System Center 2012 Configuration Manager Overview User Group June 2012 2012
Dec 25, 2015
2003
20122012
2011
2007
1999 SMS 2.0
1994SMS 1.0
Evolution of Microsoft Client Management
Client Management Infancy (NT Domain)
Groups ModelComprehensive Management
Laptops, Servers,
Enterprise Scale
Consumerization of IT
Management from the
Cloud
I want to connect to people and be productive anywhere, anytime
Security and AccessHow can IT provide access to apps and data while maintaining security?
How can IT support and manage all those devices?
I want to use the device I prefer
Challenges to Enabling Consumerization
Management of diverse devices
Secure, anywhere access to apps & data
Application Experience
Devices User Corporate
Consumer
Infrastructure Considerations
System Center 2012 Configuration Manager
Empower Users
Empower people to be more productive
from almost anywhere on almost
any device.
Simplify Administration
Improve IT effectiveness and efficiency.
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Empower Users
Empower people to be more productive from anywhere on
any device.
Application Delivery
Mobile Device Management
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Simplify Administration
Improve IT effectiveness and efficiency.
User-centric Application DeliveryAdministrator
Empower
Delivery Evaluation Criteria• User• Device type• Network connection
User/Device Relationships
Primary Devices• MSI• App-VNon-primary Devices• VDI• Presentation Server• Remote Desktop
• Deliver best user experience on each device• Define application once
< >
Windows Embedded
Application “Package”
User-centric Application DeliveryNew Application Model
Keep your apps organized and managed
App-V
Windows Script
CAB
Windows Installer
Empower
General Information
Administrator Properties
End User Metadata The “friendly” information for your users (appears in Catalog)
Is app installed?
Deployment Type
Detection Method
Install Command
Requirement Rules
Dependencies
Supersedence
Command line and options
Can/cannot install app
Apps that must be present
Application version control
< >
User-centric Application DeliveryEnd User Self-service
IT
Empower
Administrators publish software titles to catalog, complete with meta data to enable search• Deliver best user experience
on each device
Users can browse, select and install directly from Catalog• Application model determines
format and policies for deliveryUse
r
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
Reduced Infrastructure Requirements
Unified Management of Virtual Clients
Endpoint Protection
Software Update Management
Compliance & Settings Management
Power Management
Internet-based Client Management
Reduced Infrastructure Requirements Unify
Central Administration Site
• Central primary site administration
• Reporting
Primary Sites
• Client management and settings • Delegated administration
Secondary Sites
• Content routing• Distributions points
Central Administration
Site
Primary Site Primary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
Secondary Site
CONNECTION BROKER
Unified Management of Virtual Clients
User-centric application delivery through App-V or Citrix XenApp.
Single admin experience for managing physical and virtual desktops. Integrates with RDS and XenDesktop. • Recognizes pooled and personal virtual
desktops • Randomizes tasks
Unify
HYPER-V
CONFIGMGRDP/MP
APP-VSEQUENCER
Security and ComplianceEndpoint Protection
Unified Infrastructure
• Simplified server and client deployment
• Streamlined updates• Consolidated reporting
Comprehensive Protection Stack• Behavior monitoring• Antimalware• Dynamic Translation• Windows and Firewall
Management
Internet-based Client Management
PR1
MP DP
MP
DP
Non PKI enabled site system
PKI enabled site system
Unify
Intranet Internet Reduced Complexity• Single Primary site can manage both
Intranet clients (over HTTP) and Internet clients (over HTTPS)
Flexibility• Primary sites can be configured to either
support only HTTPS roles or both HTTP and HTTPS site roles
Reliability• Intelligent client behavior enables client to
communicate using the most secure option available
• Tighter security enforcement by only allowing clients with Enterprise-issued certificates to communicate with the ConfigMgr roles
Role Based Administration
Functionality ConfigMgr 2007 ConfigMgr 2012
What types of objects can I see and what can I do to them?
Class rights Security roles
Which instances can I see and interact with?
Object instance permissions
Security scopes
Which resources can I interact with?
Site specific resource permissions
Collection limiting
Simplify
Meg- WW Central System Administrator
Louis-Software Update Manager for France
Bob- US & France Security Admin
• Can see & update “France” desktops
• Cannot modify security settings on “France” desktops
• Cannot see “All Systems” or “U.S.” desktops
• Can see & modify security settings on “France” and “U.S.” desktops
• Cannot update “France” or “U.S.” desktops
• Cannot see “All Systems”
Map the organizational roles of your administrators to defined security roles
• Security organization role• Geography
Reduces error, defines span of control for the organization
Summary
2007 R3 2012
Role-based Administration
Internet-based Client Management
Power Management
Software Update Management
Reduced Infrastructure Requirements
Mobile Device Management
Application Delivery
Compliance & Settings Management
Key Scenarios
Endpoint Protection
Unified Management of Virtual Clients
Device Centric
Operating System Deployment
Asset Intelligence, Client Health, and Inventory
MDM licensing
User Centric
Integrated
New
Integrated
Auto Remediation
Improved
Improved
Em
pow
er
Unify
Sim
plif
y New
• Single CAS replaced Central site• 25k clients Per Management Point w/o NLB• 25 Primaries under CAS• 250 Secondary Sites under Primary Site• 250 Distribution Points w/ PXE and throttling support –
5000 Max Per Hierarchy / Windows 7 w/ IIS supported
Infrastructure Sizing
SCCM 2007 Summary Numbers as of May 2012
Bureau Friendly Name(s)
Active Directory Domain
Top Level Tier 2 Tier 3
Number of Primary
Sites
Number of Secondary
Sites
Number of Distribution
PointsClients
AssignedClients
Installed
Enabled Computer
Accounts in AD 1 3 0 4 0 116 6,575 6,037 7,480
1 17 139 18 139 157 16,443 15,400 17,858
1 3 0 1 3 15 4,185 2,782 3,523
1 7 0 8 0 81 9,385 7,451 8,009
1 6 5 7 5 11 4,152 3,926
3,833
3,538
1 9 14 10 14 410 33,493 22,725 30,013
1 0 0 1 0 1 149 145 154
1 10 1 10 11? 891
1 0 0 1 0 1 407 405 2 ?
1 0 0 1 0 23? 1,115
1 0 0 1 0 1
1,904
1 15 0 1 15 298 12,786 12,504 15,058
1 5 64 70 0 179 18,984 15,634 25,376
74
179
Total Hierarchies 13 13 75 222 124 186 1304 106,559 87,009 119,005 Total Sites 310 Total Primary Sites 124
Topic Details
Total Managed Clients
86,000
Separated Internal Departments
17
Distributed Locations
3239
Primary Site Servers
9
Child Primary Servers
287
Secondary Site Servers
275
Distribution Points
1258
Topic Details
Total Managed Clients
86,000
Separated Internal Departments
17
Distributed Locations
3239
Central Administration Servers
1
Primary Servers 15
Secondary Site Servers
100
Distribution Points
3000
Tier 1
Tier 2
Tier 3
Primary Site Servers (6)Management PointApp Catalog WebFallback Status pointSoftware Updates
(CAS) Central Administration Site Servers (1)Role Based Administration
CAS
BLMUSGS
BLM USFWNPS2 NPS1 USGS2USGS1
Secondary Site Servers25k clients per site250 per primary siteBased on upaward Routing requirements to Primary locationSQL installation required
DP/Site Servers250 per Site Server4000 Max connections perSender throttling availableNon-Server Win7 OS supportedPXE Service Points Placement on sites with greater than 100 clents5000 per Primary
DP
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be substantially modified before it’s commercially released.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.