Managing your Datacenter

Managing your Datacenter with System Center 2012 R2 Hands-On Lab Step-by-Step Guide For the VMs use the following credentials: Username: Contoso\Administrator Password: Passw0rd! Version: 1.5.5 Last updated: March 28, 2014 Please share any feedback with the IT Camps Planning Team: ITCampPlan@Microsoft.com

Copyright 2014 by Microsoft Corporation. All rights reserved. 3 - Infrastructure Monitoring 160 minutes optional (2:40 total) 1. SCOM, SCDPM & SCCM: Infrastructure Monitoring Components (35 mins) 2. SCOM & SCCM: Explore Infrastructure Monitoring (35 mins) 3. SCOM: Create a Dashboard (10 mins) 4. SCDPM: Backup the Infrastructure (20 mins) 5. SCDPM: Recover the Infrastructure (10 mins) 6. SCCM: Secure the Datacenter (50 mins)

3.1 - SCOM, SCDPM & SCCM: Infrastructure Monitoring Components 3.1.1 - SCOM: Introduction to Operations Manager In this exercise the user will learn about the different workspaces and functions of System Center 2012 R2 Operations Manager, including Monitoring, Authoring, Reporting, and Administration. Estimated time to complete: 10 minutes Perform the following on SCOM01 1. From SCOM01, open the Operations Manager Console by clicking the icon in the taskbar. 2. Navigate to the Monitoring workspace.

3. This workspace is used to see what is going in the monitoring environment and is the primary workspace for operators. It contains views, diagrams, and dashboard views that compile and present useful information that Operations Manager has gathered. 4. Click the Active Alerts view. This view shows all alerts that are active (not closed). In this view, select an alert to view its details, such as the rule or monitor that generated the alert and the managed object that has the problem. Double-click an alert to open its properties. Select an alert and click Health Explorer in the Tasks pane to open Health Explorer in the context of this alert. When appropriate, the user can close the alert from this view by clicking Close Alert in the Tasks pane. 5. Click Discovered Inventory. This view shows all objects that have been discovered and their states. Now click Change Target Type in the Tasks pane to filter the discovered inventory list to a single type of object. The target type determines the type of information that will be displayed in the details pane for a selected object. Click Cancel.

6. Click Task Status. This view shows the output from tasks that have been executed in the console. The Task Status view shows when a task is completed, finished, and the user who executed this specific task. 7. Click Windows Computers. This view shows the state of the following aspects of discovered Windows computers: Overall state of the computer, state of the agent on the computer, if an agent is installed, state of the management server role, if the computer is a management server, state of the Windows operating system. To see information that is collected for a computer, select the computer Name field for a specific computer. The properties in the tasks pane can be clicked to display all of the information that is collected. To open other views for a computer, right-click the computer, select Open, and click a view to open. 8. Expand Microsoft SQL Server and click Active Alerts to view the alerts specific to SQL Server.

9. Click the Authoring workspace. 10. This workspace is used to create new monitoring scenarios. Existing management packs can be added or changed or new management packs can be created for applications that do not have one. 11. Click Management Pack Templates. Management packs contain settings that enable agents to monitor a specific service or application in System Center 2012 Operations Manager. These

settings include discovery information that allows management servers to automatically detect and begin monitoring objects, a knowledge base that contains error and troubleshooting information, rules and monitors that generate alerts, and reports. Management packs might also contain tasks, diagnostics, and recovery tools and guidance to help fix problems. 12. Click Groups. In System Center 2012 Operations Manager groups can be used to scope views, reports, overrides, and alert notifications. Groups are created in the Authoring workspace in the Operations console.

13. Click the Reporting workspace.

14. Operations Manager provides extensive reporting capabilities, including multiple report libraries that can be selected to customize reports for specific requirements. Reports perform a query against the data warehouse database and return the results in an easy-to-read format. 15. Click SQL Server 2012 (Monitoring). This view is used to open and schedule reports for various SQL Server tasks. 16. Click the Administration workspace. 17. The Administration workspace is the primary workspace for administrators. The workspace is used to configure a management group and its managed objects. There are several different options available on this workspace. 18. Expand Device Management. Device management is used to perform configuration of specific management servers, agent-managed computers, agentless-managed computers, UNIX servers, and Linux servers. 19. Click Agent Managed. Various tasks can be performed on agent-managed computer, these include repairing or uninstalling an agent on a target computer.

20. Click Agentless Managed. An agentless managed machine is a Microsoft Windows-based system in which an agent cannot be installed can be managed without an agent. Not all management packs support agentless management, for example the Active Directory management pack and the Microsoft Exchange Server 2003 management pack do not support agentless management. 21. Click Management Packs. This is a listing of all the management packs imported into the management group. Right-clicking an individual management pack in the results gives additional options such as viewing its properties, deleting the pack, or exporting any customizations to another management group. Links in the tasks pane are used to create, import, and download management packs. 22. Click Product Connectors. Product connectors are used to synchronize Operations Manager data with other management systems such as those that monitor non-windows computers or create trouble-tickets. Product connectors can integrate a deployment of Operations Manager into another management platform or connect other management systems into a full Operations Manager management solution. Any product connectors that the user integrate with Operations Manager will be displayed in this section of the Administration workspace.

23. Expand Security and click User Roles. In Operations Manager, operations such as resolving alerts, running tasks, overriding monitors, viewing alerts, viewing events, and so on have been grouped into user roles, with each user role representing a particular job function. Role-based security allows administrators to limit privileges that users have for various aspects of Operations Manager. 24. Expand System Center Advisor, click Advisor Connection. System Center Advisor is an online service that analyzes installations of Microsoft SQL Server 2008 (and later versions), and Windows Server 2008 and 2008 R2, and Lync Server 2010. Advisor collects data from the installations, analyzes it, and generates Alerts that identify potential issues (such as missing security patches) or deviations from identified best practices with regard to configuration and usage. Advisor also provides both current and historical views of the configuration of servers in an environment. 25. Click the My Workspace workspace. This workspace provides an area that can be customized for specific needs. Users can create folders to organize the workspace, add shortcuts to favorite views, save useful searches, and create views.

3.1.2 - SCDPM: Introduction to Data Protection Manager In this exercise the user will learn about the different workspaces and functions of System Center 2012 R2 Data Protection Manager, including Monitoring, Protection, Recovery, Reporting, and Management. Estimated time to complete: 5 minutes Perform the following on SCDPM01 1. From SCDPM01, open the DPM Administrator Console by clicking the icon in the taskbar.

2. Navigate to the Monitoring workspace. 3. This workspace allows the user to monitor the status of data protection, data recovery, and other DPM operations. There are two tabs in this workspace, Alerts and Jobs. Click All Alerts. 4. Alerts display errors, warnings, and informational messages. The user can group alerts by protection group, computer, or severity, and the user can choose to display active alerts exclusively or to display both active alerts and a history of inactive alerts. The user can also subscribe to notifications to receive alerts via e-mail. 5. Click All jobs. All jobs displays the status of all the DPM jobs and their associated tasks. The user can group jobs by protection group, computer, status, or type, and the user can filter jobs by time period. The user can choose whether to include regularly scheduled synchronization operations in the list of jobs. 6. Click the Protection workspace then click All Protection Groups.

7. The protection workspace allows the user to create, rename and manage members of protection groups. As well as manage protection schedules, disk allocations, and other options. The user also has the ability to run manual synchronization and consistency check jobs, manage recovery points and review and respond to results of Auto Discovery. 8. Click the Recovery workspace expand Search Recovery Points then click Files and folders.

9. The recovery workspace is used to find and recover data from recovery points. It contains a browse tab which allows the user to browse for available recovery points for each protected computer in an environment as well as a search tab which allows for searching of available recovery points based on data type, location, origin or recovery point date. 10. Click the Reporting workspace.

11. This workspace allows users to generate and view reports on DPM operations. The user can also schedule automatic report generation and manage reporting services settings. 12. Click the Management workspace then click Agents.

13. Use this workspace to manage protection agents, storage pool disks, and tape libraries. The Agents tab displays a list of protection agents deployed on computers and enables the user to install, uninstall, and update the agents and agent licenses. The Disks tab displays a list of disks included in the storage pool and enables the user to add and remove disks from the pool. The Libraries tab displays the tape libraries installed on the DPM server and enables the user to manage the tapes in the library. 3.1.3 - SCCM: Introduction to Configuration Manager In this exercise the user will learn about the different workspaces and functions of System Center 2012 R2 Configuration Manager and Endpoint Protection, including Assets and Compliance, Software Library, Monitoring, and Administration. Estimated time to complete: 20 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar. 2. Navigate to the Assets and Compliance workspace.

3. Explore the nodes of the Assets and Compliance workspaces. The Assets and Compliance workspace is used to manage the organization's assets (users, computers, and software) as well as compliance configuration (settings management, previously known as desired configuration management in Configuration Manager 2007), and configuring Endpoint Protection policies. 4. Click Users. Here all the users that have been discovered and may display "sticky nodes" for any user collections that members were displayed during this console session. The users in this lab have been imported through Active Directory Discovery. 5. Select a user, then click the triangle in the lower right corner to expand the details, then select the Client Settings tab. This shows the policies which have been applied to this particular user or user group.

6. Navigate to Devices. This area is used to view all devices that have been discovered and may display any sticky nodes for any device collections whose members have been displayed during this console session. The devices in this lab have been imported through Active Directory Discovery. Select a device, then browse the various tabs under the details. 7. Go to User Collections. Here collections based on users and user groups can be managed. There are three built-in user collections. 8. Click on Device Collections. This is used to manage collection based on system information. There are four built-in device collections (and this lab environment has custom device collections). 9. Navigate to User State Migration. State Migration is used to manage the migration of user state between computers, including defining computer associations.

10. Click on Asset Intelligence. This is used to manage software assets with the Asset Intelligence feature, including a dashboard of Asset Intelligence statistics and status, inventoried software, catalog customizations, and hardware requirements. 11. Click on Software Metering which is used to configure rules for monitoring the usage of software. 12. Click on Compliance Settings which is used to manage compliance using the compliance and settings management feature. 13. Navigate to Endpoint Protection, and expand the node. Endpoint Protection is used to configure and deploy antimalware and Windows firewall policies to collections of clients.

14. Click on Antimalware Policies. Antimalware policies can be deployed to collections of Microsoft System Center 2012 Configuration Manager client computers to specify how Endpoint Protection protects them from malware and other threats. These antimalware policies include information about the scan schedule, the types of files and folders to scan, and the actions to take when malware is detected. When you enable Endpoint Protection, a default antimalware policy is applied to client computers. You can also use additional policy templates that are supplied or create your own custom antimalware policies to meet the specific needs of your environment. 15. Click Windows Firewall Policies. Firewall policies for Endpoint Protection in System Center 2012 Configuration Manager let you perform basic Windows Firewall configuration and maintenance tasks on client computers in your hierarchy. You can use Windows Firewall policies to control whether Windows Firewall is on or off, to control whether incoming connections are allows to client computers and to control whether users are notified when Windows Firewall blocks a new program.

16. Navigate to the Software Library workspace. The Software Library workspace Overview page appears. Notice that the Software Library Overview page displays options similar to those of the Assets and Compliance Overview page, including nodes in the navigation page in a "Navigation Index" section. You will also notice that the Overview page includes a section for Recent Alerts. These are alerts generated when application or software update deployments are below the administrator configured threshold for success, as well as when synchronization of the software update point site system fails. 17. Click on Application Management and expand the node. This area is used to manage software deployments to users and clients, including applications and packages/programs, approving application requests from users, managing global conditions, configuring App-V Virtual

Environments and deploying Windows Sideloading Keys for Windows 8 Apps. Also included here are alerts for deployments that are below the configured threshold for success, as well as alerts for any deployments that experience a failure rate of a designated percentage. 18. Select Applications to view applications that are available for client deployment to managed clients. 19. Navigate to Software Updates and expand the node. Software Updates are used to manage aspects of software update deployment to clients, including update metadata, software update groups, software update deployment packages, and automatic deployment rules. Also included here are alerts for deployments that are below the configured threshold for success as well as any failed synchronization attempts (which you see in this lab environment).

20. Select All Software Updates and browse some updates and review the details pane. 21. Select Operating Systems and expand the node. All aspects of operating system deployment to systems, including drivers, driver packages, operating system images, operating system installers, boot images, Hyper-V virtual hard disks (VHDs), and task sequences can be managed here. 22. Select the Drivers node and review the drivers that are available for deployment.

23. Select the Operating System Images node and node the server and client OS that is available for deployment. 24. Select the Task Sequences node. This shows a collection of tasks used to deploy an operating system or a virtual hard disks.

25. Navigate to the Monitoring workspace and click on it. The Monitoring workspace Overview page appears. Notice that the Monitoring Overview page displays options similar to those of the other workspace's Overview pages, including nodes in the navigation page in a "Navigation Index" section. You will also notice that the Overview page includes a section for Recent Alerts. An example of an alert displayed here would be when the database replication between two sites in a hierarchy has been determined to be down due to link issues (as you may see depending on if images for both site servers are available and started). Other nodes in the console, including other workspaces, can also display alerts. 26. Expand the Alerts folder. These alerts (Active Alerts and All Alerts) are used to manage alerts generated in the environment. By associating them with a Subscription, they can be configured to automatically email or notify an administrator.

27. Click on Queries. This area is used to manage queries, both built-in and custom. 28. Expand the Reporting folder, and select the Reports node. This is used to display results of builtin or custom reports (using SQL Server Reporting Services) and configure report subscriptions.

29. Next click on Site Hierarchy. This is used to display a map of the site hierarchy, including central administration site, primary sites, and any secondary sites. This lab environment uses a single site.

30. Expand the System Status folder. Browse through the options: Site Status, Component Status, Conflicting Records, and Status Message Queries. 31. Click on Deployments. This is used to monitor all deployments of applications, packages and programs, software updates, operating system images, and configuration baselines. 32. Click on Client Operations. This area is used to monitor all real-time actions initiated from the Configuration Manager Console to clients (System Center 2012 SP1 and later), such as computer policy retrievals and Endpoint Protection actions.

33. Expand the Client Status folder. Both Client Activity and Client Check are used to monitor the health and activity of Configuration Manager clients in the site and hierarchy. 34. Next, click Database Replication. This is used to monitor the status of the replication of Configuration Manager data between sites using SQL-based database replication. 35. Expand the Distribution Status folder. Click on the node and note that these are used to monitor content distribution status, distribution point group status, and distribution point health.

36. Click Software Update Point Synchronization Status. This is used to monitor the status of software update catalog synchronizations. 37. Expand Endpoint Protection Status. These two dashboards provide a quick view into the 'health' of the site's clients in terms of any malware activities. 38. Click System Center 2012 R2 Endpoint Protection. A dashboard containing the a summary of the security state of the collection is displayed.

39. Click Malware Detected. Any malware detected by System Center Endpoint Protection will be displayed here. 40. Navigate to the Administration workspace. The Administration workspace Overview page appears. Notice that the Administration Overview page displays options similar to those of the other workspace's Overview pages, including nodes in the navigation page in a "Navigation Index" section.

41. On the Ribbon, click the drop-down arrow above "All Objects". A new menu appears displaying options for the Configuration Manager console. These options include connecting to a different Configuration Manager site, connect via Windows PowerShell (to get access to the PowerShell provider to run cmdlets against Configuration Manager), get information about the Configuration Manager version, access product documentation (which is all web-based), configure integration with the Customer Experience Improvement Program, and closing the console.

42. Close the drop down menu by clicking away from it. 43. From the navigation pane expand Site Configuration. 44. Click Sites. The sites in the hierarchy from the local site database (the local site and any child sites) appear in the results pane. Notice that there is only one site displayed for this portion of the hierarchy, and that is the local site.

45. In the navigation pane, click Servers and Site System Roles. The site systems and installed roles for the site appear in the results pane. Here the primary site SCCM01.contoso.com is displayed. 46. In the results pane, select \\SCCM01.contoso.com and expand the details pane. This site system roles installed for the select site are displayed. 47. In the navigation pane, select Client Settings. This displays user and device settings that can be saved as templates and applied to an individual user or a group. 48. Select Default Client Settings, then click Properties from the upper ribbon.

49. Browse the different tabs of the Default Settings, then click Cancel.

50. Expand the Security Tab and select Security Roles. Browse the different types of user roles that can interact with Configuration Manager. 51. In the navigation pane, click Distribution Points. Configuration Manager uses distribution points to store files that are required for software to run on client computers. These distribution points function as distribution centers for the content files and let users download and run the software. Clients must have access to at least one distribution point from which they can download the files. 3.2 - SCOM & SCCM: Explore Infrastructure Monitoring 3.2.1 - SCOM & VMM: Monitor the Fabric In this exercise many different components of the datacenter infrastructure will be monitored and analyzed using Operations Manager. Operations Manager provides real-time monitoring through alerts, as well as other helpful information about the performance, health and capacity of hardware, networking components, hypervisors, virtual machines and applications.

Estimated time to complete: 15 minutes Perform the following on SCVMM01 1. From SCVMM01, open the Virtual Machine Manager Console by clicking the icon in the taskbar. If a prompt to Connect to Server appears, keep the default options and click Connect. 2. Navigate to the Settings workspace. 3. Select System Center Settings. 4. Select Operations Manager Server, then right-click and select Properties. 5. When the Operations Manager Settings appear, under Diagnostics select Refresh.

6. Click OK to close the Operations Manager Settings. Perform the following on SCOM01 7. From SCOM01, open the Operations Manager Console by clicking the icon in the taskbar 8. Navigate to the Monitoring workspace. 9. Select Active Alerts

10. Review some of the recent Active Alerts. 11. Under Monitoring, select Windows Computers. Review some of the Active Alerts. 12. From the Monitoring pane, expand Microsoft System Center Virtual Machine Manager, expand Agents and select Health State. This dashboard shows the state of the various Hyper-V hosts and other infrastructure servers that VMM manages.

13. From the Monitoring workspace, expand Cloud Health Dashboard and select Cloud Health. When the dashboard loads, select Contoso-Cloud and view the details. If it does not immediately appear, click Refresh as it may take some time for the cloud to be automatically detected, and continue to the next step. 14. From the Monitoring pane, expand Managed Resources. Select Host Cluster Health. 15. When the dashboard loads, select Cluster-Hyper-V and review the details.

16. Select Host Health. Select SCVMM01 and review the details. If no information is visible, refresh the group. The information may differ from the screenshot below, depending on the state of the lab.

17. Select Library Server Health and review the details. 18. Select Virtual Machine Manager Server Health and review the details.

19. From the Monitoring Pane, expand Performance. Select Host Performance. Under Legend, click the column named Counter so it sorts by the counter column alphabetically. 20. In the Counter column, find Disk Read Bytes/Sec and ensure the object column is Logical Disk. 21. Click the check box for any host which displays a value for Disk Read Bytes/Sec. Note the chart that is created.

22. From the Monitoring Pane, expand Microsoft System Center Virtual Machine Manager Views and select Diagram View for SCVMM01.

23. When the diagram loads, click on the + by VMM Infrastructure to expand the node. 24. Expand Agent Watchers by clicking the +, note that SCVMM01 is managing these four servers. Click the - next to Agent Watches to minimize the node. 25. Expand SCVMM01.contoso.com by click the +. The zoom can be adjusted on the toolbar if a view adjustment is needed. 26. Scroll to the left and expand DC01.contoso.com by clicking the +

27. Expand the node with a GUID as a name by clicking the +, this will open a node with multiple iscsitargets which have been made available through that network adapter. Click the - next to DC01.contoso.com to compress the node. 28. Scroll to the right and click the VirtualManagerDB. This is the virtual machine manager database that has been previously created. 29. Scroll to the right and click the node titled VMMLibrary. This is the network share. 30. Scroll the far right and click on Windows Server 2012. Note that this is an offline VMware virtual machine which is stored in the VMM library. 31. From the Monitoring Pane, expand Microsoft Windows Server and select Operating System Performance. Under Legend, click Rule to sort the column alphabetically. 32. In the Rule column, find the Memory Available Megabytes Windows Server 2012 R2 entries and check SCVMM01.contoso.com, DC01.contoso.com and SCOM01.contoso.com. Review the data and then clear the checkboxes.

33. In the Rule column, find the Memory Pages Per Second Windows Server 2012 R2 entries and check SCVMM01.contoso.com, DC01.contoso.com and SCOM01.contoso.com. Review the data and then clear the checkboxes. 34. In the Rule column, find the Percent Memory Used entries and check SCVMM01.contoso.com, DC01.contoso.com and SCOM01.contoso.com. Review the data and then clear the checkboxes. 35. In the Rule column, find the Processor Information % Processor Time Total Windows Server 2012 R2 entries and check SCVMM01.contoso.com, DC01.contoso.com and SCOM01.contoso.com. Review the data and then clear the checkboxes. 36. In the Monitoring Pane, under Microsoft Windows Server, expand Health Monitoring and select Disk Health and review the information. 37. In the Monitoring Pane, under Microsoft Windows Server, expand Health Monitoring and select Network Adapter Health and review the information.

38. In the Monitoring Pane, under Microsoft Windows Server, expand Health Monitoring, expand Operating System Events and select Services or Drivers Failing to Start and review the information.

39. In the Monitoring Pane, under Microsoft Windows Server, expand Health Monitoring, expand Operating System Events and select Unexpected Service Terminations and review the information.

40. In the Monitoring Pane, expand Operations Manager and review the Active Alerts. Below Operations Manager, select the Management Group Diagram node. Adjust the zoom so all the information in the diagram is viewable. 41. Click the Data Access Service node and expand it by clicking +, review the node and then minimize the Data Access Service node.

42. Expand Databases by clicking the +. Expand Data Warehouse by clicking the + and notice the operations Data Warehouse manager has a relationship with SC0M01.contoso.com, as indicated by the blue arrow. Minimize the node by clicking the - next to Data Warehouse.

43. Under Databases, expand Operations Database by clicking the +, and click the + next to All Management Servers Resource Pool DB Watcher to expand the node.

44. With the All Management Servers Resource Pool DB Watcher node selected, click Health Explorer from the right pane and review the information about the alerts by looking at the Knowledge and State Change Event tabs. Close the window and minimize the Database node.

45. Expand Infrastructure Group by clicking the +. These are different roles within the operation manager infrastructure. 46. On the far right, click on the + to expand the Web User Interfaces and note the different operation manager web consoles that are also being monitored. 47. In the Monitoring Pane, expand Operations Manager and select Management Group Health and review this pre-configured dashboard. 48. In the Monitoring Pane, expand Operations Manager and select Management Group Health Trend and review the alerts that have recently appeared. 43. Feel free to browse some of the other infrastructure monitoring views. This lab includes views that do not contain any data, as not all infrastructure components are deployed within this lab. Other infrastructure views include: a. App Controller b. Data Warehouse c. Microsoft Application Virtualization Server 5.0 d. Microsoft Message Queue 6.3 e. Microsoft Network Load Balancing f. Microsoft Windows Internet Information Services g. Microsoft Windows Server DHCP

h. Microsoft Windows Server DNS i. Microsoft Windows Server File & iscsi Services 2012 j. Microsoft Windows Server File Services k. Microsoft Windows Server Update Services 2012 R2 l. Microsoft Windows Server Network Monitoring m. Operations Manager n. Service Manager o. Service Provider Foundation p. Synesthetic Transactions q. System Center 2012 Configuration Manager r. System Center 2012 R2 Data Protection Manager s. System Center Orchestrator t. UNIX/Linux Computers u. Windows Azure Pack Monitoring v. WS-Management and SMASH Monitoring 3.2.2 - SCOM: Monitor VMware Infrastructure In this exercise a VMware infrastructure will be monitored by Operations Manager using a Management Pack provided by Veeam. This management pack reports on the storage, networking, virtual machines, hosts, clusters and more of the VMware vcenter infrastructure. Estimated time to complete: 5 minutes Perform the following on SCOM01 1. From SCOM01, open the Operations Manager Console by clicking the icon in the taskbar.

2. Navigate to the Monitoring workspace. 3. Browse to Veeam for VMware _All Active Alerts. 4. Review the Alerts. 5. Select _vcenter Compute Topology. 6. In the Results pane, scroll down and expand Production Datacenter by clicking the + icon. 7. Scroll down and expand SRVGRE-PROD-CLU.

8. Review the impacted nodes. It is possible to adjust the view by using the zoom icons in the upper toolbar. 9. Navigate to _vcenter Storage Topology. 10. Review the impacted nodes. 11. Expand the vsphere Host folder and select All Hosts.

12. Double-click the server srvgre-prod-esx1 to view properties about the object. 13. Navigate to vsphere Virtual Machine folder and click All Virtual Machines. 14. Review the results pane to see properties of the different VMs. 15. Click VMs by Guest OS. 16. Expand Performance Views and select All VMGuest Performance. 17. Right-click in the chart area and click Select Time Range.

18. Ensure that the range is set to the last 1 Hours and click OK. 19. In the Legend, add and remove counters to view performance data.

3.2.3 - SCCM: Manage Reports In this exercise Configuration Manager reports will be reviewed using the web-based Report Manager. Reports can be scheduled, emailed or viewed on-demand through the website. Viewing these reports is not required for any other exercises, so feel free to skip ones that are not interesting. Estimated time to complete: 15 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar.

2. Navigate to the Monitoring workspace. 3. Expand Reporting and select Reports. This shows all the available reports from the Configuration Manager Console. 4. Launch Internet Explorer and navigate to http://sccm01/reports. This is the Reports homepage. 5. Click the folder titled ConfigMgr_HQ1.

6. On the right hand side select the button called Details View. This organizes the display in a list order. Feel free to adjust any future pages to this view. 7. Double-click on ConfigMgr_HQ1. 8. Open Asset Intelligence and click Hardware 01A - Summary of computers in a specific collection.

9. At the top of the page next to Collection click the drop down menu and select Contoso Datacenter. Click View Report. This report includes basic inventory information for all of the servers in the collection.

10. Return to ConfigMgr_HQ1 and click Compliance and Settings Management. Review the list of reports that are available. 11. Return to ConfigMgr_HQ1 and click Device Management. Review the list of reports that are available.

12. Return to ConfigMgr_HQ1 and click Hardware - Disk then run Count physical disk configurations. This report shows the different sizes and quantities of disks throughout the organization.

13. Select the link for 102398 (1GB with a count of 15). This page displays all of the computers with a disk of 1GB.

14. Return to Hardware - Disk and click Disk Information for a specific computer - Logical disks. 15. After Computer Name enter: DC01 then in the upper right corner click View Report. This will show information about the different disks on this particular server.

16. Return to ConfigMgr_HQ1, click Hardware - General and then select Computer information for a specific computer. 17. After Computer Name enter SCOM01 then click View Report. Review the information about this particular server. 18. Return to ConfigMgr_HQ1 and click Network then select IP - Computers in a specific subnet. 19. Click the drop down next to IP Subnet and select 10.0.0.0 then click View Report. This report shows the list of all the different network adapters within this particular subnet.

20. Return to ConfigMgr_HQ1 and click Operating System. Select Services - Computers running a specific service. 21. Click the drop down next to NT Service Name and select Microsoft iscsi Initiator Service then click View Report. This displays all the computers running the iscsi Initiator Service which allows them to connect to remote iscsi storage.

22. Return to the Operating System page and select Windows Server computers. 23. Click the drop down next to Collection and select Contoso Datacenter then click View Report. This displays all the information about the Windows Server computers within this organizational unit.

24. Return to ConfigMgr_HQ1 and click Software Distribution - Application Monitoring then select All application deployments (advanced). 25. Return to ConfigMgr_HQ1 and click Software Distribution - Content then select All content. Review the content which is available for distribution by Configuration Manager.

26. Return to ConfigMgr_HQ1 and click Software Updates - A Compliance then select Compliance 2 - Specific software update. 27. For Collection click the drop down and select: HQ10000C - Contoso Datacenter, then click View Report. This displays a list of software updates which have been deployed in the data center. Note the column for % Compliant which shows how many of the servers meet the criteria for compliance. 28. Return to ConfigMgr_HQ1 and click User - Device Affinity then select User device affinity associations per collection. 29. For Collection Type select User for Collection select All users and users groups then click View Report. This shows which devices have met the criteria for User Device Affinity.

30. From the upper left corner for Collection Type click Device. Under collection select Contoso Datacenter. Click View Report. This shows who has accessed each of the different servers in the data center.

31. Close Internet Explorer. 3.3 - SCOM: Create a Dashboard 3.3.1 - SCOM: Create a Custom Dashboard View In this exercise a custom view will be created in Operations Manager to help the administrator understand information about their datacenter components through rich visual displays. Estimated time to complete: 2 minutes

Perform the following on SCOM01 1. From SCOM01, open the Operations Manager Console by clicking the icon in the taskbar. 2. Navigate to the Monitoring workspace. 3. Right-click on the top Monitoring node then select New Dashboard View. 4. In the right-hand list of templates select Grid Layout and then click Next.

5. On the General Properties page in the Name filed, enter the text My Dashboard View and click Next. 6. On the Specify the layout of the dashboard page, In the combo box at the top of the layout page select 3 cells from the dropdown list. 7. In the layout template display select the first option (top left) which has two small panels above a wider panel. With that template selected, click Next.

8. Click Create to register and load the new dashboard template. 9. When complete, click Close to close the wizard. 3.3.2 - SCOM: Add Widgets to the Dashboard In this exercise several widgets will be added to the newly created dashboard. A widget is an indicator showing the value, performance, alerts or some other data about a component monitored by Operations Manager. Estimated time to complete: 8 minutes

Perform the following on SCOM01 1. From SCOM01, open the Operations Manager Console by clicking the icon in the taskbar. 2. Navigate to the Monitoring workspace. 3. Expand Monitoring and click My Dashboard View then click the Click to add widget link in the center of the upper left panel, which opens the New Dashboard and Widget Wizard. 4. In the right hand panel of the wizard, select the State Widget and then click the Next button.

5. In the Name text box enter the text SQL Server State and click the Next button. 6. In the Specify the Scope page, click the blue plus (+) Add button above the list box. 7. In the Add Groups or Objects window, type SQL in the Enter text to filter the list of groups textbox. 8. Select SQL Computers, and click the Add button to copy that group to the Selected Items.

9. Click OK. 10. After returning to the New Dashboard and Widget Wizard, select Next.

11. On the Specify the Criteria page, click Next. 12. On the Specify Display Preferences page, under the Columns to display heading check the Icon and Maintenance Mode checkboxes. 13. Click Next.

14. Click Create. This will take a minute to complete. 15. Once the wizard has completed, click Close. 16. After returning to the Dashboard View, a summary of the health state of the SQL Servers will appear shortly. Do not wait for this information to appear, continue to the next step. 17. Using the Operations Manager Console click the Click to add widget link in the center of the upper right panel, which opens the New Dashboard and Widget Wizard. 18. In the right hand panel of the wizard, select the Alert Widget and then click the Next button.

19. In the Name text box enter the text All Alerts. 20. On the Specify the Scope page, press Next. 21. On the Specify the Criteria page review the options, then press Next. 22. On the Display page review the options, then press Next. 23. Click Create on the Summary page. 24. Once the dialog has completed the actions, click Close. 25. Using the Operations Manager Console click the Click to add widget link in the center of the lower panel, this opens the New Dashboard and Widget Wizard.

26. In the right hand panel of the wizard, select the Performance Widget and then click the Next button.

27. In the Name text box enter the text SQL Perf and click the Next button. 28. On the Specify the scope and Counters page, click the ellipsis (...) button. 29. In the Select a group or object page, type SQL in the text box. 30. Select SQL Computers and click OK. 31. On the Specify Scope and Counters page, click the Add button. 32. In the Object dropdown, click SQLSERVER:General Statistics. 33. In the Available Items pane select UserConnections (All) and Logins/sec (All) and click Add.

34. Click OK. 35. Click Next. 36. On the Time Range page, change the value to 72 Hours and click Next. 37. On the Specify the Chart Preferences page, click Performance Counter and click Next.

38. Click Create. 39. When it completes, click Close. 40. In the Monitoring tree, right-click My Dashboard View and click Add to My Workspace. If an error message appears, close the Operations Manager Console, then open it again and repeat this step. 41. Click OK. 42. Click My Workspace in the bottom left corner to move to that workspace.

43. Click My Dashboard View in the My Workspace view to see the newly created dashboard view. 3.4 - SCDPM: Backup the Infrastructure 3.4.1 - SCDPM: Backup Virtualization Infrastructure In this exercise a virtual machine and Hyper-V host will be backed up by Data Protection Manager. Estimated time to complete: 10 minutes

Perform the following on SCOM01 1. Open SCOM01, then open Server Manager from the Taskbar. 2. After the dashboard loads, select Manage Add Roles and Features. 3. On the Before You Begin screen, click Next. 4. On the Installation Type screen, click Next. 5. On the Server Selection screen, select SCOM01.contoso.com, then click Next.

6. On the Server Roles screen, click Next. 7. On the Features screen, select Windows Server Backup, then click Next. 8. On the Confirmation screen, click Install.

9. Once installation begins, Close the Add Roles and Features Wizard. Do not wait until it runs to completion. 10. Close Server Manager. Perform the following on SCDPM01 11. From SCDPM01, repeat steps 1 to 10. 12. Open the DPM Administrator Console by clicking the icon in the taskbar. 13. Navigate to the Protection workspace.

14. Click New on the ribbon. 15. Click Next on the Welcome screen. 16. On the Select protection group type screen, select Servers and click Next.

17. Expand Cluster-HyperV (Cluster), then expand SCVMM VM01 Resources, and Hyper-V. This may take a minute. The virtual machine VM01 should be placed on Cluster-HyperV. 18. Expand SCOM01, then expand HyperV. This may take a minute. 19. Select the checkboxes for Host Component and Offline\VM01. This will backup both the newly created VM and the host configuration. Click Next. 20. On the Select Data Protection Method page, in the Protection group name field, enter Hyper-V Protection Group, then click Next.

21. On the Specify Short-Term Goals screen, keep the default settings and click Next. 22. On the Review Disk Allocation screen, keep the default settings and click Next. 23. On the Choose Replica Creation Method screen, keep the default settings and click Next. 24. On the Consistency check options screen, deselect the checkbox for Run a consistency check if a replica becomes inconsistent, and click Next. 25. On the Summary screen select Create Group.

26. Click Create Group and wait until all the tasks complete. 27. Click Close to close the wizard. 28. In the Protection workspace, the Protection Status will display Replica creation in progress. 29. After a moment the Protection Status should display OK for the Host Component and Replica is inconsistent for the Virtual Machine. The inconsistent replica is expected in this virtualized lab environment because the virtual machine that was protected (VM01) has never been run and registered its Volume Shadow Copy Service (VSS). Data Protection Manager uses the VSS when it creates a backup, to ensure that the replica is consistent. A consistent backup means that any inprogress transactions are either flushed or paused, so that the data does not change during the backup, and it can be recovered successfully. Since Data Protection Manager cannot communicate with the VSS writer for VM01, the backup may not have been consistent.

3.4.2 - SCDPM: Backup System Center Infrastructure In this exercise a SQL Database that is used by System Center Operations Manager will be backed up by Data Protection Manager. Estimated time to complete: 10 minutes Perform the following on SCDPM01 1. From SCDPM01, open the DPM Administrator Console by clicking the icon in the taskbar. 2. Navigate to the Protection workspace.

3. Click New on the ribbon. 4. Click Next on the Welcome screen. 5. On the Select protection group type, select Servers and click Next. 6. Expand SCOM01 in the list of servers. 7. Expand All SQL Servers, then expand SCOM01. This may take a minute.

8. Select SCOM01, which becomes (Auto) SCOM01, to select all the SQL databases for Operations Manager. The databases for other System Center 2012 components can also be protected using DPM. 9. Expand SCVMM01 in the list of servers. This may take a minute. 10. Expand All Shares and select MSSCVMMLibrary. This will back up the files in a library server used by Virtual Machine Manager.

11. A notification will appear. Click OK to close it. 12. Click Next. 13. On the Select Data Protection Methods tab, enter System Center Protection Group in the Protection group name box and ensure the first option is selected, I want short-term protection using: Disk. Click Next. 14. On the Select Short-Term Goals screen, review the settings then click Next.

15. If an Optimize Performance window appears, close the Optimize Performance window by selecting Cancel. Click Next. 16. On the Review disk allocation, deselect Automatically grow the volumes, then click Next. The disk size information may be different from the screenshot below.

17. On the Choose Replica Creation Method screen, ensure that Automatically over the network and Now is selected, then click Next. 18. Click Next on the Choose consistency check options screen. 19. Click Create Group and wait until the tasks complete. 20. Click Close to close the wizard. This process will take several minutes to complete. Move on to the next exercise while this completes. 3.5 - SCDPM: Recover the Infrastructure 3.5.1 - SCDPM: Recover Virtualization Infrastructure In this exercise the Hyper-V host configuration will be restored from backup using Data Protection Manager. Exercise 3.4.1 - SCDPM: Backup Virtualization Infrastructure should be completed in order to successful recover the host configuration information. Estimated time to complete: 5 minutes

Perform the following on SCDPM01 1. From SCDPM01, open the DPM Administrator Console by clicking the icon in the taskbar. 2. Navigate to the Recovery workspace. 3. From the left navigation pane, expand Recoverable Data Contoso.com SCOM01 All Protected HyperV Data Host Component. 4. In the lower-center pane, select the Host Component item.

5. In the upper ribbon, click Recover. 6. In the Recovery Wizard, on the Review Recovery Selection screen, click Next. 7. On the Select Recovery Type screen, select Recover to original instance, then click Next.

8. The Specify Recovery Options screen, under Network bandwidth usage throttling, click Modify. 9. On the Throttle screen, select the checkbox for Enable network bandwidth usage throttling, then click OK.

10. On the Recovery Wizard screen, click Next. 11. On the Summary screen, click Recover.

12. Wait a few minutes until the progress bar completes, then on the Recovery Status tab, ensure that the status shows as Successful. 13. Click Close to complete the Wizard. 3.5.2 - SCDPM: Recover System Center Infrastructure In this exercise a SQL database used by Operations Manager is restored from backup by Data Protection Manager. Exercise 3.4.2 - SCDPM: Backup System Center Infrastructure should be completed in order to successful recover the System Center information. Estimated time to complete: 5 minutes Perform the following on SCDPM01

1. From SCDPM01, open the DPM Administrator Console by clicking the icon in the taskbar. 2. Navigate to the to the Protection workspace. 3. Under Protection Group: System Center Protection Group verify that the status displays OK. If the status indicates that the replica is still being created, wait until it finishes. 4. Select to the Recovery workspace. 5. From the left navigation pane, expand Recoverable Data Contoso.com SCOM01 All Protected SQL Instances SCOM01 ReportServerTempDB.

6. In the lower-center pane, select the ReportServerTempDB item. 7. In the upper ribbon, click Recover. 8. In the Recovery Wizard page, confirm the settings and click Next. 9. On the Select Recovery Type screen, select Recover to original instance of SQL Server (Overwrite database), then click Next.

10. On the Specify Database State screen, select Leave database operational, then click Next.

11. On the Specify Recovery Options screen, leave the default options, then click Next. 12. On the Summary screen, click Recover. 13. Wait a few minutes until the progress bar completes, then on the Recovery Status tab, ensure that the status shows as Successful.

14. Click Close to complete the Wizard. 15. Select to the Recovery workspace. 16. Navigate to Recoverable Data contoso.com SCOM01 All Protected SQL Instances SCOM01 ReportServerTempDB.

17. In the details pane, under Recoverable Item select ReportServerTempDB. 18. In the upper ribbon, click Recover. 19. In the Recovery Wizard, on the Review Recovery Selection screen, click Next. 20. On the Select Recovery Type screen, select Recover to original instance of SQL Server (Overwrite database), then click Next.

21. On the Specify Database State screen, select Leave database operational, then click Next. 22. On the Specify Recovery Options screen, leave the default options, then click Next. 23. On the Summary screen, click Recover.

24. Wait a few minutes until the progress bar completes, then on the Recovery Status tab, ensure that the status shows as Successful.

25. Select to the Recovery workspace. 26. From the left navigation pane, expand Recoverable Data Contoso.com SCVMM01 All Protected Shares MSSCVMMLibrary. 27. In the lower-center pane, select the VHDs item.

28. In the upper ribbon, click Recover. 29. In the Recovery Wizard on the Review Recovery Selection screen, ensure that VHDs is selected, then click Next. 30. On the Select Recovery Type screen, select Recover to original location, then click Next. 31. On the Specify Recovery Options screen, under Existing version recovery behavior, change the selection to Skip, then click Next.

32. On the Summary screen, click Recover. 33. Wait a few minutes until the progress bar completes, then on the Recovery Status tab, ensure that the status shows as Successful. 34. Click Close to complete the Wizard.

3.6 - SCCM: Secure the Datacenter Saturday, February 15, 2014 6:50 PM 3.6.1 - SCCM: Manage Assets In this exercise Configuration Manager will manage datacenter assets by creating minimum hardware requirements and viewing different resources on managed clients. Estimated time to complete: 5 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar. 2. Navigate to the Assets & Compliance workspace. 3. Navigate to Asset Intelligence Hardware Requirements.

4. From the upper ribbon select Create Hardware Requirements. 5. In the Software title box enter: System Center SQL Server. 6. In the Minimum CPU box enter: 1000. 7. In the Minimum RAM (KB) box enter: 2048000. This is equal to 2 GB. 8. In the Minimum Disk Space (KB) box enter: 10000000. This is equal to approximately 10 GB. 9. In the Minimum Disk Size (KB) box: 20000000. This is equal to approximately 20 GB.

10. Click Next. 11. On the Summary screen click Next. 12. Wait until the process completes and on the Completion screen click Close. This may take a minute.

13. In the Hardware Requirements Search box enter: System Center 14. Click Search and note the newly created Hardware Requirement.

15. Select Devices from the navigation pane.

16. Select SCOM01, then from the upper ribbon click Device Start, and when the drop down appears select Resource Explorer. 17. Expand Hardware then click on several of the objects to view information about this server which Configuration Manager is managing.

18. Close the Resource Explorer. 3.6.2 - SCCM: Manage Software Updates In this exercise Configuration Manager deploys a group of updates to SQL Servers. Configuration Manager has synced with Windows Server Update Services to see a list of updates that it can deploy. The SQL Server updates are discovered and grouped together, then deployed to the SQL Servers. Estimated time to complete: 10 minutes Perform the following on SCCM01

1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar. 2. Navigate to the Software Library workspace. 3. Expand Software Updates and select All Software Updates. 4. In the Search bar, enter SQL and click Search. 5. When the results appear, select all of the updates except the update for SQL Server 2000. There will be 7 updates in this group. 6. Right-click the selected updates and select Create Software Update Group.

7. In the Create Software Update Group dialog box, enter SQL Server 2012 Updates in the Name field and click Create. This will organize the selected updates as a logical group. This will take a minute to complete. 8. Navigate to Software Updates and select Software Update Groups. 9. Select SQL Server 2012 Updates. 10. From the upper ribbon, click Show Members. This view will now show all of the SQL Server 2012 updates.

11. Sort the updates by title by clicking on the title column. 12. Select the first update, Microsoft SQL Server 2012 Service Pack 1 (KB2674319) and note the details in the preview. If the preview pane is not visible, click the arrow in the lower right corner to display the details. 13. Select the last update, Update Rollup for SQL Server 2012 Service Pack 1 (KB2793634) and note that the servers are not compliant, as the update is required on 6 servers.

14. From the navigation pane, right-click SQL Server 2012 Updates and select Deploy. This will open the Deploy Software Updates Wizard. 15. Enter SQL Updates as the Deployment Name. 16. After Collection, click Browse. On the Select Collection window, select Contoso Datacenter and click OK.

17. Click Next. 18. On the Deployment Settings page, keep the defaults and click Next. 19. On the Scheduling page, keep the defaults and click Next. 20. On the User Experience page, keep the defaults and click Next. 21. On the Alert page, select the checkbox to enable Generate Operations Manager alert when a software update installation fails. 22. Click Next. 23. On the Download Settings page, keep the defaults and click Next. 24. On the Deployment Package page, select Create a new deployment package, under Name, enter SQL Deployment Package. 25. Under Package Source, enter \\SCCM01\d$\Updates.

26. Click Next. 27. On the Distribution Points Page, click Add, then select Distribution Point from the dropdown menu. Select the checkbox for SCCM01.CONTOSO.COM and click OK. 28. Click Next. 29. On the Download Location page, keep the default selection and click Next. Configuration Manager will not download any duplicate files. However, this lab is not connected to the Internet which will cause this step to fail. This is expected, and designed this way so as to not disrupt the other virtual machines and exercises in this lab. 30. On the Language Selection page, keep the defaults and click Next. 31. On the Summary page, review the information and click Next. Wait for the wizard to complete running. It will complete with errors, this is expected as the lab is not connected to the Internet. It would have also been possible to point to offline updates which have already been downloaded, which are managed by a centralized Configuration Manager or a Windows Server Update Services server. However, in order to optimize the size of this lab, the offline content was omitted. 32. Click Close. 33. Navigate to Software Updates and select Deployment Packages. Click Refresh from the upper ribbon and note that the newly created SQL Deployment Package is now available. 34. Select SQL Deployment Package from the results pane.

35. In the upper ribbon, select Update Distribution Points. This will upload any of the updates which are part of this deployment package to the distribution points. On the prompt, click OK. 3.6.3 - SCCM: Manage Server Compliance In this exercise a Configuration Baseline is created which ensures that all computers in a collection meet a specific requirement, in this example it is a minimum SQL Server version number. Many of these baselines can include an option to automatically remediate the computer if it drifts from that desired setting. Estimated time to complete: 10 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar.

2. Navigate to the Assets and Compliance workspace. 3. Expand Compliance Settings and select Configuration Items. 4. From the upper ribbon, select Create Configuration Item. 5. On the General page, enter System Center SQL Configuration in the Name field. 6. Under Assigned categories to improve searching and filtering, click Categories. Select IT Infrastructure and Server. Click OK.

7. After returning to the General page, click Next. 8. On the Supported Platforms page, unselect everything by unchecking the Select all box. Select Windows 2008, Windows Server 2012 and Windows Server 2012 R2.

9. Click Next. 10. On the Settings page, click New. In the Name field, enter SQL Server Version Minimum. Under Description, enter Requires version 11.0 or later. 11. Under Hive Name, select Browse. On the Browse Registry window, expand HKEY_LOCAL_MACHINE Software Microsoft MSSQLSERVER MSSQLSERVER and select Current Version. Note the Registry Value shows the current version of 11 or better. 12. From the Data type dropdown, select Version.

13. Click OK. 10. Click Apply. 11. Click the Compliance Rules tab. 12. Click New. For Name, enter Minimum Version Number. 13. For Rule type, select Value. 14. For The Setting must comply with the following rule, set SQL Server Version Minimum Greater than and set the following values to 11.0. 15. Check Report noncompliance if this setting instance is not found. 16. Under Noncompliance for severity reports, select Warning.

17. Click OK. Click Apply and then click OK. 18. Click Next. On the Compliance Rules page, click Next. 19. On the Summary page, review the information and click Next. This will take a minute to complete. 20. On the completion page, click Close.

21. Navigate to Compliance Settings Configuration Baselines. 22. From the upper ribbon, select Create Create Configuration Baseline.

23. In the Name field, enter System Center SQL Baseline. Under Configuration data, click Add. Select Configuration Items from the dropdown. 24. On the Add Configuration Items page, filter for SQL. 25. Select System Center SQL Configuration, then click Add. Click OK. 26. On the Create Configuration Baseline page, click Add and click Software Updates. 27. Under Look for, enter SQL and click Find Now.

28. Select all of the updates, except for the first one (Update for SQL Server 2000) and then click OK. 29. Select Categories. On the Manage Administrative Categories page, select IT Infrastructure and Server and click OK.

30. After returning to the Create Configuration Baseline page, click OK.

31. After returning to the Assets and Compliance workspace, in the Search bar enter SQL then click Search. 32. Select the newly created baseline, System Center SQL Baseline. Right-click it and select Show Members. This will create a new node under Configuration Baselines.

33. Right-click the System Center SQL Baseline node in the navigation pane and click Deploy. 34. On the Deploy Configuration Baselines page, Select Remediate noncompliant rules when supported, Generate an alert, and Generate System Center Operations Manager Alert. 35. After Collection, click Browse. 36. Select the dropdown and change it to Device Collections. Select Contoso Datacenter.

37. Click OK to return to the Deploy Configuration Baselines page. 38. Click OK, this will deploy the configuration baseline. 39. Under Configuration Baselines, select Remote Connection Profiles.

40. In the right-pane select Contoso Remote Connections. In the upper ribbon, select Properties. 41. Select the Profile Settings tab, then for the Full name and port of the Remote Desktop Gateway Server field enter ContosoRD.contoso.com:8080.

42. Click OK. 43. From the Remote Connections Profile view, click Contoso Remote Connections and from the upper ribbon, click Deploy. 44. Under Collection, click Browse and select All Systems. Click OK.

45. Select the checkbox for Remediate noncompliant rules when supported. 46. Click OK to deploy the profile.

47. Select the Monitoring workspace and select Deployments.

48. Select System Center SQL Baseline and Contoso Remote Connections and from the upper ribbon, select Run Summarization. 49. Click OK on the prompt. This will take several minutes to complete, so move on to the next exercise.

3.6.4 - SCCM: Deploy Endpoint Protection Client In this exercise the Endpoint Protection Client will be imported into Configuration Manager, then deployed to different servers in the datacenter. Estimated time to complete: 15 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar. 2. Navigate to the Administration workspace. 3. Click Client Settings. 4. Click Contoso Device Settings.

5. From the upper ribbon click Properties and click Endpoint Protection. 6. Review the settings. Under the Device Setting for Suppress any required computer restarts after the Endpoint Protection client is installed drop-down select Yes.

7. Click OK. 8. Select Contoso Device Settings and from the upper ribbon click Refresh. 9. Select the Software Library workspace. 10. Navigate to Overview Application Management Applications. 11. Select Create Create Application. 12. On the Create Application wizard on the General page select Manually specify the application information and click Next.

13. Under Name, enter System Center Endpoint Protection. 14. On the Application Catalog page, under Publisher add Contoso IT. 15. Click Next 16. On the Application Catalog page, click Next 17. On the Deployment Types page click Add. 18. On the Create Deployment Type wizard, select Manually specify the deployment type information..

19. Click Next. 20. Under Name enter: System Center Endpoint Protection Deployment. 21. Click Next. 22. Under Content location click Browse and navigate to \\sccm01\d$\program Files\Microsoft System Center 2012 R2\Configuration Manager\Client and click Select Folder. 23. Under Specify the command used to install this client enter: D:\Program Files\Microsoft System Center 2012 R2\Configuration Manager\Client scepinstall.exe /s

24. Click Next. 25. Under Detection Method click Add Clause button. 26. Under Type click the dropdown and select Folder. 27. Under Path type: C:\Program Files 28. Under File or folder name enter: Microsoft Security Client. Click OK.

29. Click Next. 30. Under User Experience, select the dropdown next to Installation behavior and select Install for system. 31. Click Next.

32. On the Requirements page click Next. 33. On the Dependencies page click Next. 34. On the Summary click Next. Click Close. 35. After returning to the Create Application Wizard screen, click Next. 36. On the Summary screen click Next. This process will take a minute to complete. 37. When the Create Application Wizard is complete click Close.

38. Navigate to the Applications view, and note that the newly created System Center Endpoint Protection is now available.

39. From the upper ribbon select Deployment Distribute Content. 40. When the Distribute Content Wizard opens click Next. 41. On the Content page click Next. 42. On the Content Destination page click Add and select Distribution Point. 43. On the Add Distribution Points page select SCCM01.contoso.com and click OK.

44. Click Next. 45. On the Summary page click Next. 46. On the Completion page click Close.

47. On the upper ribbon select Deployment Deploy. 48. On the General page under Collection select Browse. 49. From the dropdown in the upper left corner select Device Collection. 50. Select Contoso Datacenter.

51. Click OK. 52. Click Next. 53. On the Content screen select \\SCCM01.contoso.com and click Next.

54. On the Deployment Settings screen click Next. 55. On the Scheduling screen click Next. 56. Under User Experience click Next. 57. On the Alerts screen, select the checkbox next to Generate System Center Operations manager alert when a software installation fails. 58. Click Next.

59. On the Summary screen click Next. 60. On the Completion page when the Deploy Software Wizard completes successfully click Close. 61. Navigate to the Monitoring workspace, select Deployments and select System Center Endpoint Protection. 62. Expand the view in the Information pane by clicking the dropdown arrow on the right.

63. In the Navigation pane expand Endpoint Protection Status and select System Center 2012 R2 Endpoint Protection. Review the information on this page. The Configuration Manager agent includes the Endpoint Protection agent and is already installed on many of the computers in this lab environment which is why they may be reporting some information. 3.6.5 - SCCM: Configure Protection Policies In this exercise new policies with be created in Configuration Manager as customized templates which can be deployed in the datacenter. First a Windows Firewall Policy will be created which defines customized firewall settings, then an Antimalware Policy will be created which defines additional security settings for each server. Estimated time to complete: 10 minutes Perform the following on SCCM01 1. From SCCM01, open the Configuration Manager Console by clicking the icon in the taskbar.

2. Navigate to the Assets and Compliance workspace. 3. Browse to Endpoint Protection Windows Firewall Policies. 4. From the upper ribbon, click Create Windows Firewall Policy. 5. For Name enter System Center Firewall Policy.

6. Click Next. 7. For Enable Windows Firewall: After Domain profile select Yes. After Private profile select No. After Public profile select No. 8. Under Block all incoming connections including those in the list of allowed programs click No.

9. Click Next. 10. On the Summary screen, click Next. 11. On the Completion screen, click Close. 12. Click the newly created System Center Firewall Policy.

13. From the upper ribbon click Deploy. 14. On the Deploy Windows Firewall Policy page under Collection click Browse. 15. Under Device Collection, click Contoso Datacenter and click OK.

16. After returning to the Deploy Windows Firewall Policy screen click OK. 17. Under Endpoint Protection, click Antimalware Policies. 18. From the upper ribbon, click Create Antimalware Policy. 19. On the Create Antimalware Policy page, next to Name enter Contoso Antimalware Policy 20. In the lower box select every checkbox. This will populate a list of tabs in the left column.

21. Click Scheduled scans. Review the information. 22. Click Scan settings and from the dropdown next to Scan network drives when running a full scan click Yes.

23. Click Default Actions. Review the information. 24. Click Real-time Protection. Review the information. 25. Click Advanced. 26. On the Advanced page under Show notification messages on the client computer when the user needs to run a full scan, update definitions, or run Windows Defender online click Yes. 27. Under Randomize scheduled scan and definition update start times (within 30 minutes) click Yes. This will ensure that he start time of the scan across all the servers in the datacenter will be staggered so that there is not a large spike in the CPU at the exact same time.

28. Click Threat overrides. 29. Click the Set button. 30. In the Configure Settings dialog box click Browse. 31. After Threat name click Find. This shows a list of pre-populated threats that System Center Endpoint Protection will protect against.

32. Click Cancel to return to the Create Antimalware Policy screen. 33. Click Definition updates. 34. Review the information and click OK. 35. Select the newly created Antimalware Policy called Contoso Antimalware Policy. 36. From the upper ribbon click Deploy.

37. From Select Collection select Contoso Datacenter. 38. Click OK.