1 / 58

Patch Management using SMS 2003 Technical Overview

Patch Management using SMS 2003 Technical Overview. Tev Sanders Sr. Management TS Microsoft Corporation. Agenda. Early adopters Architecture Review Security Patch Management The Investments Continue… Resources Questions and Answers. EAP Experiences. Production Deployment Status:.

marjorie
Download Presentation

Patch Management using SMS 2003 Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patch Management using SMS 2003Technical Overview Tev Sanders Sr. Management TS Microsoft Corporation

  2. Agenda • Early adopters • Architecture Review • Security Patch Management • The Investments Continue… • Resources • Questions and Answers

  3. EAP Experiences Production Deployment Status: Clients SMS EAPs “I don’t think I’ve seen SMS distribute packages so well in the 6-7 years I’ve worked with it” – NCR “You know NCC are really, really happy about SMS 2003. …  we are having quite a few reference visits from other customers.” – NCC Denmark “I love this product!!” – Marathon Oil 108,212 Microsoft OTG Dell 40,112 40,110 Boeing Marathon Oil 11,129 NCR 9,271 SAP 7,509 Dept. of Educationand Skills 5,920 “When SMS 2003 is released this fall, it will shake up the configuration management market” - Giga "eWeek Labs' test lead us to recommend that IT managers take a close look at this new, leaner Windows management platform.   In fact, we think that any organization that is evaluating mobile management systems should immediately put SMS on its short list." - eWeek 4,426 Motorola 4,127 TÜV NORD Gruppe Aquila 3,707 Towers Perrin 3,554 JetBlue 2,599 2,484 US Gov’t Fin. Agency NCC Denmark 1,750

  4. Microsoft Internal OTG Success • Over 108,000 Clients Deployed • Over 5,500 Servers Managed around the world • The tool used by Microsoft to ensure compliance of security patches across Microsoft • Using SMS 2003 OTG can obtain: • Accuracy of patching • 97% compliance within 4 hours • 100% accountability • Scalability & Performance • 5,500+ managed Windows servers • within 7 hours. • Software distributions since July 2003 • 350,000 installations/configurations

  5. Dell ServersPatch Management Integration • Seamless integration into Microsoft SMS 2003 Patch Management • Consistent operations for both software patches and hardware updates using the same Microsoft application • Dell Compliance Reports using SMS Administrator Console • Dell Updates using SMS Software Distribution Wizard • Dell Website integration for latest update downloads

  6. Site Systems Roles Server Locator Point Management Point SMS SiteDatabase Site Server Distribution Point Reporting Point Client Access Point

  7. SQL SQL SQL SQL Site Hierarchies Primary (Central) Site (Parent Site) Primary Site (Child and Parent Site) SecondarySite (Child Site) Primary or Secondary Site (Child Site)

  8. Delta Replication Distribution Point SMS 2003 Central Site Distribution Point Distribution Point SMS 2003 Secondary Site SMS 2003 Primary Site

  9. Software Delivery Status (2)

  10. Reporting • Extensible web-based reporting tool • Based on automatically maintained, high performanceSQL Views • Schema based on SMS Provider • Documented and supported, • Improvements from original web version • 120 pre-built reports • Dashboard functionality makes it easier to customize reports • Multiple reports in a single view • Integrated security support • Internationalized versions • Exporting Reports • Can export/import report properties into other SMS environments

  11. Web Reporting

  12. SMS 2003 Security Patch Management Improve security of the Windows environment through increased vulnerability awareness and reliable targeted delivery of updates.

  13. Security Patch Management Demands • Maintain integrity of IT environment • Identify critical patches • Determine vulnerable systems • Deliver patches reliably and quickly • Accurately report delivery status • Systematic process • Need to control the patch process • Reduce patch management deployment costs • Need to increase patch management reliability and effectiveness

  14. Security Patch ManagementSMS Delivers • IT environment integrity preservation • Vulnerability assessment • Status and verification reporting • Infrastructure, process, and control • SMS 2.0 SUS Feature Pack integrated into SMS 2003 • Leverages SMS 2003 infrastructure • Bandwidth efficient and priority aware • Added administrator control • Flexible targeting • Improved end-user experience

  15. Integrity Preservation • Vulnerability Assessment • Leverages existing tools like MS BaselineSecurity Analyzer • Collects MBSA results for storage in a central repository • Rich reporting provides detailed vulnerability analysis and enables mitigation planning • Status and Compliance Reporting • Deployment status as patches are delivered • Built-in reports, status messaging, and summarization • Determine actual baselines in the environment before changing the environment • Reference computer templates for baseline determination and compliance

  16. Infrastructure, Process, And Control • SMS 2.0 SUS Feature Pack integrated into SMS 2003 • Leverages SMS 2003 infrastructure • Delta replication, bandwidth efficient and priority aware BITS client • Up to 99.9+% reliability in patch delivery • Flexible targeting • Active Directory, non-Active Directory groups, WMI properties • Improved administrative control and end-user experience • Dynamically acquires the desired patches from Microsoft andpre-assembles them into a ready-to-deliver package • Addresses reboots • Reboot-needed detection • Optimized graceful reboots with enforcement • Reminders, rescheduling and ad-hoc reboot • Easily run awaiting updates • Merge patches from testing into production

  17. Patch Management Client Experience

  18. Patch Management Client Experience (2)

  19. Patch Compliance Reporting

  20. Patch Compliance Reporting (2)

  21. New Program Installed Advanced Client Download And Execute Distribution Point Management Point Washington, DC SMS 2003Primary Site Richmond SMS 2003 Primary Site Distribution Point Local Client Cache SMS 2003 Advanced Client Managed by Redmond

  22. Security • SMS 2003 provides a new Advanced Security mode • Reduces number of service accounts • Less administrative overhead • Leverages Local System account • Domain Admin rights not required • Advanced client platform is recommended • Uses no accounts unlike legacy client • SMS 2003 provides security rights delegation

  23. The Investments Continue • Mobile Device Management Feature Pack • Add-on to SMS 2003 to manage Windows CE/PPC based devices • Delivers an integrated solution for servers, desktops,and devices • OS Deployment Feature Pack • Ability to deploy industry recognized images toexisting desktops • Integrated process for planning, state, and data migration, OS deployment, and post deployment changes

  24. How Microsoft Can Help You Today CLIENTS SERVERS

  25. Introducing System Center

  26. 2003 2004-2005 2006+ Software Update Services (SUS) Dynamic Systems Initiative Products/Solutions Management Solutions 3rd Party Management Products and Solutions Visual Studio “Whidbey” Visual Studio “Orcas” Server Apps and Dev Tools 3rd Party ISVs and Tool Vendors Windows Server Microsoft Virtual Server Automated Deployment Services (ADS)

  27. Resources • Attend MMS – Microsoft Management Summit – March 15-19th – Las Vegas • Join MSSMS Topica.com discussion list – 800+ SMS admins worldwide discussing SMS – link from myitforum.com • Join MAWMUG – come to mtg inDC office on the 3rd of December – 6:30 PM – check myitforum.com user groups for more info • Get Product Docs on microsoft.com/sms 641 page Concepts and Planning Guide • tevs@microsoft.com

  28. Questions

  29. SMS 2003 Delivers • Utilizes Windows Installer Service • Enables targeted rollouts • Detailed package status and reporting information “Help me deploy key applications reliably.” • Standards-based inventory • More granular discovery • New metering solution • New reporting tools • New compliance checking “Help me understand what I own and what I’m using.” • New vulnerability assessment tool • Streamlined patch deployment • Greater administrative control “Help me protect my IT environment.”

  30. SMS 2003 Delivers • New advanced client • Support infrequently connected users • Supports roaming users “Help me support my mobileworkforce.” • Integration with Windows infrastructure • Easier to deploy in existing environments • Leverages Active Directory “Help merealize my IT investments.” • “most impressive of the year”— eWeek • “I love this product!!” —Marathon Oil “I need an enterprise-ready solution.”

  31. Questions?

  32. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

  33. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

  34. AppendixSupporting Materials

  35. Mobile Client Behavior Detailed

  36. SMS 2003 Client Interaction SMS 2003 Advanced Client Primary Site Server Site Database Management Point Distribution Point Legacy Client CAP SMS 2.0 compatibility

  37. Advanced Client: At Home Primary Site Content Location Assigned Site Primary Site Policy Content Primary Site Primary Site Primary Site

  38. Advanced Client: Regional Roaming Primary Site Assigned Site Primary Site Content Location Policy Primary Site Roaming Site Roaming Site Primary Site Content

  39. Advanced Client: Global Roaming Primary Site Active Directory Roaming Site Assigned Site Management Point Location Policy Content Location Content Primary Site Primary Site Primary Site

  40. Systems Management Server 2003Screen Shots(Reference)

  41. Add/Remove Programs Integration

  42. Software Delivery Status

  43. Software Delivery Status (2)

  44. Software Delivery Status (3)

  45. Software Updates

  46. Patch Deployment Wizard

  47. Patch Deployment Wizard (2)

  48. Patch Deployment Wizard (3)

More Related