Monday 20 December 2010

Forefront Endpoint Protection 2010 Released

This was actually announced last Thursday (16/12/2010) but I was so wrapped up with Service Manager SP1 that I forgot to mention it.
http://blogs.technet.com/b/forefront/archive/2010/12/16/announcing-forefront-endpoint-protection-2010.aspx

"Forefront Endpoint Protection 2010 enables businesses to align security and management to improve endpoint protection while greatly reducing operational costs. It builds on System Center Configuration Manager 2007 R2 and R3, allowing you to use your existing client management infrastructure to deploy and manage endpoint protection. Download both trials and discover their combined benefits."

In short, it's now integrated into ConfigMgr meaning no new consoles to re-learn and gaining you even better investment in the products you already have!

Andrew Sallabank has a good blog post here on it, along with some good screen shots and a video of creating a FEP policy.
http://andysal.wordpress.com/2010/12/20/forefront-endpoint-protection-2010/

*Edited 02/01/2011 - Corrected Andrew's name from Sallaway to Sallabank*

Saturday 18 December 2010

AVIcode 5.7 now available from Microsoft

After Microsoft's aquisition of AVIcode back in October we've been hearing about how Microsoft plan to roll this in with Operations Manager.

Well the good news is we didn't have to wait long to get our hands on it, it's here!

Any SMSE, SMSD, CIS Suite Enterprise, or CIS Suite Datacenter customer with active Software Assurance on or between October 5th, 2010 and October 30, 2012 can now download and use AVIcode version 5.7.

More information can be found here:

Friday 17 December 2010

Step by Step Upgrade Guide for Service Manager 2010 Service Pack 1 (SP1) - Part 2: Management Server

Part 1: Data Warehouse

Part 2 - Management Server Upgrade
This install is rather, erm, easy...

The upgrade guide states that you should logon with an account with administrator rights, I prefer to logon to the server using the account that was used for the initial setup.

Locate the SP1 media files (CD, ISO Mount or extracted files, it's your choice) and run setup.exe in the AMD64 folder (It will always be the AMD64 folder, not the x86 folder as the server components are x64 only). A quick splash screen and short extraction of files will be done.


Step though the wizard, selecting to upgrade Service Manager management server on the first screen then accepting the license terms on the next screen.


Check the pre-requistes screen (Yes I know I'm short on memory but it's my test box!)

On the next screen review the summary.  It's also a good idea to copy & paste the information for later reference/documentation.
Click install and let it get on with installing.

It can take a while, especially on the importing management packs, just be patient.


Finished!

Untick backup encryption keys as we did that before starting the upgrade.  If you didn't, then do it now!

After upgrading the management server, you should restart the System Center Management services.  It may not need the service bouncing, but while we're working on the system it's certainly not going to damage it.

Use Server Manager to give the System Center Management service a restart by right clicking on it and and then click Restart.

It's worth checking the event log at this point to make sure it's not a sea of red alerts.

First thing (apart from noticing no Red!) I notice is a new type of event in the log, "Data Connectors", and lots of them, 452 in about 20 mins for my setup.

Now I'm guessing (It's a bit hard without proper release notes) that these are better information logging regarding the data flow from the connectors which is great.

Time to start the console, and look, a new splash screen ;)


First impressions are that it feels faster, but I'll need more time to test that.
I went straight to the All Computers view under Configuration Items to see if something I had been waiting for was there, and it was!

Operating System information pulled from Active Directory!


That is, I assume it's pulled from AD.  I say assume as I checked the history tab on several of my CI's and not one of them showed any update from the AD Connector related to Operating System name/version.

I also tried creating a new view to see if the large breadcrumb problem had been fixed.
Well it's not fixed on my test box after an upgrade.  I'll do further testing to see if a fresh slipstreamed install is any better.

Apart from that, it's looking good.
As I get more time with it and also try a slip streamed install I'll post back with some further details.


Thursday 16 December 2010

Step by Step Upgrade Guide for Service Manager 2010 Service Pack 1 (SP1) - Part 1: Data Warehouse

Before I begin, it's important to stress that while this should guide you through the install, you should always start by reading the official upgrade guide (SM_UpgradeSP1.docx) found here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=37887bba-d26a-427f-896d-883e5868bbfe

This is part 1 - Data Warehouse SP1 Upgrade, but the first section is common across the different parts.

Things to do before SP1 Install
1) The upgrade cannot be done on a server that has an Operations Manager 2007 Agent installed.
I'm not going to screen shot the process as it's fairly straight forward.
Easiest way is to go to the Administration part of the SCOM console, Managed Agents, find the Service Manager servers and right click and choose uninstall.

2) Backup your Service Manager databases.
Again, very simple, either use the SQL Server Management Studio to back them up, or whatever backup solution you have (DPM, CommVault etc)

3) Backup your encryption keys.
To be honest, this should have been done when Service Manager was first installed.
If it was, then you can skip ahead as the same keys will work after the SP1 install so there's no point duplicating work.
If you didn't (shame on you) or you're not sure then use the Encryption Key Backup or Restore Wizard to back up the encryption keys on the Service Manager management servers.
This can be found on the SP1 media AMD64\Tools\SecureStorageBackup\SecureStorageBackup.exe
It's wizard based, just step through it.

4) If you've got a data warehouse, but haven't registered it with SCSM, now is the time to do it.  You can't upgrade it to SP1 until you have. See the procedure in “Registering with the Service Manager Data Warehouse to Enable Reporting” in the System Center Service Manager 2010 SP1 Deployment Guide http://technet.microsoft.com/en-us/library/ff461143.aspx for more details.

5) Self Service Portal - Company Logo backup.
If you replaced the original graphic with one of your own design, you must save a copy of your graphic. During the upgrade, SCSM_logo.png is replaced. After the upgrade, overwrite the SCSM_logo.png file with your version in the locations shown below:
%inetroot%\inetpub\wwwroot\System Center Service Manager Portal\EndUser\MasterPages\Images
%inetroot%\inetpub\wwwroot\System Center Service Manager Portal\Analyst\Images

Right, now for the fun bit!

Part 1 - Data Warehouse upgrade
The upgrade guide states that you should logon with an account with administrator rights, I prefer to logon to the data warehouse using the account that was used for the initial setup.

Next, you cannot start an upgrade if any data warehouse jobs or workflows are running. Use the following procedures to stop the data warehouse job schedules and wait for them to complete.

  1. List the data warehouse jobs by using PowerShell cmdlets
    a. On the computer that hosts the data warehouse management server, open PowerShell
    b. Type the following commands (each is a separate one so press enter after each):
    Set-ExecutionPolicy RemoteSigned
    Add-PSSnapin SMCmdletSnapIn
    Get-SCDWJob

    c. A list of the data warehouse jobs is displayed. Use this list in the next step
  2. Disable data warehouse job schedules by using PowerShell
    a. Type the following commands for any job that was listed in the previous step:
    Disable-SCDWJobSchedule –JobName Extract_<DW management group name>
    Disable-SCDWJobSchedule –JobName Extract_<SM management group name>
    Disable-SCDWJobSchedule –JobName Transform.Common
    Disable-SCDWJobSchedule –JobName Load.Common
    Disable-SCDWJobSchedule –JobName DWMaintenance
    Disable-SCDWJobSchedule –JobName MPSyncJob
    Start-SCDWJob –JobName MPSyncJob
The last command to start the MPSyncJob will enable the ETL jobs to run to completion and after that, because all the schedules have been disabled, the jobs will stop.

3. To determine that the data warehouse jobs have stopped running
a. In the Service Manager console, click Data Warehouse.
b. In the Data Warehouse pane, expand Data Warehouse, and then click Data Warehouse Jobs.
c. In the Data Warehouse Jobs pane, observe the Status column for each data warehouse job. When the status for each job is listed as Not Started (The Manual says "Stopped" but after two hours of waiting I never saw it change from "Not Started"), then we're good to start the upgrade of the data warehouse management server.


4. Locate the SP1 media files (CD, ISO Mount or extracted files, it's your choice) and run setup.exe in the AMD64 folder (It will always be the AMD64 folder, not the x86 folder as the server components are x64 only). A quick splash screen and short extraction of files will be done.



Step though the wizard, selecting to upgrade the data warehouse on the first screen then accepting the license terms.


Check the pre-requistes screen (Yes I know I'm short on memory but it's my test box!)


On the next screen review the summary.  It's also a good idea to copy & paste the information for later reference/documentation.


Click install and let it get on with installing.




Untick backup encryption keys as we did that before starting the upgrade.  If you didn't, then you should have gone to Specsavers... do it now!

After upgrading the data warehouse management server, you should restart the System Center Management services and data warehouse jobs.  It may not need the service bouncing, but while we're working on the system it's certainly not going to damage it. 
In my case the service was stopped, so it's definitely something to check.

Use Server Manager to give the System Center Management service a restart by right clicking on it and and then click Restart.


Back to Powershell and use the following to re-enable the data warehouse jobs
Add-PSSnapIn SMCmdletSnapIn
Enable-SCDWJobSchedule –JobName Extract_<data warehouse management group name>
Enable-SCDWJobSchedule –JobName Extract_<Service Manager management group name>
Enable-SCDWJobSchedule –JobName Transform.Common
Enable-SCDWJobSchedule –JobName Load.Common
Enable-SCDWJobSchedule –JobName DWMaintenance
Enable-SCDWJobSchedule –JobName MPSyncJob
Start-SCDWJob –JobName MPSyncJob
The last command, Start-SCDWJob – JobName MPSyncJob, will enable the ETL jobs to run.
After running the powershell enable-SCDWJobSchedule cmdlets I was slightly worried that it was still showing them as not enabled.
Checking the console showed the same.
However, give it a minute and it enables them.


And that's about it!

Well, not quite.
It's worth checking the event log at this point.

I've got quite a few error messages relating to MP deployment and association.
Some I can ignore as they are related to my custom MP that's I'm busy testing.
Others, I'm not so sure. 
Management pack name: ServiceManager.Datawarehouse.Library
Management pack version: 7.0.6555.0
Management pack name: System.Software.Library
Management pack version: 7.0.6555.0
Management pack name: Microsoft.SystemCenter.Orchestration
Management pack version: 7.0.6555.0
Management pack name: Microsoft.SystemCenter.Deployment.Library
Management pack version: 7.0.6555.0
Management pack name: System.Hardware.Library
Management pack version: 7.0.6555.0

And the list goes on...

Now this is my test environment so it could be a number of things I've done, and I've yet to update the Management Server yet either.

I'll update this post with further findings as I do more of the upgrade and other boxes.

Coming next, Part 2 - Management Server SP1 Upgrade.

Service Manager SP1 is RTM and available for download

Microsoft Service Manager 2010 Service Pack 1 has just had been released.

You can find it available for download here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5118055b-9cd7-45cd-bae6-7fc287d832d7&displaylang=en

The Service Manager Engineering Team blog has more information here:
http://blogs.technet.com/b/servicemanager/archive/2010/12/16/system-center-service-manager-2010-sp1-available-for-download-now.aspx

Main features included in this release:
  • Consolidation of all language versions in a single release and readiness for simultaneous shipping at RTM.
  • Support for 10 additional languages (See documentation for details)
  • Integration of the Authoring Tool release and three cumulative updates
  • Performance fixes across the board in data access layer
  • Generic performance tracing in SDK
  • Performance enhancement for transforms
  • Usability and accessibility fixes throughout the product
  • Fixes in AD / OM connectors including support of importing Exchange 2003 distributed application
  • Notification issues related to multiple notifications
  • Localizability and globalization fixes throughout the product
  • Data, layout, and localization fixes in reports
  • Data warehouse enhancements including additional numeric datatype support for measures
  • Support of SQL 2008 R2
  • UI memory leak fixes
  • Intel Video Driver issue causing console crashes fixed by third party (Intel)

I know of two fixes that directly affect issues in my environment that MS kindly back ported the fixes from SP1 so that I could carry on working last week (Thankyou once again Suzanne!):
  • Cannot insert duplicate row in Datawarehouse error message
  • Cannot deploy System Center Configuration Manager 2007 management pack

Tuesday 14 December 2010

Service Manager 2010 SP1 Released (Kind of)

Rather than being fully released, there has been a date for release released.... (Say that one fast!)

This Thursday the 16th December has been marked as the release date, more information can be found here:
http://blogs.technet.com/b/systemcenter/archive/2010/12/14/system-center-service-manager-2010-service-pack-1-available-december-16-2010.aspx

Thursday 9 December 2010

Want to provide direct feedback on Microsoft Management packs?

Sometimes I just wonder if it's co-incidence....

I posted a thread on the Virtual Machine Manager forums the other day about the SCVMM 2008 R2 management packs causing dirty views in SCOM as discussed by Rob and Kevin Holman on their blogs.

I actually got some replies from Kevin but also did my usual and had a little rant, sorry :(

However, this piece of news has just been announced, and I've got to say, as long as the product teams do look at the feedback and at the very least we get some information flow back via the site or blog posts it can only help make the management packs better!

http://blogs.technet.com/b/kevinholman/archive/2010/12/09/want-to-provide-direct-feedback-on-microsoft-management-packs.aspx

If anyone from MS reads this, please remember that the System Center products are a suite of products and the integration between them must work.  As the cloud buzz picks up, and I'm a strong believer that the System Center suite is at the heart of the cloud, people are going to rely more than ever on this brilliant product set working very closely together.

Connect Feedback site:
https://connect.microsoft.com/OpsMgr/feedback/CreateFeedback.aspx

6 Steps to Get Ready for Private Cloud

I was reading Mohamed Fawzi's blog today and noticed this link he had to a useful MS Blog post:
http://blogs.technet.com/b/windowsserver/archive/2010/11/11/6-steps-to-get-ready-for-private-cloud.aspx

Replicated here for my own reference and laziness.

  • Improve data quality in your identity infrastructure - audit existing users and groups to ensure your ad store is running only accurate data

  • Enable Federated identity - self-explanatory, but it's a big part of bridging the gap between public and private clouds

  • Enable all the building blocks of a private cloud - that includes Windows Server 2008 R2 with Hyper-V, an optimized Active Directory store and System Center (notably Configuration Manager and Virtual Machine Manager).

  • Standardize and automate your processes and workflows - to take the best advantage of a private cloud infrastructure, you'll need to build standardized server, platform and application packages and templates. That's only possible if you've done your homework and standardized the processes and workflows that those software packages will support.

  • Think about how the IT Pro role needs to change - the cloud enables huge efficiencies in the data center. Be a hero today as you enable the cloud, but work to become a Director tomorrow. Combine a deep knowledge of your business' needs, future directions and work processes with your expertise in technology. Use this combination and the power of the cloud to not just enable IT for your business, but to actually turn IT into a competitive edge the business can directly convert into new business and revenue. That's the big win for tomorrow's cloud IT pro.

  • Last, take advantage of Microsoft guidance - We'll be releasing lots of guidance, both technical and higher-level, regarding the journey to cloud computing in the coming months. Check the Microsoft cloud pages, TechNet's cloud resources and especially the Hyper-V Cloud Fast Track pages for in-depth technical guidance. There's much more to come, so check back often.
  • Wednesday 8 December 2010

    Monday 6 December 2010

    Service Manager 2010 Service Pack 1 (SP1) Documentation Available

    The documentation for Service Pack 1 for Microsoft System Center Service Manager 2010 is now available for download.

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=37887bba-d26a-427f-896d-883e5868bbfe


    I'll be trying this on our test environment as soon as it's available for download as there looks to be a few steps to complete in terms of disabling data warehouse jobs, checking display strings in custom MP's.

    Above all, RTFM!

    I'll post back as soon as I've run through an upgrade (once the SP is available!)

    There is still not an official list of fixes contained in the documentation set, that will more than likely be in the release notes included with the Service Pack however, here's a couple of snippets from the documentation regarding upgrading.

    Upgrade Order and Timing

    The order of your upgrades is important. Perform the upgrade in the following order:
    1.    Start with the data warehouse management server. Your System Center Service Manager 2010 management servers can work with the System Center Service Manager 2010 SP1 version of your data warehouse management server.
    2.    After the upgrade to the data warehouse management server has been completed, upgrade the initial Service Manager management server. If you created more than one Service Manager management server, the initial Service Manager management server would have been the first one that you created.
    3.    Upgrade the Service Manager consoles, any additional Service Manager management servers, and the Self-Service Portal.
    The timing of your upgrades is also important. After you upgrade your data warehouse management server, you can wait before you continue. However, after you upgrade your initial Service Manager management server, you must be prepared to upgrade your Service Manager console(s), additional Service Manager management servers, and Self-Service Portal at the same time.

    Service Manager 2010 SP1 with an Operations Manager Agent

    If you have an Operations Manager agent installed on either your Service Manager management server or data warehouse management server, you must remove the agent before performing an upgrade to Service Manager 2010 SP1.

    Type projections, views and unsealed MP's

    I was in the process of creating a view to show all Computers, basically a replica of the view under Configuration Items, but within my own management pack.

    However, when I went to use the Computer (typical) type project for my view I got this error message:


    This happens because the type projection for Computer (typical) is stored in the unsealed MP ServiceManager.ConfigurationManagement.Configuration.xml
    This then means that trying to reference this type projection for views in your own MP is impossible without a bit of tweaking.

    It's a fairly easy workaround though, simply recreate the type projection in your own MP.
    the XML you will need is:

    <TypeProjection ID="AllComputers.View.ProjectionType" Accessibility="Public" Type="Windows!Microsoft.Windows.Computer">
    <Component Path="$Context/Path[Relationship='ConfigurationManager!Microsoft.SystemCenter.ConfigurationManager.DeployedComputerRunsWindowsComputer' SeedRole='Target']$" Alias="PhysicalComputer" />
    <Component Path="$Context/Path[Relationship='Windows!Microsoft.Windows.ComputerHostsOperatingSystem']$" Alias="OperatingSystem" />
    </TypeProjection>

    You'll need to make sure you've got some references in as well, either use these, or if you've already got them referenced, change the code above to match your reference:

    <Reference Alias="Windows">
    <ID>Microsoft.Windows.Library</ID>
    <Version>7.0.5826.0</Version>
    <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
    </Reference>

    <Reference Alias="ConfigurationManager">
    <ID>Microsoft.SystemCenter.ConfigurationManager</ID>
    <Version>7.0.5826.0</Version>
    <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
    </Reference>

    Finally, add a display string and make sure you change the name so that it differs from the built in type projection "Computers (typical)".

    <DisplayString ElementID="AllComputers.View.ProjectionType">
    <Name>Computer (typical - for custom views)</Name>
    <Description>Defines the properties of computers typically used in views</Description>
    </DisplayString>

    Thursday 2 December 2010

    Asset Management - Service Manager Management Pack

    I posted a while ago about the management pack I was working on to satisfy our requirements for where I work.
    http://systemscentre.blogspot.com/search/label/Asset%20Management

    What I didn't do was get it finished as quick as I hoped to.

    Well I'm nearly there now and after replying to a forum thread about this, I thought I'd best post an update here as well.

    I've broken the MP off from Configuration Items where it lived before and it's now got it's own Wunderbar tab.  There's a common form across most of the MP as shown, but it differs slightly for Mobile, Remote access tokens etc.


    I've extended the Windows Computer class to record some extra properties such as department, section etc as well as making it less cluttered to manually add an asset.  The idea being that you can add basic details as soon as the item arrives and then let AD & SCCM connectors add more detailed information as the device gets onto the network.


     I've got a deadline for this going into our live production that is looming so I'm hoping to wrap this all up before Christmas.

    Asset Items Covered:
    • Peripherals (Scanners, Digital Cameras, Camcorders, Monitors, Fax Machines etc)
    • Remote Access Tokens (RAS SecurID etc)
    • Cisco IPT Phone Hardware
    • Mobile Phones (Made up of 3 Assets: Handset, Phone Number & SIM Card)
    • Network Infrastructure (Switches, ASA's etc)
    • Server Infrastructure (Fibre Switches, UPS, SAN DAE's, Tape Drives etc)
    • Computers (Extended views from OOB and additional class extensions)
    • Users & Groups  (Extended views from OOB)
    Things left to do/expand on:
    • Reports - I've got basic data flowing across to the DW, just need to write some useful reports but these might wait until after Christmas now.
    • Dashboards - I'm going to utilise the SCSM Dashboard Solution Accelerator and the ability to integrate it into the console to provide simple dashboards such as number of devices deployed/in stock/awaiting delivery etc.
    Issues:
    • Because in the forms you don't specify the Display name it creates a seemingly random display name:
    • In fact this is acutally the guid for the enumeration list value "Scanner".  Why it's putting the guid in instead of the friendly name I don't know, but I'm hoping to get a call logged with MS tomorrow to see if they can shed any light. It doesn't cause too many problems with views as I've purposefully worked around it, however, when using selction boxes for relationships it makes it hard to read which item you're after:

    ** Edit ** - You can now download the MP, check this post for more details: http://systemscentre.blogspot.com/2011/01/asset-management-solution-for-service.html