Presentation is loading. Please wait.

Presentation is loading. Please wait.

SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown Martin Dey Director, Product Marketing Windows and Enterprise Management Division.

Similar presentations

Presentation on theme: "SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown Martin Dey Director, Product Marketing Windows and Enterprise Management Division."— Presentation transcript:

1 SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown Martin Dey Director, Product Marketing Windows and Enterprise Management Division Microsoft Corporation, Redmond

2 Agenda SMS 2003 R2 Basic Product Features Scan Tool for Vulnerability Assessment Inventory Tool for Custom Updates Asset Management with AssetMetrix OS Deployment Feature Pack and Update Configuration Manager 2007 Design Goals NAP Support Update Deployment Desired Configuration Management

3 SMS 2003 R2 Capabilities Application Deployment Asset Management Security Patch Management Leveraging Windows Management Services Support for the Mobile Workforce

4 Application Deployment SMS 2003 Delivers Delivery of large-scale projects in a timely and inexpensive manner Provisioning of the right services and applications to end-users Quickly and easily - in support of business requirements Comprehensive solution for critical application delivery Plan, test, deploy and analyze applications Reliably and easily To the right place and at the right time Business Demands

5 Application Deployment - Features Plan, test, deploy, and analyze Enables the complete lifecycle of application deployment from planning through verification Provides complete inventory and usage tracking to be able to plan for such a rollout Integrated solution for all Windows computers Reliably and easily Deploys successfully and reliably to locked down Windows environments Enables rich targeting Reduces overall costs Right place at the right time. Delivers all of these applications to highly distributed and complex enterprise environments

6 Software Delivery Status (3)

7 Reduction in hardware and software asset costs Software license compliance Reduced software costs through ability to track and report on compliance Application installation and usage information Asset Management SMS 2003 Delivers Business Demands

8 Integration with Active Directory allows asset targeting based on business process Allows for a granular and flexible inventory discovery process Provides an integrated way to Determine application installation Track application usage Simplicity in asset tracking through integrated metering and inventory Asset Management – Features

9 Security Patch Management Tools and processes to Identify critical patches Determine vulnerable systems Deliver patches reliably and quickly Accurately report delivery status A secure Windows environment through Collection of critical patch information Vulnerability assessment of existing environment Quick and easy deployment of patches Targeted delivery of patches Verification and reporting on patch deployment SMS 2003 Delivers Business Demands

10 Awareness Leverages existing tools like MS Baseline Security Analyzer Collects MBSA results for storage in a central repository Rich reporting provides detailed vulnerability analysis and enables mitigation planning Response Enterprise proven integrated end-to-end solution for deploying all software, including patches, from small to large enterprises. Up to 99.9+% reliability in patch delivery Provides the control that administrators need to effectively deliver these patches from assessment and targeting through to deployment and verification Saves operational costs for repackaging by dynamically acquiring the desired patches from Microsoft and pre-assembling them into a ready-to-deliver package Integration with industry recognized processes for the greatest success Security Patch Management

11 Mobility Capability to meet mobile workforce needs Provides critical IT business services Extends asset management to mobile devices Delivers relevant business applications to mobile devices Support for roaming and infrequently connected mobile users Delivery of critical business services and applications—reliably and timely SMS 2003 Delivers Business Demands

12 Mobility – Features Infrequently connected users Only transmit necessary data to remote devices Use proven standards and proven technologies HTTP bandwidth aware communications XML based schema Leverages the experience and technologies from Windows Update 200 million downloads/month to mobile users Roaming users Access data from the closest source Use proven installer technologies MSI Leverage existing infrastructure Active Directory

13 Customer Scorecard 20K+ customers 84% increase in usage in the last 3 yrs More customers using – 60%+ of enterprises Used on servers as frequently as desktops Used more broadly – 80+% of desktops In last 3 years of growth, PSS call volume has stayed flat!

14 Partner Ecosystem Management Partners WS-Management AD authentication and single-sign on Extends SMS to non-Windows platforms Manage all platforms from MOM console Strategic development partnership Extending SMS to update Dell servers Delivering comprehensive MOM management pack Shipping MOM Workgroup with next generation servers

15 Product Milestones June 2006 RTM Mid RTM

16 SMS 2003 R2 Inventory Tool for Custom Updates Extend your SMS Infrastructure to accomplish any custom scanning Deploy any 3 rd party and LOB updates through SMS Microsoft Update and WSUS Schema Scan Tool for Vulnerability Assessment Over 100 VA Checks SMS “software update” like experience Based on MBSA v2.0

17 Scan Tool for Vulnerability Assessment Uses MBSA 2.0 for vulnerability assessment (VA) Prior to a VA scan, MBSA 2.0 is deployed to clients Provides VA reporting for common software mis-configurations defined by the MBSA 2.0 VA manifest Administered identically to existing SMS 2003 software update scan tools

18 Scan Tool For Vulnerability Assessment Reporting for nearly 100 critical software misconfigurations Critical vulnerabilities include Are unnecessary services installed and running? Do file shares have appropriate permissions? Is Windows Firewall enabled? Are strong passwords enforced? Are unsecured Guest accounts enabled? Are there too many local Administrators on a single machine?

19 SMS 2003 R2 Vulnerability Assessment

20 Custom Updates Current Situation How does an SMS Admin deploy a non- Microsoft update? Difficult Determine which machines need the update Determine if the update was successful Not scalable Overhead of a new collection for every update Slow process if custom inventory is required Limited reporting on compliance

21 Custom Update Components Custom Update Publishing Tool Easy configuration of applicability through logic in the Publishing Tool Inventory Tool for Custom Updates (ITCU) Scan Tool Inventory Tool for Custom Updates determines which machines need an update Reporting uses the same interface as existing software update reports

22 Microsoft Update Catalog SMS PublishingTool ISV / OEM Catalogs InternalApplicationCatalogs

23 Custom Updates Corporate Publishing XML Corporate Publishing XML is the schema behind Custom Updates Defines properties of updates Includes logical expressions that can be created with any combination of detection rules to determine applicability and installed status of an update Jointly developed by SCCM, WSUS, SCE Schema is human readable XML Can be authored with any XML editor or manually Scan engine uses the catalog of configured updates to perform a client scan

24 Custom Updates Deployment Ready Catalogs Shift the expertise of creating an update to the software provider LOB applications Commercial software vendors Catalogs currently available AdobeCitrix1E ISVs can on-board via

25 SMS 2003 R2 Custom Updates

26 ITCU Scan diagram Pub tool syncs catalog… Sync published catalog Distribute to DP Client gets policy Run scan advertisement Inventory information is sent back to site database

27 ITCU Update deployment diagram Download from Internet or import files… Admin approves a patch Update distributed to DP Client gets policy Run update advertisement Re-scan and inventory information is sent back to site database

28 Customer Comments about SMS 2003 R2 “In the past our administrators could take weeks creating packages for third party and custom updates that we could confidently deploy in our production environment. SMS 2003 R2’s Inventory Tool for Custom Updates has greatly simplified this process by decreasing the time spent to only a few days, and as more vendors publish their update catalogues with ITCU we anticipate this dropping to only a few hours. Richard Baasch IT Operations Manager US Army, Ft. Lewis "By allowing us to utilize third-party catalogs and create custom catalogs for our internal line-of-business applications, we can precisely identify systems requiring non-Microsoft updates and apply those updates faster, easier and more effectively than before. SMS 2003 R2 enables us to move away from diverse custom solutions to a single highly configurable solution with an intuitive graphical user interface." Jeff Snyder IT Administrator Boeing Corporation

29 SMS 2003 SP2 Enhancements SMS Setup Changes Update.exe Platform Changes Deprecating Advanced Clinet Support for: Windows 2000 SP3 systems Windows XP RTM Active Directory Security Group Discovery FQDN Support SQL Server Support (SQL 2005) Performance Improvements Integrated ITMU for patch management SMS 2003 SP2 Enhancements

30 SMS 2003 SP3 Comprehensive asset identification & categorization ● Windows Vista Compatibility ● AssetMetrix (AMx) integration ● Semi-annual updates available to SA customers ● Extends SMS inventory agent to collect additional artifact data ● New SMS reports that radically simplify software license mgmt ● Hardware data to help determine CPU age and USB detection + + Inference and Triangulation Reports License Reporting SW Consolidation Upgrade Planning SMS inventory AMx KB Application and HW Intelligence

31 AssetMetrix Acquisition Asset Intelligence: AssetMetrix Research Labs AssetMetrix Research Labs Knowledge Base: 70,000,000 software instances 70,000,000 software instances 430,000 software titles 430,000 software titles Over 98% of commercial s/w apps categorized Over 98% of commercial s/w apps categorized Analytics and Reports: 300+ customizable reports 300+ customizable reports Instant queries Instant queries Hardware & Software Asset Management Strategic Asset Planning

32 SMS reports with categories from AssetMetrix DB

33 Transforms software into a centrally managed, policy based service   Virtualized applications with a zero installation footprint   Software available dynamically via streaming technology   Provisioning tied to user identity - separating hardware from users & apps   Support disconnected mobile users   Fully integrates with Systems Management Server 2003 Remove barrier of installation and compatibility testing between applications   Virtualization at the application layer with runtime isolation   Simplified packaging   No alteration of the operating system   Elimination of application conflicts and associated regression testing InstantlyAvailable Softricity Acquisition: SoftGrid Application Virtualization Application Compatibility Accelerated Responsiveness Make Windows more cost-effective and adaptable to application and operating system changes   Virtualized applications and updates delivered based on real-time needs   Safe self-provisioning with virtualized applications   Ease OS migration by eliminating up front deployment and application compatibility challenges

34 Application Virtualization Strong Isolation with Controlled OS Interaction Applications are virtualized per instance:  Files (incl System Files)  Registry  Fonts .ini  COM objects  Services Applications do not get installed or alter the operating system Yet tasks process locally on the host computer.

35 On-Demand Streaming of Virtual Apps Permission Based User clicks on desktop shortcuts – authentication, authorization and licensing checked every time users launch a SoftGrid application Centrally Served The first time the Server streams “just enough” code (20-40%) to client or TS machine. As more code is needed, it is dynamically delivered. Locally Executed App executes on desktop, laptop and/or Terminal Server, not on SoftGrid Server Cached for Performance App code is cached for repeat use – even without a network Disconnected Use Support Entire set of applications are cached for limited time before expiring

36 SoftGrid Integration w/ SMS 2003 Flexible application deployment: Pre-cached to clients with traditional updates Pre-cached with dynamic updates Pure dynamic delivery Integrated reports and metering Enterprise scale POR Configuration Manager 2007 Branch office replication

37 SMS 2003 R2 OS Deployment Key Features OS Deployment Feature Pack Integrated with SMS 2003 Inventory-based planning / targeting Uses SMS software distribution SMS replication of images across enterprises Centralized tracking and status Custom actions Advanced Windows Imaging Format (.WIM) File-based and non-destructive Eliminates duplicate files Smaller images / high compression (3:1) Advanced image installation task sequencing User Notification balloons State capture and restore USMT or custom Optional SMS advertisement Executed during State Restore phase as a custom action Ability to include and execute custom installation scripts SMS packages can be executed as part of installation sequence

38 Core Deployment Scenarios In-place Migration Central planning, targeting and distribution of Image Packages Computer and user state is saved Image is installed Other SMS advertised programs rapidly installed Computer and user state is restored Centralized status reporting Help Desk Recovery (break/fix) Administrator inserts image installation CD or distributes via SMS Machine is re-imaged (wipe/load)

39 SMS 2003 “Install” Master Computer “Capture” ImageFile “Plan”“Distribute”“Track” Target Computers ImagePackage StatusReports SMS 2003 OSD Feature Pack Overview of operations

40 OSD Feature Pack Update Required for Windows Vista image capture and deployment Requires SMS 2003 Service Pack 2 Will not install on any previous version Does not operate stand alone Supports Windows Vista image capture and deployment Also supports Windows 2000 and later Supports 64-bit client image capture and deployment The original OSD Feature Pack does NOT support deployment of Windows Vista

41 Supports two WIM formats The original OSD Feature Pack uses pre- Windows Vista WIM (0.9) The OSD feature pack update also supports Windows Vista and Windows Server “Longhorn” WIM (1.0) There is no direct migration path from WIM 0.9 to WIM 1.0 Necessary to deploy the WIM 0.9 image and re- capture it as a WIM 1.0 image OSD Feature Pack Update Image Format Support

42 Mid-2007 RTM

43 Reduce Configuration Management Infrastructure Costs Simplified UI and Installation Simplified UI and Installation Branch office support Branch office support Greater levels of control (Scheduling, WoL) Greater levels of control (Scheduling, WoL) Built on Windows Management Infrastructure Built on Windows Management Infrastructure Simplicity Knowledge Driven Configuration Management IT policies for analyzing corporate and regulatory compliance IT policies for analyzing corporate and regulatory compliance Out of the box configuration policies for server workloads e.g. Exchange Out of the box configuration policies for server workloads e.g. Exchange License and asset inventory License and asset inventory Based on the Service Modeling Language (SML) Based on the Service Modeling Language (SML) Configuration Enabling the Mobile Enterprise Network Access Protection Network Access Protection Enterprise Vulnerability assessment Enterprise Vulnerability assessment Securely managing devices across the Internet Securely managing devices across the Internet Maintain client security through Software Update deployment Maintain client security through Software Update deployment Security Unified delivery of Windows Operating System for Clients and Servers One worldwide image to manage with Vista One worldwide image to manage with Vista Built on Windows Vista Deployment Technologies Built on Windows Vista Deployment Technologies Vista and Office 2007 upgrade assessment and resolution planning Vista and Office 2007 upgrade assessment and resolution planning Secure Online and Offline Provisioning Secure Online and Offline Provisioning Secure network storage of user state during Operating System deployment Secure network storage of user state during Operating System deployment Deployment Key Investments in System Center Configuration Manager 2007

44 Simplicity Improved setup with confirmation of server completion New UI model built around common task scenarios Includes home page, sizable dialogs, drag’n’drop, task structure Simplified and more cost effective infrastructure Ability to use a workstation as a distribution point for branch offices Easier to mirror operational process Associate operational change windows with a collection WoL built-in Subnet Directed Broadcast Unicast (IPv6) Non-proxied approach Redundant Infrastructure Support for SQL clustering Native Support for Device Management Smart Phones Internet facing device management (e.g. over GPRS) Over-the-air management of devices

45 Configuration Manager 2007 Console

46 Deploying Windows “Hands-off deployment” End-to-end, secure and flexible processes Make upgrading to Vista/LH seamless Build on core Vista/Longhorn functionality Unified client and server deployment Fully automate the deployment process in a secure and highly flexible manner

47 Deploying Windows Vista and Office 2007 centralized upgrade assessment and resolution planning Application Compatibility Toolkit 5.0 Office 12 Migration Toolkit Deployments driven by customizable task sequences Wizards to generate standard task sequences GUI task sequence editor gives full control of the deployment process Drive toward single worldwide image Device driver catalog Localized at deployment Side-by-side computer replacement with secure user state migration Automation of build and capture reference machine Offline media (CD/DVD/USB) to deploy in locations with limited or no network connectivity Integration with Windows Deployment Services PXE server For bare-metal or failed system installs

48 Security Raising the bar on the security of the infrastructure Full mutual authentication between client/server using https Location awareness for client machines moving between intranet and Internet Convergence with standards based technologies Ability to identify unmanaged clients Securing Windows Network Access Protection (NAP) integration Rebuilt Software Update Infrastructure Leverage WSUS Server Includes third-party update support

49 Securing Windows Software Updates Management All Microsoft Update content Templates reduce 18 dialogs to 6 clicks Support for both mandated and optional updates 3 rd party and in house LOB application updates Service Windows Updates can be installed with OSD Task Sequence More efficient infrastructure State based for improved visibility of update installation lifecycle Update synch as a core site role Support for custom severity definitions Use Windows Update Agent for compliance scanning

50 Software Updates in Configuration Manager 2006

51 Network Access Protection Solution Overview Policy Validation Validates the health of client systems as defined by corporate security policy Quarantine Restricts access from protected network regions based on client health state. Network Remediation Provides access to resources allowing clients to correct security policy compliance deficiencies Ongoing Compliance Automatic enforcement of changes to defined corporate security policies ensuring sustained policy compliance

52 NAP Components NPS Policy Server (RADIUS) Quarantine Server (QS) Client Quarantine Agent (QA) Health policyUpdates Health Statements Network Access Requests Health Certificate Network Access Device & Health Registration Authority Enforcement Client (QEC) (DHCP, IPSEC, 802.1x, VPN) ConfigMgr NAP Health Components System Health Agent (SHA) System Health Validator (SHV) System Health Server (ConfigMgr Site Server) Remediation Server (ConfigMgr DP) ConfigMgr Systems Health Agent ConfigMgr Systems Health Validator ConfigMgr Site Server ConfigMgr DP

53 NAP Data Flow CSS HRA NPS : SHV X X DP Quarantine Restricted Network Boundary Network Protected Network MS Download Center MP AD Download Updates to Site Server Publish Health State in Active Directory Retrieve Health State Policy Send Statement of Health for Evaluation Download New Policy Install Required Updates Healthy Client Deploy Updates to DP

54 Desired Configuration Management (DCM) Detect server configuration “drift” Improve troubleshooting and “time-to-resolve” Regulatory compliance reporting Change verification Built on Service Modeling Language (SML) Structure of the system Relationships between system’s components Relationships between the system and its environment Configuration constraints and invariants Manage the configuration of Windows environments and ensure system configuration compliance against defined corporate standards

55 DCM in Action Configuration Items SMS Server SMS Database Windows Server 2003 CI SQL Server 2000 CI MW/AV Software CI Configuration Item Library 401(k) Application Server Baseline Configuration Manager Client Managed Client WMI Provider XML Provider Registry Provider IIS Provider MSI Provider 1 Authored via Admin UI Created by Importing SML documents 2 Configuration Baseline defined using configuration items in the library Configuration baseline targeted at managed client 3 Client evaluates discovered state for compliance with desired configuration 4 Compliance report and discovered state reported to SMS Server 5


57 Mar 2007 (Vista Dependent) SMS 2003 SP3 Jul 2006 Beta 1 Refresh (NAP/Vista OSD) Q Beta 2 DCM Mid-2007 Public Availability System Center Configuration Manager 2007 Helping IT Drive Business Value Get ready for Configuration Manager 2007, deploy SMS 2003 SP2 today Enterprise focus driven by feedback from customers, partners, and analysts Emphasizing operational simplicity, enterprise scale, security and corporate compliance Continued long-term commitments to investment in the following areas: Lowest cost and best solution for deploying Windows and Office Strong partner ecosystem Dynamic Systems Initiative w/ support for SML Download Systems Management Server v4 Open Beta 1 today Request entry into Rapid Deployment Program by early October

58 For more Information Related Sessions on the MMS 2006 DVD SY01 SMS - State of the Union SY02 Sneak Peek - System Center Configuration Manager (SMSv4) SY03 Upgrading to SMS 2003 SP2 - Overview and Best Practices SY04 What's New in SMS 2003 R2 SY05 Deploying Vista Clients with SMS 2003 SY06 Designing an SMS hierarchy for High Availability and Fault Tolerance SY08 Drilldown into System Center Configuration Manager (SMSv4) Beta 1 and Beta 1 Refresh Features SY09 SMS 2003 for Asset and License management SY21 SMS Security Patch Management at Microsoft SY22 SMS Site Planning and Deployment and Management of Advanced Clients at Microsoft SY24 SMS 2003 in a Financial Institution: Real World Implementation SY25 SMS 2003 Files : Case Studies From Premier Support SI21 Enterprise Management and Architecture at Microsoft

59 On-line Resources SMS Home Page System Center Family of products Community Sites SMS 2003 Scripting Center SMS Download Center Webcasts

60 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


Download ppt "SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown Martin Dey Director, Product Marketing Windows and Enterprise Management Division."

Similar presentations

Ads by Google