What's New in System Center 2012


Published on

Learn About:

Newly added features such as Forefront Endpoint Protection and connectors to Intune and Azure

Support features like IOS and Linux, including extended device management

Architectural layout for design considerations, including the CAS Server and the elimination of Native Mode

New ways to configure and deploy your software updates

System Center integration and automation with other System Center products, such as Service Manager and the Data Warehouse connector

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Bryon Burkhardt is a lead Microsoft infrastructure consultant at Perficient with over 20 years of experience in the IT industry. He serves as a System Center subject matter expert with a primary focus on Configuration Manager 2012.
  • Split into 2
  • Forefront Endpoint Protection is the next generation of Forefront Client Security. It builds on the protection technologies included in the previous versions and provides a completely new management experience.Since FEP is built on Configuration Manager, it offers easy installation of FEP server and easier deployment of clients using the existing infrastructure. FEP is also able to support enterprise wide scalability up to 100s of thousands of clients across various Windows operating systems.FEP provides highly accurate detection of known and unknown threats using many new and improved technologies in its antimalware engine as well as through host firewall management. While providing comprehensive protection, FEP keeps employees productive with low performance impact scanning an productivity oriented default policies.And finally, with FEP Administrators have a central location for creating and applying all endpoint-related policies. With a shared view of endpoint protection and configuration, administrators can more easily identify and remediate vulnerable computers.In the following sections, we will look at these benefits in more details.
  • http://bit.ly/1fhfc0y
  • What's New in System Center 2012

    1. 1. What's New in System Center 2012 Changes from SCCM 2007 up to and including SCCM 2012 R2
    2. 2. About Perficient Perficient is a leading information technology consulting firm serving clients throughout North America. We help clients implement business-driven technology solutions that integrate business processes, improve worker productivity, increase customer loyalty and create a more agile enterprise to better respond to new business opportunities.
    3. 3. Perficient Profile • Founded in 1997 • Public, NASDAQ: PRFT • 2012 revenue of $327 million • Major market locations throughout North America • Atlanta, Austin, Boston, Charlotte, Chicago, Cincinnati, Cleveland, Columbus, Dallas, Denver, Detroit, Fairfax, Houston, Indianapolis, Minneapolis, New Orleans, New York, Northern California, Philadelphia, Southern California, St. Louis, Toronto, Washington D.C. • Global delivery centers in China, Europe and India • ~2,000 colleagues • Dedicated solution practices • ~85% repeat business rate • Alliance partnerships with major technology vendors • Multiple vendor/industry technology and growth awards
    4. 4. Our Solutions Expertise Business Solutions • • • • • • • Business Intelligence Business Process Management Customer Experience and CRM Enterprise Performance Management Enterprise Resource Planning Experience Design (XD) Management Consulting Technology Solutions • • • • • • • • • • Business Integration/SOA Cloud Services Commerce Content Management Custom Application Development Education Information Management Mobile Platforms Platform Integration Portal & Social
    5. 5. Our Microsoft Practice
    6. 6. Speaker Bryon Burkhardt Lead Microsoft Infrastructure Consultant | Perficient
    7. 7. What is SCCM 2012? IT Asset Intelligence Software Metering Software Update Management Remote Control Bitlocker Support for the Mobile Workforce OS Deployment Windows Intune Connector Power Management Self Service Portal Antivirus Network Access Protection Settings Management (aka DCM)
    8. 8. 2007 vs. 2012 Comparison What was improved on? • • • • • • • • • • • • • • • • • • • • • Hardware & Software Inventory Software Distribution Computer-based targeting User-based targeting App-V Package Deployment 3rd Party Application Software Metering Administrator Console Status Reporting Agent Managed Integrate with Active Directory Discovery of Computers Operating System Deployment Task Sequence Maintenance Windows Desired Configuration Management Internet-based Client Management Integration with Windows Server 2008 Network Access Protection Intel vPro Intergration Power Management Windows Mobile Device Management What's new in 2012? • • • • • • • • • • • • • • • • • • • • Automatic Client Health Remediation State-based Application Distribution Self-service Portal Xen-App Package Deployment Uninstallation Via Software Center User-Device Affinity Distribution Point Groups Boundary Groups Application Revision History Content Management Automatic Software Updates Deployment Rules Automatic Clean-up of Superseded and Expired Updates Collection-Based Policies User-friendly ribbon Automatic Boundary Discovery Forest Discovery Offline Servicing of OS Image Role-based Access Control User Power Management Opt-out Non-Windows Mobile Device Management
    9. 9. SCCM 2012 Hierarchy Redesign Real World Examples 2007 Global Design
    10. 10. Real World 2012 Design
    11. 11. 2007 vs. 2012 Comparison 2007 Server Type Count License Central 1 Administration Site Primary 3 Secondary 9 Distribution Point 135 Workstation Clients Child Primary Configuration Manager Server 2012 with SQL Server Technology Configuration Manager Server 2012 with SQL Server Technology No SCCM license is required No license is required above the Client ML 10,50 Configuration Manager Client ML 0 Configuration Manager Server 8 2012 with SQL Server Technology • • • • 2012 Secondary Count License Configuration Manager Server 0 2012 with SQL Server Technology Configuration Manager Server 1 2012 with SQL Server Technology No SCCM license is required 0 Distribution Point 57 Server Type CAS (role changed) Primary Workstation Clients Child Primary (No More) No license is required above the Client ML 10,50 Configuration Manager Client ML 0 0 No more cross WAN SQL replication Major reduction in infrastructure Major reduction in license cost Simplified role-based management for secure delegation
    12. 12. Infrastructure Promises Modernizing Architecture • Minimizing infrastructure for remote offices • Consolidating infrastructure for primary sites • Scalability and data latency improvements • Central Administration Site is just for administration and reporting – other work distributed to the primaries as much as possible • File processing occurs once at the primary site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy) • System-generated data (HW Inventory and Status) can be configured to flow to CAS directly
    13. 13. Infrastructure Promises Be Trustworthy • Interactions with SQL DBA are consistent with ConfigMgr 2007 • ConfigMgr admin can monitor and troubleshoot new replication approach independently
    14. 14. When Do I Need a Primary Site? • To manage any clients • Add more primary sites for: • Scale (more than 100,000 clients) • Reduce impact of primary site failure • Local point of connectivity for administration • Political reasons • Content regulation
    15. 15. Reducing Primary Sites Unique ConfigMgr 2007 primary site for: ConfigMgr 2012 solutions (no unique primary sites): Decentralized administration Role based administration Logical data segmentation Role based administration Client settings Client settings for the hierarchy and unique collections Language Language packs Content routing for deep hierarchies Secondary sites or distribution points
    16. 16. Infrastructure Changes: Content • ONE Distribution Point – PXE Service Point – Increased scalability beyond the ConfigMgr 2007 limit of 75 PXE service points per site – Multicast option – Throttling and scheduling of content to that location – Pre-stage of content and specify specific drives for storage • Improved Distribution Point Groups – Manage content distribution to individual distribution points or groups – Content automatically added or removed from distribution points based on group membership – Associate distribution point groups with a collection to automate content staging for software targeted to the collection • No Branch DPs - DPs can be installed on clients and servers now
    17. 17. Boundaries • Boundaries represent network topology – used to optimized network utilization • Clients use boundaries to: – Automatically determine site assignment – Locate the best management point (MP) – Locate the best distribution point (DP) or state migration point (SMP) • Define separate boundaries for client activities versus content
    18. 18. Boundary Management • Automatically created with the Forest Discovery method – Discovers AD Sites, IP Subnets, IPv6 Prefix type boundaries – Can automatically add as boundaries immediately or add later • Boundaries are members of one or more groups: – Groups support: site assignment, site system look-ups or both – Create group with boundaries in one step – Add boundaries to an existing group – Multi-select and reflective views supported
    19. 19. Simplified Hierarchical Infrastructure Central Admin Site Primary Sites Secondary Sites Central primary site admin Client management & settings Content routing Reporting 100K clients per site Distributions points Delegated Administration Requires SQL server Language Packs Lack of local administrator Support distributed organizational boundaries
    20. 20. Collection Enhancements
    21. 21. SCCM 2012 Collections
    22. 22. Role-Based Administration • • Central management for security Role-based administration lets you map the organizational roles of your administrators to defined security roles: Functionality ConfigMgr 2007 ConfigMgr 2012 What types of objects can I see and what can I do to them? Class rights Security roles Which instances can I see and interact with? Object instance permissions Security scopes Which resources can I interact with? Site specific resource permissions Collection limiting • Removes clutter from the console – Supports “Show me what’s relevant to me” based on my security role and scope
    23. 23. New Features for Software Distribution in Configuration Manager 2012 Application Model Unified monitoring experience Rich end user experience Content management User Device Affinity
    24. 24. Application Model Diagram General information about the software application
    25. 25. Application Model • Manage applications; not scripts • Application Management: – Detection method – Re-evaluated for presence: • Required application – Reinstall if missing • Prohibited application – Uninstall if detected – Requirement rules – Evaluated at install time to ensure the app only installs in places it can and should – Dependencies – Relationships with other apps that are all evaluated prior to installing anything – Supersedence – Relationships with other apps that should be uninstalled prior to installing anything – Update an app – Automatic revision management
    26. 26. ConfigMgr 2007 to 2012 Comparison: App Model Feature Configuration Manager 2007 Configuration Manager 2012 Create/Model Software Package Program Application and Deployment Types Deploy Software Advertisement (Install Status) Deployment (state based) via detection method Targeting Collection rules (Server) Requirement rules (Client) User Targeting None or limited User Device Affinity Client User Experience Run Advertised Programs Software Center Software Install from Web site None Software Catalog Content Management None or limited Content library
    27. 27. Software Catalog: User Targeted Available Software • Browse and search for software – Fully localized for site and applications – Search via category or name • Install software – Direct self-installation from software catalog – Leverages full infrastructure for content and status – Automatic installation upon approval • Request applications – Request approval for software – View request history
    28. 28. SCCM 2012: Software Catalog (Client)
    29. 29. SCCM 2012 Self Service Portal User Driven Application Management
    30. 30. On Demand Installation Process Flow 1 2 • User clicks “install” on catalog item • Web site checks user’s permissions to install 3 • Web site requests Client ID from ConfigMgr client agent and passes it to site server 4 • Server creates policy for the specified client and app and passes it to client 5 • Client agent evaluates requirements from the policy and initiates installation 6 • Client agent completes installation process and reports status
    31. 31. System and User-Centric: Paradigm Shift Configuration Manager 2007 Configuration Manager 2012 Optimized for system management scenarios Still committed and focused on system management scenarios Challenging to manage users: • Forced to translate a user to a device • Explicit: run a specific program on a specific device Embrace user-centric scenarios: • Moving to a state based design for apps, deployments, content on DP’s • Full application lifecycle model. install, revision mgmt., supersedence and uninstall Software distribution is a glorified script execution • • Understand and intelligently target the relationships between user systems Management solution tailored for applications
    32. 32. User-Centric – Operating System Deployment Support for new software distribution features during operating system deployment – Evaluate application requirement: Rules, dependencies and supersedence – User device affinity support: Install applications deployed to the primary user
    33. 33. User-Centric – Understanding Virtual Desktop Platform • As Citrix XenDesktop and Microsoft RDS integrates, then: – Conditional rules for application deployment are available (Desktop Type, Pool Name) – Gather inventory from Guest VM for broker site name, desktop type and pool name and exposed for compliance monitoring and inventory reports – ConfigMgr uniqueness is persisted through pooled VM shutdown and startup • Randomization of schedules automatically for any client: – Hardware inventory scan – Software inventory scan – Software update scan, download and install
    34. 34. Operating System Deployment • Offline Servicing of Images • Support for component based servicing compatible updates • Uses updates already approved • Boot Media Updates • Hierarchy wide boot media – no longer need one per site • Unattended boot media mode – no longer need to press “next” • Use pre-execution hooks to automatically select a task sequence – no longer see many optional task sequences • USMT 4.0: UI integration and support for hard-link, offline and shadow copy features
    35. 35. SCCM Task Sequences - The Cook Book
    36. 36. Power Management Phase 1: Monitor •Enable client management agent •Begin monitoring usage and activity Non-Peak & Peak Phase 2: Plan •Continue monitoring on usage and activity •Begin to develop power plan Mid-Month: •Power plan has been confirmed Phase 3: Apply Power policy •Begin applying power plan Phase 4: Compliance & Analyze •Review before and after usage and activity •Determine savings in Kwh and Co2 saved
    37. 37. Settings Management • Unified settings management across servers, desktops and mobile devices • ConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can “set” for registry, WMI and script-based • Improved functionality: – Copy settings – Define compliance SLAs for baselines to trigger console alerts – Richer reporting to include troubleshooting, conflict, remediation information • Enhanced versioning and audit tracking – Ability to specify specific versions to be used in baselines – Audit tracking includes who changed what
    38. 38. Administrator Experience • • • • • • • • Common look and feel across system center products Improved discoverability Only show what is relevant to the administrative role Complete scenarios within the console Simplified navigation Manage App-v Manage Bitlocker Manage Virus Scan/Malware
    39. 39. Forefront Endpoint Protection 2010 One infrastructure for desktop management and protection Ease of Deployment Enhanced Protection Simplified Desktop Management • Built on top of Microsoft® System Center Configuration Manager • Protection against all type of malware • Unified management interface for desktop administrators • Supports all System Center Configuration Manager topologies and scale • Proactive security against zero day threats • Effective alerts • Facilitates easy migration • Productivity-oriented default configuration • Deploy across various operating systems Windows® client and Server • Integrated management of host firewall • Backed by Microsoft Malware Protection Center • Simple, operation-oriented policy administration • Historical reporting for security administrators
    40. 40. FEP Architecture Config. / Dashboard Reports SpyNet DATA ConfigMgr Software Distribution ConfigMgr Site Server & DB (or File Share) EVENTS TELEMETRY Desktops, Laptops, and Servers running ConfigMgr Client & FEP 2010 ConfigMgr Desired Configuration Management SQL Reporting Services
    41. 41. What’s New in SCCM 2012 R2 Site Installation and the Configuration Manager Console Sites and Hierarchies Migration Client Deployment and Operations Software Deployment and Content Management Monitoring and Reporting
    42. 42. Windows Intune Integrated with System Center 2012 R2 Configuration Manager Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows 8 RT Windows 8.1 Windows Phone 8 iOS, Android
    43. 43. Windows Intune Integrated with System Center 2012 R2 Configuration Manager
    44. 44. Platform Support New Platforms Features fully integrated into ConfigMgr • • • • • • • • • • • • • • • Windows 8 RT Windows Phone 8 iOS (5.x, 6.x) Android (2.1 and later) Windows 8.1 (x86/x64 and RT) Over the air device enrollment Available user targeted applications User and device settings management Device inventory Remote device retirement Remote device wipe (full and selective) Company branding Web apps and remote apps VPN/Wi-Fi/certificate profiles Additional settings
    45. 45. Platform Support in ConfigMgr OS Platform Windows 8.1 PC Management Agent ConfigMgr Agent Or Management Agent(OMA-DM) End User Experience Software Center/Application Catalog Windows Company Portal app Windows PC (Win8,Win7,Vista,XP) ConfigMgr Agent Software Center/Application Catalog Windows RT Management agent (OMA-DM) Windows Company Portal app Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app iOS Apple MDM Protocol Native iOS Company Portal App Android Android MDM agent (OMA-DM) Native Android Company Portal App Mac ConfigMgr Agent Limited self service experience Linux/Unix ConfigMgr Agent N/A
    46. 46. Questions?
    47. 47. Connect with Perficient Webinar 10.30 Microsoft Lync: Integrating with Cisco bit.ly/15VFzIz Webinar 11.6 Windows Azure for IT Pros bit.ly/19lyvFl Follow us on Twitter @Perficient_MSFT Customized Microsoft Training for IT Pros & End Users bit.ly/1cy8WV5