Simplify Your Hierarchy
Central Site
Primary
Secondary Site
Secondary Site
Primary Site
Primary
Distribution Point
Distribution Point
Distribution Point
Primary Site
Primary Site
Primary Site
Secondary Site
Distribution Point
Simplify Your Hierarchy
Central Administration Site
Primary
Secondary Site Secondary Site
Primary
Distribution Point Distribution Point Secondary Site Distribution Point
Decentralized administration
Logical data segmentation
Client settings
Language
Content routing for deep hierarchies
Decentralized administration
Logical data segmentation
Client settings
Language
Content routing for deep hierarchies
Decentralized administration
Logical data segmentation
Client settings
Language
Content routing for deep hierarchies
Forest & Boundary Process Flow
Contoso.com
Engineering.contoso.com
Domains Subnets Sites
Contoso 10.10.10.x NorthAmerica
engineering 10.10.11.x Hawaii
10.10.12.x
Discovery
Runs
Forest & Boundary Process Flow
Contoso.com
Engineering.contoso.com
Domains Subnets Sites
Contoso 10.10.10.x NorthAmerica
engineering 10.10.11.x Hawaii
10.10.12.x
Discovery
Runs
Boundaries Boundary Group Boundary Group Purpose
NorthAmerica NA_Site_QQQ Site Assignment
Hawaii HI_Site_HAW Site Assignment, Content
10.10.10.x Chicago_DP Content
10.10.11.x Chicago_DP Content
10.10.12.x St_Louis_DP1 Content
Data type Examples Replication
type
Where is data
found?
Global data
Created by admin
Collection rules,
package metadata,
software update
metadata,
Deployments
SQL Central
administration site,
all primary sites,
secondary sites*
Site data
Created by system
Collection members,
HINV, alert messages
SQL Central
administration site,
originating primary
site
Content Software package
installation bits,
software updates,
boot images
File-based Primary sites,
secondary sites,
distribution points
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Global Data Available at: Central
Administration Site and all
Primary Sites
Examples
• Collection rules
• Package metadata
• Deployments
• Security Scopes
Hereford
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Global Data Available at: Central
Administration Site and all
Primary Sites
Examples
• Collection rules
• Package metadata
• Deployments
• Security Scopes
Global Data subset Examples
• Packages metadata and status
• Program metadata Hereford
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Hereford
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Site Data Available at: Central
Administration Site, Replicating
Primary
Examples:
• HINV
• Status
• Collection Membership Results
Hereford
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Hereford
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Hereford
Content Available where content has
been distributed to a
Distribution Point
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Hereford
Content Available where content has
been distributed to a
Distribution Point
Content routing between
Secondaries
Conceptual Replication Model Central Administration Site
Texas (Keller)
Germany
(Baumholder) Amarillo
Canyon
Central
Administrati
on Site
Primary Site
Secondary
Site
Hereford
Content Available where content has
been distributed to a
Distribution Point
Content routing between
Secondaries
Data Segmentation Configuration Manager 2007
France Primary Site
England Primary Site Meg Collins “Central Admin”
Meg wishes to
distribute a package
to all of her EMEA
users in the West
region
•Create and distribute
package
Data Segmentation Configuration Manager 2007
France Primary Site
England Primary Site Meg Collins “Central Admin”
•French collections
•Create advertisement for French
collections
Meg wishes to
distribute a package
to all of her EMEA
users in the West
region
•Create and distribute
package
Louis “French Admin”
Data Segmentation Configuration Manager 2007
France Primary Site
England Primary Site Meg Collins “Central Admin”
•French collections
•Create advertisement for French
collections
•English collections
•Create advertisement for English
collections
Meg wishes to
distribute a package
to all of her EMEA
users in the West
region
•Create and distribute
package
Anthony “English Admin”
Louis “French Admin”
Data Segmentation Configuration Manager 2007
France Primary Site
England Primary Site Meg Collins “Central Admin”
•French collections
•Create advertisement for French
collections
•English collections
•Create advertisement for English
collections
Meg wishes to
distribute a package
to all of her EMEA
users in the West
region
•Create and distribute
package
Anthony “English Admin”
Louis “French Admin”
Collection Limiting
All Systems
French Systems
French Desktops
English Systems
• Meg gives Louis
permissions to “French
Systems”
Collection Limiting
All Systems
French Systems
French Desktops
English Systems
• Meg gives Louis
permissions to “French
Systems”
Collection Limiting
All Systems
French Systems
French Desktops
English Systems
• Meg gives Louis
permissions to “French
Systems”
Louis
• can read French Systems
and all collections limited
to French Systems
• cannot see All Systems and
English Systems
Collection Limiting
All Systems
French Systems
French Desktops
English Systems
• Meg gives Louis
permissions to “French
Systems”
Louis
• can read French Systems
and all collections limited
to French Systems
• cannot see All Systems and
English Systems
• can modify and delete
French Desktops
Collection Limiting
All Systems
French Systems
French Desktops
French Servers
English Systems
• Meg gives Louis
permissions to “French
Systems”
Louis
• can read French Systems
and all collections limited
to French Systems
• cannot see All Systems and
English Systems
• can modify and delete
French Desktops
• can create new collections
limited to French Systems or
French Desktops
High Availability
Ensure I can administer my environment SQL Clustering
Multiple Admin-Facing Site System Roles:
SMS Provider, Reporting Services Point
Ensure clients can be managed
Windows Network Load Balancing continues to be supported for:
Management Point, Software Update Point
New client load balancing and failover solution in 2012
High-availability without the need for network load balancer!
Automatic remediation for unhealthy clients
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Database replication:
File replication:
Active Directory
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Database replication:
File replication:
Active Directory
Query Active
Directory
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Database replication:
File replication:
Active Directory
Query Active
Directory
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Database replication:
File replication:
Active Directory
Query Active
Directory
DDRs Processed by Central Administration Site
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Active Directory
Query Active
Directory
DDRs Processed by Central Administration Site
Database replication:
File replication:
Active Directory Discovery Flow
CAS
PR2 PR1 PR3
SE1
Active Directory
Query Active
Directory
DDRs Processed by Central Administration Site
Database replication:
File replication:
Pri. Site 1 Pri. Site 2
Pri. Site 3
Pri. Site 4
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2007 ConfigMgr 2012
Intranet
Internet Internet
Management
Point
Distribution
Point
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
ConfigMgr 2012
Intranet
Internet
PR1
Management
Point Distribution
Point
Management
Point
Distribution
Point
Single Primary site can manage both
Intranet clients (over HTTP) and
Internet clients (over HTTPS).
Primary sites can be configured to
either support only HTTPS roles or
both HTTP and HTTPS site roles.
woodgrove.com
corp.woodgrove.com
hr.woodgrove.com
CAS
PR2
Distribution
Point Management
Point
PR1
Management
Point
Distribution
Point
woodgrove.com
corp.woodgrove.com
hr.woodgrove.com
CAS
Woodgrove-emea.com
PR2
Distribution
Point Management
Point
PR1
Management
Point
Distribution
Point
woodgrove.com
corp.woodgrove.com
hr.woodgrove.com
CAS
Woodgrove-emea.com
PR2
Distribution
Point Management
Point
PR1
Management
Point
Distribution
Point PR2
Management
Point Distribution
Point
woodgrove.com
corp.woodgrove.com
hr.woodgrove.com
CAS
Woodgrove-emea.com
PR2
Distribution
Point Management
Point
PR1
Management
Point
Distribution
Point PR2
Management
Point Distribution
Point
CAS, Primary and secondary sites
must reside in a fully two way
trusted Active Directory
Domain/Forest.
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
corp.woodgrove.com clients
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
corp.woodgrove.com clients
WorkGroup clients
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
corp.woodgrove.com clients
WorkGroup clients
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
corp.woodgrove.com clients
WorkGroup clients
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
Distribution
Point
Management
Point
corp.woodgrove.com clients
WorkGroup clients
Software
Update
Point
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
Distribution
Point
Management
Point
corp.woodgrove.com clients
WorkGroup clients
Machine
policies
only
Software
Update
Point
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
Distribution
Point
Management
Point
corp.woodgrove.com clients
WorkGroup clients
Machine
policies
only
Machine
policies
only
Software
Update
Point
corp.woodgrove.com
PR1
Management
Point
Distribution
Point
CAS
Intranet
Internet
DMZ
Distribution
Point
Management
Point
corp.woodgrove.com clients
WorkGroup clients
Machine
policies
only
Machine
and user
policies
Software
Update
Point
Software
Catalog
Site Server • CAS, Primary and secondary site must reside in a fully
two way trusted Active Directory Domain/Forest.
• Client Facing roles can be deployed in untrusted forest.
Site Server • CAS, Primary and secondary site must reside in a fully
two way trusted Active Directory Domain/Forest.
• Client Facing roles can be deployed in untrusted forest.
Intranet Client • Same as in ConfigMgr 2007
Site Server • CAS, Primary and secondary site must reside in a fully
two way trusted Active Directory Domain/Forest.
• Client Facing roles can be deployed in untrusted forest.
Intranet Client • Same as in ConfigMgr 2007
Internet-Based
client
management
• Deploy remote site roles in DMZ for managing Internet-
Based Clients.
• All Internet based clients can get machine policy but to
retrieve user policy there should be:
• One way trust between DMZ and the forest to which
the client belongs.
• Clients must be part of the trusted forest.
Exchange Connector in Operation
Primary Site
Configure Exchange Connector
Exchange
Mailbox
Server
Exchange
Client Access Server
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Settings Policy
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Settings Policy
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Settings Policy
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Check access to Exchange
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Apply Settings
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Apply Settings
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Apply Settings
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Mail Request
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Mail Request
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Discover Mobile Devices
Exchange Connector in Operation
Primary Site
Exchange
Mailbox
Server
Exchange
Client Access Server
Device Info
Native management pack compatible with SCOM 2007 R2/ SCOM 2012
Compatibility
Actionable Alerts
Customizability
Stateful monitor
Actionable Alerts
Compatibility
Customizability
Stateful monitor
Reduced unnecessary alerts, made alerts actionable
Customizability
Compatibility
Actionable Alerts
Stateful monitor
Classes public allowing reuse. Admin can override the parameters to customize the condition
Stateful Monitors
Compatibility
Actionable Alerts
Customizability
Uses monitors instead of rules. Provides healthy status and the alerts generated by monitor can be auto resolved
Failures sent to Diane via SCOM
Database service is down
The disk of Site Server is full
Management Point is down
SQL replication between PS1 and CAS does not work
Diane – server infrastructure
Administrator
Failures sent to Diane via SCOM
Database service is down
The disk of Site Server is full
Management Point is down
SQL replication between PS1 and CAS does not work
In-console alerts reminds Meg about
Compliance rate of baseline XX is lower than 50%
The success rate of deployment of Acrobat reader is lower than 80
20% clients are not healthy
Diane – server infrastructure
Administrator
Meg – application
deployment and client
monitoring
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin Download Catalog Updates
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin Download Catalog Updates
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin Download Catalog Updates
Inventory Inventory
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin Download Catalog Updates
Manual Download and
import of customer volume
license statement
Inventory Inventory
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
ConfigMgr Admin Download Catalog Updates
Manual Download and
import of customer volume
license statement
Asset Manager
Inventory Inventory
ConfigMgr Admin
Asset Manager
Upload Signatures
and categorization
requests
Download Catalog Updates
Central
Administration
Server
Primary Site 2 Primary Site 1
Inventory Inventory
Asset Intelligence
Manual Download and
import of customer volume
license statement