Learn About:
Newly added features such as Forefront Endpoint Protection and connectors to Intune and Azure
Support features like IOS and Linux, including extended device management
Architectural layout for design considerations, including the CAS Server and the elimination of Native Mode
New ways to configure and deploy your software updates
System Center integration and automation with other System Center products, such as Service Manager and the Data Warehouse connector
Advantages of Hiring UIUX Design Service Providers for Your Business
What's New in System Center 2012
1. What's New in System Center 2012
Changes from SCCM 2007 up to and including SCCM 2012 R2
2. About Perficient
Perficient is a leading information technology consulting firm serving clients throughout
North America.
We help clients implement business-driven technology solutions that integrate business
processes, improve worker productivity, increase customer loyalty and create a more
agile enterprise to better respond to new business opportunities.
3. Perficient Profile
•
Founded in 1997
•
Public, NASDAQ: PRFT
•
2012 revenue of $327 million
•
Major market locations throughout North America
• Atlanta, Austin, Boston, Charlotte, Chicago, Cincinnati, Cleveland, Columbus, Dallas, Denver,
Detroit, Fairfax, Houston, Indianapolis, Minneapolis, New Orleans, New York, Northern California,
Philadelphia, Southern California, St. Louis, Toronto, Washington D.C.
•
Global delivery centers in China, Europe and India
•
~2,000 colleagues
•
Dedicated solution practices
•
~85% repeat business rate
•
Alliance partnerships with major technology vendors
•
Multiple vendor/industry technology and growth awards
4. Our Solutions Expertise
Business Solutions
•
•
•
•
•
•
•
Business Intelligence
Business Process Management
Customer Experience and CRM
Enterprise Performance Management
Enterprise Resource Planning
Experience Design (XD)
Management Consulting
Technology Solutions
•
•
•
•
•
•
•
•
•
•
Business Integration/SOA
Cloud Services
Commerce
Content Management
Custom Application Development
Education
Information Management
Mobile Platforms
Platform Integration
Portal & Social
7. What is SCCM 2012?
IT Asset
Intelligence
Software
Metering
Software Update
Management
Remote Control
Bitlocker
Support for
the Mobile Workforce
OS Deployment
Windows Intune
Connector
Power Management
Self Service
Portal
Antivirus
Network Access Protection
Settings Management
(aka DCM)
8. 2007 vs. 2012 Comparison
What was improved on?
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Hardware & Software Inventory
Software Distribution
Computer-based targeting
User-based targeting
App-V Package Deployment
3rd Party Application
Software Metering
Administrator Console
Status Reporting
Agent Managed
Integrate with Active Directory
Discovery of Computers
Operating System Deployment
Task Sequence
Maintenance Windows
Desired Configuration Management
Internet-based Client Management
Integration with Windows Server 2008
Network Access Protection
Intel vPro Intergration
Power Management
Windows Mobile Device Management
What's new in 2012?
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Automatic Client Health Remediation
State-based Application Distribution
Self-service Portal
Xen-App Package Deployment
Uninstallation Via Software Center
User-Device Affinity
Distribution Point Groups
Boundary Groups
Application Revision History
Content Management
Automatic Software Updates Deployment
Rules
Automatic Clean-up of Superseded and
Expired Updates
Collection-Based Policies
User-friendly ribbon
Automatic Boundary Discovery
Forest Discovery
Offline Servicing of OS Image
Role-based Access Control
User Power Management Opt-out
Non-Windows Mobile Device Management
11. 2007 vs. 2012 Comparison
2007
Server Type
Count License
Central
1
Administration Site
Primary
3
Secondary
9
Distribution Point
135
Workstation
Clients
Child Primary
Configuration Manager Server
2012 with SQL Server
Technology
Configuration Manager Server
2012 with SQL Server
Technology
No SCCM license is required
No license is required above
the Client ML
10,50 Configuration Manager Client
ML
0
Configuration Manager Server
8
2012 with SQL Server
Technology
•
•
•
•
2012
Secondary
Count License
Configuration Manager Server
0
2012 with SQL Server
Technology
Configuration Manager Server
1
2012 with SQL Server
Technology
No SCCM license is required
0
Distribution Point
57
Server Type
CAS (role
changed)
Primary
Workstation
Clients
Child Primary (No
More)
No license is required above
the Client ML
10,50 Configuration Manager Client
ML
0
0
No more cross WAN SQL replication
Major reduction in infrastructure
Major reduction in license cost
Simplified role-based management for secure delegation
12. Infrastructure Promises
Modernizing Architecture
• Minimizing infrastructure for remote offices
• Consolidating infrastructure for primary sites
• Scalability and data latency improvements
• Central Administration Site is just for administration and reporting –
other work distributed to the primaries as much as possible
• File processing occurs once at the primary site and uses replication
to reach other sites (no more reprocessing at each site in the
hierarchy)
• System-generated data (HW Inventory and Status) can be configured
to flow to CAS directly
13. Infrastructure Promises
Be Trustworthy
• Interactions with SQL DBA are consistent with ConfigMgr
2007
• ConfigMgr admin can monitor and troubleshoot new
replication approach independently
14. When Do I Need a Primary Site?
• To manage any clients
• Add more primary sites for:
• Scale (more than 100,000
clients)
• Reduce impact of primary site
failure
• Local point of connectivity for
administration
• Political reasons
• Content regulation
15. Reducing Primary Sites
Unique ConfigMgr 2007 primary
site for:
ConfigMgr 2012 solutions (no
unique primary sites):
Decentralized administration
Role based administration
Logical data segmentation
Role based administration
Client settings
Client settings for the hierarchy and
unique collections
Language
Language packs
Content routing for deep
hierarchies
Secondary sites or distribution
points
16. Infrastructure Changes: Content
• ONE Distribution Point
– PXE Service Point – Increased scalability beyond the ConfigMgr
2007 limit of 75 PXE service points per site
– Multicast option
– Throttling and scheduling of content to that location
– Pre-stage of content and specify specific drives for storage
• Improved Distribution Point Groups
– Manage content distribution to individual distribution points or groups
– Content automatically added or removed from distribution points
based on group membership
– Associate distribution point groups with a collection to automate
content staging for software targeted to the collection
• No Branch DPs - DPs can be installed on clients and
servers now
17. Boundaries
• Boundaries represent network topology –
used to optimized network utilization
• Clients use boundaries to:
– Automatically determine site assignment
– Locate the best management point (MP)
– Locate the best distribution point (DP) or
state migration point (SMP)
• Define separate boundaries for client activities
versus content
18. Boundary Management
• Automatically created with the Forest Discovery method
– Discovers AD Sites, IP Subnets, IPv6 Prefix type boundaries
– Can automatically add as boundaries immediately or add later
• Boundaries are members of one or more groups:
– Groups support: site assignment, site system look-ups or both
– Create group with boundaries in one step
– Add boundaries to an existing group
– Multi-select and reflective views supported
19. Simplified Hierarchical Infrastructure
Central
Admin Site
Primary Sites
Secondary
Sites
Central
primary site
admin
Client
management
& settings
Content
routing
Reporting
100K clients
per site
Distributions
points
Delegated
Administration
Requires SQL
server
Language
Packs
Lack of local
administrator
Support
distributed
organizational
boundaries
22. Role-Based Administration
•
•
Central management for security
Role-based administration lets you map the organizational roles of
your administrators to defined security roles:
Functionality
ConfigMgr 2007
ConfigMgr 2012
What types of objects can I see and what
can I do to them?
Class rights
Security roles
Which instances can I see and interact
with?
Object instance permissions
Security scopes
Which resources can I interact with?
Site specific resource
permissions
Collection limiting
• Removes clutter from the console
– Supports “Show me what’s relevant to me” based
on my security role and scope
23. New Features for Software Distribution in
Configuration Manager 2012
Application Model
Unified monitoring experience
Rich end user experience
Content management
User Device Affinity
25. Application Model
• Manage applications; not scripts
• Application Management:
– Detection method – Re-evaluated for presence:
• Required application – Reinstall if missing
• Prohibited application – Uninstall if detected
– Requirement rules – Evaluated at install time to ensure the app
only installs in places it can and should
– Dependencies – Relationships with other apps that are all
evaluated prior to installing anything
– Supersedence – Relationships with other apps that should be
uninstalled prior to installing anything
– Update an app – Automatic revision management
26. ConfigMgr 2007 to 2012 Comparison:
App Model
Feature
Configuration Manager 2007
Configuration Manager 2012
Create/Model Software
Package
Program
Application and Deployment
Types
Deploy Software
Advertisement (Install Status)
Deployment (state based) via
detection method
Targeting
Collection rules (Server)
Requirement rules (Client)
User Targeting
None or limited
User Device Affinity
Client User Experience
Run Advertised Programs
Software Center
Software Install from Web site
None
Software Catalog
Content Management
None or limited
Content library
27. Software Catalog:
User Targeted Available Software
• Browse and search for software
– Fully localized for site and applications
– Search via category or name
• Install software
– Direct self-installation from software catalog
– Leverages full infrastructure for content and status
– Automatic installation upon approval
• Request applications
– Request approval for software
– View request history
29. SCCM 2012 Self Service Portal
User Driven Application Management
30. On Demand Installation
Process Flow
1
2
• User clicks “install” on catalog item
• Web site checks user’s permissions to install
3
• Web site requests Client ID from ConfigMgr client
agent and passes it to site server
4
• Server creates policy for the specified client and
app and passes it to client
5
• Client agent evaluates requirements from the
policy and initiates installation
6
• Client agent completes installation process and
reports status
31. System and User-Centric: Paradigm Shift
Configuration Manager 2007
Configuration Manager 2012
Optimized for system management scenarios
Still committed and focused on system
management scenarios
Challenging to manage users:
• Forced to translate a user to a device
• Explicit: run a specific program on a specific
device
Embrace user-centric scenarios:
• Moving to a state based design for apps,
deployments, content on DP’s
• Full application lifecycle model. install,
revision mgmt., supersedence and uninstall
Software distribution is a glorified script
execution
•
•
Understand and intelligently target the
relationships between user systems
Management solution tailored for
applications
32. User-Centric – Operating System Deployment
Support for new software distribution features during operating
system deployment
– Evaluate application requirement: Rules, dependencies
and supersedence
– User device affinity support: Install applications deployed to
the primary user
33. User-Centric – Understanding
Virtual Desktop Platform
• As Citrix XenDesktop and Microsoft RDS integrates, then:
– Conditional rules for application deployment are available
(Desktop Type, Pool Name)
– Gather inventory from Guest VM for broker site name, desktop
type and pool name and exposed for compliance monitoring and
inventory reports
– ConfigMgr uniqueness is persisted through pooled VM shutdown
and startup
• Randomization of schedules automatically for any client:
– Hardware inventory scan
– Software inventory scan
– Software update scan, download and install
34. Operating System Deployment
• Offline Servicing of Images
• Support for component based servicing compatible updates
• Uses updates already approved
• Boot Media Updates
• Hierarchy wide boot media – no longer need one per site
• Unattended boot media mode – no longer need to press “next”
• Use pre-execution hooks to automatically select a task sequence
– no longer see many optional task sequences
• USMT 4.0: UI integration and support for hard-link, offline and
shadow copy features
36. Power Management
Phase 1: Monitor
•Enable client management agent
•Begin monitoring usage and activity
Non-Peak & Peak
Phase 2: Plan
•Continue monitoring on usage and activity
•Begin to develop power plan
Mid-Month:
•Power plan has been confirmed
Phase 3: Apply Power policy
•Begin applying power plan
Phase 4: Compliance & Analyze
•Review before and after usage and activity
•Determine savings in Kwh and Co2 saved
37. Settings Management
• Unified settings management across servers, desktops and
mobile devices
• ConfigMgr 2007 reports configuration drift – ConfigMgr 2012 can
“set” for registry, WMI and script-based
• Improved functionality:
– Copy settings
– Define compliance SLAs for baselines to trigger console alerts
– Richer reporting to include troubleshooting, conflict, remediation
information
• Enhanced versioning and audit tracking
– Ability to specify specific versions to be used in baselines
– Audit tracking includes who changed what
38. Administrator Experience
•
•
•
•
•
•
•
•
Common look and feel across
system center products
Improved discoverability
Only show what is relevant to
the administrative role
Complete scenarios within the
console
Simplified navigation
Manage App-v
Manage Bitlocker
Manage Virus Scan/Malware
39. Forefront Endpoint Protection 2010
One infrastructure for desktop management
and protection
Ease of Deployment
Enhanced Protection
Simplified Desktop
Management
• Built on top of Microsoft® System
Center Configuration Manager
• Protection against all type of
malware
• Unified management interface for
desktop administrators
• Supports all System Center
Configuration Manager
topologies and scale
• Proactive security against zero day
threats
• Effective alerts
• Facilitates easy migration
• Productivity-oriented default
configuration
• Deploy across various operating
systems Windows® client and
Server
• Integrated management of host
firewall
• Backed by Microsoft Malware
Protection Center
• Simple, operation-oriented policy
administration
• Historical reporting for security
administrators
41. What’s New in SCCM 2012 R2
Site Installation and the Configuration Manager Console
Sites and Hierarchies
Migration
Client Deployment and Operations
Software Deployment and Content Management
Monitoring and Reporting
42. Windows Intune Integrated with System
Center 2012 R2 Configuration Manager
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Mac OS X
Windows 8 RT
Windows 8.1
Windows Phone 8
iOS, Android
44. Platform Support
New Platforms
Features fully integrated into ConfigMgr
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Windows 8 RT
Windows Phone 8
iOS (5.x, 6.x)
Android (2.1 and later)
Windows 8.1 (x86/x64
and RT)
Over the air device enrollment
Available user targeted applications
User and device settings management
Device inventory
Remote device retirement
Remote device wipe (full and selective)
Company branding
Web apps and remote apps
VPN/Wi-Fi/certificate profiles
Additional settings
45. Platform Support in ConfigMgr
OS Platform
Windows 8.1 PC
Management Agent
ConfigMgr Agent
Or
Management Agent(OMA-DM)
End User Experience
Software Center/Application Catalog
Windows Company Portal app
Windows PC
(Win8,Win7,Vista,XP)
ConfigMgr Agent
Software Center/Application Catalog
Windows RT
Management agent (OMA-DM)
Windows Company Portal app
Windows Phone 8
Management agent (OMA-DM)
Windows Phone 8 Company Portal app
iOS
Apple MDM Protocol
Native iOS Company Portal App
Android
Android MDM agent (OMA-DM)
Native Android Company Portal App
Mac
ConfigMgr Agent
Limited self service experience
Linux/Unix
ConfigMgr Agent
N/A
47. Connect with Perficient
Webinar
10.30
Microsoft Lync:
Integrating with Cisco
bit.ly/15VFzIz
Webinar
11.6
Windows Azure for IT
Pros
bit.ly/19lyvFl
Follow us
on Twitter
@Perficient_MSFT
Customized
Microsoft
Training for IT
Pros & End
Users
bit.ly/1cy8WV5
Hinweis der Redaktion
UPDATE
Bryon Burkhardt is a lead Microsoft infrastructure consultant at Perficient with over 20 years of experience in the IT industry. He serves as a System Center subject matter expert with a primary focus on Configuration Manager 2012.
Split into 2
Forefront Endpoint Protection is the next generation of Forefront Client Security. It builds on the protection technologies included in the previous versions and provides a completely new management experience.Since FEP is built on Configuration Manager, it offers easy installation of FEP server and easier deployment of clients using the existing infrastructure. FEP is also able to support enterprise wide scalability up to 100s of thousands of clients across various Windows operating systems.FEP provides highly accurate detection of known and unknown threats using many new and improved technologies in its antimalware engine as well as through host firewall management. While providing comprehensive protection, FEP keeps employees productive with low performance impact scanning an productivity oriented default policies.And finally, with FEP Administrators have a central location for creating and applying all endpoint-related policies. With a shared view of endpoint protection and configuration, administrators can more easily identify and remediate vulnerable computers.In the following sections, we will look at these benefits in more details.