1

Speaker Script Welcome to the technical overview of Microsoft System Center 2012 Configuration Manager.

Speaker Script In this session, we will help you to understand the new IT trends and challenges and how the upcoming version of Configuration Manager helps you to address those challenges. You will get an overview of major new enhancements included in the product.

Speaker Script Lets look at the latest trends and the challenges they pose to enterprises. Consumerization of IT is a growing trend. The variety of new devices, personal applications, and mobile platforms place new demands on the IT organization. Employees today expect anytime, anywhere access and increasing levels of access to corporate data. They want choice in their mobile devices and may even expect to use their own devices in your IT environment. So IT departments need to enable worker productivity while also protecting corporate data and assets. IT departments also need to manage operational costs, keeping them down especially in this economy. Lets see how System Center 2012 Configuration Manager addresses these challenges and helps IT admins embrace consumerization.

Speaker Script Configuration Manager 2012 provides a balance of end user demands and IT requirements. The solution puts IT in control of costs and compliance, providing an evolutionary path to new capabilities that take advantage of existing people, processes, and technologies. We will highlight three areas of focus for Configuration Manager 2012 that help the IT organization. The first area is about empowering the end users. Configuration Manager 2012 delivers a new user-centric approach to client management. It enables IT to empower users with applications and services they need to be productive from anywhere, on whatever device they choose. The second area is about consolidation of your infrastructure. Configuration Manager 2012 enables IT to streamline operations with a unified infrastructure. It integrates client management and protection across physical and virtual Windows environments. The third area is about simplified administration. Configuration Manager 2012 makes it easier to administer client systems, with improved visibility and with new enforcement options for maintaining system compliance. In the following sections, we will see how these benefits are delivered by Configuration Manager 2012.

Speaker Script Before we check out all the benefits, lets first look at the new design changes introduced in Configuration Manager 2012. It introduces a new paradigm in systems management, which we call user-centric management. In a traditional client management model, machines are targeted and managed. There is no direct knowledge of the user activity. Configuration Manager 2007 thus is optimized to manage systems. So we run scripts and programs on a machine. This practice becomes challenging with the new trend where users are accessing corporate resources using variety of devices. You end up manually correlating end-user activity between different devices, and management becomes more complex. System Center 2012 Configuration Manager introduces a new and efficient way to manage users and their devices. Its called user-centric management. It still services the traditional systems management scenarios but additionally it understands the users relationships with different systems and lets IT deliver the best user experience based on the type of the device. Moving from device-centric to user-centric enables administrators to focus on users first. Configuration Manager 2012 will remember the relationship between the user and their applications. Admins deploy applications to users just like the function on the slide shows. For example, a user could access an application from her corporate laptop and Configuration Manager 2012 could make this application available locally, but when she tries to access it from a remote location using her own personal device, Configuration Manager 2012 would understand the context and could stream an App-V instance instead.

Speaker Script Now lets look at how Configuration Manager 2012 enables IT to empower end users. First, it provides management for a wide range of devices. Second, it delivers applications in the most optimal way for the user by automatically assessing devic e conditions and capabilities, including user and location information. And third, it empowers people to securely self -provision applications with an easy to use web catalog.

Speaker Script Configuration Manager 2012 provides a single administrative console to manage your mobile devices, as well as comprehensive asset and compliance reporting. This helps in keeping your environment secure while providing the device freedom that people expect. This is achieved at two levels. The first level is full or in-depth management capabilities, such as integrating the capabilities of Mobile Device Manager and Configuration Manager 2007. Configuration Manager 2012 will place a client on these platforms and will offer management capabilities that we would classically do to any hardware client, such as settings management, inventory, application management, and remote wipe. In-depth management is supported for Windows Mobile 6.5 or earlier platforms, as well as for the Nokia Symbian platform.

The other level enables basic management of all mobile platforms that connect to Microsoft Exchange ActiveSync technology. T his includes Windows Phone 7, iOS devices such as iPad or iPhone, and Android devices. This is achieved by using the Exchange ActiveSync connector on the Configuration Manager server.

Speaker Script The Exchange Server connector in Configuration Manager 2012 allows you to consolidate the management of devices and clients in your enterprise in a single console. This frees up the Exchange administrators to focus on messaging operations. It lets the admin gain visibility on the mobile device inventory, configure ActiveSync security policies such as device settings or password settings, and lets you remote wipe the device. This connector will work with Exchange 2010 and Exchange Online.

Speaker Script

10

Speaker Script Now lets take a look at how the new application model in Configuration Manager 2012 enables the user-centric approach. The new model allows us to create applications as global objects. We can then create some conditions below that object that will determine what type of application format is delivered to the user. Lets review a few of the relevant terms. First theres detection method. Because the new application model is a state-based model, it is able to detect the existing presence of the application on the machine. You can define if it is a required application, or in case of a prohibited applic ation you could uninstall it from the machine. Requirement rules evaluate whether the install can happen on that machine or not, and its done at the time of install so the user has minimum error experience. We can also check for any dependencies with other applications. For example, before deploying some kind of application virtualization, we require App-V client to be there. Other examples could be web browser plug-ins or Microsoft .NET Framework requirements. We also provide a feature called supersedence here. It is the ability of an administrator to deploy the most current version of an application, with a relationship to detect and uninstall the older version before deploying the latest version. This allow s us to manage automatic revisions of apps and also enables IT to manage only one version of the application out there.

11

Speaker Script The new application model allows the deployment of software based on the nature of the relationship between the user and device. This is enabled with the support of user device affinity and allows the admin to think user first. It also ensures that the application is not installed everywhere the user logs on. Configuration Manager 2012 is able to understand the user context and various other conditions such as location, network bandwidth, and type of devices. For example, it can only install the MSI version of Microsoft Visio drawing and diagramming software if the device is a primary device like a corporate laptop of the targeted user, otherwise it wont install. Another example is that you can install the MSI or App-V version of Microsoft Office when the device is a primary device of the user targeted, and install the Citrix XenApp version if the device is not a primary device. It also enables software to be pre-deployed on a users primary devices whether or not the user is logged in. So the IT admins are able to provide the best application experience for the user, which is optimized for the specific device type.

12

Speaker Script There are two sides of the user-centric management approach. We just saw the administrative side, lets talk about the user promises in Configuration Manager 2012. Software Catalog is a new feature introduced in this release. Software Catalog enables the users to search, install, or reque st applications through a web portal. Applications are published through the admin console, and there is a workflow and an approval process if required. Users can choose and install software just like they do on their home machines. They dont need to wait for IT to push these applications down anymore. Users can also control and set many settings here. For example, they can define their working hours. They can also set presentation mode, where you will not get any notification pop-ups while presenting.

13

Speaker Script

14

Speaker Script Now well discuss the second area of focus for Configuration Manager 2012: the unification of infrastructure. The underlying goals were to enable consolidation of server infrastructure, improve operational efficiencies, and reduce costs. From that perspective, Configuration Manager 2012 unifies the infrastructure across Windows physical and virtual client management environments while improving on the infrastructure requirements. It also provides a consolidated solution for client management and security. And finally it frees up help desk resources through the integration with other System Center components. Lets dig deeper into each one of these components.

15

Speaker Script When we talk about user-centric management, we also have to recognize that the virtual client experience is becoming more prevalent. This comes in a few different flavors. We work heavily with Citrix XenDesktop and XenApp, and Configuration Manager 2012 builds on Microsoft Remote Desktop Services to deliver an experience with Citrix VDI solution that includes our application model. Within this environment, we still provide conditional rules, the desktop type, whether the virtual machine is pooled or personal, and other information. We can gather inventory from that VM to ensure whether we are providing the right application or not. We also provide protection against virtual desktop interface (VDI) storms. For example, you can randomize updates and scans within the virtual environment so that all VMs dont start the update process at the same time and create resource contention.

16

Speaker Script One of the major investments we made was to modernize the Configuration Manager architecture. So you will see that the Configuration Manager hierarchy is flatter than the earlier versions. We also made improvements in primary site structures and how the content is distributed to remote sites more efficiently. In Configuration Manager 2012, the central administration site is only used for administration and reporting. The next layer down of primary sites is where file processing happens. We are also improving our concepts of being trustworthy. We are providing stronger relationships with Microsoft SQL Server database software through SQL Server Reporting Services, and a much more robust management replication toolset for our data in the back end. These changes allow far more efficient monitoring and troubleshooting.

17

Speaker Script A very common question that we get from organizations that we wanted to cover here is, when do I need a primary site? In Configuration Manager 2007, primary site requirements were a little different that they are now with Configuration Manager 2012. In Configuration Manager 2012, you would need a primary site for scale, for redundancy or fault tolerance, a local point of connectivity for the admin, for geopolitical reasons and content regulation. All other reasons on the right side of the slide , like decentralized administration and content routing, required primary sites in Configuration Manager 2007. However, in Configuration Manager 2012, you do not have to use additional primary sites for these purposes.

18

Speaker Script We just saw that primary sites are now not required for many scenarios. Lets see how we have reduced these requirements in Configuration Manager 2012. The unique physical primary site for decentralized administration goes away in Configuration Manager 2012; now you can use the role-based administration to provide appropriate access to different groups. Next are client settings. Sometimes enterprises separated primary sites for servers versus desktops, to maintain separate settings for servers. Now you can create client settings at the hierarchy level and create exceptions for client settings, thus you dont need to invest in a separate primary site. Similarly, multiple language packs on primary sites can be installed now, so you dont have to install different primary sites for different language support. And finally, you can get rid of the third or fourth tier primary sites you had for content routin g. You can use secondary or distribution points for content.

19

Speaker Script Lets talk about efficiencies in content distribution. All things like the branch distribution point, PXE service point, and distribution point can now be combined in one distribution point. The PXE service point will be more scalable than the earlier version of 75 points per site and it will support a multicast op tion. In the past you might have a secondary site with no proxy management point but a distribution point on it. Now you can get ri d of that secondary site and use the distribution point to throttle and schedule content. Distribution point grouping is also improved. You can now manage distribution to individual distribution points or groups of distribution points. Content can be automatically managed based on group membership. And lastly, distribution points can now be installed on both server and client operating systems. All of these steps simplify the server hierarchy.

20

Speaker Script Now a little bit about boundaries and how these are used to optimize network utilization. Boundaries represent network topology and help in search, site assignment, and policy assignments. Boundaries are also used to find the most proximal distribution points. Now you can define separate boundaries for client activities versus content. This helps in remote office s: for example, you can define boundaries for specific distribution points and break up the content distribution more granularly while using a different boundary for site assignment.

21

Speaker Script Boundary management is automatically created with forest discovery, so as you are doing the Configuration Manager 2012 install, the boundaries are set during the discovery process. We can discover Microsoft Active Directory sites and IP subnets. You can add boundaries later as well, so as organizations change, you have the ability to pick up the latest information there. You can also group these boundaries with simple wizard steps, and group them according to site assignment as well as site system look ups.

22

Speaker Script So we saw the client management server efficiencies in the previous section. Other consolidation that has happened is the convergence of client management and security in one infrastructure. Let us understand the trend here. In a traditional security and management structure, you have two different teams, one managing desktops and the other managing security for these desktops. This has two major issues. One, the security admins are frequently bogged down in day to day operations of maintaining security and dont have time to focus on the upcoming security strategies. Two, operational costs are high because of two different infrastructures for client management and security. The latest trend is called operationalizing desktop security: that is, combining desktop management and security in one infrastructure. Microsoft has successfully implemented this strategy with System Center 2012 Endpoint Protection, which was previously known as Microsoft Forefront client security. Endpoint Protection 2012 is tightly integrated with Configuration Manager 2012. This solution reduces cost by consolidating the infrastructure, and provides better protection because security policies and compliance visibility is now in the same desktop management console. It also frees up the security admins from day to day tasks like updating antivirus definitions. These can be managed by the desktop admins using their existing update processes, while security admins can focus on end to end security strategies. The tight integration of these two products starts at the setup, which is unified. Once Endpoint Protection 2012 is enabled, the Configuration Manager console provides monitoring, reporting, and policy administration capabilities for client security. You r enterprise can use the existing infrastructure to centrally manage endpoint security now.

23

Speaker Script

24

Speaker Script Another aspect of infrastructure consolidation is how well Configuration Manager works with other processes in your enterprise. For example, because client management affects the user activity and productivity, it is extremely important to have an efficient help desk system. Through its connectors, Microsoft Service Manager 2010 integrates the information from System Center 2012 Configuration Manager, forming a baseline configuration management database. This database establishes relationships among the reason, priority, and impact of changes and incidents. This ensures that the service desk personnel have all of the information they need at their fingertips to make help desk call s fast and efficient. Self-service portal integration helps users to manage incident requests and troubleshoot their own issues, freeing up service desk resources and improving user satisfaction.

25

Speaker Script The third area of focus was about simplifying the administration experience. Again, the goal was to make the day to day operations easier for the admins. There was a lot of investment in redesigning and improving the interface. Configuration Manager 2012 continues to deliver world-class assessment, deployment, updating, and setting enforcements to provide more efficient and effective client management. In this section, we will discuss the new improvements in the administrative tasks.

26

Speaker Script Configuration Manager 2012 has a new, redesigned administration interface. It is a modern application and not an MMCbased application like in the past. The user interface has improvements all around. For example, it now allows role-based access. Admins can now perform global searches, and the organization of objects is more efficient, enabling the administrators to get all the relevant data quickly.

27

Speaker Script Configuration Manager 2012 uses role-based administration to secure objects such as collections deployment and sites. It allows IT to organize tasks by business roles, and ensures that only the relevant features are visible to any given role. This administration model centrally defines and manages hierarchy-wide access for all sites. Security roles group typical administrative tasks that are assigned to admin users. Security scopes group the permissions that are applied to object instances. The combination of security roles, scopes, and collections define what an administrator can view and manage.

28

Speaker Script Client health monitoring is a critical feature and you will see many improvements here. In the admin interface, you can now get information on policy requests, heartbeat information, and status messages; its similar to System Center Operations Manager 2012. We also have improved client side monitoring and remediation. There are 21 different rule checks that can be done on the client, including WMI, Configuration Manager client health, and anti-malware service. The client health is seen as live data in the console; you dont need to run summarization of the data anymore. And you can define in-console alerts for your own customized thresholds for acceptable client health parameters.

29

Speaker Script Another simplification we have done is in the software update area. In Configuration Manager 2007, this was built on Windows Server Update Services (WSUS) and we had a role called software update point, with the ability to define and roll out software updates. There was a heavy administrative workflow to get patches approved and deployed. In Configuration Manager 2012, auto deployment rules (ADR) simplify and can help you automate the update deployment process. For example, ADR will help you define and automate Endpoint Protection definition updates in the Configuration Manager console. System Center Endpoint Protection definition updates are provided three times a day; with ADR, you no longer have to manually approve these updates. We also have something called state based update groups, where we can deploy updates in groups, such as for Windows Internet Explorer Internet browser, or for laptop security. Relevant updates can be added to these groups automatically and they deploy to the collections targeted in those groups. So you can pre-specify an update process almost like a template.

30

Speaker Script You will also see some enhancements in operating system deployments in Configuration Manager 2012. We have a few areas to highlight here. Offline servicing of images is component-based servicing, like Windows OS updates. If the updates are already approved, they can be deployed against the images in the library offline. So as soon as the updates are available on a Patch Tuesday, these images are also made up to date. We also have improved the boot media environment. You dont have to be site specific, boot media can be defined at a hierarchy level. This will simplify the management of your boot media. No matter where the boot media connects from, it will be able to find the right management point and right operating system images. We have enabled pre-execution hooks to automatically select a task sequence. This helps in that the end user doesnt have to choose from a menu; you can automate the selection. For Windows User State Migration Tool (USMT) 4.0 simplification, features like shadow copy and hardlinking are supported. The command line parameters that USMT 4.0 scans are integrated in the console so it minimizes the syntax errors for the administrators.

31

Speaker Script We had a feature called Desired Configuration Manager in Configuration Manager 2007; that feature has been improved and is now called Settings Management. You can define compliance baselines across servers and clients. Configuration Manager 2012 will report on configuration drifts, and now it will also be able to automatically remediate the settings to bring the c lient back into compliance. Additional improvements include the ability to copy settings, and richer reporting.

32

Speaker Script The ability to remotely control the client from the admin console was part of Microsoft Systems Management Server 2003 but wasnt included in Configuration Manager 2007. With Configuration Manager 2012, admins can once again remotely control the clients. We have greatly improved the security of that process.

33

Speaker Script Power management was introduced in Configuration Manager 2007 R3 as a core functionality. Configuration Manager 2012 carries this forward. It helps enable operational efficiency in the enterprise and helps in cost reduction. First, it enables the IT admins to monitor power usage. Here you see a typical graph in an enterprise and we can see that the peak hours for user activity seem to be between 8 A.M. to 8 P.M. This graph is before defining a power policy, so the computer activity does not match the user activity peak hours. Understanding this will help us streamline the power usage in our environment. Next, we see a screenshot of power policy options. We can get very granular in defining power usage options here. Once the policies are defined, we can see a report of computer and user activity again. In this case, the user and computer activities follow the bell curve. Last, we get visibility into our environmental impact and power usage. The left -side graph shows CO2 emissions savedthe higher the graph, the better it isand you can see that after the power policy has been implemented, both CO2 emissions as well as power usage has improved.

34

Speaker Script One of the biggest areas we have focused on is migration. The goal was to simplify the migration process and assist organizations in moving from existing Configuration Manager 2007 deployments to Configuration Manager 2012. This is broken down into a collection of steps. It starts with assisting with migration of objects from the 2007 version to 2012, assisting with migration of managed clients, minimizing the impact to the network when that happens, and also reusing hardware where possible. Through all of that, we want to assist with flattening the hierarchy as much as possible.

35

Speaker Script We have some migration technology built in to Configuration Manager 2012. Some migration job types allow us to look at object type migrations; this would be done at the level of collections and packages. We can also create collection-based migration: we can simply select a collection and migrate the objects under that collection. We also have assistance for content migration, which is about moving applications and user who are touching those applications to the Configuration Manager 2012 format as seamlessly as possible. One of the ways we achieve that is through distribution point sharing. This allows the existing distribution points of Configuration Manager 2007 to participate in the content distribution process for Configuration Manager 2012. And when that location is ready, we can move that distribution point to Configuration Manager 2012. Many customers have their own MOF files. You will have a nice interface experience to import your customer MOF files in Configuration Manager 2012.

36

Speaker Script Here are some basic points to keep in mind while you plan to migrate to Configuration Manager 2012. Flatten your hierarchy as much as possible; getting rid of third or fourth tier primary sites, if you have them, would be useful before migration. W hile make hardware purchasing decisions, make sure you plan for 64-bit and appropriate Windows Server and SQL Server versions. Also look at implementing Microsoft BranchCache technology. It provides tremendous improvements on the bandwidth utilization. In Configuration Manager 2012, the reporting infrastructure is based fully on SQL Server, so switch to SQL Serve r Reporting Services if you havent done already. Also avoid mixing users and devices in collections; in Configuration Manager 2012, the collections for users and devices are managed separately and mixed collections wont be migrated to the 2012 format. And finally, move to UNC paths. That would make your migration a lot smoother.

37

Speaker Script Just to wrap up: you can download the later trial version or VHDs, try out the online labs. You can also join an active community of peers who are evaluating the product together by sharing best practices and by getting guidance from the product team every two weeks. This program is called the community evaluation program and it could connect you to many peers in the industry.

38

Speaker Script Thats it from us in this session. Thank you for joining the technical overview of System Center 2012 Configuration Manager.

39