Monday, 7 November 2011

Configuration Manager 2012 - A day with Wally Mead event

On Friday I had the pleasure of attending an Event at the Microsoft UK headquarters in Reading titled, A Day of System Center Configuration Manager 2012 with Wally Mead.

The event was sponsored by the WMUG and Cliff Hobbs and Rob Marshall did a fantastic job of pulling the event together.



Let the event begin!
Cliff Hobbs opened the event, explained the background to the event etc and also mentioned some swag to be had :)
First up was Dan Pilling, Marketing Manager at Microsoft with a couple of minutes about "How can Microsoft help?"
He goes on to mention two useful areas of help that MS provide.
MS Virtual Academy - Free training around "The Cloud", soon to be hands on training camps in regions around the UK.
MS TechNet roadshows - System Center 2012 Launch Events: 16th Nov, 6th Dec, 14th Dec, 18th Jan

Here's Wally!!!
Wally Mead takes to the stage for the Configuration Manager 2012 Overview and What’s new since Beta 2 session.
He tells us we're to suffer 2 sets of Death by PowerPoint this morning, with all the demos coming this afternoon, however with the speed that Wally goes at, this just simply flies by.

Wally starts off by talking about the major themes for ConfigMgr 2012 with this usual slide for those that haven't seen it:

Microsoft really are trying to help customers understand that ConfigMgr 2012 is all about putting the user first, moving to a user centric model for deploying software, along with the fact that the new 2012 version helps simplify the administration of the system, and reduce the complexity usually associated with the ConfigMgr infrastructure required.

Empower Theme
A formulae that keeps popping up when Microsoft talk about Configuration Manager 2012 and User Centric management is F(x): User(x) -> App(y)
This is based on the premise that an Administrators intent when delivering an application should be to ensure that the user can access the application they require.  This is regardless of the endpoint or the access method, all the user is bothered about is that they can get to the application they want, wherever they are so that they can work.

To enable this, Microsoft have introduced a new "Application Model".  Gone are the days of packages, programs and advertisements (Actually they're still there, but only for legacy and migration purposes).
This new application model helps admins to manage the application, not scripts used to install an app.
The application model brings with it some of the following features:
  • Detection Methods - Are applications Required or Prohibited and do they already exist on the device, if so, why bother re-installing.
  • Requirements - E.g. Device must have x memory, this model hardware, must be users primary device.
  • Dependancies - E.g. Application must have App-V client, if not, auto install first
  • Supersedance - E.g. Office 2010 replaces Office 2003. Update an application with supersedance links and get automatic revision management
Application model with multiple deployment types:
Dependency Viewer:


This new application model really helps support the abstraction model by allowing multiple deployment types to be assigned to an application (MSI, App-V, RDS, Citrix, Mobile) and delivered to the user dynamically depending on the type of device and access method (Corporate LAN FAT Client Vs. Home PC via Citrix/RDS)

The RDS & Citrix connectors which will provide the ability to assign those deployment types to applications are looking like they will be available shortly after RTM.

Operating System Deployment (OSD) is looking for the most part to be staying the same in terms of features etc, apart from a new ability to install apps for assigned primary users during a task sequence based on device affinity rules.

System Center Mobile Device Manager was discontinued a while ago and remains part of ConfigMgr 2012 which now provides both Depth and Light Management of devices.
Depth Management requires an agent on the phone and at the moment this is available for Window Mobile devices and Nokia Symbian devices but there are more announcements regarding more devices still to be made before/at RTM.

Light Management allows for any ActiveSync capable device to be inventoried, have some settings managed (PIN, Idle Time, failed logons etc) and enables remote wiping.  This means iPhones, Androids etc can be centrally managed and controlled more easily by the teams that support them rather than having to put the burden on the Exchange team.
Light Management requires Exchange 2010, and also takes over ActiveSync management - beware manually changing settings

The good old Run Advertisements program has been replaced with a new Software Centre in 2012 (It's no longer Control Panel item, it's now found in the Start Menu)
This makes it easier for users to run software that isn't enforced and shows details such as install time/date, progress and allows for some settings to be changed (if allowed) such as working hours, remote control capabilities, power management settings.



There is also a new web site for Self Service, allowing for the finding and requesting of software.


Simplify Theme
Finally we have a new administration console, the MMC is gone!!!
The new console is in the Outlook style, consistent now with the other System Center products.  ConfigMgr 2012 also has the Ribbon Bar and provides easier searching, easier scoping and automatic custom views depending on role.

ConfigMgr 2012 now has Role Based Access Control (RBAC) allowing for the system and the console to be easily secured and locked down to only show/allow access to areas that staff require.
This gives the ability for example to separate out Server and Desktop management using roles rather than sites, and giving safety for admins. No more accidentally deploying an update meant for desktops to servers and rebooting them all in the day (Because I've never ever ever done that! /cringe)



Using collections as an organisational method and writing lots of queries to scope out the devices to deploy to should now be a thing of the past. There are no more sub collections, but now we get folders for organisation and the queries should now transition to "Requirements" that are on the deployment types with the application.

Unify Theme
Distribution Points now mainly replace the need for Secondary Sites as they have scheduling and throttling. Secondary’s are only really needed if you want to control the upload of client information.

In ConfigMgr 2007 your hierarchy could get very deep and complex with multiple Primary sites being child layered below each other, in 2012 we will see a maximum depth of 3 layers:
CAS - PRI - SEC is the maximum 3 layers.

ConfigMgr 2012 now has Bi-Directional SQL Replication between the CAS and Primary with SQL replication from the Primary - Secondary being one way replication.
Data is now processed at Primary and replicated up rather than processed on each server in hierarchy as in 2007. File based replication is still only used between Secondary’s and DP's and for file contents (Software Packages, Updates, Boot Images etc)

When do you need a Primary site?
  • Scale
  • Reduce impact of Primary failure
  • Local Connectivity
  • Political issues
  • Regulation compliance

Primary Sites are NOT needed for:
  • Decentralised Admin
  • Logical Data Segmentation
  • Different Client Settings
  • Different Languages
  • Content Routing for deep hierarchies

There is one Distribution Point (DP) type only now, no more branch DP's as the same DP works on Windows 7.
DP Groups now auto distribute content to new DP's when they are added to the group.

Boundaries can now be auto discovered from Active Directory Forest information.
The auto discovery finds:
  • AD Sites
  • IP Subnets
  • IPv6 Prefixes

What's new?
Client Health and Activity now fully integrated into ConfigMgr 2012 along with Auto Remediation.
21 different checks are now performed daily with remediation tasks such as:
  • Restart service
  • Dependency checks
  • Repair WMI
  • etc
Client Health remediation can be turned off using a Registry Key this is important for mission critical servers etc where for example a WMI rebuild could potentially be bad news.
You can now setup Alerts and Reporting subscriptions based on thresholds for things like % of unhealthy clients, malware detection etc.



Software updates now have auto deployment rules, mainly to be used for EndPoint Protection definition updates, but could be used for any update type, bringing back one feature WSUS users missed when migrating to ConfigMgr for updates.

State based update groups, deploy updates individually or in groups.  Think ConfigMgr 2007 lists & Deployment Packages combined, where you can now add new updates and deploy straight away.

OSD now has Offline Image Servicing for updates, saves time during deployment rather than waiting for 60+ updates to install during a task sequence!!!

Boot Media is now hierarchy wide, update once for the entire site.

The Task Sequence Media Wizard includes steps to add prestart command files (formerly pre-execution hooks) to prestaged media, bootable media, and stand-alone media.

Power Management has more options, users can opt out of PwrMgt if the Administrator allows it and PwrMgt settings don't auto apply to VM's.

Custom Client Settings can be applied to collections, removing multiple site needs for e.g. Servers and Desktops that needed different settings.

Desired Configuration Management (DCM) now has auto remediation along with version and auditing checking - who changed what?

Remote Control gets Ctrl+Alt+Del back!! Also option to disable the users Mouse and Keyboard to prevent them interfering with the support session.



Phew, there was a lot to take in, most of which was already known about, but Wally presented it brilliantly, answered a ton of questions throughout and personally helped me with a query during the break.

The demos in the afternoon were around doing a migration from 2007 (Must be SP2 and no 2003 migration) and the System Center 2012 EndPoint Protection integration.  I'll hold off blogging about them in anymore detail yet, as they're a bit too visual to talk about.

All in all a brilliant day, and if you haven't already downloaded the release candidate to play with, what are you waiting for?!?!?!

1 comment:

Anonymous said...

Software updates now have auto deployment rules, mainly to be used for EndPoint Protection definition updates, but could be used for any update type, bringing back one feature WSUS users missed when migrating to ConfigMgr for updates. 1Y0-402 dumps