580 likes | 725 Views
Patch Management using SMS 2003 Technical Overview. Tev Sanders Sr. Management TS Microsoft Corporation. Agenda. Early adopters Architecture Review Security Patch Management The Investments Continue… Resources Questions and Answers. EAP Experiences. Production Deployment Status:.
E N D
Patch Management using SMS 2003Technical Overview Tev Sanders Sr. Management TS Microsoft Corporation
Agenda • Early adopters • Architecture Review • Security Patch Management • The Investments Continue… • Resources • Questions and Answers
EAP Experiences Production Deployment Status: Clients SMS EAPs “I don’t think I’ve seen SMS distribute packages so well in the 6-7 years I’ve worked with it” – NCR “You know NCC are really, really happy about SMS 2003. … we are having quite a few reference visits from other customers.” – NCC Denmark “I love this product!!” – Marathon Oil 108,212 Microsoft OTG Dell 40,112 40,110 Boeing Marathon Oil 11,129 NCR 9,271 SAP 7,509 Dept. of Educationand Skills 5,920 “When SMS 2003 is released this fall, it will shake up the configuration management market” - Giga "eWeek Labs' test lead us to recommend that IT managers take a close look at this new, leaner Windows management platform. In fact, we think that any organization that is evaluating mobile management systems should immediately put SMS on its short list." - eWeek 4,426 Motorola 4,127 TÜV NORD Gruppe Aquila 3,707 Towers Perrin 3,554 JetBlue 2,599 2,484 US Gov’t Fin. Agency NCC Denmark 1,750
Microsoft Internal OTG Success • Over 108,000 Clients Deployed • Over 5,500 Servers Managed around the world • The tool used by Microsoft to ensure compliance of security patches across Microsoft • Using SMS 2003 OTG can obtain: • Accuracy of patching • 97% compliance within 4 hours • 100% accountability • Scalability & Performance • 5,500+ managed Windows servers • within 7 hours. • Software distributions since July 2003 • 350,000 installations/configurations
Dell ServersPatch Management Integration • Seamless integration into Microsoft SMS 2003 Patch Management • Consistent operations for both software patches and hardware updates using the same Microsoft application • Dell Compliance Reports using SMS Administrator Console • Dell Updates using SMS Software Distribution Wizard • Dell Website integration for latest update downloads
Site Systems Roles Server Locator Point Management Point SMS SiteDatabase Site Server Distribution Point Reporting Point Client Access Point
SQL SQL SQL SQL Site Hierarchies Primary (Central) Site (Parent Site) Primary Site (Child and Parent Site) SecondarySite (Child Site) Primary or Secondary Site (Child Site)
Delta Replication Distribution Point SMS 2003 Central Site Distribution Point Distribution Point SMS 2003 Secondary Site SMS 2003 Primary Site
Reporting • Extensible web-based reporting tool • Based on automatically maintained, high performanceSQL Views • Schema based on SMS Provider • Documented and supported, • Improvements from original web version • 120 pre-built reports • Dashboard functionality makes it easier to customize reports • Multiple reports in a single view • Integrated security support • Internationalized versions • Exporting Reports • Can export/import report properties into other SMS environments
SMS 2003 Security Patch Management Improve security of the Windows environment through increased vulnerability awareness and reliable targeted delivery of updates.
Security Patch Management Demands • Maintain integrity of IT environment • Identify critical patches • Determine vulnerable systems • Deliver patches reliably and quickly • Accurately report delivery status • Systematic process • Need to control the patch process • Reduce patch management deployment costs • Need to increase patch management reliability and effectiveness
Security Patch ManagementSMS Delivers • IT environment integrity preservation • Vulnerability assessment • Status and verification reporting • Infrastructure, process, and control • SMS 2.0 SUS Feature Pack integrated into SMS 2003 • Leverages SMS 2003 infrastructure • Bandwidth efficient and priority aware • Added administrator control • Flexible targeting • Improved end-user experience
Integrity Preservation • Vulnerability Assessment • Leverages existing tools like MS BaselineSecurity Analyzer • Collects MBSA results for storage in a central repository • Rich reporting provides detailed vulnerability analysis and enables mitigation planning • Status and Compliance Reporting • Deployment status as patches are delivered • Built-in reports, status messaging, and summarization • Determine actual baselines in the environment before changing the environment • Reference computer templates for baseline determination and compliance
Infrastructure, Process, And Control • SMS 2.0 SUS Feature Pack integrated into SMS 2003 • Leverages SMS 2003 infrastructure • Delta replication, bandwidth efficient and priority aware BITS client • Up to 99.9+% reliability in patch delivery • Flexible targeting • Active Directory, non-Active Directory groups, WMI properties • Improved administrative control and end-user experience • Dynamically acquires the desired patches from Microsoft andpre-assembles them into a ready-to-deliver package • Addresses reboots • Reboot-needed detection • Optimized graceful reboots with enforcement • Reminders, rescheduling and ad-hoc reboot • Easily run awaiting updates • Merge patches from testing into production
New Program Installed Advanced Client Download And Execute Distribution Point Management Point Washington, DC SMS 2003Primary Site Richmond SMS 2003 Primary Site Distribution Point Local Client Cache SMS 2003 Advanced Client Managed by Redmond
Security • SMS 2003 provides a new Advanced Security mode • Reduces number of service accounts • Less administrative overhead • Leverages Local System account • Domain Admin rights not required • Advanced client platform is recommended • Uses no accounts unlike legacy client • SMS 2003 provides security rights delegation
The Investments Continue • Mobile Device Management Feature Pack • Add-on to SMS 2003 to manage Windows CE/PPC based devices • Delivers an integrated solution for servers, desktops,and devices • OS Deployment Feature Pack • Ability to deploy industry recognized images toexisting desktops • Integrated process for planning, state, and data migration, OS deployment, and post deployment changes
How Microsoft Can Help You Today CLIENTS SERVERS
2003 2004-2005 2006+ Software Update Services (SUS) Dynamic Systems Initiative Products/Solutions Management Solutions 3rd Party Management Products and Solutions Visual Studio “Whidbey” Visual Studio “Orcas” Server Apps and Dev Tools 3rd Party ISVs and Tool Vendors Windows Server Microsoft Virtual Server Automated Deployment Services (ADS)
Resources • Attend MMS – Microsoft Management Summit – March 15-19th – Las Vegas • Join MSSMS Topica.com discussion list – 800+ SMS admins worldwide discussing SMS – link from myitforum.com • Join MAWMUG – come to mtg inDC office on the 3rd of December – 6:30 PM – check myitforum.com user groups for more info • Get Product Docs on microsoft.com/sms 641 page Concepts and Planning Guide • tevs@microsoft.com
SMS 2003 Delivers • Utilizes Windows Installer Service • Enables targeted rollouts • Detailed package status and reporting information “Help me deploy key applications reliably.” • Standards-based inventory • More granular discovery • New metering solution • New reporting tools • New compliance checking “Help me understand what I own and what I’m using.” • New vulnerability assessment tool • Streamlined patch deployment • Greater administrative control “Help me protect my IT environment.”
SMS 2003 Delivers • New advanced client • Support infrequently connected users • Supports roaming users “Help me support my mobileworkforce.” • Integration with Windows infrastructure • Easier to deploy in existing environments • Leverages Active Directory “Help merealize my IT investments.” • “most impressive of the year”— eWeek • “I love this product!!” —Marathon Oil “I need an enterprise-ready solution.”
© 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
© 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
SMS 2003 Client Interaction SMS 2003 Advanced Client Primary Site Server Site Database Management Point Distribution Point Legacy Client CAP SMS 2.0 compatibility
Advanced Client: At Home Primary Site Content Location Assigned Site Primary Site Policy Content Primary Site Primary Site Primary Site
Advanced Client: Regional Roaming Primary Site Assigned Site Primary Site Content Location Policy Primary Site Roaming Site Roaming Site Primary Site Content
Advanced Client: Global Roaming Primary Site Active Directory Roaming Site Assigned Site Management Point Location Policy Content Location Content Primary Site Primary Site Primary Site