1 / 27

virtual techdays

INDIA │ 9-11 February 2011. virtual techdays. How Microsoft IT Does Desktop Patch Management. Partha Chandran │ Sr. Service Engineer, Microsoft. INDIA │ 9-11 February 2011. virtual techdays. Management Platform and Service Delivery

stockton
Download Presentation

virtual techdays

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INDIA │ 9-11 February 2011 virtual techdays How Microsoft IT Does Desktop Patch Management Partha Chandran │ Sr. Service Engineer, Microsoft

  2. INDIA │ 9-11 February 2011 virtual techdays • Management Platform and Service Delivery • Operational Team of System Center - Desktop Management System Technologies • Deployment Services - System Center Configuration Manager • Dogfooding (early adoption/product feedback): ConfigMgr 2012, R3, Forefront, etc. • Windows Update/Microsoft Update infrastructure • Windows InTune • Customers: • Microsoft IT • Microsoft Retail Stores • Online Customers: Energizer and XL Our Team & What we do

  3. INDIA │ 9-11 February 2011 virtual techdays • How Microsoft IT uses Configuration Manager? • Configuration Manager Architecture Overview • Software Updates Management – Process & Best Practices • Preparing for the Future • Q & A S E S S I O N A G E N D A

  4. INDIA │ 9-11 February 2011 virtual techdays How Microsoft IT Uses Configuration Manager?

  5. Microsoft Offices in 105 Countries • 89k Employees Globally • 70k Vendors Globally • Microsoft locations 400 • ConfigMgr Sites ~230 • ConfigMgr Clients ~300,000 Auckland

  6. Configuration Manager Service Boundaries Network Attached Devices ~80,000 Smart Phones ~60,000 Other OU’s 40,000 IP connectedMachines ~500,000 Workstation OU 280,000 IP based devices ~890k AD Clients ~420k Supported Full Service Domains ~280,000 Supported Limited Service Domains ~5,000 ConfigMgr ~285K Lab Services ~50,000 NTDEV ~24,000 DatacenterMachines (SPM)~24,000 PHX / GFS~250,000

  7. INDIA │ 9-11 February 2011 virtual techdays • Full Service • Software Distributions • Asset Reporting – hardware & software inventory, asset intelligence • Patch Management and “Test Pass” Patching • 3rd party patching Using Software Distributions • Operating System Deployment • Application Virtualization deployment (App-V) • Desired Configuration Management • Limited Service • Patch Management, including MPSD-managed WSUS • Asset Reporting Services Offered to Desktops in Microsoft IT

  8. INDIA │ 9-11 February 2011 virtual techdays Configuration Manager Architecture Overview

  9. Configuration Manager Architecture Disclaimer: Microsoft IT’s System Center Configuration Manager 2007 hierarchy has ~130,000 clients assigned at a primary site and 275,000 clients in a hierarchy. The supported System Center Configuration Manager 2007 limit is 100,000 per primary site and 200,000 per hierarchy without a custom scale agreement.

  10. INDIA │ 9-11 February 2011 virtual techdays Physical vs Virtual – ConfigMgr Site Roles in Microsoft IT

  11. INDIA │ 9-11 February 2011 virtual techdays Client Agent Cycles

  12. INDIA │ 9-11 February 2011 virtual techdays • Runs as computer startup script through GPO • Completely silent and does not prompt users • Runs asynchronously to minimize logon time • Client health status is generated from the client • Future enhancements • WMI check and remediation will be included • Client remediation will be part of next version of SCCM Client Health Script

  13. INDIA │ 9-11 February 2011 virtual techdays • Check for SCCM client and install or upgrade client • Check and start WMI , SCCM , WSUS services • Check and report last reported time for client health indicators • Hardware Inventory • Software Inventory • Heartbeat Discovery • If indicators are older than 5 days, initiate them • Reinstall the client if initialization fails • Enable SCCM components if disabled • Check BITS version and assign client to correct site if site code is missing Client Health Script features

  14. INDIA │ 9-11 February 2011 virtual techdays Software Updates Management – Process & Best Practices

  15. Patch Process Overview Pre-Patch Deployment Patch Deployment Post Patch Deployment

  16. Patch Deployment Experience for Users

  17. INDIA │ 9-11 February 2011 virtual techdays • Security of the environment must be Top Priority • Communicate to users every month about patch Tuesday • Deploy patches consistently after validation phase is complete • Create well defined site boundaries • Use silent patching for a better user experience • Silent patching for 6 days, 3 days of enforcement • Minimize reboots • Ideally one reboot per patch cycle • Use WSUS to install the SCCM Client • Use GPO to pre-configure SCCM client settings Patching Best Practices

  18. INDIA │ 9-11 February 2011 virtual techdays • Use WSUS to install recurring updates such as antivirus signature updates and Junk mail filters • Perform QC on deployments before release to production • Monitor and Remediate Hierarchy issues timely • Monitor Enforcement States of the deployment daily during patch cycle • Remove Expired Updates and contents from deployments periodically • Periodic WSUS Cleanup for WSUS based deployments Patching Best Practices

  19. INDIA │ 9-11 February 2011 virtual techdays • Updates Package Maintenance Strategy • Keep 2 current month’s deployment active • Rest in sustainer packages • Sustainer package sizing strategy • Break Larger packages for efficient replication (>4 GB) • For large hierarchies, Keep package updates to minimum during enforcement cycle. • ConfigMgr patching uses WSUS, so manage Policy for consistent WU settings across enterprise Patching Best Practices

  20. INDIA │ 9-11 February 2011 virtual techdays Desktop Services SLA – Patch Delivery

  21. INDIA │ 9-11 February 2011 virtual techdays Preparing for the future

  22. INDIA │ 9-11 February 2011 virtual techdays • Monitor current power state and consumptions • Plan and create a power management policy, check for exceptions • Apply power management policy • Check compliance and remediate non-compliance. • Report saving in power consumption and costs and environmental impact. Configuration Manager 2007 R3 – Power Management

  23. INDIA │ 9-11 February 2011 virtual techdays Forefront Endpoint Protection 2010 + ConfigMgr 2007 SIMPLIFY security MANAGEMENT experience HELP PROTECT everywhere INTEGRATE and EXTEND security • Lower costs of endpoint protection deployment and ownership • Deployment of endpoint security with a proven scalable Config Manager infrastructure • Extends Windows OS security • Simplified management through unified operational experience for endpoint security and management • Increased visibility of potentially vulnerable endpoints that allow you to take operational remediation actions • Advanced and comprehensive malware protection for clients and servers

  24. INDIA │ 9-11 February 2011 virtual techdays • Embrace user-centric management • Provide a rich application management model to capture admin intent • Allow the administrator to think users first • Provide the end user a fitting user experience to find/install software with • Allow the user to define their relationship to applications • Modernize our infrastructure • Redesigned hierarchy and SQL Server replication • Automated content distribution • Client Health improvements and auto-remediation • Redesigned admin experience and role-based security model • Native 64-bit and full Unicode support System Center Configuration Manager 2012 - Pillars of Release • Continue to improve • Software Updates auto-deployment (including Forefront definitions) • Automated settings remediation (DCM “set”) • Consolidated and expanded mobile device management • Improvements to OS Deployment and Remote Control • And much, much more…

  25. INDIA │ 9-11 February 2011 virtual techdays • Use Configuration Manager to update and manage your desktops • Develop a business rhythm for patch deployment • Use validation groups to ensure security updates don’t negatively impact your business • Use server virtualization to reduce operational costs • Implement a dashboard to monitor the overall health of your environment SUMMARY Key Takeaways

  26. INDIA │ 9-11 February 2011 virtual techdays • System Center Configuration Manager Technical Documentation • http://technet.microsoft.com/en-us/configmgr/default.aspx • The Configuration Manager Support Team Blog • http://blogs.technet.com/configurationmgr/default.aspx • System Center in Action - Best Practices • http://technet.microsoft.com/en-us/systemcenter/ee942121.aspx • Configuration Manager Virtualization Technical Case Study • http://technet.microsoft.com/en-us/library/ff684119.aspx RESOURCES

  27. THANKS│9-11 February 2011 virtual techdays partha.chandran@microsoft.com

More Related