Automating Inventory, Deployment and Configuration of Your Windows InfrastructureTips and Tools for Managing Your Windows Infrastructure

Dan StoltsChief Technology StrategistMicrosoft Corporationhttp://itproguru.comTwitter: @ITProGuru

Dan Stolts• Presence

− Blog: http://ITProGuru.com − http://blogs.technet.com/DanStolts − Twitter: @ITProGuru

• 3nd year at Microsoft− Chief Technology Strategist based in MA− Online Content Development− Live Event Delivery− User Group / Community Lead

• Prior 20+ Years…− Bay State Integrated Technology, Inc

− Hosting and Consulting− Community Volunteer

• Skill Profile MCT, MCITP, MCSE, TS…− Windows infrastructure− Systems Management and Security − Virtualization & Cloud

• Community Service− President: Boston User Groups− President: North East IT Pro Leaders− Founder: Virtualization Group – Boston− Board: Boston Area Windows Server

Free Deployment eBook

• Deploying Windows 7 – Essential Guidance from the Windows 7 Resource Kit and TechNet Magazine.

http://bit.ly/Win7DeployEBook

It is 412 pages of very detailed content for those that really want to learn as much as they can about all aspects of Deployment.

4

Infrastructure and Networking• Significant Cost Savings Can be

Achieved by Using a Management Tool, and by Deploying into a Managed Environment

• Benefits Can be Achieved by Utilizing Capabilities such as :− System Center − Active Directory− Group Policy− Branch Cache− Direct Access

Hardware Compatibilit

y Application Managemen

t

Infrastructure and

Networking

Security and Data

Protection

Imaging Migration and

Installation

Management

Virtualization

The Focus Areas of a Deployment

Overview: System Center Configuration Manager

• Automated solution for assessing, migrating and deploying windows server and client operating systems

• Broad support for advanced delivery:− Operating systems− Applications− Software and hardware updates

• Support for both physical and virtual environments

• Increased scenario support:− Corporate Network− Branch locations− Mobile Workforce− Home workers (Internet based)

• Desired Configuration Management

10

Customized / Specialized Operating System Deployment• System Center Configuration Mgr

has the flexibility to customize the OS deployment process

• Rather than a generic “template”, actually get a customized guest session WITH apps installed

• Highly automated solution for assessing, migrating and deploying Windows server, Apps, and Data

• Dynamic deployment of drivers at runtime

• Utilize Windows PnP detection for bare metal deployments

Configuration Manager 2007 Feature Summary: R2

• Seamless integration to Microsoft Application Virtualization

Application Virtualization Management

• Additions of Multicast and Unknown Computer SupportOSD Enhancements

• Client summary rollup of key performance indicators

Client Status Reporting

• Migration of ConfigMgr reports to robust reporting platform

SQL Reporting Services Integration

• Configuration Pack knowledge of the Forefront client status

Forefront Client security integration

MigrationDelivery

Windows 7 Deployment

Imaging

Deployment Image Servicing and Management

Add/Remove Drivers and Packages

WIM and VHD Image Management

Windows Deployment Services

Multiple Stream Transfer

Dynamic Driver Provisioning

VHD and WIM Support

User State Migration Tool

Hardlink Migration

Offline File Gather

Improved User File Detection

Microsoft Assessment and

Planning

Application Compatibility

Toolkit

Microsoft Deployment

Toolkit

Integrated Solutions

Planning for OS Deployment• Setup Firewall

Rules (Group Policy) see notes

• Inventory…MAP: Download the free Microsoft Assessment and Planning Toolkit (“Solution Accelerator”)− Or skip this step and start

off with SCCM 14

Application Compatibility • Windows 7 Upgrade Advisor which will

scan an individual computer and give information on the applications and the hardware that are running on that computer

• The Microsoft Application Compatibility Toolkit is the must have tool for application compatibility.

• Compatibility Problems?− Shim the applications− Remote Desktop Services− Application Virtualization – App to App … NOT OS Compatibility− XP-Mode – XP on Windows 7− Microsoft Enterprise Desktop Virtualization (MED-V) (even web

applications)

15

User State – User Data User State Migration Tool• Easy Transfer Wizard – One machine at a time…

think grandma’s computer

• Lite-Touch, High-Volume Deployment (20-500 machines… [or everything except grandma’s machine] {MDT 2010 – User State Migration Tool}− Migrate Windows XP to Windows 7 Using USMT (User State

Migration Tool) [Upgrade XP or Vista] Step By Step or Vista] Step By Step

− Upgrading Windows XP to Windows 7 and Migrate Microsoft Office and Other Applications Using The User State Migration Tool (USMT)

• System Center Configuration – Zero Touch Deployment of OS and Applications as well as post deployment management, updates and configuration changes – Integrates with the same tools … More on that later

16

User Migration• An OS image can be the smallest part of a deployment

payload when compared to user data• USMT v4 - User State Migration Toolkit will completely

eliminate any data move with a new feature called ‘Hardlinking’

• ‘Hardlinking’ allows you to simply scan the system for what you want to migrate, make a record of its location on the disk, and leave it there

• At the end of your deployment, you reconnect to this location in the new user profile

• Scan and copy times from hours to minutes• Remove network storage completely• Preserve bandwidth• Integrated with System Center for total automation and

reporting An example:1. 5000 machines migration2. Avg. 4Gb of user data per machine3. Equates to 20,000Gb of data:4. Transferred up the network to a

share5. Stored6. Transferred back down

MDT 2010 What’s New• Windows Automated Installation Kit (Windows

AIK) version 2.0

o User State Migration Toolkit (USMT) version 4.0

o Deployment Image Servicing and Management (DISM) tool

• Upgrading from Previous Versions of MDT and Microsoft Business Desktop Deployment (BDD)

• System Center Configuration Manager 2007 SP2

• Boot Configuration Data (BCD) Management Tool

• Windows 7 Default Disk Partition Configuration

• Automation of Management Tasks Using Windows Powershell™ Cmdlets

New!

Operating System Support in MDT 2010 Update 1

Operating system LTI ZTI

Windows 7

Window Server 2008 R2

Windows PE version 3.0

Windows Vista (with Service Pack 1 [SP1] and later)

Windows Server 2008 (all service pack levels)

Windows XP (with SP3)

Windows Server 2003 R2

Windows PE version 2.1  

Deploying Windows 7 with System Center

Hardware Compatibility

• System Center Can Help Provide Hardware Readiness Reports of Existing Inventory

• Simple Report Glance of what Systems are Windows 7 Capable Today

Application Management

• One of the Most Complicated Areas of any Deployment

• Application Compatibility Toolkit Connector, in 1 view Compare your own Testing Results to:− Vendors− Other organizations− Microsoft

• Compatibility Knowledge helps to Understand Priority Focus

• Virtualization may be a Solution− MDOP App-V− MDOP MED-V

Security and Data Protection

Fundamentally Secure Platform

Protect Users & Infrastructure

Windows Vista FoundationUser Account ControlEnhanced Auditing

Securing Anywhere Access

Network SecurityNetwork Access ProtectionDirectAccessTM

AppLockerTM

Internet Explorer 8Data Recovery

RMSEFSBitLockerTM

Protect Data from

Unauthorized Viewing

Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable

Deployed and Configured centrally with System Center

Imaging, Migration and Installation • OS deployments are Complex• Multiple Locations and Security

Models are Touched• The Task Sequencer Allows you

to Easily Automate this from 1 view.

• System Center can Accelerate OS Deployment

• Automate and Combine:− User Migration− OS Customization− Partition modeling− Application Installation (physical

and virtual− Updates− BitLocker− Reporting

Deploy Windows 7 with System Center

Delivery•Explicit targeting, scheduling based on business needs•Flexible control with end user focus•Optional ‘opt-in’ style approach•Wake on LAN, Intel vPro integration

Reporting•Detailed reporting for deployment project by: user, computer, collection, location •Granular detail to Task Sequence Steps•Rich troubleshooting support for root cause•SQL Reporting Services integration

Accounting Week 1

FinanceWeek 2

SalesWeek 3

HRWeek 4

System Center Configuration Management for OS and Application Deployment

Windows 7, Office 2010, Adobe Reader, Drivers and More

Demo

29

Configuration Management Support System Center Configuration Manager 2007 SP2 – R3

• Platform support will be Windows 7 • Operating System Support added by Configuration Manager Service Pack 2*

− Windows 7, Windows Vista Sp2− Fully managed clients, across all configuration features and scenarios

• Operating System Deployment – Support for ‘in-place’, PXE and offline scenarios

• Traditional and Virtual Application Distribution• Software Update Management – full patch support to network and remote

connected systems• Intel vPro Integration for broad range of scenarios• Desired Configuration Management – Model based configuration and

regulatory support• Asset Intelligence – Business terminology, software and hardware reporting,

license reconciliation• Network Access Protection integration – Policy based access control• Branch Cache Support

− Requires Win7 client and W2K8 R2 backend

• Remote control including x64 XP Clients• System Center Configuration Manager 2007 R3

− Centralized Power Management ** − Enhanced Scalability & Performance− Operating System deployment enhancements

*client only, Configuration Manager Service Pack 2 also brings datacenter support

Client ManagementStreamlined

Application and Desktop Delivery

Optimized Client Health and

Performance

Ease User Access Without

Compromise

Adaptive Application

DeliveryManaged Client Application Delivery via Traditional and Virtual Methods

Simplified Windows

DeploymentAutomated OS Deployment via Image Standardization

Client Infrastructure

MonitoringClient Health Monitoring and Proactive Issue Identification

Remote PC Diagnostics &

RepairZero-touch Remote Diagnosis and Remediation with Intel®

Vprotm

End-Point Security

ManagementEnforced Compliance with System Health Policy Definitions via Remediation

Configuration Compliance

Assess Systems Compliance Against Established Configuration Baselines

Performance Management SupportSystem Center Operations Manager• Collective Monitoring

− Operating System Availability and Reliability Reports− Operating System Performance reports − Hardware and configuration service level management − Client specific console and report views − Client focused tasks (system, network, power transitions)

• Diagnostic Monitoring− Hardware Monitoring (Disk status and utilization) − Trend based performance monitoring (OS and Application

levels)− Memory monitoring

• Client Management Pack support:− Enable upgrade decisions based on hardware performance− Determine which machines to upgrade− Set hardware standards− OEM specific diagnostics

Summary

• System Center includes a robust toolset for Windows 7 to:− Plan− Customize− Automate− Deploy− Manage− Secure− Support

Client Management Suite

Enhancing the

value of ECAL

Assess inventory

and compatibility

deploy os and

applicationsManage

user access backup, repair,

and restore

Self service portal

MONITOR PERFORMANCE

AND CONFIGURATIO

N

Still Able to Leverage Familiar Tools• Visio for Administrators• Powershell & WMI• Excel and SQL Server

37

Forefront Endpoint Protection 2010Forefront Endpoint Protection 2010 provides enhanced endpoint protection and simplified management while greatly reducing infrastructure costs

• Advanced and comprehensive malware protection for clients and servers

• Lower costs of endpoint protection deployment and ownership

• Deployment of endpoint security with a proven scalable Config Manager infrastructure

• Extends Windows OS security

• Simplified management through unified operational experience for endpoint security and management

• Increased visibility of potentially vulnerable endpoints that allow you to take operational remediation actions

HELP PROTECT everywhere

INTEGRATE and EXTEND security

SIMPLIFY security MANAGEMENT experience

Resources• Deployment Resources - http://www.microsoft.com/events/series/deploymentessentials.aspx

• System Center Configuration Manager− http://www.microsoft.com/systemcenter/configmgr/default.mspx

• Management Techcenter− http://www.microsoft.com/systemcenter/softgrid/default.mspx

• System Center Team Blog− http://blogs.technet.com/systemcenter/

• Windows 7− http://www.microsoft.com/windows7

• Website for Microsoft Desktop Optimization Pack for Software Assurance− http://www.windowsvista.com/optimizeddesktop

• Application Virtualization Website− http://www.microsoft.com/systemcenter/softgrid/default.mspx

• Microsoft Virtualization 360− http://www.microsoft.com/virtualization

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, It should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided

after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.