linuxunix red hatsusecentosubuntudebianoracleaixhp-uxsolaris configuration manager * * * * * *...
TRANSCRIPT
Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1
Jeffrey SutherlandPrincipal PM Manager
Session Objectives And TakeawaysSession Objectives: • Understand how Mac and Linux/Unix management fits within
ConfigMgr 2012 sp1• Understand the core features of Mac and Linux/Unix management in
ConfigMgr 2012 sp1• Demonstrate the key Mac management scenarios
Key Takeaways• Mac and Unix/Linux management is a critical part of Microsoft’s
commitment to heterogeneous device management• ConfigMgr 2012 sp1 extends our “single pane of glass”
administration to all device types and form factors from phones to servers
ConfigMgr for Linux/Unix
Linux/Unix Overview• Focused on server management scenarios• Hardware and Software Inventory• “Classic” software deployment with Packages and Programs• Endpoint Protection• Complies with maintenance windows
• Fully integrated solution with ConfigMgr• “Single pane of glass”• No custom server side code• Clients communicate to Management Points and Distribution Points like Windows
clients
• See also: IM-B201 Managing Linux and UNIX in a System Center Private Cloud
Supported Linux/Unix Operating Systems
Linux UNIX
Red Hat SUSE CentOS Ubuntu Debian Oracle AIX HP-UX Solaris
Configuration Manager * * * * * *
Endpoint Protection No Plans
*ETA = 2Q CY2013
Linux/Unix Hardware & Software Inventory• Extensible inventory framework based on Open
Management Infrastructure CIM server (http://omi.opengroup.org)• Built-in providers map Linux/Unix classes and properties to Windows equivalents for
consistent admin experience, reporting and querying
• View UNIX/Linux hardware inventory for a single computer using Resource Explorer
• View installed software (like Windows Add/Remove Programs)
• Build query-based collections of computers based on HW Inventory properties
• Full and delta inventory
Linux/Unix Software Deployment• Implemented as Packages and Programs• Use cases:• Deploy applications and application updates• Deploy Linux/Unis OS updates• Schedule one-time or recurring maintenance scripts
• Complies with collection maintenance windows
Features Not Yet Supported for Linux/Unix• No client push installation• Use command line script to install client• http://technet.microsoft.com/en-us/library/jj573939.aspx
• No native OS Deployment, Software Updates Management, nor Settings Management
• Not integrated with user-centric application model• No client UI experience for “available” application
install• No support for Internet-based Client Management
ConfigMgr for Mac
Mac Overview
• Built on ConfigMgr on-prem mobile device infrastructure• Enrollment Proxy Point• Enrollment Point• Management Point w/ HTTPS and Mac management
enabled• Distribution Point w/ HTTPS• Microsoft Certificate Authority
• “Single pane of glass” for MacOS X 10.6 (Snow Leopard), 10.7 (Lion), and 10.8 (Mountain Lion)
Mac Features
• Supported Features include:• Secure over-the-air enrollment• Active Directory & Network Discovery• Hardware & Software Inventory• Settings Management• Application Deployment
Mac Discovery and Enrollment• Both Network and AD discovery supported• AD discovery provides more info, but domain joining is not required• Network discovery can produce duplicate records in some cases
• Enrollment• Establishes mutual trust between the Mac and the management
infrastructure• Enrollment roles can be internet- or intranet-accessible only• User-initiated process from terminal session connects over SSL• Admin defines which users are authorized to enroll devices• End result: A user or machine certificate is installed on the device
and the management agent is configured. • Certificate renewal requires re-running enrollment
Mac Client Enrollment
Distribute client & tools package to Mac• P
ackage available on the Microsoft Download Center
• No built-in ‘push’ install for the ConfigMgr Mac client
Install client using Ccmsetup.pkg
Enroll client using CMEnroll• S
upply user domain credentials
• CMEnroll requests and installs user certificate
• Client contacts Management Point for policy
Configuration Manager applet appears in System Preferences
Mac Enrollment Architecture
Primary Site
User Discovery
Active Directory
Network Share
Enrollment Point
Enrollment Proxy Point
Microsoft CA
Management Point
Distribution Point
Domain username &
password
Domain username & password Domain
username & password
User Cert request
User Cert request
User Cert request
Get Policy
Dow
nload and install
client
Grant enrollment rights to user collection
Mac Inventory
Overview• Reported via Hardware Inventory, including installed apps• Inventory is not extensible like Windows client
Classes reported Processor Process ServiceComputer System Installed Software USB DeviceDisk Drive Computer System Product Portable BatteryDisk Partition USB Controller PrinterNetwork Adapter CDROM Drive Physical MemoryOperating System Desktop Monitor Video Controller
Mac Discovery & InventoryDemo
Mac Settings Management• Fully integrated experience with non-Mac settings
management• Supports monitoring and enforcement • Fully customizable settings via Property List (PList) files or
shell scripts• Preference settings applied at system level• User-based preferences not currently supported
Primary Site
Active Directory
Network Share
Enrollment Service Point
Enrollment Web Proxy
Microsoft CA
Management Point
Distribution Point
Get policy
Assign Baseline
Get policy BaselineGet current
configuration
Assess Compliance
Apply settings
Generate remediation commands
Report complianceReport compliance
Mac Settings Management Architecture
Mac Settings ManagementDemo
Mac Software Distribution
• Application model• Wrap Mac installer types using CMAppUtil• Supports .app, .pkg, .mpkg, and .dmg formats• Interrogates Mac installer to gather detection method and application
metadata
• Unified deployment and monitoring experiences• Currently only supports required application
deployment with device targeting• No end-user software catalog
• Content management• State-based distribution point groups• Single instance content store
Get content
Primary Site
Management Point
Distribution Point
Get policy
New Application
Get policy
Distribute content to DPs
MSICMMac
Deploy Application
Report install status
Report install
statusInstall App
Mac Software Distribution Architecture
Mac Software DistributionDemo
Endpoint Protection for Mac & Linux
System Center Endpoint Protection (SCEP) for Mac/LinuxFeatures• Anti-virus and anti-malware support• Machines connect directly to internet service for
security content• Client UI for user visibility and control• SCOM monitoring pack for Linux with management
control
Platforms• Apple Mac OS X (10.6, 10.7, 10.8) • Linux Server: Redhat Enterprise 6, SuSE Linux 11
Support and License• Microsoft supported, based on proven ESET
technology• Licensed as part of core CAL
In Review: Session Objectives And TakeawaysSession Objectives: • Understand how Mac and Linux/Unix management fits within ConfigMgr
2012 sp1• Understand the core features of Mac and Linux/Unix management in
ConfigMgr 2012 sp1• Demonstrate the key Mac management scenarios
Key Takeaways• Mac and Unix/Linux management is a critical part of Microsoft’s
commitment to heterogeneous device management• ConfigMgr 2012 sp1 extends our “single pane of glass” administration
to all device types and form factors from phones to servers
Related ContentBreakout Sessions
UD-B309Deploying and Configuring Mobile Device Management Infrastructure
UD-B310Deploying and Managing Windows 8 with Configuration Manager 2012 SP1
UD-B318Managing Embedded Devices with Configuration Manager 2012
UD-B325System Center 2012 Configuration Manager SP1 Overview
UD-B330System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management
UD-B331System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1
UD-B332What’s New with Microsoft Deployment Toolkit 2012 Update 1
UD-B333What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design
UD-B335Windows Intune Overview
UD-B403Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting
Related ContentInstructor-led and Hands-on Labs
UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.