jacques mostert solutions consultant chisa technologies session code: mgt301
TRANSCRIPT
What´s New in Microsoft System Center Configuration Manager SP1 and R2
Jacques MostertSolutions ConsultantChisa TechnologiesSession Code: MGT301
Agenda
Configuration Manager Capability overview
Service Pack 1Capability additions
Release 2Capability additions
Service Pack 2Upcoming release details
A Quick Assumption...
You have seen Configuration Manager 2007 in actionThis is a summary session of what has changed since RTM (Release to Manufacture)
Site Role Maximum # of Client SystemsHierarchy (Central Site Server) 200,000Primary Site Server 100,000System Health Validator 200,000Management Point 25,000Distribution Point (Non OSD) 4,000Distribution Point (OSD) Limited by Network & Disk I/OState Migration Point Limited by Network & Disk I/OSoftware Update Point (WSUS) 25,000Fallback Status Point 100,000Branch Distribution Point Limited by OS License, Network & Disk I/O
Supported Client Numbers
Platform/ Feature HW/SW
InventoryOS
DeploymentSoftware
DistributionSoftware
Update MgmtDesired Config Mgmt
Windows ‘7’
Windows Vista
Windows Vista SP1
Windows Vista SP2
Windows XP SP3
Windows 2000
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003
Windows Server 2000
WFLOP
WePOS
XP Embedded
Windows Embedded Standard 2009*
Windows CE
Windows Mobile
Platform Support Supported
ConfigMgr SP2
Supported with SP1
Not Supported
* Sysprep now supported
Configuration Manager Site Systems
PXE Service Point
State Migration Point
Software Update Point
Fallback Status Point
Branch DP
Primary Site Server
Configuration Manager Role
SMS 2003 Equivalent Role
System Health Validator
SQL Server
SQL Server
New Role with Service Pack 1
• Multicast• AVM Streaming
New R2 Capability
Management Point
Distribution Point
Reporting Point
Server Locator Point
Asset Intelligence sync point
Out of band service point
•Reporting Services Point
Intel AMT Integration
Intel® Q35 Express Chipset
with ICH9-DO
Intel Platform Software
Ecosystem Solutions
Intel Key Platform
Technologies
• Intel® Active Management Technology (AMT) is a function of the chipset & network controller
• Hardware-based management for clients• Desktop: Intel® vProTM Processor Technology
Intel® 82566DM
Gigabit Network
Connection
Intel vProComponents
Intel® Core ™ 2 Duo Processor
ConfigMgr 2007 Features for AMT out of Band Management
Secure Setup and Configure AMTZero Touch – Certificate HashZero Touch – In band via agentTies to OSD w/targeting
Provisioning
Remote Console
Helpdesk / Interactive sessionSerial over LANIDE RedirectionBIOS password bypassManual power control
Scheduled Power OnSWDist, SUM, OSD
On Demand Power ControlWake, restart, shutdown
Interactive via OOB Console
Discovery / Inventory
Power Control
Discover On Demand per machine / per collection
Scheduled DiscoveryIn band Discovery via agent
Asset IntelligenceConsole Improvements
Rich interface in Configuration Manager Admin ConsoleNew Catalog and License management toolsEnhanced UI for all Asset Intelligence WMI Classes
System Center Online ConnectionCertificate requirement removed in Service Pack 2Keep software asset categorization up-to-dateOn-demand or scheduled catalog synchronization w/On-line ServiceNew Configuration Manager site role: The Asset Intelligence Synchronization PointUpload requests for software categorization to On-line Service
Basic Replication to Distribute AI Content to Other Configuration Manager sitesAbility to Import Licensing Data and Compare to Inventory
Microsoft MVLS Site3rd Party Licenses (http://technet.microsoft.com/en-us/library/cc431362.aspx)
Local Edit Support Allows Customers to Categorize Software Assets
Operating System Deployment
Service Pack 1 Brought a Platform Support UpdateWindows Vista Service Pack 1
Upgrade Advisor report supportOS package supportAIK updates, WinPE etc.
Windows Server 2008 Managed Client OSHost for Site Roles
R2 Opened New FeaturesMulticastUnknown Computer Support‘Run As’ support added
Unknown Computer SupportAllows unmanaged systems to be recognized and receive an OS DeploymentAllows computers without a ConfigMgr ‘07 client to be provisioned with an OS by ConfigMgr ‘07 OSDExclusion list for unknown computer support availability
A list of computer MAC addresses to which the PXE server should not send task sequences to install an operating systemExclusion list members are ignored
Multicast Services OverviewSimultaneously send data to multiple clients rather than sending a copy of the data to each client over a separate connectionAllows multiple computers to download an OS image package as it is multicast by the DPClients can join a multicast session already in progressThe multicast feature must be enabled on the specific ConfigMgr ‘07 DPBranch DP cannot use multicastConfigMgr ‘07 Requirements
ConfigMgr SP1 and R2 installed to siteWDS extension installed on Windows Server 2008 site systems
Multicast Prerequisites Prerequisite Description
Windows Server 2008 - Must be running on DP enabled for multicast
Windows Deployment Services (WDS) -Must be installed before multicast is enabled on the distribution point server- WDS transport server role service is required for multicast operating system deployment support
Internet Information Services (IIS) with extensions -must be installed before multicast is enabled on the distribution point server- ISAPI extensions and IIS 6 management compatibility must be installed
Network firewall configuration -UDP ports used by multicast are accessible by ConfigMgr ‘07 clients- Port config link
Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS
- Operating system deployment package transfer using IIS requires that Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS (required for device clients and Internet-based clients) be enable
'Run As' in the Task SequenceIn ConfigMgr ‘07, task sequences run only in the context of the local system accountNetwork Access account is used to access required packages located on DPsNetwork Access account needs to access DP or Task Sequence will failIn R2…
Now possible in task sequences to run with credentials other than the local system accountPowerful way to deliver elevation to special situations Run As feature cannot be imported by a Configuration Manager 2007 site server due to Task Sequence schema changesThis account is required if you add the step Run Command Line to a task sequence, but want to not use Local System
Application Virtualization Management System Center builds on the full Application Virtualization Infrastructure
Integrates with existing Active Directory relationshipsProvides a scalable infrastructure to support a distributed networkBroad scenario support to support workers wherever and however they work; desktops, laptops, mobile across LAN/WAN/Branch and Internet connectionsCentralized management and reporting for physical and virtual applicationsReduce costs for deployment, and align to organizational requirements by targeting both user and computer systems for applicationsAsset Intelligence brings meaningful business terminology for software titles, categories and families, with full support for Virtual Applications
Integrate Virtual Application delivery with everyday management operations
OS deploymentPatch managementInventory
Application Virtualization Management
Based on Application Virtualization 4.5 feature setUses System Center Configuration Manager 2007 R2 Admin approachNew in ConfigMgr 2007 R2:
ConfigMgr can manage and deploy virtual applicationsClient roaming is supported so the client is always going to the “closest” server
Dynamic nature of Application virtualization preservedVersion checking, user-based targeting, streaming
Core Scenarios for Application Virtualization Management
•Create virtual application packages and copy them to distribution points
Packaging and distribution of virtual
applications
•Advertise the packages to clientsDeployment of virtual applications to clients
(connected and offline)
•After the application is advertised and made available, end-users run the applications from their desktop computers
Launching and running virtual applications
(connected and offline)
•ConfigMgr inventory and reports enable administrators to report on packages, applications and their usage within the ConfigMgr hierarchy
Inventory and Reporting of virtual
applications
System Center Requirements
Configuration Manager 2007 SP1 is a prerequisiteA customer must have purchased MDOP and be licensed to use App Virtualization 4.5
4.5 Sequencer to build virtual applications4.5 Client to interact with the ConfigMgr client on the desktop
A customer must be licensed to use ConfigMgr 2007 R2‘Software Assurance’
Additional Configuration Manager client requirements (min OS, etc)System Center Operations Manager is optional
Infrastructure Requirements
Some key areas to be aware of when deploying Virtual Applications in ConfigMgrDistribution Point
Virtual Applications Tab Enable Virtual Application Streaming
Client Agent ConfigAdvertised Programs Client Agent
Set to allow Virtual Application Package Advertisement
SQL Reporting Services Integration
New server role called the “Reporting Services Point”Ability to convert / copy classic SMS reports to Report Definition Language format and publish them to a Reporting Services Point (report server)New node under “Computer Management -> Reporting” for accessing the SRS ConfigMgr reportsAbility to manage, browse and run SRS ConfigMgr reports from the ConfigMgr Console
Client Status ReportingBuilt upon the scenarios in the SMS 2003 Client Health ToolExternal service which queries site systems and ConfigMgr clients for client status on agent activity and overall healthReports on key indicators of client activity to help administrators monitor and maintain the health of their ConfigMgr clientsClient Status Reporting can:
Identify clients that are online but are not requesting policyProvide a number of reports that detail the status of clients on your siteIdentify clients that are online but have nonfunctioning client componentsIdentify clients that are online but do not have up-to-date discovery or inventory recordsIdentifies clients that are offlineIs not dependent on ConfigMgr ‘07 site systems
CSR will not be affected by problems with backlogged site systems which could cause traditional reporting mechanisms to generate inaccurate results
Uses a number of data sources for its analysis, including:Data from ConfigMgr ‘07 site database - inventory, discovery, and heartbeat dataGather and analyze policy request log files from MPsCan also check the status and activity of ConfigMgr ‘07 client components
Forefront Client Security IntegrationForefront Client Security
Provides unified malware protection for business desktops, laptops and server systemsProvides critical visibility into threats and vulnerabilities
Lightweight Integration Between Forefront Client Security and ConfigMgr 2007 R2
An FCS Configuration Pack will assess the states of FCS agents on machines that are managed by ConfigMgr 2007 R2Admin gets the reports of overall states of FCS clients through the existing DCM reporting infrastructure
Import the Configuration Pack Included on the ConfigMgr ‘07 R2 CD
Configuration Manager SP2 Summary • Windows 7
• Windows Server 2008 R2 • Windows Server 2008 SP2 • Windows Vista Sp2
Operating System Support updates
• Site role support for Windows Server 2008 R2
Site Role support for Windows Server 2008
R2
• OOB Wireless Management: Wireless Profile Management • End Point Access Control: 802.1x support • Persistent Data Storage: Non Volatile Memory or Third Party Data Store (3PDS) • Access Monitor: Audit Log • Remote Power Management: Power State Configuration from ConfigMgr Console
Intel AMT Integration Enhancements
• Requires Win7 client and W2K8 R2 backendBranch Cache
Support
• X64 support for Operations Manager 2007 Client Agent
Operations Manager 64bit support
Service Pack 2
Smaller, but Still Important StuffUpdate to Management Pack for 64-bit OS’s – SP2 will ship 64-bit perf countersRemote control added in for (x64 XP and Server 2003)Multi-select and delete driver catalog drivers from the consoleBetter feedback on AD extension success / failure
Certificate Requirement Removal for Asset IntelligenceHotfix Data
36 QFE merges
iAMTSupports Intel vPro Chipset and iAMT Firmware Versions 4 & 5Feature Parity with SP1 and iAMT Firmware Versions 3.2.1, 4 & 5New Features
Wireless profilesWireless profiles associated with all Intel® vPro™ clients in the siteSet the wireless information on a per-collection basis during provisioning.
802.1x support - configuration of 802.1x settings on a per-collection basis during provisioning.Audit Logs - Retrieve, store and clear the security audit log on a periodic basisPower Package - Enable configuration of the power package settings with the core provisioning settings for the site.3rd party data storage - Enable SCCM to store specific information into the NVM data area for inventory or t-shooting.
SummaryConfiguration Manager R2 is Now AvailableService Pack 2 Public Beta June 2009In addition to Traditional Features Such as Software distribution, Inventory and OS Deployment R2 Brings:
Support for Vista SP1 and Windows Server 2008 (added at SP1)Asset Intelligence (added at SP1)Intel AMT integration (added at SP1)Application VirtualizationSQL ReportingClient Status ReportingOS Deployment enhancementsForefront Client Security Reporting
Download the Evaluation at http://technet.microsoft.com/en-us/configmgr/cc761485.aspx Download the Virtual Machine at
http://www.microsoft.com/downloads/details.aspx?FamilyID=e0fadab7-0620-481d-a8b6-070001727c56&displaylang=en
ResourcesSystem Center Website
http://www.microsoft.com/systemcenter/configmgr/default.mspx Application Virtualization Website
http://www.microsoft.com/systemcenter/softgrid/default.mspx Management Techcenter
http://www.microsoft.com/systemcenter/softgrid/default.mspx Windows Vista
http://www.microsoft.com/windows/products/windowsvista/default.mspx
Windows Server Resources
http://www.microsoft.com/servers/default.mspx System Center Team Blog
http://blogs.technet.com/systemcenter/ Website for Microsoft Desktop Optimization Pack for Software Assurance
http://www.windowsvista.com/optimizeddesktop Microsoft Virtualization 360
http://www.microsoft.com/virtualization MYITForum
http://www.myitforum.com/
www.microsoft.com/teched
International Content & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.