Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1

Jeffrey SutherlandPrincipal PM Manager

Session Objectives And TakeawaysSession Objectives: • Understand how Mac and Linux/Unix management fits within

ConfigMgr 2012 sp1• Understand the core features of Mac and Linux/Unix management in

ConfigMgr 2012 sp1• Demonstrate the key Mac management scenarios

Key Takeaways• Mac and Unix/Linux management is a critical part of Microsoft’s

commitment to heterogeneous device management• ConfigMgr 2012 sp1 extends our “single pane of glass”

administration to all device types and form factors from phones to servers

ConfigMgr for Linux/Unix

Linux/Unix Overview• Focused on server management scenarios• Hardware and Software Inventory• “Classic” software deployment with Packages and Programs• Endpoint Protection• Complies with maintenance windows

• Fully integrated solution with ConfigMgr• “Single pane of glass”• No custom server side code• Clients communicate to Management Points and Distribution Points like Windows

clients

• See also: IM-B201 Managing Linux and UNIX in a System Center Private Cloud

Supported Linux/Unix Operating Systems

Linux UNIX

Red Hat SUSE CentOS Ubuntu Debian Oracle AIX HP-UX Solaris

Configuration Manager * * * * * *

Endpoint Protection No Plans

*ETA = 2Q CY2013

Linux/Unix Hardware & Software Inventory• Extensible inventory framework based on Open

Management Infrastructure CIM server (http://omi.opengroup.org)• Built-in providers map Linux/Unix classes and properties to Windows equivalents for

consistent admin experience, reporting and querying

• View UNIX/Linux hardware inventory for a single computer using Resource Explorer

• View installed software (like Windows Add/Remove Programs)

• Build query-based collections of computers based on HW Inventory properties

• Full and delta inventory

Linux/Unix Software Deployment• Implemented as Packages and Programs• Use cases:• Deploy applications and application updates• Deploy Linux/Unis OS updates• Schedule one-time or recurring maintenance scripts

• Complies with collection maintenance windows

Features Not Yet Supported for Linux/Unix• No client push installation• Use command line script to install client• http://technet.microsoft.com/en-us/library/jj573939.aspx

• No native OS Deployment, Software Updates Management, nor Settings Management

• Not integrated with user-centric application model• No client UI experience for “available” application

install• No support for Internet-based Client Management

ConfigMgr for Mac

Mac Overview

• Built on ConfigMgr on-prem mobile device infrastructure• Enrollment Proxy Point• Enrollment Point• Management Point w/ HTTPS and Mac management

enabled• Distribution Point w/ HTTPS• Microsoft Certificate Authority

• “Single pane of glass” for MacOS X 10.6 (Snow Leopard), 10.7 (Lion), and 10.8 (Mountain Lion)

Mac Features

• Supported Features include:• Secure over-the-air enrollment• Active Directory & Network Discovery• Hardware & Software Inventory• Settings Management• Application Deployment

Mac Discovery and Enrollment• Both Network and AD discovery supported• AD discovery provides more info, but domain joining is not required• Network discovery can produce duplicate records in some cases

• Enrollment• Establishes mutual trust between the Mac and the management

infrastructure• Enrollment roles can be internet- or intranet-accessible only• User-initiated process from terminal session connects over SSL• Admin defines which users are authorized to enroll devices• End result: A user or machine certificate is installed on the device

and the management agent is configured. • Certificate renewal requires re-running enrollment

Mac Client Enrollment

Distribute client & tools package to Mac• P

ackage available on the Microsoft Download Center

• No built-in ‘push’ install for the ConfigMgr Mac client

Install client using Ccmsetup.pkg

Enroll client using CMEnroll• S

upply user domain credentials

• CMEnroll requests and installs user certificate

• Client contacts Management Point for policy

Configuration Manager applet appears in System Preferences

Mac Enrollment Architecture

Primary Site

User Discovery

Active Directory

Network Share

Enrollment Point

Enrollment Proxy Point

Microsoft CA

Management Point

Distribution Point

Domain username &

password

Domain username & password Domain

username & password

User Cert request

User Cert request

User Cert request

Get Policy

Dow

nload and install

client

Grant enrollment rights to user collection

Mac Inventory

Overview• Reported via Hardware Inventory, including installed apps• Inventory is not extensible like Windows client

Classes reported Processor Process ServiceComputer System Installed Software USB DeviceDisk Drive Computer System Product Portable BatteryDisk Partition USB Controller PrinterNetwork Adapter CDROM Drive Physical MemoryOperating System Desktop Monitor Video Controller

Mac Discovery & InventoryDemo

Mac Settings Management• Fully integrated experience with non-Mac settings

management• Supports monitoring and enforcement • Fully customizable settings via Property List (PList) files or

shell scripts• Preference settings applied at system level• User-based preferences not currently supported

Primary Site

Active Directory

Network Share

Enrollment Service Point

Enrollment Web Proxy

Microsoft CA

Management Point

Distribution Point

Get policy

Assign Baseline

Get policy BaselineGet current

configuration

Assess Compliance

Apply settings

Generate remediation commands

Report complianceReport compliance

Mac Settings Management Architecture

Mac Settings ManagementDemo

Mac Software Distribution

• Application model• Wrap Mac installer types using CMAppUtil• Supports .app, .pkg, .mpkg, and .dmg formats• Interrogates Mac installer to gather detection method and application

metadata

• Unified deployment and monitoring experiences• Currently only supports required application

deployment with device targeting• No end-user software catalog

• Content management• State-based distribution point groups• Single instance content store

Get content

Primary Site

Management Point

Distribution Point

Get policy

New Application

Get policy

Distribute content to DPs

MSICMMac

Deploy Application

Report install status

Report install

statusInstall App

Mac Software Distribution Architecture

Mac Software DistributionDemo

Endpoint Protection for Mac & Linux

System Center Endpoint Protection (SCEP) for Mac/LinuxFeatures• Anti-virus and anti-malware support• Machines connect directly to internet service for

security content• Client UI for user visibility and control• SCOM monitoring pack for Linux with management

control

Platforms• Apple Mac OS X (10.6, 10.7, 10.8) • Linux Server: Redhat Enterprise 6, SuSE Linux 11

Support and License• Microsoft supported, based on proven ESET

technology• Licensed as part of core CAL

In Review: Session Objectives And TakeawaysSession Objectives: • Understand how Mac and Linux/Unix management fits within ConfigMgr

2012 sp1• Understand the core features of Mac and Linux/Unix management in

ConfigMgr 2012 sp1• Demonstrate the key Mac management scenarios

Key Takeaways• Mac and Unix/Linux management is a critical part of Microsoft’s

commitment to heterogeneous device management• ConfigMgr 2012 sp1 extends our “single pane of glass” administration

to all device types and form factors from phones to servers

Related ContentBreakout Sessions

UD-B309Deploying and Configuring Mobile Device Management Infrastructure

UD-B310Deploying and Managing Windows 8 with Configuration Manager 2012 SP1

UD-B318Managing Embedded Devices with Configuration Manager 2012

UD-B325System Center 2012 Configuration Manager SP1 Overview

UD-B330System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management

UD-B331System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1

UD-B332What’s New with Microsoft Deployment Toolkit 2012 Update 1

UD-B333What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design

UD-B335Windows Intune Overview

UD-B403Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting

Related ContentInstructor-led and Hands-on Labs

UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution

Evaluation

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

We want to hear from you!

Resources

http://channel9.msdn.com/Events

Access MMS Online to view session recordings after the event.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.