device administrator from exchange to SCCM Rich inventory and reporting experience Define organization level ActiveSync Policy Device wipe Supports Exchange 2010 and hosted Exchange Supports all EAS capable devices including WP7, Symbian, IOS, Android, Palm, etc.
  • 10. New Features for software distributionApplication Model Incorporates all supported software types (MSI, Script, App-v, Mobile Cab) Greatly improved dependency handling Installation requirements rules Installation detection methods Application supersedence Application uninstall User devices affinity Unified monitoring experience Content Management Distribution Points Groups Content Library Improved content monitoring experienceApplication distribution/ deployment process for mobile devices:Create Application with more deployment types.Create / get policy for application required apps Only required apps are supported Get source from DP Install Report back to MP
  • 11. Application DeploymentThe way of deploying applications with System Center Configuration Manager 2012 isdifferent than all earlier versions of SCCM or SMS. In SMS or SCCM you could deploypackages which were scripts, MSI’s or App-v applications. The package included normallyone deployment type per application. In the twenty twelve version of SCCM a singleapplication can include multiple deployment types that represent a deployment for adifferent platform.• Windows Installer (native MSI )• Script Installer• Microsoft Application Virtualization• Windows Mobile Cabinet• Nokia SIS/JAR• RDP• Terminal Services• CitrixWhen creating an application with more deployment types, you are able to see all thedeployment types, dependencies and requirements in one nice flowchart.
  • 12. UpdatesConfiguration of Software Updates in SCCM 2012Superseded update support Superseded updates: publisher (MS) can expire update Not automatically expire superseded updates You can Change settings at Software Update Point (automatically manage superseded updates or allow to deploy automatically superseded updates (time limited)Software Update Management (SUM) Admin role with RBA SUM admin can do specific actions (role) on a specific set of objects (scope) You can assign a SUM admin rights to only just the server collection or collection with only workstations to manage their updates.Client agent settings You can change Client Settings on Collections, so you can create different client settings for for instance Software Update Settings. All Client Agent Settings can be managed for groups of devices.
  • 13. Migrating from CM07 Migrating all the work you put into CM SUM objects Reuse templates or searches already built Preserve existing update lists or deployments Persist Update List is Update groups without deployment Deployments are migrated via Collection Migration and are migrated to Update groups and deployments packages Software Update Point (SUP) configurations for products and classifications must be the same on CM07 and CM12DeploymentSimplified update groups (aggregation of update list) Improved search to find updates Update groups replace lists and deployments New updates added to groups automatically deployed Groups can be used for compliance or deployed (you can create an update group that is not being deployed but used for compliance) Use criteria search Every updates has statistics about the updates (installed/(not) required/unknown) Same as WSUS Create from Search a Software Update Group Edit Memberships Create Deployment package The statistics are out of the box in console monitoring, nice feature!
  • 14. Automated deployments Automatic approval of selected updates Scheduled or manually run Useful for both Patch Tuesday and Forefront Endpoint Protection Updates created by rules are interactive (rules are Deployments van be enabled/disabled Deployment van be added / removed from groups Updates van be added / removed from groups
  • 15. Configuration Manager 2012Users can connect from anywhere, on any device they chooseEnables IT to provide a flexible work Allow remote access of managedenvironment and always think user Integrates mobile device machine first management to deliver unified client management Automatically detects system conditions and configurations to Unified and partitioned view fordeliver the most appropriate services administrators reduces training costs
  • 16. System and User-Centric +
  • 17. Administrator Experience• Common look and feel across System Center products• Improve discoverability• Only show what is relevant• Complete scenarios within the console
  • 18. Role-Based Administration• Simplified administration of security permissions – Security Role • Group sets of permissions together that collectively define an administrative span of control • e.g. Read Program + Deploy Program + Read Collection + Advertise to Collection = Software Distribution Administrator • Supports assignment of Security Roles to Users, once in a hierarchy • Also supports instance level controls – ConfigMgr provides out-of-the-box Security Roles – Supports custom Security Roles• Removes clutter from the console – Supports “Show me what’s relevant to me” based on my Security Role and Scope
  • 19. Infrastructure Changes• ConfigMgr 2007 scenarios where unique primary site needed: – Create tiered primary sites so content distribution and client inventory and status wouldn’t kill my WAN – Create separate primary sites (or hierarchies!) because different server and desktop client agent settings are needed – Create a primary site so individual admins only see the data they need to see• ConfigMgr 2012 will allow admin’s to minimize and consolidate ConfigMgr 2007 infrastructure – Primaries are needed for scale out only – Options for content distribution: Secondaries, DPs with throttling/scheduling, BranchCache, Branch DP – Client agent settings configurable by collection – Data Segmentation via Role Based Access Control
  • 20. Infrastructure Changes• Improved Distribution Point Groups – Manage content distribution to individual Distribution Points or Groups – Content automatically added or removed from Distribution Points based on Group membership – Associate Distribution Point Groups with a collections to automate content staging for software targeted to the collection• Enhanced investment in SQL technologies – New replication methods for site to site communications – Only supporting SQL Server Reporting Services
  • 21. Client Health• Server-side metrics covering policy requests, HW & SW Inventory, Heartbeat DDRs and Status Messages• Customizable monitoring/remediation for: – Client prerequisites – ConfigMgr client reinstallation – Dependent Windows Services – WMI Repository, Namespace, Class, and Instance health evaluation and repair• In-console alerts when healthy/unhealthy ratio drops below configurable threshold
  • 22. Operating System Deployment• Offline Servicing of Images – Support for Component Based Servicing compatible updates – Uses updates already approved• Boot Media Updates – Hierarchy wide boot media – no longer need one per site – Unattended boot media mode – no longer need to press “next” – Use pre-execution hooks to automatically select a task sequence – no longer see many optional task sequences• USMT 4.0 - UI integration and support for hard-link, offline and shadow copy features
  • 23. Remote ControlSend Ctrl-Alt-Del to host device toregain previous feature parity
  • 24. ConfigMgr 2012 Readiness Tips• Minimum System Requirements: – Site servers and site roles require 64-bit OS (distribution points are an exception) • Branch DPs can run on any 2012-supported client OS • Standard DPs can run on Windows Server 32-bit but will not support advanced functionality – Windows Server 2008 (64-bit) • Distribution points can run on Windows Server 2003 – SQL Server 2008 SP1 with CU6 (64-bit) – SQL Reporting Services is ONLY reporting solution• Hierarchy Helpers – Flatten your ConfigMgr 2007 hierarchy – Start implementing BranchCache™ with ConfigMgr 2007 SP2 – Start learning about SQL replication – Best practices - AD Sites for site boundaries, UNC paths for source content, Break up collections that contain both users and devices• App Model Helpers – State based apps need detection methods • Tip: Use App CI’s today for your apps to learn about this. SCUP is also a good tool for this – Rules vs Queries • Tip: Use DCM today to learn how to author settings and rules as experience will be the same
  • 25. 2 X Kr per Host OSE MLServer Management Suite + 4 OSE ML 0 KrServer Management Suite voksende 0 Kr Server ManagementServer Management Suite voksende Suite Enterprise (SMSE) 2 X Kr 0 Kr Per Host OSE MLServer Management Suite voksende + 4 OSE MLs 0 KrServer Management Suite voksende Med SMSE: 2 X Kr
  • 26. Server Management Suite Datacenter lisenseringspar kostnader for kunder med tung virtualisering SMSD tillater kunder til å administrere og kontrollere tungt virtualiserte workloads med full Systems Management evne uten voksende kostnader Server Management 2.4 X NOK per 2-proc Suite Datacenter (SMSD) Ubegrenset OSE MLs $0 voksende SMSD $0 voksende SMSD $0 voksende Server Management SMSD Suite Datacenter (SMSD) $0 voksende SMSD $0 voksende 2.4 X NOK per 2-proc SMSD server $0 voksende SMSD Ubegrenset OSE MLs $0 voksende SMSD $0 voksende SMSD $0 voksende SMSD
  • 27. Takk for meg !!Nicolai.Henriksen@ErgoGroup.no