Torgeir Bergsvik Solution Specialist Security & Management Microsoft

Torgeir Bergsvik Solution Specialist Security & Management Microsoft

Configuration Manager Capability Overview Service Pack 1 Capability Additions Release 2 Capability Additions Service Pack 2 Upcoming release details

You have seen Configuration Manager 2007 in action This is a summary session of what has changed since RTM

Site Role Maximum # of Client Systems Hierarchy (Central Site Server) 200,000 Primary Site Server 100,000 System Health Validator 200,000 Management Point 25,000 Distribution Point (Non OSD) 4,000 Distribution Point (OSD) Limited by Network & Disk I/O State Migration Point Limited by Network & Disk I/O Software Update Point (WSUS) 25,000 Fallback Status Point 100,000 Branch Distribution Point Limited by OS License, Network & Disk I/O

Supported ConfigMgr SP2 Supported with SP1 Not Supported latform/ Feature HW/SW Inventory OS Deployment Software Distribution Software Update Mgmt Desired Confi Mgmt indows 7 indows Vista indows Vista SP1 indows Vista SP2 indows XP SP3 indows 2000 indows Server 2008 indows Server 2008 R2 indows Server 2003 indows Server 2000 FLOP epos P Embedded indows Embedded Standard 2009* * Sysprep now supported indows CE indows Mobile

Multicast AVM Streaming Distribution Point Server Locator Point SQL Server Primary Site Server SQL Server Asset Intelligence sync point Out of band service p Reporting poin SMS 2003 Role Configuration Manager Role Reporting Point Management Point Software Update Point Fallback Status Point System Health Validator New Role with Service Pack 1 PXE Service Point Branch DP ew R2 Capability State Migration Point

Intel Core 2 Duo Processor Intel Q35 Express Chipset Intel 82566DM Gigabit Network Connection with ICH9-DO Intel vpro Components Intel Key Platform Technologies Intel Active Management Technology (AMT) is a function of the chipset & network controller Hardware-based management for clients Desktop: Intel vprotm Processor Technology Intel Platform Software Ecosystem Solutions

etup and Config Secure Setup & Configure AMT Zero Touch Certificate Hash Zero Touch In band via agent Ties to OSD w/targeting emote Console Helpdesk / Interactive session Serial over LAN IDE Redirection BIOS password bypass Manual power control Discovery/Inventory/Audit Discover On Demand per machine / per collection Scheduled Discovery In band Discovery via agent Power Control Scheduled Power On SWDist, SUM, OSD On Demand Power Control Wake, Restart, Shutdown Interactive via OOB Console

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

Console improvements Rich interface in Configuration Manager Admin Console New Catalog and License management tools Enhanced UI for all Asset Intelligence WMI Classes System Center Online Connection Certificate requirement removed in Service Pack 2 Keep software asset categorization up-to-date On-demand or scheduled catalog synchronization w/on-line Service New Configuration Manager site role: The Asset Intelligence Synchronization Point Upload requests for software categorization to On-line Service Basic replication to distribute AI content to other Configuration Manager sites Ability to import licensing data and compare to inventory Local edit support allows customers to categorize software assets

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

Platform Support Update Windows Vista Service Pack 1 Upgrade Advisor report support OS package support AIK updates, WinPE etc. Windows Server 2008 Managed Client OS Host for Site Roles Multicast Unknown Computer Support Run As support added

Allows unmanaged systems to be recognized and receive an OS deployment Allows computers without a ConfigMgr 07 client to be provisioned with an OS by ConfigMgr 07 OSD Exclusion List for Unknown Computer Support availability A list of computer MAC addresses to which the PXE server should not send task sequences to install an operating system Exclusion list members are ignored

Simultaneously send data to multiple clients rather than sending a copy of the data to each client over a separate connection Allows multiple computers to download an OS image package as it is multicast by the DP Clients can join a multicast session already in progress The multicast feature must be enabled on the specific ConfigMgr 0 DP Branch DP cannot use multicast ConfigMgr 07 Requirements ConfigMgr SP1 and R2 installed to site WDS extension installed on Windows Server 2008 site systems

Prerequisite Windows Server 2008 Windows Deployment Services (WDS) Internet Information Services (IIS) with extensions Network firewall configuration Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS Description - Must be running on DP enabled for multicast -Must be installed before multicast is enabled on the distribution point server - WDS transport server role service is required for multicast operating system deployment support -must be installed before multicast is enabled on the distribution point server - ISAPI extensions and IIS 6 management compatibility must be installed -UDP ports used by multicast are accessible by ConfigMgr 07 clients - Port config link - Operating system deployment package transfer using IIS requires that Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS (required for device clients and Internet-based clients) be enable

In ConfigMgr 07, task sequences run only in the context of the loca system account Network Access account is used to access required packages located on DPs Network Access account needs to access DP or Task Sequence wi fail In R2 Now possible in task sequences to run with credentials other than the local system account Powerful way to deliver elevation to special situations Run As feature cannot be imported by a Configuration Manager 2007 site server due to Task Sequence schema changes This account is required if you add the step Run Command Line to a task sequence, but want to not use Local System

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

System Center builds on the Full Application Virtualization infrastructure: Integrates with existing Active Directory relationships Provides a scalable infrastructure to support a distributed network Broad scenario support to support workers wherever and however they work; desktops, laptops, mobile across LAN/WAN/Branch and Internet connections Centralized management and reporting for physical and virtual applications Reduce costs for deployment, and align to organizational requirements by targeting both user and computer systems for applications Asset Intelligence brings meaningful business terminology for software titles, categories and families, with full support for Virtual Applications Integrate Virtual Application delivery with everyday Management operations OS deployment Patch Management Inventory

Based on Application Virtualization 4.5 feature set Uses System Center Configuration Manager 2007 R2 Admin approach New in ConfigMgr 2007 R2: ConfigMgr can manage and deploy virtual applications Client roaming is supported so the client is always going to the closest server Dynamic nature of Application virtualization preserved Version checking, user-based targeting, streaming

Configuration Manager 2007 SP1 is a prerequisite A customer must have purchased MDOP and be licensed to use App Virtualization 4.5 4.5 Sequencer to build virtual applications 4.5 Client to interact with the ConfigMgr client on the desktop A customer must be licensed to use ConfigMgr 2007 R2 Software Assurance Additional Configuration Manager client requirements (min OS, etc) System Center Operations Manager is optional

Some key areas to be aware of when deploying Virtual Applications in ConfigMgr istribution Point Virtual Applications Tab Enable Virtual Application Streaming Client Agent Config Advertised Programs Client Agent Set to allow Virtual Application Package Advertisement

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

New server role called the Reporting Services Point Ability to convert/copy classic SMS reports to Report Definition Language format and publish them to a Reporting Services Point (report server) New node under Computer Management -> Reporting for accessing the SRS ConfigMgr reports Ability to manage, browse and run SRS ConfigMgr reports from the ConfigMgr Console

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

Built upon the scenarios in the SMS 2003 Client Health Tool External service which queries site systems and ConfigMgr clients for client status on agent activity and overall health Reports on key indicators of client activity to help administrators monitor and maintain the health of their ConfigMgr clients Client Status Reporting can: Identify clients that are online but are not requesting policy Provide a number of reports that detail the status of clients on your site Identify clients that are online but have nonfunctioning client components Identify clients that are online but do not have up-to-date discovery or inventory records Identifies clients that are offline Is not dependent on ConfigMgr 07 site systems CSR will not be affected by problems with backlogged site systems which could cause traditiona reporting mechanisms to generate inaccurate results Uses a number of data sources for its analysis, including: Data from ConfigMgr 07 site database - inventory, discovery, and heartbeat data Gather and analyze policy request log files from MPs Can also check the status and activity of ConfigMgr 07 client components

Forefront Client Security Provides unified malware protection for business desktops, laptops and server systems Provides critical visibility into threats and vulnerabilities Lightweight integration between Forefront Client Security and ConfigMgr 2007 R2 An FCS Configuration Pack will assess the states of FCS agents on machines that are managed by ConfigMgr 2007 R2 Admin gets the reports of overall states of FCS clients through the existing DCM reporting infrastructure Import the configuration pack included on the ConfigMgr 07 R2 CD

Jeff Wettlaufer Sr. Technical Product Manager System Center Microsoft Corporation

Smaller, but still important stuff Update to Management Pack for 64-bit OS s SP2 will ship 64- bit perf counters Remote control added in for (x64 XP and Sever 2003) Multi-select and delete driver catalog drivers from the console Better feedback on AD extension success / failure Certificate requirement removal for Asset Intelligence Hotfix data 36 QFE merges

Supports Intel vpro chipset and iamt firmware versions 4 & 5 Feature Parity with SP1 and iamt firmware versions 3.2.1, 4 & 5 New Features Wireless profiles Wireless profiles associated with all Intel vpro clients in the site Set the wireless information on a per-collection basis during provisioning. 802.1x support - configuration of 802.1x settings on a per-collection basis during provisioning. Audit Logs - Retrieve, store and clear the security audit log on a periodic basis Power Package - Enable configuration of the power package settings with the core provisioning settings for the site. 3rd party data storage - Enable SCCM to store specific information into the NVM data area for inventory or t-shooting.

Configuration Manager R2 is now available Service Pack 2 Public Beta June 2009 In addition to traditional features such as Software distribution, Inventory and OS Deployment R2 brings: Support for Vista SP1 and Windows Server 2008 (added at SP1) Asset Intelligence (added at SP1) Intel AMT integration (added at SP1) Application Virtualization SQL Reporting Client Status Reporting OS Deployment enhancements Forefront Client Security Reporting Download the evaluation at http://technet.microsoft.com/en-us/configmgr/cc761485.aspx Download the Virtual Machine at http://www.microsoft.com/downloads/details.aspx?familyid=e0fadab7-0620-481d-a8b6-070001727c56&displaylang=en

esources System Center Website http://www.microsoft.com/systemcenter/configmgr/default.mspx Application Virtualization Website http://www.microsoft.com/systemcenter/softgrid/default.mspx Management Techcenter http://www.microsoft.com/systemcenter/softgrid/default.mspx Windows Vista http://www.microsoft.com/windows/products/windowsvista/default.mspx Windows Server Resources http://www.microsoft.com/servers/default.mspx System Center Team Blog http://blogs.technet.com/systemcenter/ Website for Microsoft Desktop Optimization Pack for Software Assurance http://www.windowsvista.com/optimizeddesktop Microsoft Virtualization 360 http://www.microsoft.com/virtualization MYITForum http://www.myitforum.com/

2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. e information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part o Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

End User Benefits Improve application responsiveness and reduce file transfer wait time Combined with other SMB offerings enhance the user experience on remote shares Administrator Benefits Optimize network utilization: Recommended for HTTP and HTTPS-based intranet traffic Performs well for SMB (and signed SMB) shares on the read path Support network security protocols (SSL, Ipsec) Reduce the cost of managing WAN 3rd Party Applications Office CopyFile Explorer Office SharePoint BITS WMP IE SMB(CSC/SRV CSC/SRV) HTTP (WebIO/http.sys) BranchCache

2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. e information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part o Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.