MOD343 Configuration Manager 2007 – SP1 and R2 Overview Conrad
55 Slides5.35 MB
MOD343 Configuration Manager 2007 - SP1 and R2 Overview Conrad Zimmermann System Engineer Expert [email protected] API.SA www.api.ch 021.654.30.30
Abstract Abstract: System Center Configuration Manager 2007 has recently shipped, but we are not done yet! This year, we will also release a Service Pack and an R2. In this session, we will cover the changes we are making to Configuration Manager in the Service Pack 1 timeframe, as well as the following R2 release. We will briefly introduce Configuration Manager, but the focus will be on the new elements to support Vista Service Pack 1, Windows Server 2008, as well as some additional changes for Asset Intelligence, and Intel AMT Integration. Objectives: A brief overview of Configuration Manager Configuration Manager 2007 Service Pack 1 Overview and timeframe
Agenda Configuration Manager Service Pack 1 SCCM R2 Plan of Record
Configuration Manager 2007 SP1/R Customer momentum Beta Released 8 February 14 TAP Customers Configuration Manager 2007 Service Pack 1 May 2008 Availability Windows Server 2008 and Vista SP1 Support Asset Intelligence 1.5 Intel AMT Integration Configuration Manager 2007 R2 Summer 2008 Availability Microsoft Application Virtualization integration Client Status Reporting Server Provisioning scenarios (including multicast support on WDS, unknown machine support) Forefront Client Security integration (reporting only) SQL Server Reporting Services integration
Platform Support Feature / Platform HW/SW Inventory OS Deployment Vista Vista SP1 XP SP2 Windows 2000 Server 2008 Server 2003 Server 2000 WFLOP WePOS XP Embedded Windows CE Windows Mobile SCCM SCCM SP1 Not supporte d Software Distributio n Software Update Mgmt Desired Config Mgmt
System Center Configuration Manager Service Pack 1 Overview
What's in SP1? Hotfix rollup Customer DCR’s Infrastructure to support R2 features Windows Server 2008 support changes Vista SP1 Support details and changes since RTM Asset Intelligence 1.5 Intel AMT Integration
Asset Intelligence 1.5: Goals & Non-goals Goals: Keep software asset categorization up-to-date Allow customers to keep license information up-to-date Allows customers to categorize software assets Allow customer requests for categorization via System Center On-line Provide consolidated MVLS reports comparing the “ought” with “is” for Microsoft Volume Licensing Non-Goals: Provide on-line features or support for those features to non-SA customers Allow sharing of local categorization with community Provide localization of categories/software Provide asset management portal Provide software inventory portal (Covered by System Center On-line)
Asset Intelligence 1.5: Enabling Features New Catalog and License management UI in SCCM Admin console Ability to customize catalog via local edits (e.g. create new categories) On-demand or scheduled catalog synchronization via SCCM management console Ability to tag “unknown” software assets and pass up to on-line service for a-sync identification Basic replication to distribute latest DB updates to other SCCM sites (used for generating reports) Ability to import licensing data and compare to inventory (e.g. Microsoft License Statement)
Asset Intelligence 1.5: Architecture
Asset Intelligence 1.5 demo
Intel AMT Integration AMT out of band management Dave Randall to present this SP1 feature
Hardware: Intel vPro Component Intel Core 2 Duo Processor Intel Q35 Express Chipset with ICH9-DO Intel 82566DM Gigabit Network Connection Intel vPro Components Intel Platform Software & Ecosystem Solutions Intel Key Platform Technologies Intel Active Management Technology (AMT) is a function of the chipset & network controller Hardware-based management for clients Desktop: Intel vProTM Processor Technology
ConfigMgr 2007 Features Provisionin g Secure Setup & Configure AMT Zero Touch – Certificate Hash Zero Touch – In band via agent Ties to OSD w/targeting Remote Console Helpdesk / Interactive session Serial over LAN IDE Redirection BIOS password bypass Manual power control Discovery/Inventory Discover On Demand per machine / per collection Scheduled Discovery In band Discovery via agent Power Control Scheduled Power On SWDist, SUM, OSD On Demand Power Control Wake, Restart, Shutdown Interactive via OOB Console
Intel AMT and Out of Band Management Hardware Requirements Intel vPro enabled desktop computers Firmware version 3.2 or later Firmware 3.0 and earlier via Intel translator SCCM Infrastructure Requirements Out of band service point site system role PKI integration (Microsoft Enterprise CA) Windows Remote Management (WS-MAN)
Provisioning – Bare Metal Scenario Configuration Manager 2007 Out of Band Service Point 1. 2. 3. 4. 5. 6. Intel AMT Client with embedded root certificate Configure ConfigMgr with an “SSL Server” certificate Client sends “Hello Packet” SSL Certificates are exchanged and verified Secure network connection is established. Out of Band Service Point transfers configuration to AMT client AMT client is fully provisioned and available for use
Provisioning – In Band Scenario Configuration Manager 2007 Out of Band Service Point 1. 2. 3. 4. 5. 6. 7. Intel AMT Client with embedded root certificate and SCCM Agent Configure ConfigMgr with an “SSL Server” certificate SCCM agent sets OTP in AMT & sends copy to site server SCCM agent enables AMT for provisioning SSL Certificates are exchanged and verified by OTP Secure network connection is established. Out of Band Service Point transfers configuration to AMT client AMT client is fully provisioned and available for use
Power Control - Overview Solutions to: Challenges with wake on LAN in certain environments Troubleshooting / helpdesk for powered off systems Secure TLS connections TCP based – network friendly solution Flexible On demand via out of band console On demand via right-click action on resource(s) Scheduled (per advertisement or per deployment) Logged
Interactive Power Control Helpdesk Scenarios Unresponsive ConfigMgr Agent (Run Advertised Programs) Local Administrator has disabled ConfigMgr agent Operating system won’t load or is hung Patching and software distribution scenarios System is powered off, hibernating or sleeping ConfigMgr Agent is unresponsive Secure & Standards Based Kerberos for user authentication with AMT Uses WS-MAN protocol for communicating with AMT devices
Demo – Scenario 1 Problem User reports a boot-up error – Memory size has changed Background SCCM normally inventories hardware monthly System powered off – no OS, no SCCM agent running to “force” an inventory Solution Use AMT to remotely connect to view current memory information
Demo – Scenario 2 Problem User complains system always does network boot – assures they haven’t “monkeyed with the system!” Background SCCM can’t control boot order End user may not have ability to get to BIOS easily Solution Use SCCM / AMT to remotely connect and update BIOS Boot order
Demo – Scenario 3 Problem A BIOS Firmware update is needed in a remote office computer Background No Windows installable app available No local knowledgeable resources Solution Use AMT to boot system remotely to DOS and run firmware update application
System Center Configuration Manager R2 Technical Overview
What's in R2 Application Virtualization Management Client Status Reporting New OSD Server Provisioning scenarios (including multicast support on WDS) SQL Reporting Services Integration Forefront Client security integration
Application Virtualization Mgmt in R2 Integrate SoftGrid 4.5 feature set into the release of System Center Configuration Manager 2007 R2 Introduce into SCCM: Application Virtualization Management feature AVM enables customers using SCCM 2007 to manage and deploy virtual applications Whenever possible or where it makes sense, make managing virtual applications the same experience for the SCCM administrator as managing standard or “physical” software today Maintain the dynamic nature of SoftGrid virtualization Version checking, user-based targeting, streaming
Core Scenarios Packaging and distribution of virtual applications Create virtual application packages and copy them to distribution points Deployment of virtual applications to clients (connected and offline) Advertise the packages to clients Launching and running virtual applications (connected and offline) After the application is advertised and made available, end-users run the applications from their desktop computers Inventory and Reporting of virtual applications SCCM inventory and reports enable administrators to report on packages, applications and their usage within the SCCM hierarchy
Application Delivery and Launch Streaming delivery Uses the Application Virtualization Server (Lightweight component installed on distribution points Application shortcuts ultimately invoke a connection to the server so the application can be delivered and used Great for highly connected clients Application updates are applied on the server, so the client connects to the new version on the server fast and seamlessly Local delivery Standard distribution point functionality for download and execute using BITS Virtual application package contents are delivered locally to the client Application shortcuts refer to a local copy of the virtual application. No server connection required Great for unreliable/slow network connections and occasionally connected clients. Uses BITS to download virtual application content Uses Remote Differential Compression to send only binary deltas when virtual application content is changed or updated
Additional Features Both user and machine-based targeting fully supported SCCM advertisements are targeted at collections. They can be collections of computers or users Removing Applications from Client Computers Virtual applications don’t need to be uninstalled like traditional software, they are simply removed or deleted To remove an application from a given client, all existing advertisements for that virtual application targeted at the given client must be deleted by the administrator Once an application is deleted from a client computer it no longer appears in the form of shortcuts on a user’s machine. The application is also removed from the SoftGrid client cache Virtual Application Inventory (Application Virtualization Client WMI Provider) Key SoftGrid client data can be retrieved through WMI provider (package and application names, guid, version, size in cache, in use, last launch time, etc) New reports in SCCM based on this data
Configuration, Packaging and Virtual Application Advertisements demo
Come back and see CLI310! For more in depth information on SoftGrid 4.5 and the integration with Configuration Manager 2007 R2, be sure to check out: What? CLI310 - Meet the Enterprise of the Future: Microsoft Application Virtualization (Formerly SoftGrid) and SCCM 2007 R2 Integration When? Today (Feb 11) @ 1:15PM Where? Right here! (Sheraton) Grand Ballroom C
OS Deployment Enhancements Unknown computer support for bare metal deployments Removes the need to pre-create a computer record via Import Computer Info Works with boot media and PXE boot Implemented with two new resources that can be put into collections and targeted with task sequences x86 Unknown Computer x64 Unknown Computer Warning: You can unexpectedly reimage a computer! So use with care
OS Deployment Enhancements Can specify credentials on Run Command Line task sequence action Provides “Run As” capability For applications such as SQL Server that should be installed under a specific acount
OS Deployment Enhancements Multicast of OS images to Windows PE No multicast for other packages or to a computer running a full OS Multicast is an option on a DP (like BITS) Requires DP running Windows Server 2008 with WDS ConfigMgr multicast builds on WDS multicast Must also select multicast options on the OS image package Like WDS, 2 modes: ScheduleCast and AutoCast For well-connected LANs; not for WANs
OS Deployment Enhancements More info on OS Deployment and the related R2 enhancements in these two sessions: MOD 341 Advanced OS Deployment with Configuration Manager 2007 – Part 1 Today at 16:45 in WSCTC 3AB MOD 342 Advanced OS Deployment with Configuration Manager 2007 – Part 2 Tuesday at 12:45 in WSCTC 3AB
Client Status Reporting Built upon the scenarios in the SMS 2003 Client Health Tool with great new improvements and features External service which queries site systems and ConfigMgr clients for client status on agent activity and overall health Reports on key indicators of client activity to help administrators monitor and maintain the health of their ConfigMgr clients
SRS Integration New server role called the “Reporting Services Point” Ability to convert/copy classic SMS reports to Report Definition Language format and publish them to a Reporting Services Point (report server) New node under “Computer Management Reporting” for accessing the SRS ConfigMgr reports Ability to manage, browse and run SRS ConfigMgr reports from the ConfigMgr Console
FCS Integration Forefront Client Security Provides unified malware protection for business desktops, laptops and server systems Provides critical visibility into threats and vulnerabilities Lightweight integration between Forefront Client Security and SCCM 2007 R2 An FCS Configuration Pack will assess the states of FCS agents on machines that are managed by SCCM 2007 R2 Admin gets the reports of overall states of FCS clients through the existing DCM reporting infrastructure
Q&A
Meet us in our 26 June Workshop in Lausanne (System Center Essential and related.) All information available soon at www.api.ch 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Summary SP1 and R2 introduce a powerful, new set of features and functionality to the Configuration Manager product Beta is available now for download and customers are beginning their initial deployments SP1 releases in May of 2008 R2 releases in Summer of 2008 following SP1
OS Deployment Enhancements Unknown computer support for bare metal deployments Removes the need to pre-create a computer record via Import Computer Info Works with boot media and PXE boot Implemented with two new resources that can be put into collections and targeted with task sequences x86 Unknown Computer x64 Unknown Computer Warning: You can unexpectedly reimage a computer! So use with care