1 / 54

Välkommen till Sommarkollo 2007

2006. Välkommen till Sommarkollo 2007. Systemövervakning med System Center Configuration Manager 2007. John Kleyer john.kleyer@expero.se. Agenda . System Center Configuration Manager Overview IT System Configuration Lifecycle Positioning Configuration Manager Software Updates with SCCM

venice
Download Presentation

Välkommen till Sommarkollo 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2006 Välkommen till Sommarkollo 2007

  2. Systemövervakning med System Center Configuration Manager 2007 John Kleyer john.kleyer@expero.se

  3. Agenda • System Center Configuration Manager Overview • IT System Configuration Lifecycle • Positioning Configuration Manager • Software Updates with SCCM • Desired Configuration Management in SCCM

  4. IT Systems Configuration Lifecycle Software Distribution SW and HW Updates OS Deployment Standardization Desired Configuration Out of Band Management, Remote Control Asset Management Consolidation, License Compliance

  5. Configuration Manager the new SMS 1996 SMS 1.2 - Remote Control, SW Delivery 1999 SMS 2.0 - HW Inventory 2003 SMS 2003 - Security Updates, Mobile WAN 2004 SMS 2003 OS Deployment Feature Pack SMS 2003 Device Management Feature Pack SMS 2003 R2 - Custom Updates, Vulnerability Assessment 2006 SMS 2003 SP3 - Asset Intelligence System Center Configuration Manager 2007 2007

  6. SCCM 07 Key Investments • Simplicity • Up and running in minutes • Simplified UI • Advanced Task Sequencing • Reduced SCCM infrastructure costs with branch office support • Improved scheduling and greater control including Wake-on-LAN • Common processes for Windows Mobile and embedded device Simplicity • Deployment • Unified delivery of Windows operating system for clients and servers • One worldwide image to manage with Vista • Built on Windows Vista technologies including Windows Imaging • Vista and Office 12 upgrade assessment and resolution planning • Offline media support for full offline provisioning Deployment • Security • Integration with “Longhorn” Network Access Protection • Simplified, comprehensive software updating w/ templates for common tasks • Enterprise Vulnerability assessment • Securely managing devices across the Internet • Secure network storage of user state during Operating System deployment Security • Configuration • Knowledge-driven desired configuration management based on the Service Modeling Language (SML) • IT policies for analyzing corporate and regulatory compliance • Out of the box configuration policies for server workloads e.g. Exchange, IIS, AD • License and asset management Configuration

  7. ENTERPRISE MID-MARKET • End to end service management for businesses • Operational health and configuration • Backup and recovery • Integrated management of physical and virtual

  8. Software Update Management with System Center Configuration Manager 2007

  9. Key Improvements for Software Updates Management

  10. Configuration Manager 2007 SUM Architecture

  11. SUM End-to-End

  12. Configuration of Software Update Points

  13. Software Update Point Installation Details

  14. DEMO • Configuring SCCM 2007 Integration with WSUS • Generating Update Status on the SCCM Client

  15. How SUM Works on Clients

  16. Compliance and Enforcement States

  17. SUM Reports in Configuration Manager 2007

  18. DEMO • Generating Software Update Compliance Reports

  19. Best Practices for Deploying Software Updates • Use Update Lists! • Delegation & Child site administration • Compliance reports • Recommended Admin Workflow: • Use Search Folder to determine updates to deploy • Create Update List • Download updates into appropriate deployment package(s) • Use Deploy Software Updates Wizard to deploy updates to clients • Track results using deployment enforcement state report • Identify problems using troubleshooting scan and deployment error reports

  20. DEMO • Distributing Software Updates Using SCCM Software Update Management

  21. End UserExperience

  22. DEMO • Validating Current Software Update compliance

  23. Preparation for Migration • Understand the new WSUS-based Software Update Point (SUP) server role • Leave ITMU installed • Uninstall legacy scan tools • Need to break up patch packages into 500 updates or fewer • Remove existing Domain Group Policy for WSUS server locations • Be sure to have package source available / restored

  24. Lessons Learned from MSIT and TAP • The first big hurdle is to successfully sync WSUS – failed sync is a symptom of many different problems • First sync can take a few hours; must wait for WSUS sync with Microsoft Update to complete • Client deployment must succeed • When deploying clients, state message traffic can limit the number of clients that site can practically handle • Don’t upgrade around Patch Tuesday • May need a few days to get SCCM up and running • Tips from previous successful upgrades: • Start with test SWD package, gives baseline client health and infrastructure health • Use synthetic updates in a test deployment to give end-to-end picture • Use new reports for scan to find Software Update Point issues – scan states, scan failure • Use troubleshooting report for deployment errors

  25. Upgrade from SMS 2003 • Deployments and compliance data are migrated into SCCM SUM • Migrated updates are appended with “legacy” • Migrated data is used until new data can be generated from scans and deployments • Need to add rights for Update lists and Deployment templates for admins other than the one that performed the upgrade • Custom reports are migrated, but no guarantee they will work

  26. Interoperability with SMS 2003 Clients • ITMU has been modified to work for SMS 2003 clients on SCCM • ITMU only supported for SMS 2003 clients • Can deploy to SMS 2003 clients using DSUW at the same time as SCCM clients • Most program and advertisement properties are taken from equivalent SCCM settings • Can modify deployment settings for SMS 2003 clients using deployment properties • Same recommendations as for SMS 2003 for “download and execute” vs. “run from DP” – no selective download for SMS 2003 clients • Also same mechanisms for controlling restart behavior as SMS 2003

  27. Interoperability and Parent-Child Hierarchy 1. Create deployment package 1B. V4 client gets deployment policy, selective download of binaries 1A. DSUW can target both V4 and V3 clients in one deployment 1C. V3 client gets SMS 2003 package, program, advertisement 2. Deployment package is replicated 3. Deployment package is replicated 3B. Can create new deployment to both V4 and V3 clients but must redownload 2A. Can make new SMS 2003 update distribution for ITMU or other legacy scan tools 3A. Can create new deployment to only V4 clients using replicated deployment package 3C. Can create new SMS 2003 advertisements using replicated deployment package

  28. System Center Updates Publisher

  29. SMS 2003 ITMU and SCCM 2007 SUM

  30. Microsoft Enterprise SW UpdateMgmt • Advanced Software Update • and Configuration Management • Comprehensive management of both Microsoft and 3rd-party Software Updates with advanced administration, control, and reporting.  • Complete integrated configuration management offering including Application and OS Deployment, Desired Configuration Management, Asset Management, and Network Access Management. • Basic Software • Update Management • Free Windows Server download that provides simple administration, control and reporting of Microsoft updates. • The platform for System Center Configuration Manager Software Update Management.

  31. Summary • WSUS integration and new policy-based update management infrastructure provide big gains in capability • Significant improvements in administrative experience and client management functionality

  32. Microsoft System Center Configuration Manager 2007: Desired Configuration Management The emergence of Compliance DCM Overview Vision and core scenarios Terms and concepts DCM data flow diagram Admin Tasks Things to be aware of for 2007 Service Modeling Language (SML) DCM 2007 & the DCM Solution for SMS 2003

  33. Emergence of Compliance • IT organizations spend between 5,000 and 20,000 man hours a year trying to stay compliant with Sarbanes-Oxley’s requirements – CIO Magazine 4/10/07 and Gartner 2006 • Corporate standards are hard to enforce

  34. Regulatory Statsistics Percentage of U.S. organizations that say they are not compliant with a specific law Source – CIO and PricewaterhouseCoopers “The Global State of Information Security 2006”

  35. Overview: What is DCM? DCM will enable customers to: • Define corporate configuration standards • Report on configuration compliance across managed Windows systems • Combine DCM compliance data with other feature areas of ConfigMgr to remediate clients

  36. Core Scenarios • Detect server configuration “drift” • Approximately ½ of unplanned downtime due to configuration problems! • Improve Helpdesk troubleshooting and “time-to-resolve” • Helpdesk represents the single largest “people cost” to IT

  37. Core Scenarios (Cont.) • Regulatory compliance reporting • Define and report against tangible configuration policies for regulatory compliance • Pre- and post- change verification • Ensure system readiness • Verify accuracy and efficacy of planned changes

  38. Overview: DCM Terms And Concepts Configuration Item (CI) • Units of configuration that can be detected, applied, and removed from ConfigMgr managed machines • Application CI • Operating System CI • General CI • Software Updates CI Configuration Baseline • A complex type of CI composed of other CIs which are: • Required • Optional • Prohibited • Can be assigned to collections for compliance monitoring

  39. DEMO • Creating and Importing Configuration Items

  40. Admin Tasks • Develop configuration knowledge • Author new CIs and Baselines in admin console • Author Configuration Packs • Import “best practice” Configuration Packs • Assign Baselines • Set compliance evaluation schedule per assignment • Review compliance reports • Build query-based collections using DCM compliance state messages

  41. DEMO • Creating Configuration baselines

  42. Building KnowledgeSources of Data • Microsoft and other software vendors • Download portal on Microsoft.com • Solutions integrators • Consulting services • Line of business application developers • IT personnel

  43. Overview: Data flow Configuration Packs Configuration Items created by import 1 ConfigMgr Database Windows Server 2003 CI Line-of-business Application CI New Configuration Items authored Antivirus Software CI Compliance State Tables ConfigMgr Admin Console 2 Line-of-business Application Server Baseline Configuration Baseline defined using CIs 3 ConfigMgr Server Managed Client Configuration baseline assigned to collection 4 WMI Compliance state sent to ConfigMgr Database for reporting DCM discovers CIs and validates data against rules XML Configuration Manager Client Script 6 Active Directory 5 Registry SQL File IIS Software Updates MSI

  44. Model Based Management Baselines can build on each other, creating a nested effect

  45. An Example...

  46. Building KnowledgeAuthor in ConfigMgr • Author from scratch • Operating System CI • Application CI • General CI • Configuration Baseline • Create Child CI • Inherit from parent (and grandparent and etc…) • Add new rules to inherited objects and settings • Add new settings and objects • Duplicate

  47. Building knowledge –Parent/Child CIs • Parent CI • Imported from Microsoft • Defines core settings/objects • and “laws of physics” • Duplicate CI • No link maintained to original. • Full editing capabilities. Copy of Microsoft SQL Server 2005 Microsoft SQL Server 2005 • Child CI • Inherit definition from parent • Add rules to parent settings • and objects • Add new settings/objects • for this child CI only • Duplicate CI • No link to original. • Inheritance from same parent as original. Woodgrove Bank’s Configuration for SQL Server 2005 Best Practices for Microsoft SQL Server 2005 SQL Server for Sales IT SQL Server for HR IT Additional layers of inheritance as required. SQL Server for Sales Reporting Application

  48. Service Modeling Language • Built on Service Modeling Language (SML): a modeling language built on XML standards that provides a rich set of constructs for modeling complex IT systems, including: • Structure of the system: objects and relationships • Desired configuration • Administrative policies • Management information such as events and performance counters, rules for determining the operational health of the system, etc • Configuration Manager 2007 will consume the structure and desired configuration portions of SML models as they relate to a single computer system. • SML runtime requires .Net framework 2.x

  49. How does DCM use SML? • Prescriptive use of existing XML standards: • XML Schema (XSD): Modeling language for type definitions and invariants • Extensible Stylesheet Language Transformation (XSLT): Type discovery and instance document generation script • Schematron: Instance validation rules using XPath queries and .Net regular expressions • Extensible Markup Language (XML): Type instance documents and exception reports • Run-time engine: • Built on .Net 2.0 framework • Orchestrates (1) type discovery and instance document generation; (2) instance document schema validation; and (3) instance validation to produce exception report • In-memory type and instance store

  50. Using compliance results • Compliance results sent as XML attachment on state messages • State message severity determined by greatest severity of any failed rule in CI/Baseline • Use DCM Home Page for basic reporting • Launch other reports from Home Page or Reports node • Use Query-based collections based on DCM compliance data to deploy software, scripts, updates or task-sequences

More Related