System Center 2012 Configuration Manager Overview User Group June 2012 2012.

System Center 2012 Configuration Manager Overview

User Group June 2012

2012

2003

20122012

2011

2007

1999 SMS 2.0

1994SMS 1.0

Evolution of Microsoft Client Management

Client Management Infancy (NT Domain)

Groups ModelComprehensive Management

Laptops, Servers,

Enterprise Scale

Consumerization of IT

Management from the

Cloud

I want to connect to people and be productive anywhere, anytime

Security and AccessHow can IT provide access to apps and data while maintaining security?

How can IT support and manage all those devices?

I want to use the device I prefer

Challenges to Enabling Consumerization

Management of diverse devices

Secure, anywhere access to apps & data

Application Experience

Devices User Corporate

Consumer

Infrastructure Considerations

System Center 2012 Configuration Manager

Empower Users

Empower people to be more productive

from almost anywhere on almost

any device.

Simplify Administration

Improve IT effectiveness and efficiency.

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Empower Users

Empower people to be more productive from anywhere on

any device.

Application Delivery

Mobile Device Management

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Simplify Administration

Improve IT effectiveness and efficiency.

User-centric Application DeliveryAdministrator

Empower

Delivery Evaluation Criteria• User• Device type• Network connection

User/Device Relationships

Primary Devices• MSI• App-VNon-primary Devices• VDI• Presentation Server• Remote Desktop

• Deliver best user experience on each device• Define application once

< >

Windows Embedded

Application “Package”

User-centric Application DeliveryNew Application Model

Keep your apps organized and managed

App-V

Windows Script

CAB

Windows Installer

Empower

General Information

Administrator Properties

End User Metadata The “friendly” information for your users (appears in Catalog)

Is app installed?

Deployment Type

Detection Method

Install Command

Requirement Rules

Dependencies

Supersedence

Command line and options

Can/cannot install app

Apps that must be present

Application version control

< >

User-centric Application DeliveryEnd User Self-service

IT

Empower

Administrators publish software titles to catalog, complete with meta data to enable search• Deliver best user experience

on each device

Users can browse, select and install directly from Catalog• Application model determines

format and policies for deliveryUse

r

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Reduced Infrastructure Requirements

Unified Management of Virtual Clients

Endpoint Protection

Software Update Management

Compliance & Settings Management

Power Management

Internet-based Client Management

Reduced Infrastructure Requirements Unify

Central Administration Site

• Central primary site administration

• Reporting

Primary Sites

• Client management and settings • Delegated administration

Secondary Sites

• Content routing• Distributions points

Central Administration

Site

Primary Site Primary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

CONNECTION BROKER

Unified Management of Virtual Clients

User-centric application delivery through App-V or Citrix XenApp.

Single admin experience for managing physical and virtual desktops. Integrates with RDS and XenDesktop. • Recognizes pooled and personal virtual

desktops • Randomizes tasks

Unify

HYPER-V

CONFIGMGRDP/MP

APP-VSEQUENCER

Security and ComplianceEndpoint Protection

Unified Infrastructure

• Simplified server and client deployment

• Streamlined updates• Consolidated reporting

Comprehensive Protection Stack• Behavior monitoring• Antimalware• Dynamic Translation• Windows and Firewall

Management

Internet-based Client Management

PR1

MP DP

MP

DP

Non PKI enabled site system

PKI enabled site system

Unify

Intranet Internet Reduced Complexity• Single Primary site can manage both

Intranet clients (over HTTP) and Internet clients (over HTTPS)

Flexibility• Primary sites can be configured to either

support only HTTPS roles or both HTTP and HTTPS site roles

Reliability• Intelligent client behavior enables client to

communicate using the most secure option available

• Tighter security enforcement by only allowing clients with Enterprise-issued certificates to communicate with the ConfigMgr roles

Role Based Administration

Functionality ConfigMgr 2007 ConfigMgr 2012

What types of objects can I see and what can I do to them?

Class rights Security roles

Which instances can I see and interact with?

Object instance permissions

Security scopes

Which resources can I interact with?

Site specific resource permissions

Collection limiting

Simplify

Meg- WW Central System Administrator

Louis-Software Update Manager for France

Bob- US & France Security Admin

• Can see & update “France” desktops

• Cannot modify security settings on “France” desktops

• Cannot see “All Systems” or “U.S.” desktops

• Can see & modify security settings on “France” and “U.S.” desktops

• Cannot update “France” or “U.S.” desktops

• Cannot see “All Systems”

Map the organizational roles of your administrators to defined security roles

• Security organization role• Geography

Reduces error, defines span of control for the organization

Summary

2007 R3 2012

Role-based Administration

Internet-based Client Management

Power Management

Software Update Management

Reduced Infrastructure Requirements

Mobile Device Management

Application Delivery

Compliance & Settings Management

Key Scenarios

Endpoint Protection

Unified Management of Virtual Clients

Device Centric

Operating System Deployment

Asset Intelligence, Client Health, and Inventory

MDM licensing

User Centric

Integrated

New

Integrated

Auto Remediation

Improved

Improved

Em

pow

er

Unify

Sim

plif

y New

• Single CAS replaced Central site• 25k clients Per Management Point w/o NLB• 25 Primaries under CAS• 250 Secondary Sites under Primary Site• 250 Distribution Points w/ PXE and throttling support –

5000 Max Per Hierarchy / Windows 7 w/ IIS supported

Infrastructure Sizing

SCCM 2007 Summary Numbers as of May 2012

Bureau Friendly Name(s)

Active Directory Domain

Top Level Tier 2 Tier 3

Number of Primary

Sites

Number of Secondary

Sites

Number of Distribution

PointsClients

AssignedClients

Installed

Enabled Computer

Accounts in AD      1 3 0 4 0 116 6,575 6,037 7,480

      1 17 139 18 139 157 16,443 15,400 17,858

    1 3 0 1 3 15 4,185 2,782 3,523

      1 7 0 8 0 81 9,385 7,451 8,009

     1 6 5 7 5 11 4,152 3,926

3,833

      3,538

      1 9 14 10 14 410 33,493 22,725 30,013

      1 0 0 1 0 1 149 145 154

      1 10  1 10 11?     891

      1 0 0 1 0 1 407 405 2 ?

      1 0 0 1 0 23?     1,115

     1 0 0 1 0 1

   1,904

      1 15 0 1 15 298 12,786 12,504 15,058

      1 5 64 70 0 179 18,984 15,634 25,376

                      74

                      179

Total Hierarchies 13 13 75 222 124 186 1304 106,559 87,009 119,005 Total Sites 310 Total Primary Sites 124

Topic Details

Total Managed Clients

86,000

Separated Internal Departments

17

Distributed Locations

3239

Primary Site Servers

9

Child Primary Servers

287

Secondary Site Servers

275

Distribution Points

1258

Topic Details

Total Managed Clients

86,000

Separated Internal Departments

17

Distributed Locations

3239

Central Administration Servers

1

Primary Servers 15

Secondary Site Servers

100

Distribution Points

3000

Tier 1

Tier 2

Tier 3

Primary Site Servers (6)Management PointApp Catalog WebFallback Status pointSoftware Updates

(CAS) Central Administration Site Servers (1)Role Based Administration

CAS

BLMUSGS

BLM USFWNPS2 NPS1 USGS2USGS1

Secondary Site Servers25k clients per site250 per primary siteBased on upaward Routing requirements to Primary locationSQL installation required

DP/Site Servers250 per Site Server4000 Max connections perSender throttling availableNon-Server Win7 OS supportedPXE Service Points Placement on sites with greater than 100 clents5000 per Primary

DP

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be substantially modified before it’s commercially released.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.