This was a nice wrap up to the day - the internal MS IT department team lead gave a presentation on how they handle the normal everyday jobs that all users of their products need to do.
The thing that surprised me was that they do not seem to be early adopters of their own technology...obviously they are heavily involved in the Alpha, Beta and QA for their new products (a process they delightfully call "Dogfooding", but in their own environment, they have only recently implemented some of the things I just assumed they would use from day one of it going gold. To give you a couple of highlighted examples, they only began to deploy O/S images six months ago using MDT, and only use one App-V based application throughout the entire organisation.
The other surprise was the size of their team - although the speaker did admit they outsourced for some tasks, their core team is only 13 people. This team services 274,000 clients based at six HQ and client sites globally.
Their SLAs are quite impressive too - for software compliancy (patching etc) they adhere to a 95% compliancy within 3 business days for active exploit patching. For critical updating the SLA is 95% within nine business days.
A large portion of the presentation was around performance monitoring - with such a large organisation which such a high data throughput, they needed to develop their own type of custom reporting, which they achieved with the LogMan tool, and a bundle of custom scripting.
One last point which was quite interesting - they stated that their DC operational costs had reduced by 75% using a virtualisation strategy - they have defined an 8-1 virtual to physical server ratio. They claim that most of the 75% savings are down to power and physical server cost savings, along with standardising the builds for easy and fast provisioning.
Thursday, April 22, 2010
Forefront Endpoint Protection 2010
As is becoming very routine now in these sessions, the speakers started off by extolling the virtues of the 'single pane of glass' approach to SCCM and it's components, and Forefront is no exception. Again with this product, we would be able to manage a major portion of our infrastructure seamlessly from a single user interface.
Forefront, for those not familiar, is Microsoft's answer to antivirus, malware, spyware and firewall for enterprise customers. I had my reservations, previous consumer products have been eh....not great, only offering basic protection at best. Forefront however, has been designed from the ground up to be industry class, and my first impressions are that it may well become best of breed.
Of course, being an SCCM component, deployment of policy, updates and signature files are simple and managed in the same way as any other deployment.
In terms of provisioning Forefront to an environment, Microsoft have pushed the boat out somewhat to make it an admins dream. All that is required is for the installation to be completed on a root site, and it's automatically provisioned across the hierarchy, automatically creating additionally required components such as distribution packages. Another good feature is that when deployed to clients, Forefront will (again!) automatically remove/uninstall and other protection software you have installed, although I'm guessing our heavily scripted installations may cause it some issues.
Some of the other benefits mentioned were:
• Protects clients without complexity
• Admin control of protection level
• Protects apps, file systems and network layers
• Template driven policy creation
• SCCM distribution
• Option to control via legacy group policy if required
• Ability to limit the clients apps CPU utilisation of the PC, so as not to slow down the users during mandatory scans
• By leveraging SCCM and WOL (Wake up on LAN), updating and scans can be scheduled out of hours
• Centralised monitoring, alerting and reporting on protection levels, signature and update compliance across the environment via SCCM
Forefront, for those not familiar, is Microsoft's answer to antivirus, malware, spyware and firewall for enterprise customers. I had my reservations, previous consumer products have been eh....not great, only offering basic protection at best. Forefront however, has been designed from the ground up to be industry class, and my first impressions are that it may well become best of breed.
Of course, being an SCCM component, deployment of policy, updates and signature files are simple and managed in the same way as any other deployment.
In terms of provisioning Forefront to an environment, Microsoft have pushed the boat out somewhat to make it an admins dream. All that is required is for the installation to be completed on a root site, and it's automatically provisioned across the hierarchy, automatically creating additionally required components such as distribution packages. Another good feature is that when deployed to clients, Forefront will (again!) automatically remove/uninstall and other protection software you have installed, although I'm guessing our heavily scripted installations may cause it some issues.
Some of the other benefits mentioned were:
• Protects clients without complexity
• Admin control of protection level
• Protects apps, file systems and network layers
• Template driven policy creation
• SCCM distribution
• Option to control via legacy group policy if required
• Ability to limit the clients apps CPU utilisation of the PC, so as not to slow down the users during mandatory scans
• By leveraging SCCM and WOL (Wake up on LAN), updating and scans can be scheduled out of hours
• Centralised monitoring, alerting and reporting on protection levels, signature and update compliance across the environment via SCCM
Zero Touch Installation using MDT 2010 & SCCM 2007
This lab session went though the steps to configure SCCM/MDT2010 up to the deployment phase for deploying a Windows 7 workstation image. The steps included:
• Configuration of the deployment environment
• Configuration of offline installation of language packs and updates
• Configuration of a new computer PXE environment installation of Windows 7
• A refresh install of Windows 7
The lab was fairly routine, but it was good to go through the steps as I suspect my team will be involved in this heavily in the future.
• Configuration of the deployment environment
• Configuration of offline installation of language packs and updates
• Configuration of a new computer PXE environment installation of Windows 7
• A refresh install of Windows 7
The lab was fairly routine, but it was good to go through the steps as I suspect my team will be involved in this heavily in the future.
Configuration Manager v.Next: Device management
Just my 2p's worth....
This session was the best of the week for me - as you know, one of my passions is mobile devices, and especially finding ways to integrate them into the Mars environment to enhance the user experience by giving more choice and flexibility. I've previously reviewed the current crop of Mobile Device Management tools in my blog entries from TechEd 2008, and am very excited to see the new developments and functionality that will be available in SCCM v.Next, particularly as this may well be something we can implement our new environment.
The speakers gave a few interesting statistics which I recorded:
• By 2013, there will be more smartphones than PCs in enterprise level business today
• Devices are trending away from platform conformance (ie iPhone, Android etc are becoming more common)
• 75% of smartphones are consumer bought, but still used for business (guilty as charged m'lord...)
In Mars, this is particularly worth noting due to tight control over business supported mobile devices - associates and contractors who don't qualify will often look for alternatives ways to access their corporate data, and in our environment this could pose a risk to us in terms of data security and corporate privacy as we have no control over these devices currently.
Using the tools available today, we have the following opportunities to take control:
• SMS 2003 - Windows Mobile / CE devices only
• SCCM 2007 - CE 4.2 / Pocket PC 2003 - basic control and provisioning
• MDM 2008 SP1 - Windows Mobile 6.1, mobile VPN, Rich Device Management (remote wipe etc)
When v.Next is available, we can look forward to:
• Management integration in the same UI for desktop, server and mobile devices
• Over the air enrolment (using AD credentials)
• Mobile application deployment (this is cool, see below)
• Monitoring and remediation of non compliant devices
• Support for WinCE 5+, Windows Mobile 5/6/6.1 and Windows Phone 6.5
• Additional platform support (ie Nokia Symbian)
• Over the air inventory and setting management including software and patch deployment, remote device lock/unlock and wipe
The topology v.Next includes the following key server roles for device management:
• Enrolment web proxy point
• Enrolment service point
• Software catalog roles
• Management point
• Distribution point
The speakers went over some enrolment and deployment scenarios, describing the process for establishing mutual trust between the mobile device and the enrolment web proxy, which demonstrated the over the air provisioning. This can be invoked either by the admin in the console in a few easy steps, or by the remote user, using the web based software catalogue which is part of SCCM's standard services. Whichever method is chosen , the end result is the user receiving a notification with instructions specific to their device type, and includes a one time PIN number which is valid for 8 hours by default. Once the user initiates the enrolment process on the device using the PIN, a secure session is initiated and enrolment is completed in the background on the device. Once the process is complete (which can either be bound to the users AD credentials, or specific credentials to the device), you're ready to deploy software, policy and patching to the device, along with being able to over the air inventory, status report (ie memory, CPU, free storage etc) & remote control in the same way as any other domain device. Specifically for mobile devices, you may lock/unlock or wipe the device.
Settings management for mobile devices direct from the console was also covered, and includes:
• Integrated mobile settings
• Support for monitoring and enforcement of policies
• Standard settings and simple UI which will be familiar to any SCCM admin
• Administrator defined settings via mobile registry or omni-uri (configuration via web link)
• All evaluation and remediation is done by the server so that the device isn't slowed by any processes required.
Alongside this, another great thing about this product is that you don't need to create separate security policies for mobile devices - rather you use your baseline desktop/laptop policy and add a supplement configuration item for mobile devices. This will save time for admins and security teams, and also ensure that sweeping security changes, for example a change to the 8/90 password policy, would be affected for all device types at once without the need for many policy changes to encompass all devices. The configuration item contains control for such things as bluetooth networking and sharing, camera use etc, specific to smartphones, along with and password lock policies etc.
Software distribution to mobile devices works in the same way as with any other SCCM deployment, so I won't go into detail here, however one point worth mentioning is that once a mobile device application or patch is packaged, it can be grouped into software collections along with the same applications for other devices on the DP servers, using the same requirement rules (for example device type, available memory and storage etc), and SCCM automatically works out which version to deploy to which device. Also, packages can be signed with a corporate certificate, so that the user can have confidence in the source, and the enterprise maintains continuity of the packages.
So to try and make this clear, if user Colin requires Adobe Reader and had a desktop PC and a smartphone, all the admin needs to do is deploy Adobe Reader once - it will appear on all devices if available and required. The only thing which isn't clear to me at this stage is how license constrains are observed here, user Colin may well own the application on his desktop, but may not be licensed on the mobile device - so I'm not currently clear on how this is handled. I am sure there will be a way though, it's not like Microsoft to miss something as fundamental to their business model as licensing!
Software distribution packages can be in several flavours, including MSI, App-V and mobile CAB. Software can be deployed either via SCCM or user initiated web based self service. The beauty of all this for admins, is that now, mobile devices can be treated pretty much in the same way as desktops and laptops all from the same UI, using the same packaging, monitoring and reporting functionality - giving us control of the devices in our environment finally!
This session was the best of the week for me - as you know, one of my passions is mobile devices, and especially finding ways to integrate them into the Mars environment to enhance the user experience by giving more choice and flexibility. I've previously reviewed the current crop of Mobile Device Management tools in my blog entries from TechEd 2008, and am very excited to see the new developments and functionality that will be available in SCCM v.Next, particularly as this may well be something we can implement our new environment.
The speakers gave a few interesting statistics which I recorded:
• By 2013, there will be more smartphones than PCs in enterprise level business today
• Devices are trending away from platform conformance (ie iPhone, Android etc are becoming more common)
• 75% of smartphones are consumer bought, but still used for business (guilty as charged m'lord...)
In Mars, this is particularly worth noting due to tight control over business supported mobile devices - associates and contractors who don't qualify will often look for alternatives ways to access their corporate data, and in our environment this could pose a risk to us in terms of data security and corporate privacy as we have no control over these devices currently.
Using the tools available today, we have the following opportunities to take control:
• SMS 2003 - Windows Mobile / CE devices only
• SCCM 2007 - CE 4.2 / Pocket PC 2003 - basic control and provisioning
• MDM 2008 SP1 - Windows Mobile 6.1, mobile VPN, Rich Device Management (remote wipe etc)
When v.Next is available, we can look forward to:
• Management integration in the same UI for desktop, server and mobile devices
• Over the air enrolment (using AD credentials)
• Mobile application deployment (this is cool, see below)
• Monitoring and remediation of non compliant devices
• Support for WinCE 5+, Windows Mobile 5/6/6.1 and Windows Phone 6.5
• Additional platform support (ie Nokia Symbian)
• Over the air inventory and setting management including software and patch deployment, remote device lock/unlock and wipe
The topology v.Next includes the following key server roles for device management:
• Enrolment web proxy point
• Enrolment service point
• Software catalog roles
• Management point
• Distribution point
The speakers went over some enrolment and deployment scenarios, describing the process for establishing mutual trust between the mobile device and the enrolment web proxy, which demonstrated the over the air provisioning. This can be invoked either by the admin in the console in a few easy steps, or by the remote user, using the web based software catalogue which is part of SCCM's standard services. Whichever method is chosen , the end result is the user receiving a notification with instructions specific to their device type, and includes a one time PIN number which is valid for 8 hours by default. Once the user initiates the enrolment process on the device using the PIN, a secure session is initiated and enrolment is completed in the background on the device. Once the process is complete (which can either be bound to the users AD credentials, or specific credentials to the device), you're ready to deploy software, policy and patching to the device, along with being able to over the air inventory, status report (ie memory, CPU, free storage etc) & remote control in the same way as any other domain device. Specifically for mobile devices, you may lock/unlock or wipe the device.
Settings management for mobile devices direct from the console was also covered, and includes:
• Integrated mobile settings
• Support for monitoring and enforcement of policies
• Standard settings and simple UI which will be familiar to any SCCM admin
• Administrator defined settings via mobile registry or omni-uri (configuration via web link)
• All evaluation and remediation is done by the server so that the device isn't slowed by any processes required.
Alongside this, another great thing about this product is that you don't need to create separate security policies for mobile devices - rather you use your baseline desktop/laptop policy and add a supplement configuration item for mobile devices. This will save time for admins and security teams, and also ensure that sweeping security changes, for example a change to the 8/90 password policy, would be affected for all device types at once without the need for many policy changes to encompass all devices. The configuration item contains control for such things as bluetooth networking and sharing, camera use etc, specific to smartphones, along with and password lock policies etc.
Software distribution to mobile devices works in the same way as with any other SCCM deployment, so I won't go into detail here, however one point worth mentioning is that once a mobile device application or patch is packaged, it can be grouped into software collections along with the same applications for other devices on the DP servers, using the same requirement rules (for example device type, available memory and storage etc), and SCCM automatically works out which version to deploy to which device. Also, packages can be signed with a corporate certificate, so that the user can have confidence in the source, and the enterprise maintains continuity of the packages.
So to try and make this clear, if user Colin requires Adobe Reader and had a desktop PC and a smartphone, all the admin needs to do is deploy Adobe Reader once - it will appear on all devices if available and required. The only thing which isn't clear to me at this stage is how license constrains are observed here, user Colin may well own the application on his desktop, but may not be licensed on the mobile device - so I'm not currently clear on how this is handled. I am sure there will be a way though, it's not like Microsoft to miss something as fundamental to their business model as licensing!
Software distribution packages can be in several flavours, including MSI, App-V and mobile CAB. Software can be deployed either via SCCM or user initiated web based self service. The beauty of all this for admins, is that now, mobile devices can be treated pretty much in the same way as desktops and laptops all from the same UI, using the same packaging, monitoring and reporting functionality - giving us control of the devices in our environment finally!
Troubleshooting Windows 7 Deployments
This lecture was a little dry albeit very informative. The synopsis is: Windows 7 deployments can have problems, check the multitude of log files for help and RTFM before hand.
For those that would like some more tech detail:
Setupact.log - setup actions during process
setuperr.log - only the error messages - both these need to be read together, and depending at what poitn the failure was, they may be in different locations!
KB927521 has more
cbs.log - DISM commands - drivers, languages, security updates
setupapi.dev.log - %windir%\inf - driver install
netsetup.log - %windir%\Debug - Domain join errors
Windowsupdate.log - %windir% - Windows update, WSUS or SCCM (SUP) errors
wpeinit.log - startup issues in WinPE - gets deleted after reboot
wdsserver.log - WDS - logging is off by default - KB936625
usmtestimate.log - estimation of space errors
usmtcapture.log or scanstate.log - capturing the data
usmtrestore.log - restore errors
smsts.log - task sequence failures (another log that moves)
drivercatalog.log - inport drivers
tasksequenceprovider.log - save or import task sequences
smspxe.log - pxe issues
smsprov.log - save or import task sequences too.
In SCCM you can enable a checkbox for enable command support, if you then hold F8 during winPE you can get a command prompt to go find these logs. If you have got as far as windows setup Shift+F10. Having the command prompt window open, holds any reboot too.
Common issues:
For those that would like some more tech detail:
Setupact.log - setup actions during process
setuperr.log - only the error messages - both these need to be read together, and depending at what poitn the failure was, they may be in different locations!
KB927521 has more
cbs.log - DISM commands - drivers, languages, security updates
setupapi.dev.log - %windir%\inf - driver install
netsetup.log - %windir%\Debug - Domain join errors
Windowsupdate.log - %windir% - Windows update, WSUS or SCCM (SUP) errors
wpeinit.log - startup issues in WinPE - gets deleted after reboot
wdsserver.log - WDS - logging is off by default - KB936625
usmtestimate.log - estimation of space errors
usmtcapture.log or scanstate.log - capturing the data
usmtrestore.log - restore errors
smsts.log - task sequence failures (another log that moves)
drivercatalog.log - inport drivers
tasksequenceprovider.log - save or import task sequences
smspxe.log - pxe issues
smsprov.log - save or import task sequences too.
In SCCM you can enable a checkbox for enable command support, if you then hold F8 during winPE you can get a command prompt to go find these logs. If you have got as far as windows setup Shift+F10. Having the command prompt window open, holds any reboot too.
Common issues:
- Bad computer name - more than 15 characters
- Mismatched product key to image file
- Broken domain join - KB944353
- Deploying with a KMS key! (KMS keys are for machines that provide keys to rest of org)
- Crashes - check for stop errors, you may need to turn off auto reboot.
- WinPE - generally networking related
- SCCM - task sequences, hash mismatch (refresh DP - it is a bug MS cannot reproduce so far)
- Make sure you test all task sequences at least one before deploying
- Make sure packages are present (if not push them out)
Finally he mentioned a tool called SMStrace, which has the option to enter error codes, this can be very helpful.
App-V Overview
This session was to give a brief overview of App-v, it's benefits and some demos.
Application deployments are costly (as we know), App-v enables a desktop virtualisation solution by virtualising applications. (This is often known as presentation virtualisation - think traditional Citrix, however this has evolved slightly and now MS and Citrix include app streaming too)
A couple of customer examples: One cut app deployment from 3 months to 3 days, another reduced packaging costs by 50% and finally one reduced the amount pf PC images they needed.
The App-v sequencer was demonstrated with the app packaged in a matter of minutes. Obviously this package can then be deployed to any hardware, quickly and managed centrally. You can choose to stream (allow user to start the app before it is installed locally) or just do the deployment - streaming would be great for a large app.
Obviously it all ties into the one infrastructure, one management product suite tools message and helps you become user centric.
The recent 4.6 release of App-v is 64bit on servers/apps/infrastructure - so making the best use of what you have in terms of performance, CPU/Ram usage. There are specific things that allow for better Office 2010 virtualisation. They have managed to create a shared cache for apps between VDI and Terminal Services saving on diskspace significantly - often you would have previously had a package for each. Best of all, each app operates independently, so an app crash does not take down the whole OS.
It is still a good product (as it was when it was Softricity Softgrid), and may well be worth some investigation, we would need to contrast this with our existing investment in Citrix technologies.
Application deployments are costly (as we know), App-v enables a desktop virtualisation solution by virtualising applications. (This is often known as presentation virtualisation - think traditional Citrix, however this has evolved slightly and now MS and Citrix include app streaming too)
A couple of customer examples: One cut app deployment from 3 months to 3 days, another reduced packaging costs by 50% and finally one reduced the amount pf PC images they needed.
The App-v sequencer was demonstrated with the app packaged in a matter of minutes. Obviously this package can then be deployed to any hardware, quickly and managed centrally. You can choose to stream (allow user to start the app before it is installed locally) or just do the deployment - streaming would be great for a large app.
Obviously it all ties into the one infrastructure, one management product suite tools message and helps you become user centric.
The recent 4.6 release of App-v is 64bit on servers/apps/infrastructure - so making the best use of what you have in terms of performance, CPU/Ram usage. There are specific things that allow for better Office 2010 virtualisation. They have managed to create a shared cache for apps between VDI and Terminal Services saving on diskspace significantly - often you would have previously had a package for each. Best of all, each app operates independently, so an app crash does not take down the whole OS.
It is still a good product (as it was when it was Softricity Softgrid), and may well be worth some investigation, we would need to contrast this with our existing investment in Citrix technologies.
Client of the Future: Capabilities, Considerations and Costs
This was a really good session and one that will be hard to illustrate without the slide desk. Once I have it, am happy to take people through it in more detail.
The session was run by one of the Strategists from the 'War on Costs' team internal to MS. It covered how previously the aim was to get standardised and locked down and make one size fits all. However now and into the future this is no longer true. We are shifting to being more user centric from device centric and should be looking at multiple ways to address their needs rather than the one size fits all approach.
This is good as it is what I have been pitching for a couple of years. One problem you have when trying to justify this is TCO, having a cost based model is not great for:
- emerging technologies which start off more expensive but give you competitive advantage
- solutions with a high upfront cost (typically we will have this problem for premium services in our software catalog - how do we make it fair to the sites that take the higher cost early on?)
- where value is only for a subset of users (e.g. VDI for our business partners)
TCO also does not measure, agility, efficiency, flexibility and productivity.
The presenter stated that a new model is needed which provide the 4 pillars of business value:
The session was run by one of the Strategists from the 'War on Costs' team internal to MS. It covered how previously the aim was to get standardised and locked down and make one size fits all. However now and into the future this is no longer true. We are shifting to being more user centric from device centric and should be looking at multiple ways to address their needs rather than the one size fits all approach.
This is good as it is what I have been pitching for a couple of years. One problem you have when trying to justify this is TCO, having a cost based model is not great for:
- emerging technologies which start off more expensive but give you competitive advantage
- solutions with a high upfront cost (typically we will have this problem for premium services in our software catalog - how do we make it fair to the sites that take the higher cost early on?)
- where value is only for a subset of users (e.g. VDI for our business partners)
TCO also does not measure, agility, efficiency, flexibility and productivity.
The presenter stated that a new model is needed which provide the 4 pillars of business value:
- Direct cost
- Agility
- Quality of Service
- Governance, risk, management and compliance
By building your cost models with these themes in mind you will get a more balanced view of what will work.
Next steps are to assess the various solutions against these and see what will be a good fit for your portfolio. Again there was a number of steps to go through before having a user centric environment.
I'll leave the recap here, but hopefully it was enough to give you a taste. Once I get the slides I can elaborate further, but the detail on them and the pace he was going was more than I could get good notes down for and I'd like to do it justice.
To give a bit more background, this was the abstract:
Application virtualization? Workspace virtualization? Desktop virtualization? Composite desktops? Desktops-as-a-service? In an ever-more-complex game of "buzzword bingo" it has become very difficult to compare vendor offerings and choose the client-computing technologies and capabilities that will help you succeed as a business. This session leverages the "War on Cost" team's most recent research into client computing, and provides a framework for comparing the capabilities and considerations of emerging client models.
We'll compare the costs, benefits, and optimal use-cases for application virtualization, desktop virtualization and more; we'll discuss the impacts of each model on desktop deployment and management, datacenter workloads, application delivery, user productivity and business agility; and we'll highlight the key factors and best practices that must be considered when aligning your desktop strategy with business priorities. This session will equip you to make well-informed choices as you work to implement an agile and effective next-generation client-computing environment that meets your business needs.
Best practices from MS IT - SCCM 2007
Both Colin and I were in this session and as it was more relevant for him I'll let him add the details.
Key things I noted - MS IT manage 275k clients with their SCCM infrastructure, so we don't need to worry about scale!
They have 13 people globally to manage all: servers and clients, patching, software updates, App-v, OS deployments and two of these are permanent packagers. The rest of the packaging they outsource.
13 people, 275k machines - pretty impressive!
Key things I noted - MS IT manage 275k clients with their SCCM infrastructure, so we don't need to worry about scale!
They have 13 people globally to manage all: servers and clients, patching, software updates, App-v, OS deployments and two of these are permanent packagers. The rest of the packaging they outsource.
13 people, 275k machines - pretty impressive!
Does this make me a proper geek?
Yesterday I queued up to get a free SCOM 2007 R2 book, and the authors signed it for me.
In my defence I only went because it was free, don't judge me!
Mobile Device Managment
So day 4 starts, its cold, rainy and windy. Fortunately I get to spend all my time in a conference center ;-)
However it does mean the attendee pool party has been moved to the underground car park - not quite going to be the same atmosphere methinks!
First session today was about Device Management and they mean specifically mobiles.
Fact roll:
However it does mean the attendee pool party has been moved to the underground car park - not quite going to be the same atmosphere methinks!
First session today was about Device Management and they mean specifically mobiles.
Fact roll:
- Smartphones have increased significantly in importance to businesses
- 2013 will see more smartphones in the enterprise than PC/Laptops
- Trend is away from platform conformance (irritatingly for us)
- Often consumer purchased but used for business (as an example all the pics here are with my personal smartphone)
- Customers want 'a single pane of glass' view over their infrastructure from Servers to phones, not multiple consoles/infrastructures, and certainly not an infrastructure per vendor!
Microsoft have decided to invest more in this areas and thus have rolled their System Center Mobile Device Manager product into Configuration Manager v.Next. They have already announced that they will support Nokia/Symbian platforms at RTM and are stating that they are working with other vendors, no time lines committed yet.
This is interesting as when I was at MMS in 2008, they were saying then that they were in discussions with Apple and Rim, so either these discussions a)take a really really long time, b)are not going well or c)lost focus... Might be worth getting a more formal roadmap under NDA to understand what is really happening.
Apart from Symbian, MS will also support WinCE 5.0+ WM6.1+. These devices will be able to do over the air enrollment, inventory, settings management, software distribution and remote wipe. WinCE devices wont be able to remote wipe or do over the air.
Over the air enrollment ties into SCCM and your EA Certificate infrastructure (PKI - which we will have as part of Connex). Demo'd well and worked flawlessly.
Admins can register users, or they will be able to self register.
They are working to make the user experience the same on all platforms, so things like offloading compliance check/remediation assessment to the SCCM server will ensure the user is not impacted regardless of how powerful their device is or what OS it runs.
Demo's of settings management and software distribution were equally impressive, and tie into the new Software catalog with v.Next - i.e user can choose to register their phone in it, or what software they want installed.
Public beta will be available by end May 2010
Really interesting session and I'm very hopeful it can be a good solution. I would want to see some firm commitments on timelines and platforms. Again though as we have Software Assurance on SCCM, we will be entitled to the product in the future anyway. Definitely one worth investigating!.
Subscribe to:
Comments (Atom)
Posts
