"Operating System deployment for ordinary admins" focussed on two free MS tools for Windows 7 deployment, namely MAP and ACT (MS Assessment & Planning and "Application Compatibility Toolkit).
Both toolkits should be in use (especially ACT Stan!) in Mars already, and I enjoyed the overview. If anybody wants an overview on them, let me know.
Wednesday, April 21, 2010
Software updates for smart admins
"Software updates for smart admins" consisted of two admins, one from a 50k user strong company, the other with barely 2k users. The point was to show best practices on software updating from different perspectives, with often diverse methods, but ultimately achieving the same end result of software compliance. The session was lively and obviously both admins had very different views on achieving their goal, and although they didn't quite argue about it on stage, they did agree to disagree. The only things they did agree on was that WSUS was old and SCCM was infinitely easier to manage. That and don't sync drivers, which seemed pretty obvious....who wants to download 70gb+ a month?
I will be getting the slide deck from this one though, as some of the methods described looked like they could save quite a bit of time for any admin - please let me know if you'd like a copy.
I will be getting the slide deck from this one though, as some of the methods described looked like they could save quite a bit of time for any admin - please let me know if you'd like a copy.
Monitoring Networks with Operations Manager 2007 R2
Next session was "Monitoring Networks with Operations Manager 2007 R2" I took a lot of notes on this one as I can see the benefits to an ops team, in that we often need to go to the Central Processing or Enterprise Networks teams and say dumb things like "My application is running bad", whereas "Server 51 is connected to Switch ABC on port 1, and we're seeing a lot of dropped packets between 9-11am" would be a bit more useful.
As you'll already doubtless know, R2 supports SNMP (V1 & v2) and can create either SNMP or SysLog workflows. What I didn't know is that it will also integrate with other monitoring solutions such as Solarwinds via a connector so that we can see the outputs of that alerting system right in the SCCM console. Pretty cool eh?
The larger part of the session was devoted (of course!) to v.Next, and how this offers more functionality. Please note this is all work in progress so subject to change before it goes gold.
The key points I noted are:
* Out of the box monitoring/discovery and reporting
* Server to network dependency discovery
* Multi Vendor/Multi Protocol support (SNMP v1/2/3 & IP v4/6 (note that discovery is IP4 ONLY!)
* Better scalability
Discovery can be manual or automatic (auto only needs one router IP address to discover the entire network!) and can be scheduled, via SMNP trigger or used on demand. This will support layer 2 & 3, VLAN memberships and HSRP (Cisco). Key monitor components by default are memory, CPU, Port, Interface card, PSU, temperature and voltage.
Monitoring defaults out of the box include port/interface up/down, traffic volume, CPU % utilisation, data drop and broadcast rates, memory counters (inc total and free RAM), PSU temperature and voltage and connection health end to end.
Final point was on inbuilt visualisation, which comes in either Dashboard or Diagram flavours - both looked common sense and useful, and of course were configurable ad infinitum.
SCCM 2007 - Configuration Manager v.Next migration
A lot of things here have been covered already, secondly this is based on the migration to the beta without full functionality yet.
Having said that, here's the deets:
Migration Console is in the Administartion tab of the v.Next console
Goal of migration: flatten hierachy, minimise WAN impact, Maximise reusability of x64 hw, assist migration of clients and objects
Plan - asses current environment, POC, Design.
Requires SCCM 2007 R2 SP2, 64bit hw, SQL server 2008 SP1 cumulative update 6.
Deploy -
Having said that, here's the deets:
Migration Console is in the Administartion tab of the v.Next console
Goal of migration: flatten hierachy, minimise WAN impact, Maximise reusability of x64 hw, assist migration of clients and objects
Plan - asses current environment, POC, Design.
Requires SCCM 2007 R2 SP2, 64bit hw, SQL server 2008 SP1 cumulative update 6.
Deploy -
- Setup initial v.Next primary/Cas
- Configure software update point and sync updates
- Setup server roles
- Make sure hierarchy is operating and software deployment works
Migrate - Map v.Next to existing 2007, migrate objects/clients/DP, Uninstall 2007 sites
All sounds so simple doesn't it ;-)
Enable migration in v.Next, specify hierachy - v.Next gathers info from 2007 for baseline, info is retained for reporting and displaying progress. I have some more details for those interested.
Concern for me is that it seems to be a side by side migration, not an in place - does this mean we will potentially need to buy new hardware to do an upgrade not long after we have finished our migration?
Config Manager v.Next Admin UI
First up today (after the keynote) was "Config Manager v.Next Admin UI" and as you can imagine, was focussed on the improvements of the user interface, compared with previous/current versions. This will only be interesting to existing users of SCCM, new users will just expect the "wunderbar" and ribbon approach, which is delivered. The UI changes are more than just cosmetic of course - of particular note are the very fast and easy sorting and filtering options, both of which are very configurable. Tagging makes grouping very easy and is available on virtually all objects - so for example, you could tie this in with the Role Based Management, and allow site admins to only view objects, policies and devices on their own turf - for example an EU deployment manager could be configured to only see the relevent tasks, devices and functions that he required. Even if we didn't use this kind of restriction, the technology would still be useful to just to simplify views, reports and workflows for any admin working in the environment.
Speaking of reports, they showed an overview of the new graphical functionality built into v.Next - this looked very Spectrum like, and was of course dynamic, allowing you to drill down through the environment, for example down to server certificates and application issues reported by the internal alerting engine.
Also of mention was the automatic deployment statistic reporting options, which by default right out of the box show performance and failure alerting.
Speaking of reports, they showed an overview of the new graphical functionality built into v.Next - this looked very Spectrum like, and was of course dynamic, allowing you to drill down through the environment, for example down to server certificates and application issues reported by the internal alerting engine.
Also of mention was the automatic deployment statistic reporting options, which by default right out of the box show performance and failure alerting.
Protecting Windows Clients with Data Protection Manager
Good session presented by two clearly passionate product managers. Quick survey of the room showed 50% were trying to backup up laptops/desktops but not one person was happy with their solution. Why?
- Mobile users cause problems
- Sheer volume of machines - how manage that data and scale policies across it?
- Each user has different needs.
DPM 2010 released his week addresses these! They have removed any reliance on the end user and support user roaming and customisation. You can still enforce Admin defined restrictions.
Basics - first backup is a full backup, every future is the disk block changes - in essence allowing you to have a full backup each time, whilst only moving small amounts of data from the device to the DPM server. You can do multiple backups during the day to allow users to restore previous versions of files as they work. If they are offsite it backs up locally, sure if a disk fails you are stuck, but if they just want to restore any earlier version, they can still do this. Once back on network/vpn/directaccess it will sync with the DPM server.
Policy can configure backup locations, you can allow the users to add their own (or not). For example I have a bad habit of saving in progress files to my desktop and typically My Documents would be the location backed up - I could add my desktop to the locations to protect.
User can also choose to sync just before they go offsite, and do self recovery. If they lose their laptop you can restore to a new machine with their login, or if they just need a file, they can login to any machine and get what they need. I.e someone forgets their USB stick with their powerpoint.
The agent can be installed as part of a standard build, you only pay license costs when you start to do backups. This would be great as a premium service on top of SDS. Or a direct replacement for SDS backup.
A couple of flaws, each DPM server can only cater to 1000 clients, so assuming we need to run this from the datacenter, we would need significant server investment. Lets hope this becomes a cloud offering in the future!
2nd Keynote
Today Brad Anderson got to be the main man, as is tradition, first some stats:
- Windows 7 is the fastest selling OS in history
- In March 90 million Win7 machines were patched via Windows Update.
- Windows Update patches 725million PCs each month - bear in mind most corporates wont point to Windows Update.
SCCM 2007 R3 - will include more power management features. You can enable it in a data gathering mode first and understand how your estate is used, and understand the savings you could make. Typically Windows 7 has saved between $30-60 per machine by tweaking the power options from Windows XP. You will also be able to configure wake up for out of band patch/app distribution.
With the reports you can show CO2 savings as you implement the policies, therefore we could quantify the savings back to the sites. This helps as site power is obviously a different budget so whilst Mars IS wont see the benefit we can show the site what benefit they are getting because of our service.
SCCM 2007 R3 beta is available from today.
Brad says there are 5 things you need to build the core of your desktop strategy.
1) You must have one infrastructure to manage all your types of desktop - physical, vdi, app-v, etc. It must have comprehensive management tools for all the things you manage. Guess what? The system center suite does this ;-) In all seriousness it is a good point, for so long we have tried to go for best of breed and often suffered, there is a lot to be said for the one throat to choke approach.
2)Common way of integrating and managing all versions of virtualisation - vdi, VMs, App-v, Med-v Hyper-v, vmware, Citrix etc. Speaking of Citrix, XenApp can now be managed by the System Center suite (available in 60 days). Configuration Manager will allow for increased automation/management of XenApp and its server infrastructure - so delivery of apps to the server, through to publishing them to end users. Using Citrix Dazzle home users can gets apps delivered via Citrix and SCCM.
Some Hyper-V tweaks - Remote effects (fx?) and Dynamic memory, the first allows you to use a high end graphics card in your hyper-v server and provide full windows aero effects to end users with VDI - the GPU takes the workload so performance is not affected. Other VM providers cannot do this - this would mean the user experience is seamless from physical desktop to virtual - sounds insignificant but is very impressive - they demo'd it running 720p HD video in a virtual machine with all Aero feature on. Dynamic memory essentially allows you to define a range of RAM for your VM machines - this way as the user runs an intense app, they can dynamically grow their RAM usage, and when they close it, it will reduce. This allows for much more efficient RAM usage and again a significantly improved user experience. These tools will be available in SP1 for W2k8 R2 (I cant wait for my home server ;-) ).
3) Convergence of security and management - lower cost, simplified management and enhanced protection. Forefront product will now run off System Center infrastructure (no additional servers required). It will be built into Configuration Manager so you will get anti virus/malware/spyware. This also ties into the one infrastructure theme. RTM by end of year. As we consistently seem to have problems with our Symantec tools, maybe this would be worth a look! In fact the install package it includes in SCCM will auto uninstall other vendors security problems to avoid headaches (almost like a virus itself!) This combination will tie into the SQL reporting services and provide very rich reports to see overall status, any detections and so on. Tied into the Dashboard (see previous blog) a great addition to the office plasma!
4) Cloud based client management or as they define it, 'route to the cloud'. I have blogged about Windows Intune, so see this post for more.My view is that 2-5 years this product set will have developed enough to rival the on premise solutions, so by the time we come to look at the desktop management infrastructure again, this may be a viable solution.
Then Brad went off on a bit of a detour from the Cloud to the System Center Service Manager tool. This tool had 2 main design principles, simplicity and tight integration with AD and System Center. As blogged previously this tool will do compliance, incident/change and problem management. They gave an example of a customer having a meaningful CMDB within 2 hours of install, it is that simple.
In terms of compliance, it will do PCI, SOX, records management and one other I didn't catch. Service Manager can automate the discovery to assess compliance, demo'd in 3-4 clicks. If you already have VISA compliance and now you want to check for AMEX it will assess the delta that AMEX may require that VISA does not, but not duplicate the work already covered. It can even auto remediate to gain compliance. The integrated reporting can allow you to check compliance, or even generate the report direct for the auditor. Non compliance can auto generate a ticket for items it is unable to remediate. Microsoft will update the tool as regulations are updated.
Beta 2 available in June RTM later in the year.
5) User focused - enabling productivity anywhere on any device (sounds familiar!) - reiteration of much of what I have already written about SCCM, Configuration Manager v.Next. Talked about auto remediation of DCM/Settings management which is pretty cool, even to the extent of reinstalling apps a user may mistakenly remove.
There was a roadmap slide
Image credit: Hans Vredevoort - click the pic for his site.
Next years MMS will be at Mandalay Bay March 21st-25th 2011
Preview of one of tomorrow's sessions
The System Center Team blog have a write up of whats coming tomorrow around device management. Take a read here
I'll write up the session once I have attended tomorrow afternoon.
I'll write up the session once I have attended tomorrow afternoon.
Misled
My next session was SCCM 2007 on steroids - real life experiences.
What it actually was was a company called Adaptiva using three of its customers to do a sales pitch on its products - Client health, One site and Green IT with companion.
Worst of all the presenters skipped the slides, so I had to guess at was was being demo'd!
Client health all the demo's failed - they stated typically 5-10% of all SCCM clients have errors - (I'd be interested to hear in the comments if Mark/Raitis you think this is about right, and what you do about it, as this product does not work!)
Tool seemed overly complex, needed an additional admin console, I was not impressed and neither was anyone else as half the audience left.
Other two products the demo's worked but again just not great products - if we wanted to invest in these areas, 1E have what appear to be better working products (Nomad, Nightwatchman and the Power and Patch pack).
Overall an appalling session.
What it actually was was a company called Adaptiva using three of its customers to do a sales pitch on its products - Client health, One site and Green IT with companion.
Worst of all the presenters skipped the slides, so I had to guess at was was being demo'd!
Client health all the demo's failed - they stated typically 5-10% of all SCCM clients have errors - (I'd be interested to hear in the comments if Mark/Raitis you think this is about right, and what you do about it, as this product does not work!)
Tool seemed overly complex, needed an additional admin console, I was not impressed and neither was anyone else as half the audience left.
Other two products the demo's worked but again just not great products - if we wanted to invest in these areas, 1E have what appear to be better working products (Nomad, Nightwatchman and the Power and Patch pack).
Overall an appalling session.
Windows Intune
Hello again! I'm skipping the keynote write up until tonight as I have skipped lunch to do some quick updates. I love my audience that much! To show you appreciate it, add some comments or tick the rating boxes!
After being launched on Monday as a beta (admittedly Beta3), Windows Intune has already closed to new participants, what they thought would take a week, filled up in matter of hours, so you can see people are pretty excited.
Reminder of what it is - desktop management via a cloud service. Why MS think it is needed:
After being launched on Monday as a beta (admittedly Beta3), Windows Intune has already closed to new participants, what they thought would take a week, filled up in matter of hours, so you can see people are pretty excited.
Reminder of what it is - desktop management via a cloud service. Why MS think it is needed:
- Many customers struggle with non standard, multi version environments.
- Workers are in many locations
- Lack of insight into PC estate
- Cannot afford a huge infrastructure investment
By using Windows Intune you can avoid the above and deliver many additional features that small companies typically couldn't or don't do. Such as:
- Protect PCs from Malware
- Standardise on a version of Windows
- Upgrade to Win7 or downgrade to run a version of choice
- Automatic upgrades to new versions of the service
- Diagnostics and recovery toolset (which can recover even a non bootable PC)
- Access to all MDOP functionality (this is a great feature)
- Bitlocker to go (another great feature)
- No infrastructure required (so no hardware/OS/license costs or power etc)
- Predictable monthly billing
Signing up is via the MS Business Online services website, and you get access to the Cloud based admin console. From here you use a simple wizard to do some customisations and configuration which gets saved as a .MSI - this can then be installed on your pc estate and voila - you are managing you estate via the cloud!
I can see a niche use for Mars - Royal Canin currently have a series of startup companies whilst the enter a new market - each company has to manage its own IT - this would be a great solution to at least ensure they were patched, had anti virus, were licence compliant and so on. It can even manage non Domain joined machines the same as you would configure your traditional estate - this would ensure a consistent look and feel and user experience one the startup joins the Mars network fully.
The admin interface was very intuitive, and very immediate - I was impressed with this being a beta product. There is context sensitive help so someone with basic IT skills should be able to manage the PCs via this platform - again great for small companies where the focus is on the business not managing the IT. The PC agent even has some self healing built in to make it as simple as possible to remediate.
You can do things like export the hw or software inventories - great for Commercial to check compliance.
It does include basic remote control but the user has to make a request. Further versions will see this expanded.
Whilst it is only for client machines now, I did notice it had some server things listed so it may well be on the roadmap ;-) Another thing on the roadmap is software distribution - again this would be superb functionality to add.
Release should be within 12 months to NA/EU/Asia and Brasil
If you want to track the progress, the team at MS have a blog here
CIO.com review
Subscribe to:
Comments (Atom)
Posts
