adwait joshi november 2, 2011 community evaluation program system center 2012 configuration manager...
TRANSCRIPT
Adwait Joshi
November 2, 2011
Community Evaluation Program
System Center 2012 Configuration Manager Release Candidate-What’s New
Meeting Logistics
• Keep microphones on mute
• Use chat window in Lync for questions
• We will have time at end for any remaining questions
• This meeting will be recorded
Adwait Joshi
November 2, 2011
Community Evaluation Program
System Center 2012 Configuration Manager Release Candidate-What’s New
System Center 2012 Configuration Manager Release Candidate Availability
• ConfigMgr RC available for trial−
http://blogs.technet.com/b/server-cloud/archive/2011/10/27/system-center-2012-configuration-manager-release-candidate-is-here.aspx
• RC for additional tools− Download Package Conversion Manager RC− Download the Configuration Manager P2V Migration Toolkit
ConfigMgr RC Changes Overview
• Key Features− Endpoint Protection
Integration− Application
‘Deployment Simulation’ (Pre-Flight)
− Improved Discovery
• DCRs, Bug Fixes, More…
5
System Center 2012 Endpoint Protection Integration (formerly known as Forefront Endpoint Protection 2012)
• Fully integrated setup and management
• Key Features− Expedited malware events:
client to admin within 5 minutes
− Built-in security admin role− Network-friendly definition
deployments− Improved scalability and
reliability − Simpler to setup and operate− Email subscriptions for alerts
6
System Center 2012 Endpoint Protection Overview Demo
Application Simulated Deployment (“Preflight”)• Goal: Confidence in moving to state based
dynamic applications− Did I do detection method right? − Did I get rules/relationships right? − What will my deployment type mix be?
• What it does: Runs application as required in “rules only” mode− No content download, no execution of deployment type− Results – what would the system have done?
− Processes detection method, requirement rules, dependencies and supersedence
− Does NOT simulate the install!
DCR
Technet video on Simulated Deployment- http://technet.microsoft.com/en-us/edge/video/systemcenter-2012-configuration-manager-how-do-i-video-series-simulated-application-deployment
Feature AreasA quick overview
Hierarchy
• FQDN throughout the product• All ConfigMgr Replication through Data
Replication Service (DRS)(No more SQL transactional replication)
• Replication Link Analyzer (in RC)• Cross forest support - untrusted forests
for site system roles (not site servers)• Secondary site content routing (one
layer)• SQL Configuration Options: Ports,
Instances• MP replica support
DCR
DCR
10
Performance
• Scalability and performance improvements throughout the product:− General console operation− Replication− State and Status messages (alerting)− Discovery Data Processing− Application Catalog
11
UI and Admin Console
• Ability search via dates (e.g. last x days)• Added security scopes into the listview with
filter/sort/search• Only one admin console installer - 32 bit• Improved multi-lingual support, including
server setup• Reporting
− Reports are grouped by folders in the UI− Report Folder “Show-Me” - Folders are now
associated with security role permissions
DCR
DCR
DCR
DCR
12
Applications
• Application Catalog:− Ability to change application catalog color scheme− Updated Application Catalog appearance− Catalog tables update on a schedule, (3 minutes –
24 hours). "Run Now" action to force immediately
• Software Center− Ability to filter by type of deployment
(applications, operating systems, updates)− Ability to show or hide optional deployments
DCR
DCR
DCR
13
14
Software Center
15
Software Center
Software Center
16
Application Catalog
17
Monitoring and Discovery• Monitoring
− Alerts now have subscriptions with email− Added an "Endpoint Protection Status" node
• Discovery− Add Forest Discovery− Remove System Group Discovery− Rename Security Group Discovery to Group
Discovery− Change the responsibility of
− Group discovery: Discover groups and membership of these groups
− System Discovery: Discover basic information of computers and OU of these computers
− User Discovery: It is responsible for Discover basic information of users and OU of these users
DCR
18
Delta Discovery Group discovery
• Discover security groups and distribution groups.
• Discover membership of groups, including both user and computers
• Support specifying individual groups as the discovery scope. (Recommended)
• Detect any changes of group membership
DCR
DCR
19
Changes in Active Directory Beta 2 RCP
New ComputerNew User
Computer basic information changedUser basic information changed
Computer added to a group
User added to a group
Computer removed from a group
User removed from a group
Stale Computer Filtering
• Based on two Active Directory attributes:−Lastlogontimestamp: Record the last
logon timestamp of the computer. It requires Domain function level >= Windows Server 2003
−Pwdlastset: Record the last time when the computer changes its password. By default Active Directory policy enforces each computer changing password every 30 days.
20
Client Settings and DCM
• Compliance Settings Management (DCM):− Baseline remediation can now be limited
to maintenance windows (default)− Baseline deployments can now generate
Operations Manager alerts− Ability to create dynamic collections from
baseline compliance (RC)
• Client Settings− Custom Client Settings can now be
exported and imported (Not just for default)
DCR
21
Client Health
• Client health:− Rule checks expanded from 12 to 21 including:
− WMI service WMI Repository Integrity− BITS service ConfigMgr client,
prerequisites install− SMS Agent Host service ConfigMgr Remote Control service− Antimalware service (EP) Network Inspection (EP)− Windows Update Agent
− Client health state is now live data (versus summarized)
− Can disable automatic remediation of client health via Registry (e.g. Mission critical systems such as servers)
DCR
DCR
22
Other
• Remote Control:− Ability to have agent create required Windows
firewall exemptions− Remote Control Viewer shortcut in the
ConfigMgr program group− Agent is disabled by default
• Platform Support:− Added platform support for
− Windows Embedded 7 SP1− POSReady 7− Windows 7 Thin PC− Windows Embedded Compact 7
23
Other
• Embedded Device Management− Ability to use task sequences to manage write filter enabled systems
• Tools:− RBA modeling tool:
− Live modeling of security roles and assignments− Authoring and modeling of custom security roles
− Replication Link Analyzer (post RC)
24
Call to Action
• Download and evaluate ConfigMgr RC in test environment
• Refer to the latest technical documentation: http://technet.microsoft.com/en-us/library/gg682129.aspx
• Continue to participate in the Community activities and share your feedback and best practices
Thanks!
Community Evaluation Program
System Center 2012 Configuration Manager
NEXT MEETING: November 16, 2011
Endpoint Protection Deep Dive