Tuesday 31 January 2012

System Center 2012 Orchestrator - Firewall Rules and Ports

I tried deploying an Integration Pack (IP) to my Windows 7 workstation running the designer today from the deployment console on the server but kept getting the message that the RPC Server was unavailable.

It turns out that I had the firewall enabled (like a good boy) but hadn't set the exceptions for Orchestrator (SCO).

For reference I thought I'd post some of the common firewall changes and ports:

Remote Computer with Runbook Designer
  • Open a port to SQL (Default TCP:1433)
  • Allow ManagementService.exe through the firewall
    64-bit: %Program Files (x86)%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe
    32-bit: %Program Files%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe
  • Allow OrchestratorRemotingService.exe through the firewall for Deployment Manager to access it
    64-bit: %SystemRoot%\SysWOW64\OrchestratorRemotingService.exe
    32-bit: %SystemRoot%\System32\OrchestratorRemotingService.exe
  • Any activities that use WMI, enable the following rules:
    Windows Management Instrumentation (Async-In)
    Windows Management Instrumentation (DCOM-In)
    Windows Management Instrumentation (WMI-In)
There are also some standard ports to open where SCO components are talking across servers:

Source Target Default Port
Runbook Designer Management server 125, 1024-65535
Management server

runbook server

Web service
Orchestration Database 1433
Client browser Orchestrator REST-based web service 81
  Orchestration console 82

For more detailed information, refer to the TechNet documentation:
Orchestrator Security Planning

TCP Port Requirements

Friday 27 January 2012

AI vs. AIS

Before you think Artificial Intelligence, I'm not on about that....
Again, another customer question prompted me to post some information.

Asset Intelligence versus Asset Inventory Service

Asset Inventory Service (AIS)
AIS is offered as a service, inventory data is securely hosted by Microsoft, so there are no servers for you to maintain.  Clients upload their data directly to Microsoft via an agent installed on the client.

AIS captures inventory information for hardware and software applications installed on each machine. The the inventory data is then reconciled against the AIS Application Knowledgebase, which contains hundreds of thousands of software titles, to create a detailed inventory of the software that is deployed on the desktops in your organization.

Using browser-based reports you can manage software assets and forecast future needs. The service also analyses how Microsoft Volume License agreements are deployed to help you more easily manage true-ups, renewals, and license reallocation.

  • Simple to deploy
  • No Infrastructure Required
  • Clients upload data directly across the WAN to Microsoft
  • Another agent on devices

Asset Intelligence (AI)
AI is part of System Center Configuration Manager 2007 and extends the number of WMI classes queried during Inventory and offers additional reports and manage software in use and software license management in the organisation.

With Service Pack 1 for ConfigMgr further functionality to the Asset Intelligence feature was added to allow custom editing of the Asset Intelligence catalog. In addition, customers can connect to System Center Online and the same catalogue as AIS to dynamically update the Asset Intelligence catalog with the most current information available. ConfigMgr users can also reconcile enterprise software license usage with purchased software licenses in use by importing software license information into the Configuration Manager site database.

  • Re-uses ConfigMgr Client
  • Gain extra benefit of ConfigMgr features if not already implemented
  • Data contained within the organisation

  • Requires ConfigMgr Infrastructure

To use either of these solutions you need to obtains some licenses:
  • AIS requires the MDOP licensing
  • AI requires ConfigMgr Licensing

So in short, if you have nothing, and either don't mind having all your clients go directly out to the internet or are possibly sub 500 devices then I'd suggest taking a look at AIS as you can be up and running very quickly and only have to worry about running the reports.

If however you're a large organisation, have constraints around devices accessing the internet (I hope so anyway) or have already implemented ConfigMgr then I would recommend turning on AI and connecting it to the online sync point.

If you're not already a ConfigMgr user, what are you waiting for?  Not only do you gain a greater insight and level of control over your hardware and software inventory, but you gain software deployment, OS deployment, better software update control and many more features.

AIS Further Info: http://www.microsoft.com/en-gb/windows/enterprise/products-and-technologies/mdop/ais.aspx

AI Further Info: http://technet.microsoft.com/en-us/library/cc161988.aspx

System Center Advisor Released

Yesterday (26/01/12) Microsoft announced the general availability of System Center Advisor (formerly codename 'Atlanta')


System Center Advisor is a new benefit of Software Assurance for SQL Server or Windows Server. 

If your organisation is already covered by Software Assurance on either SQL Server or Windows Server you can activate the full Advisor service immediately.

While Advisor is built on Operations Manager Technology (Agents, Gateways & Management Packs) it is not a real time monitoring solution.  It also doesn't require Operations Manager to be installed within your infrastructure.

Instead, it uses Best Practises and experiences from Microsoft CSS to provide advice regarding the configuration of your systems, to help prevent server configuration problems before they ever impact your server’s performance or availability.

This means that System Center Advisor should be seen as a stand alone, complimentary, service used in conjunction with SCOM.

Presently SCA only provides a solution for Windows 2008 & 2008 R2 Servers and SQL (It will also advise on Active Directory and Hyper-V roles installed on those servers) but this will change over time and easily due to the management pack design of the product.

What also caught my attention is that should you need to speak with Microsoft Customer Support, you can choose to allow Microsoft Support Staff access to current and historical configuration data through Advisor to help them resolve your support calls faster.

For more information, take a look at the SCA website:

Thursday 26 January 2012

System Center Essentials 2012 - Wherefore art thou?

A customer came with a query the other day on the back of the System Center 2012 licensing changes.
They were asking what impact this would have on System Center Essentials since that is what they currently use, and what was the roadmap for a newer version.

Since I focus predominantly on the "Bigger" version of the System Center stack, it made me realise that maybe subconsciously I had been filtering out any Essentials information so I thought it was time to do a quick review of the changes.

However... as I started to do some digging I realised there was a distinct lack of information around System Center Essentials, almost to the point where I thought a black hole had appeared next to Redmond and sucked every snippet of info into it about Essentials.

I did manage to find this comment though on the Technet Forums from Yog Li, a Technet Forum Assistant:


We have not yet provided an update or roadmap regarding SCE.

As we move forward with the development of System Center 2012, we remain committed to providing a “right-sized” set of management tools for IT in the midmarket segment that makes it easy for these customers to set up and manage Hyper-V. We anticipate that details on our midmarket strategy will be released in the months ahead. We will be sure to communicate any updates through all regional marketing leads and channels as well as this discussion group.

In the interim, Essentials 2010 remains an important and strategic management solution as part of Microsoft’s System Center family of IT systems management products allowing us to compete head-to-head with VMware in the midmarket segment. SCE 2010 is easy to deploy and provides customers a unified single console solution that enables proactive IT management of more physical and virtual Windows Servers than ever before.

In FY12, SCE 2010 continues to play an important role for our customers and their Journey to the Cloud as part of the Managed Virtualization story for the mid-market segment.

/End Quote

The question this raises now is, just how likely is it that we will see a SCE2012 version?
It's highly unlikely at this stage of the game that one will be available at the same time as the rest of System Center 2012 launches.

To be honest, is there a place anymore for SCE?  With the new licensing changes providing SC2012 as a bundle only and for those with Virtualisation it should be fairly cost effective to license for the full SC2012.  Only downside is multiple consoles.

So for now it's pretty much wait and see....

Monday 23 January 2012

System Center 2012 Licensing Changes - Knowledge Cast

After the recent announcement last week by Microsoft on the changes being made to the license models for System Center ready for the launch of the 2012 wave, I'd like to share an invitation to a knowledge cast that I will be presenting on these changes.


These significant changes include:
  • Streamlining the complexity of licensing System Center
  • The discontinuation of the Enterprise workload licenses
  • The removal of Management Server Licenses
  • License grants & transition paths available for existing Software Assurance customers

The Knowledge Cast will cover:
  • Review of the licensing changes
  • What these changes will mean to your business
  • The key timelines for pricing & product changes
  • The increased benefits of the System Center 2012 models
*Update- due to demand, we've added an additional session on Thursday morning*
There are four sessions that I'll be presenting on, across two days:
Tuesday January 24th 2012
11:00 – 12:00
14:00 – 15:00
Thursday January 26th
11:00 – 12:00
14:00 – 15:00

I know it's short notice, but these changes were only announced last week and some of the changes have important impact if not acted on quickly.

Places are limited, and aimed at UK based organisations, so booking soon is recommended:

*Usual disclaimer: While I work for Trustmarque Solutions, and this knowledge cast is presented for them by myself, this blog is my personal blog and the writings and opinions contained within this blog are my personal opinions and are not reflective of the thoughts or intentions of my employer*

Tuesday 17 January 2012

Microsoft Private Cloud, System Center 2012 and License Changes


Today Microsoft announced a change in the licensing for System Center.
The multiple SKUs and versions have been greatly simplified down to just 2 (yes that's just TWO!!) offerings.

That's a big change from currently the four different licensing schemes, Datacenter, Enterprise, Single Enterprise, and Single Standard.

The new license types are:
System Center Standard - Manage a physical server, or very lightly virtualised (2 VM's)
System Center Datacenter - Manage unlimited VM's on a physical host

Both the System Center license types contains the following products:
  • Configuration Manager
  • Service Manager
  • Virtual Machine Manager
  • Operations Manager
  • Data Protection Manager
  • Orchestrator
  • App Controller
  • Endpoint Protection 
So no more individual license for each product, it's a suite license only.

Another couple of major changes....
Licences are now only needed for endpoints being managed, no management servers or SQL licensing. (Yep, you heard it right, SQL licenses for the SC Management Servers is now included in the new licenses)

Both types (Std & DataCenter) are both processor based Licenses, but covers up to two processors per license.

There is also a transition model from the old licensing model to the new.

If you have Software Assurance coverage on your current System Center licenses at the time of System Center 2012 General Availability, you will receive the following System Center 2012 Server ML grants at the ratios listed below:

That covers off licensing Server Operating Systems, however for the Configuration Manager and Service Manager parts of System Center for example, you still require Client Management Licenses for non-server OSE's

Microsoft also have a useful interactive site online that can provide some common scenario questions about System Center 2012 licensing:

Just to pre-empt the most likely couple of questions likely to get asked around this:
Q) Are there separate offerings without SQL Server Technology?
A) No. All System Center 2012 products include the right to run a runtime version of SQL Server Technology to support System Center so there are no longer separate offerings.

Q) Do I need to purchase separate Management Server Licenses to run Management Server software?
A) No. With System Center 2012, the right to run Management Server software is included with the Server MLs and Client MLs.

Further information:
System Center 2012 Licensing Datasheet

System Center 2012 Licensing FAQ