Airwatch - Mobile Content Strategies and Deployment Best Practices
2011 11-28 sccm-2012_technical_overview
1.
2. What is in SCCM 2012?
IT Asset
Intelligence Software Update
Management
Software
Metering Remote Control
classic .msi
Support for
App-V Applications the Mobile Workforce
OS Deployment Power Management
Selfservice Network Access
Portal Protection
Antivirus
Settings Management
(aka DCM)
3. Empower Users Unify Infrastructure Simplify Administration
Empower people to be Reduce costs by unifying IT Improve IT effectiveness and
productive from anywhere on management infrastructure efficiency
whatever device they choose
Mobile, physical, and virtual Comprehensive client
management management capabilities
Application self-service
Reduced infrastructure
complexity
4. Application Model Unified monitoring experience
Rich End user experience
Content management
User Device Affinity
5. Configuration Manager 2007 Configuration Manager 2012
Optimized for Systems Management scenarios • Still committed and focused on System Management
scenarios
• Challenging to manage users • Embrace User Centric Scenarios
• Forced to translate a user to a device • Moving to a state based design, for apps, deployments,
• Explicit: run a specific program on a specific device content on DPs.
• Full application lifecycle model. Install, Revision Mgt,
Supersedence and Uninstall
• Software Distribution is a glorified script execution • Understand and intelligently target the relationships between
user systems
• Management solution tailored for applications
23. Light Management • EAS-based policy delivery
• Discovery and inventory
7 •
•
Settings policy
Remote Wipe
NOKIA
• Secure over-the-air enrollment
Depth Management
• Monitor and remediate out-of-
compliance devices
• Deploy and remove applications
(WinCE 5.0, 6.0; Windows Mobile 6.0,
6.1, 6.5.x)
• Inventory
• Remote wipe
24.
25.
26. Web based „Software catalog‟
User preferences to control ConfigMgr
behaviors:
“My business hours” – used to control
when to install software
Presentation mode – don‟t notify when
presenting
Remote control settings – when allowed,
end user can control their experience
28. Process Flow
• User clicks “install” on Catalog item
1
• Web site checks user‟s permissions to install
2
• Web site requests Client ID from ConfigMgr
3 client agent and passes it to Site server
• Server creates policy for the specified client
4 and app and passes it to client
• Client agent evaluates requirements from the
5 policy and initiates installation
• Client agent completes installation process
6 and reports status
29.
30. Empower Users Unify Infrastructure Simplify Administration
Empower people to be Reduce costs by unifying IT Improve IT effectiveness and
productive from anywhere on management infrastructure efficiency
whatever device they choose
Mobile, physical, and virtual
management
31. ribbon interface
• Role-Based Administration:
Only show what is relevant to
the administrative role
• Simplified navigation
32. Functionality ConfigMgr 2007 ConfigMgr 2012
What types of objects can I see and what Class rights Security roles
can I do to them?
Which instances can I see and interact with? Object instance permissions Security scopes
Which resources can I interact with? Site specific resource Collection limiting
permissions
33. Central Primary Sites Secondary Sites
Administration
Site
Central primary Client management Content routing
site & settings
administration
Reporting 100K clients per site Distributions points
Delegated Requires SQL
Administration server
Language Packs Lack of local
administrator
Support distributed
organizational
boundaries
41. Unique ConfigMgr 2007 Primary Site for: ConfigMgr 2012 solutions (no unique
primary sites):
Decentralized administration Role Based Administration
Logical data segmentation Role Based Administration
Client settings Client settings for the hierarchy and unique
collections
Language Language packs
Content routing for deep hierarchies Secondary Sites or Distribution Points
42.
43.
44.
45.
46.
47. Empower Users Unify Infrastructure Simplify Administration
Empower people to be Reduce costs by unifying IT Improve IT effectiveness and
productive from anywhere on management infrastructure efficiency
whatever device they choose
Reduced infrastructure
complexity
48. Simplified Desktop
Ease of Deployment Enhanced Protection Management
• Built on top of Microsoft® • Protection against all type of • Unified management interface
System Center Configuration malware for desktop administrators
Manager
• Proactive security against zero • Effective alerts
• Supports all System Center day threats
Configuration Manager • Simple, operation-oriented policy
topologies and scale • Productivity-oriented default administration
configuration
• Facilitates easy migration • Historical reporting for security
• Integrated management of host administrators
• Deploy across various firewall
operating systems Windows®
client and Server • Backed by Microsoft Malware
Protection Center
49. Config. /
Dashboard
Reports
SpyNet
DATA
SQL
ConfigMgr Site Reporting
ConfigMgr Server & DB Services
Software
Distribution
(or File Share)
ConfigMgr
Desired
Configuration
EVENTS Management
TELEMETRY Desktops, Laptops, and Servers
running ConfigMgr Client & FEP 2010
54. Ability to validate content on a distribution point
Available as a set schedule or on demand
Updates package compliance in the monitoring node
55. Auto Deployment Rules
Use search criteria to identify
Schedule content download and deployment
56.
57.
58. Power Management
Phase 1: Monitor
•Enable client management agent
•Begin monitoring usage and activity
Non-Peak & Peak
Phase 2: Plan
•Continue monitoring on usage and activity
•Begin to develop Power Plan
Mid-Month:
•Power Plan has been confirmed
Phase 3: Apply Power policy
•Begin applying Power Plan
Phase 4: Compliance & Analyze
•Review before and after usage and activity
•Determine savings in Kwh and Co2 saved
59. Copy settings
compliance SLAs for Baselines
Richer reporting
Enhanced versioning and audit tracking
Ability to specify specific versions to be used in baselines
Audit tracking includes who changed what
63. Assist with Migration of Objects
Assist with Migration of Clients
Minimize WAN impact
Maximize Re-usability of x64 Server Hardware
Assist with Flattening of Hierarchy
Hinweis der Redaktion
Forefront Endpoint Protection is the next generation of Forefront Client Security. It builds on the protection technologies included in the previous versions and provides a completely new management experience.Since FEP is built on Configuration Manager, it offers easy installation of FEP server and easier deployment of clients using the existing infrastructure. FEP is also able to support enterprise wide scalability up to 100s of thousands of clients across various Windows operating systems.FEP provides highly accurate detection of known and unknown threats using many new and improved technologies in its antimalware engine as well as through host firewall management. While providing comprehensive protection, FEP keeps employees productive with low performance impact scanning an productivity oriented default policies.And finally, with FEP Administrators have a central location for creating and applying all endpoint-related policies. With a shared view of endpoint protection and configuration, administrators can more easily identify and remediate vulnerable computers.In the following sections, we will look at these benefits in more details.