Mastering System Center 2012 R2 Configuration Manager (2014)

Chapter 1. Overview of Service Management

System Center 2012 R2 Configuration Manager (SCCM), like the previous versions of the product, plays an important role in service management in the information technology (IT) world. As IT professionals, we are not responsible for every task required to accomplish a key business activity in our environments. However, we are an important piece of the IT service management process. IT is in the business of providing key capabilities, called services, to enable the business functions to achieve the goals of the business. This is one of the many reasons to leverage the Microsoft Operations Framework (MOF) or the IT Infrastructure Library (ITIL) to optimize your IT investment and realize business value.

The idea behind MOF and ITIL is to align IT with the business goals by breaking down silos between IT departments with the ultimate goal of service excellence. Numerous groups fall under the IT department tag, but we often see many of them acting as separate departments rather than as one cohesive unit. Desktop support, application developers, server support, storage administrators, and so on are all members of IT, but they are not always as unified as they should be when delivering quality IT services. Often they lack clarity about who owns each component in the ultimate delivery of the IT service.

System Center 2012 R2 Configuration Manager was built with MOF and ITIL in mind, so we will start the book by describing these two frameworks and how they are central to the mission of the Microsoft System Center family of products. System Center Configuration Manager, or ConfigMgr, is much more than just a mechanism to deploy software. In this chapter, you will learn how we define IT service management and how MOF and ITIL can be the foundation for defining service management in your organization’s services throughout the entire lifecycle of those services. You will also learn about how all of the Microsoft System Center products map to service management and the new features of ConfigMgr.

Understanding IT Service Management

The IT Infrastructure Library and the Microsoft Operations Framework were introduced as a way to deliver consistent IT service management (ITSM). Some of the key objectives of ITSM are as follows:

· To align IT services with current and future needs of the business and its customers

· To improve the quality of IT services delivered

· To reduce the long-term cost of service provisioning

Think of ITSM as a conduit between the business and the technology that helps run the business. Without a proper conduit in place, one cannot function properly without the other. ITSM is about people, process, and technology, not solely about software products. Although the goals of MOF and ITIL are primarily the same, there are many differences in their implementation. We will discuss both approaches. For a direct cross reference between the two frameworks, download Microsoft’s white paper (“Cross-Reference ITIL® V3 and MOF 4.0”) for free at http://www.best-management-practice.com/gempdf/cross_ref_itilv3_mof4.pdf.

Exploring the IT Infrastructure Library

ITIL at its core is a collection of IT industry best practices organized around a model called the Service Lifecycle. ITIL was first authored in the 1980s and 1990s under the direction of the Central Computer and Telecommunications Agency (CCTA), which became the Office of Government Commerce (OGC) of the United Kingdom. In its current version, ITIL V3 is owned and administered by a joint venture between the UK’s Cabinet Office and Capita, plc. If you’re interested in these IT best practices, as well as how the Microsoft System Center family of products fits into these processes, you will find the rest of this chapter very interesting. There is also a great blog on the subject by Andrew Fryer (http://blogs.technet.com/b/andrew/archive/2012/01/09/itil-and-system-center-2012.aspx). Our focus is on the processes and functions central to ConfigMgr’s solutions.

If you start researching ITIL, you will find that it is a series of books describing an approach to IT service management. If you really want to get cozy with ITIL, be prepared to spend a lot of time reading. The Service Lifecycle consists of five components, each a volume of the ITIL V3 core books:

· ITIL Service Strategy

· ITIL Service Design

· ITIL Service Transition

· ITIL Service Operation

· ITIL Continual Service Improvement

There is much more to ITIL than just the books, however. ITIL as a whole includes the books, certification-accredited trainers and examination institutes, ITIL consultants, white papers, and ITIL-based training and user groups (like itSMF, the IT Service Management Forum). The scope of ITIL is far beyond what will be described in this chapter, so what you will want to take away is where the features provided by ConfigMgr intersect with ITIL. Table 1.1 maps ITIL V3 against Microsoft’s System Center 2012 product line. Note the designations of SCCM fall into two phases: Service Transition and Service Operation. More specifically, the processes of Change Management, Service Asset, Configuration Management, and Release and Deployment Management fall under Service Transition, and the functions of IT Operations Management and Application Management fall under Service Operation.

Table 1.1: ITIL V3 mapped to Microsoft System Center product line

The interrelations of all of these processes and functions will become more and more evident the more deeply we discuss the features of ConfigMgr and how it supports these processes and functions within ITIL.

Service Strategy

The Service Strategy phase is at the center of service management because everything that you execute upon using processes, people, and technology is aligned to employ your service strategy. The service strategy is born out of business strategies to develop markets and manage risks and costs. The strategy is leveraged in every other phase of ITIL to enable the capabilities required by the business. The processes associated with this phase are Strategy Generation, Financial Management, Service Portfolio Management, and Demand Management.

Service Design

The Service Design phase takes you through the process of transforming your service strategy into a portfolio of services considered to be strategic assets of the business. The processes involved in this phase are Service Catalog Management, Service Level Management, Capacity Management, Availability Management, IT Service Continuity Management, Information Security Management, and Supplier Management. As you may have deduced already, these activities are focused on not merely the features of the service but also the quality of the service to ensure the businesses requirements are met.

Service Transition

Each IT service changes over time, based on many factors related to the needs of the business (for example, regulatory compliance, new feature requests, software updates, and the like). This phase delivers new and changed services based on specifications of the service design, in accordance with the service strategy. This important step represents the emergence of the IT service, and Systems Center Configuration Manager plays a central role in this phase. The processes involved in this phase are Transition Planning and Support, Change Management, Service Asset and Configuration Management, Release and Deployment Management, Service Validation and Testing, Evaluation, and Knowledge Management.

Service Operation

The Service Operation phase focuses on effective and efficient delivery of the service day to day. The objectives laid out in your strategy are realized only through the operation of the service, which makes this step critical to implementation of an effective IT service. Again, you find Systems Center Configuration Manager squarely planted in this phase delivering value. The processes involved in this phase are Event Management, Incident Management, Request Fulfillment, Problem Management, and Access Management.

This is the only phase in ITIL that provides guidance on specific IT functions. These functions are Service Desk, Technical Management, IT Operations Management, and Applications Management. These functions are defined not to describe an organization but to map out the processes or activities that must be carried out by an organization.

Continual Service Improvement

The central theme of Service Management is to provide incremental and large-scale improvements to the IT services delivered to the business. This phase surrounds all the other ITIL phases and provides guidance on connecting improvement project outcomes to service strategy, design, and transition. The processes involved in this phase are 7-Step Improvement Process, Service Reporting, and Service Measurement.

Select ITIL Functions and Processes

The scope of ITIL expands far beyond the functions and processes supported by ConfigMgr, so in this section we will explore the particular ITIL functions and processes that do correspond to ConfigMgr.

Service Desk

We will look at the service desk, because all incident reporting and service requests are routed through the service desk. It is the function that ties the service providers with the users, keeping users informed of service events and actions that may impact their day-to-day activities. The service desk becomes a single point of contact for customers and users to interact with the IT department. This approach helps expedite the call process by managing it in a timely and satisfactory way. There are features in ConfigMgr, such as out-of-band management and remote control, that can greatly enhance the user experience. Note that these service requests and incidents are also transformed into changes and deployments that will be implemented using ConfigMgr.

IT Operations Management

The IT Operations Management function is responsible for crisp execution of the day-to-day activities needed for keeping the IT services running smoothly, reliably, and cost effectively. Activities like console management and job scheduling are firmly rooted in this function. Thus, ConfigMgr activities such as software updates, security patch management, end-point protection, and several other capabilities are a central part of keeping IT infrastructure running efficiently and effectively.

Applications Management

The Applications Management function is focused on the Application Lifecycle, which is closely aligned to the Service Lifecycle but differs significantly. This function is responsible for the design, testing, and improvement of applications. Needless to say, ConfigMgr can enhance the ability to package, deploy, and patch these applications. There is even the option of virtualizing these applications across the enterprise.

Technical Management

The Technical Management function typically comprises multiple departments organized by specific technical skill sets (servers, network, database, telecommunications, and so on). Often the care and feeding of the ConfigMgr platform are assigned to one or more departments in this function.

Incident Management

Incident management is the mechanism by which the service desk records, updates, and tracks the enterprise “fires.” The Incident Management process is mainly concerned with restoring normal service operations as soon as possible. This will help minimize any adverse effects on business operations and will ensure high levels of service quality and availability. Service-level agreements (SLAs) determine what a normal service operation is. Information is collected about the incident to allow changes or enhancements in the environment to prevent future incidents. The ability to determine the scope of impact of an incident is often tied to knowing how many service assets are deployed across the enterprise that could be affected by the particular incident. ConfigMgr has the ability to provide counts of qualified assets across the entire enterprise.

Problem Management

The Problem Management process is mainly concerned with minimizing the impact of problems, which are often the root cause of incidents. The goal is to reduce incident resolution times by providing insights for known errors and removing the underlying causes. This strategy improves IT service quality by helping the service desk resolve incidents promptly at the time of logging. If an incident can be resolved at the time of logging, business impact is reduced, business efficiency is improved, and IT efficiency is improved.

The Problem Management process should not be considered a reactive-only approach, however. When dealing with incident management, problem control, or error control, it is very reactive. The Problem Management process can be viewed as proactive when you consider how it is used for problem prevention.

Problem investigation and diagnosis come into play when known errors are created. During this investigation and diagnosis period, insightful details of the known errors are captured and communicated until a fix for the problem is found. ConfigMgr contributes proactively to this process in its client health and monitoring and compliance and settings management capabilities.

Service Asset and Configuration Management

The Service Asset and Configuration Management (SACM) process is responsible for keeping an accurate and up-to-date model of the entire IT infrastructure. It uses this information to help support a number of areas by doing the following:

· Allowing for assessment of service impact for Incident, Change, or Problem Management processes

· Allowing financial information to be gathered to help determine lease, rental, maintenance, and support costs for IT infrastructure components

· Supplying information about component performance and reliability to support capacity and availability management

· Improving security by identifying the location and details of assets, making it difficult for unauthorized changes to be carried out undetected

· Helping with legal obligations by identifying the location of unauthorized software, determined by enabling authenticity checks on software and making sure current, correct versions of the software are being used

SACM also correlates information to identify relationships between configuration items. These relationships provide insights into dependencies for changes and can help in the resolution of incidents and problems. Many of the ITIL processes rely on accurate service asset information for effective and efficient results. This becomes critical in the realm of service compliance to policy, such as Security policy and others. Many organizations suffer from incidents (including service outages and performance issues) as a result of IT service operations. Many of these operational issues stem from misconfiguration. There is substantial benefit from implementing ConfigMgr to avoid misconfiguration and optimize your IT capabilities and resources.

Change Management

The Change Management process ensures that standard methods are used when implementing change and for developing and documenting reusable processes. Implementing a change-management system can reduce the possibility that a change in the environment could cause a failure, thus resulting in an incident or rework.

The IT infrastructure is constantly changing. Patches, service packs, updates, firmware, drivers, and so on are released on an almost daily basis. Also, evolving business requirements require thoughtful change. Having a repeatable process in place to accomplish these changes while minimizing risk and cost to the business is vital. Enhancing this process using an automated software distribution and policy-management tool like ConfigMgr can ensure that changes to software, policies, and settings are consistently delivered across the entire enterprise.

Release and Deployment Management

Changes in the environment and the business marketplace often result in the need for new iterations of software, hardware, documentation, and the like. The Release and Deployment Management process works closely with Change Management and SACM to produce a secure and managed rollout of the new package of service assets or version of the service itself. The resulting live service is tested to ensure that it meets the objectives defined in the service strategy and delivers the capabilities defined in the service design.

Many of the features of ConfigMgr are embodied in this process. Whether it is software update management, application delivery, virtual desktop management, operating system deployment, or endpoint protection, System Center Configuration Manager securely delivers service assets that can provide immediate value across your organization. If your IT organization is affected by BYOD (bring your own device) scenarios that extend the need for services beyond IT-owned assets, ConfigMgr can partner with Windows Intune to deliver value across those devices as well.

Service Level Management

The Service Level Management (SLM) process is responsible for creating service-level agreements (SLA) between IT and the business. SLAs play an important role in SLM. They help set expectations for IT by determining the customer’s service-level requirements, and they help customers by providing a measurable definition of good service. Both sides can agree on timelines for deliverables for everything from service upgrades to updates to incident resolution. SLAs also provide a clear understanding of what value customers are receiving from IT. ConfigMgr can help in both delivery and measurement of some service levels, particularly related to software updates and client management.

Financial Management

The Financial Management process is responsible for determining the costs of IT services as well as calculating the return on IT service investments. Prudent use of IT assets drives efficiencies that return value to the business. ConfigMgr can help optimize timely deployment of IT assets across the entire enterprise, resulting in greater returns on the IT investments.

Capacity Management

The Capacity Management process involves determining the required service delivery, the current service delivery, and the IT infrastructure and ensuring that all current and future capacity and performance requirements from the business are met. ConfigMgr can assist in delivering insights into usage and inventory of key service assets to increase the agility of the IT organization in delivering timely service improvements.

IT Service Continuity Management

The IT Service Continuity Management process ensures that an organization can continue to function with predetermined and agreed-on levels of IT services to support the minimum business requirements following a catastrophic interruption to the IT service. The idea behind this process is that the organization will always have a base level of required IT services available to perform critical business functions.

Each IT service is examined to determine the minimum level it can function at to meet the business requirements. A plan is then put in place to guarantee that this level of service can be reached at all times under any circumstances. ConfigMgr can greatly enhance an organization’s ability to recover these services through repeatable automation to rebuild systems, clients, and applications across the enterprise.

Exploring the Microsoft Operations Framework

The Microsoft Operations Framework was originally developed by Microsoft and a group of partners to expand on the best practices developed by ITIL. It has since been rewritten for its current version (V4.0) to follow a service lifecycle format using three sequential phases (Plan, Deliver, Operate) with one layer underlying all phases (Manage), which compose the four major components of the framework. These components are supported by specific guidance in the form of service management functions (SMF). MOF includes a plethora of resources that are available to help you achieve mission-critical system reliability, manageability, supportability, and availability with Microsoft products and technologies. These free resources, called Solutions Accelerators, consist of a series of phase overviews and SMF guides. There are also documents detailing the management reviews (milestones defined in the lifecycle), companion guides, job aids, action plans, and more. They describe the activities that need to occur for successful IT service management—from the assessment that launches a new or improved service, through the process of optimizing an existing service, all the way to the retirement of an outdated service.

The guidance is written for a number of audiences: corporate information officers (CIOs), IT managers, and IT professionals:

· Overview guides are directed toward CIOs who need to see the big picture.

· Overview and workflow information in function-specific guides is geared toward IT managers who need to understand the IT service strategies.

· Activities in function-specific guides are meant for the IT professionals who implement MOF in their work.

If you are interested in the detailed MOF guidance, it is available on Microsoft TechNet at www.microsoft.com/mof.

Table 1.2 illustrates each of the MOF components and its associated SMFs. To the right of each SMF a key capability of System Center Configuration Manager is noted that relates to that SMF.

Table 1.2: MOF/SCCM breakdown

The goal of the Plan phase is to get IT and the business together to begin aligning service plans to the needs of the business. The desired outcome is a well-planned service portfolio that delivers reliable capabilities to the business within compliance and cost guidelines. Ideally, IT will be in a position to quickly adapt to changing business needs as well. The reports regarding usage and inventory of service assets produced in ConfigMgr will assist in the Business/IT Alignment and Financial Management SMFs.

The Deliver phase is an adaptation and integration of what used to be called the Microsoft Solutions Framework (MSF). This phase is where the strategic plans of the previous phase are realized and delivered as production services into the next phase. ConfigMgr greatly enhances an enterprise’s ability to deploy services across the enterprise and beyond.

The Operate phase deals directly with the health of the service. It prescribes how to proactively ensure the service is available, reliable, and cost effective through monitoring and execution of routine maintenance for problem resolution. There is also a need to quickly recover from service incidents when they occur. ConfigMgr can significantly reduce costs and increase reliability of maintenance like security patching and endpoint protection. It can also provide alerts when systems are out of compliance with required settings and policy.

Select MOF Service Management Functions

Service management functions are the underlying process and activities within each Microsoft Operations Framework phase and support the mission of service for that phase. These SMFs are the core of the MOF process model, although all of the SMFs are cross functional.

Business IT Alignment

This is where the IT service strategy is born by close cooperation of IT and the business. Knowledge of service demand and usage is required to successfully deliver this SMF. ConfigMgr can help provide insights in the usage and current capacity investigations, particularly through queries.

Financial Management

Similar to the process of the same name in ITIL, there is an essential need to account for the cost of delivering required IT services. Measuring service assets such as devices and software licenses is available in ConfigMgr.

Deploy

As the final step in the Deliver phase, Deploy put the emphasis on successful transition of tested services into the production environment. This means that the operations and support teams are fully prepared to manage the service. It also means that as you deploy it across the enterprise, ConfigMgr can ensure that it is done consistently and identify anywhere that the deployment might have failed.

Operations

Operations is all about running the service efficiently and effectively to meet established service levels. Automation of routine maintenance as is provided in ConfigMgr greatly improves your ability to deploy changes cheaply with repeatable success and reliability when done properly through the settings management feature.

Service Monitoring and Control

Watching the service and measuring its availability are critical to meeting service levels and responding to service incidents in a timely manner. This SMF minimizes outages by ensuring that service assets are monitored and controlled. ConfigMgr has features like Network Access Protection and Setting Management that help ensure key infrastructure meets required standards and policy.

Customer Service

This SMF focuses on the customer and the end users who deliver value to the business by use of the service. The ability to use ConfigMgr to better service these users remotely and use out-of-band management can tremendously improve the users’ support experience.

Problem Management

Almost identical to the ITIL process of the same name, this SMF tackles reducing the numbers of incidents through problem resolution and proactively avoiding incidents by identifying and resolving problems. The ConfigMgr client health and monitoring feature really exemplifies a tool to engage successfully in the effort of troubleshooting or monitoring potential problems.

Governance, Risk, and Compliance

This SMF focuses on growing the organization while managing its risk. ConfigMgr enables real policy compliance that can be consistently applied across the entire enterprise.

Change and Configuration Management

The focus of this SMF is to limit service disruptions by managing planned changes and consistently configuring service assets properly. Unplanned changes are minimized and tracked as a way of normalizing change in the enterprise to align with required service levels. ConfigMgr takes on a number of complex challenges to deliver solutions to change in an enterprise environment. Features such as collections can identify and organize specific sets of service assets for remediation like Mobile Device Management to distribute software and settings to the plethora of mobile devices proliferating throughout the enterprise.

Operations Management Reviews

Several milestones plotted along each MOF phase in the lifecycle bring together the required outcomes and functions to ensure readiness for the impending phase. Based on the requirements of this discussion, we do not need to delve into these reviews, but we did want to make you aware that they form a critical piece of MOF.

Overview of System Center Configuration Manager

So far you have read about the IT Infrastructure Library and Microsoft Operations Framework and now have a better understanding of the IT process and its phases. Now let’s look at System Center 2012 R2 Configuration Manager, explore the new features of the product, and examine how the product has developed into an enterprise management tool that provides a total solution for Windows client and server management. ConfigMgr includes the ability to acquire hardware and software inventory in order to identify the assets of the enterprise. It provides a wide variety of features that include delivery of new software packages, virtual applications, software updates, and operating systems, and it also ensures the systems are protected with the latest antivirus definitions. All of these features are available through a single centralized console. ConfigMgr provides IT administrators with the capability to stay in control of the environment and help configure, manage, and secure the clients and applications.

Configuration Manager Features

Before you can begin planning to deploy Configuration Manager on your network, you need at least a basic understanding of the features that Configuration Manager provides. For veteran SMS 2003 and Configuration Manager 2007 administrators, these features will not be very different from what you are already familiar with. For those that are new to the product, the original product name was called System Management Server, and it started with version 1.0. However, you will find several new features added to Configuration Manager 2012, several features that were feature packs or add-ins in SMS 2003, and others that have been improved from Configuration Manager 2007. Configuration Manager 2012 no longer takes advantage of the Microsoft Management Console (MMC) technology for the administrator console; instead, each administrator console has its own stand-alone application, as shown in Figure 1.1.

Figure 1.1 Microsoft Configuration Manager 2012 console

The major features include the following:

1. Inventory Configuration Manager offers you the ability to inventory the hardware and software of its client computers. Hardware inventory can gather information from your systems such as processor information, the computer manufacturer, and the amount of installed memory. Software inventory can gather lists of file types and their versions installed on your computers, with EXE files being the default. Combine this with extensive information in the Asset Intelligence (AI) knowledge base, and you can use Configuration Manager to really get a handle on what kinds of hardware and software are being used in your environment.

2. Inventory is the backbone of Configuration Manager; you can run Configuration Manager without enabling inventory, but you really wouldn’t be able to do much, since so many other features, such as software updates, require inventory. Inventory is just about the same as it was in SMS 2003 and Configuration Manager 2007. Inventory is a very important piece of the MOF quadrant. Operations management is easy to maintain with a proper inventory of the IT environment; without one it’s very hard to maintain detailed information about the infrastructure and the current assets. We will go into more detail about this feature in Chapter 11, “Inventory and Software Metering.”

3. Queries Queries allow you to gather information from the Configuration Manager database through the WBEM query language (WQL). This allows you to answer questions quickly or make mini-reports that might not be used often enough to be imported into the reporting interface. You can export these reports from the Configuration Manager console into different file formats and then email them for others to use in programs such as Microsoft Excel. Queries are primarily used to make groups of Configuration Manager resources, called collections, that are used by other Configuration Manager features. These queries are a good way to identify resources based on WQL. Parameters entered in the queries GUI inside Configuration Manager can simplify the reuse of code within a collection. As you can see, queries are a very important piece of the Capacity Management process in the Service Design phase in ITIL and the Plan phase of MOF.

4. Collections Collections can be the answers or results to a question that involves specifying various resources, such as, “Which resources are running Windows XP Professional Service Pack 2 with more than 2 GB of RAM, with more than 1 GB of free disk space, and with a certain BIOS version?” Collections allow you to organize Configuration Manager resources into logical groups, based on a query. A collection can target Configuration Manager tasks to the resources that you specify. You can make collections based on queries, allowing them to be updated dynamically based on a configurable schedule or by directly assigning resources. Collections can consist of computers, users, user groups, or any discovered resources in the Configuration Manager database. Collections, as a fundamental feature, have not changed much since SMS 2003 or Configuration Manager 2007, but they are now the necessary building blocks used to enable other features such as maintenance windows and collection variables. Collections are a good way to analyze and organize resources; they can also depend on the Capacity Management process in Service Design phase of ITIL and the Plan phase of MOF.

5. Application Management This feature allows Configuration Manager to distribute just about anything to its client computers. This is probably the most-used feature of all the previous versions of Configuration Manager, and it’s probably the most dangerous if not used carefully. It is likely that just about all SMS admins have accidentally deployed a piece of software that they shouldn’t have (if you haven’t, then keep up the great work!). This isn’t a fault of this feature but something that can happen if you don’t test, test, test, and then test again. Anything you plan on deploying to client computers must be carefully managed, and you must pay close attention to the details of what you are doing.

Using AdminStudio Configuration Manager Edition

It is important to note that Configuration Manager is just the method of distribution; it doesn’t have any built-in capability to package software before it is distributed. You will have to use another piece of software to do that yourself. Microsoft has licensed AdminStudio Configuration Manager Edition to give administrators a reliable and repeatable process to assist in creating Windows Installer packages. This, of course, is where the testing comes in. This feature has had numerous improvements since SMS 2003, such as the deployment of not only physical applications but also virtual applications, as well as improvements since Configuration Manager 2007, but overall it works basically the same as it did before. Application Management is part of Systems Management in ITIL and the Changing quadrant of the MOF.

6. Software Updates This feature of Configuration Manager has to be one of our favorites. Using this feature, you can manage the daunting task of deploying updates to Microsoft applications and operating systems Not only does this apply to Microsoft security patches and updates, but having this flexible and extensible environment has allowed partners (such as HP, Dell, IBM, Citrix, and others) to create custom catalogs to update server and desktop BIOS, firmware, and drivers as well as to create internal catalogs. This enables customers to create their own line-of-business application update catalogs and update them through the same streamlined process as Microsoft uses for patch management.

7. Deploying updates requires a Windows Server Update Services (WSUS) server. Configuration Manager leverages WSUS with its own functionality and provides a higher level of granularity than is available with WSUS alone. Software updates are an important phase in the Incident Management process and IT Operations Management function of ITIL and the Operate Phase in MOF. We will cover software updates in more detail in Chapter 9, “Software Updates.”

8. Software Metering Software metering, also covered in Chapter 9, allows you to collect information on software usage to assist in managing software purchases and licensing. Using software metering, you can do the following:

· Report on the software that is being used in your environment and on which users are running the software

· Report on the number of concurrent users of a software application

· Report on software license requirements

· Find unnecessary software installs

· Find software that is installed but isn’t being used

9. The new twist to software metering is that the metering rules are autopopulated, or created, but disabled by default, based on the software inventory. This allows you to rapidly meter applications and gain insights into usage. SMS 2003 had metering, but it was cumbersome to figure out the appropriate rule setup. This now is a thing of the past. Software metering is part of the Service Measurement process in ITIL and Change and Configuration SMF in MOF. Based on the utilization of software, you can measure when applications are properly used in the environment for better inventory of the current assets.

10.Operating System Deployment This feature was originally released as a feature pack for SMS 2003. It was workable but was a minimalist approach that was sometimes difficult to implement and troubleshoot. Configuration Manager not only has this feature fully integrated into the product, but it has become a feature-rich, process-driven way to deploy servers and workstations. It leverages other new technology specifically designed by Microsoft to deploy operating systems to computers with multiple options.

11.Originally this feature supported the deployment of desktops only, but it now supports deploying servers. With the addition of the task sequencer and driver catalog, you can deploy to bare-metal computers or to ones that already have an operating system installed, as well as deploy software to these computers after they have been configured. This allows you to minimize the number of images for different hardware, and it gives you more granular configuration options. Operating system deployment (OSD) is also part of the Changing quadrant of the ITIL and MOF and an important piece of systems management. We will discuss this robust feature in more detail in Chapter 10, “Operating System Deployment.”

12.Remote Control This feature allows computer support staff to remotely troubleshoot problems with users’ computers just like they are sitting in front of the computer. This feature is still integrated with Remote Assistance and Remote Desktop, and it works pretty much the same as it did in the previous version.

13.The ability to support the desktops via remote control is a beneficial part of the Service Continuity Management function for ITIL and MOF.

14.Settings Management This feature is designed to address configuration drift within the enterprise. Enterprise administrators (for workstations and servers) as well as security teams need a tool that enables them to set configuration baselines (based on SOX, HIPPA, GLBA, or other compliancy regulations), deploy machines to an environment meeting these baselines (for example, with the local guest account disabled, Windows Integrated Security for SQL Server enabled, and so on), and then detect when these changes occur. Microsoft delivers configuration packs that jump-start an organization in the compliancy areas mentioned and allow you to set up a baseline of standards for your workstations and servers and audit your environment against that baseline.

15.You can configure your own baselines from scratch, or you can use best practices from Microsoft and their partners in the form of Configuration Manager Configuration Packs, which can be modified if needed. The ability to configure, monitor, and remediate the systems based on specific needs is key to IT Operations Management and Operations on ITIL and MOF, respectively. This feature will be covered in Chapter 14, “Compliance Settings.”

16.Mobile Device Management This feature allows you to manage mobile devices such as Windows Mobile Pocket PCs and smartphones. Inventory, file collection, software distribution, and device configuration are all options with this feature. This was an add-on feature in SMS 2003 and is now fully integrated into Configuration Manager. New environments are bringing mobile devices to each environment. There is a need to support mobile devices to ensure that IT is running on the same track as the consumer. This feature will be discussed in Chapter 16, “Mobile Device Management.”

17.Network Access Protection This is a new feature in Configuration Manager. It leverages technology built into Windows Vista and Windows Server 2008 that allows you to protect your network from potential threats by not allowing computers to access your network that do not meet certain system health requirements such as having updated antivirus definitions or security patches installed. With this feature you can also enforce certain network protocols. The ability to secure the environment is one of the tasks on the Supporting and Operating quadrants on ITIL and MOF. Chapter 19, “Troubleshooting,” covers this feature.

18.Wake on LAN This feature, added to software distribution, was available in SMS 2003 only by purchasing third-party software. It allows you to leverage technology built into computer hardware to wake up computers that have been turned off so they can run assigned deployments. Chapter 8, “Application Deployment,” shows how to enable it. This option brings more power to the tasks of the Operating and Supporting quadrants for the ITIL and MOF.

19.Reporting This feature is great for reviewing the status of the environment, for showing return on investment, and for matching licensing with what is actually installed. It grants visibility into the enterprise with the integration of Asset Intelligence (covered in Chapter 12, “Asset Intelligence”). This allows you to gain an understanding of licensing (Microsoft and third-party licenses), asset age, Client Access License (CAL) utilization, product families/categories, and much more insightful data. With this feature you can create web-based reports, via Configuration Manager or through SQL Reporting Services, that can show all the data that has been collected by the various other Configuration Manager features, such as software update deployment success or a list of computers of a certain manufacturer.

20.You can also group together commonly viewed reports into dashboards for easy viewing with just one click. Numerous reports are already created out of the box, and you can create your own custom reports with a little knowledge of SQL queries. In ConfigMgr 2012 the only report option is based on Reporting Services. This is the most beneficial piece of service management for ITIL and MOF: being able to report everything that is going on with the IT resources makes the job of auditing and reporting a simple one. Reporting is discussed in several chapters and is covered fully in Chapter 13, “Reporting.”

21.Out-of-Band Management A business challenge that has been a struggle for years is the ability for software to communicate directly with hardware. Let’s say, for example, that you’re supporting a worldwide organization and have a centralized help desk. You have a desktop that is thousands of miles away, and the user has contacted you because of an operating system blue screen. A typical support remediation from years past would be to create a ticket so that a local technician would be able to physically visit the location.

Intel introduced manageability directly into its chip set with the Intel Active Management Technology (AMT) initiative; the direct result was the Intel vPro desktop processor. Intel and Microsoft worked on a strategic management initiative so that software could communicate directly with hardware. Now, when a user contacts the help desk with that same scenario, a help desk administrator can actively engage and potentially resolve an issue without needing to escalate a ticket to another team.

Configuration Manager leverages four key areas to communicate directly to hardware. These areas may be leveraged holistically within an organization’s standard operating procedures for in-band and out-of-band management to provide a streamlined resolution process. In-band management is used when the Configuration Manager client agent is functioning, and out-of-band management occurs when software communicates with hardware because no other means may apply. These are the four areas:

1. Discovery Discovery is an out-of-band management area that provides an administrator with the ability to achieve discovery on demand. This can be performed on a single machine or groups of machines via a Configuration Manager collection. It also allows you to schedule a discovery so that if the software does not respond, the hardware still can provide insight into an asset.

2. Power Control Power control provides the flexibility to allow both scheduled and on-demand power-on capabilities. From a scheduling perspective, this can potentially improve efficiency and data consistency when used in conjunction with other Configuration Manager features such as software distribution, software update management, or operating system deployment. From an on-demand perspective, this enables administrators to wake up, restart, or shut down a remote machine. One area of efficiency that enterprises are increasingly demanding is power management. Thus, the ability to control hardware and software from a single pane of glass becomes an attractive feature.

3. Provisioning Provisioning workstations, either as new assets that enter the enterprise or as a means to an end in the remediation process, has become a necessary part of an administrator’s role. As the operating system becomes less independent of hardware (that is, the operating system hardware abstraction layer [HAL]), the provisioning process may become more streamlined. With an integrated solution such as AMT and Configuration Manager, secure, zero-touch setup and provisioning of workstations can be achieved.

4. Remote Console Remote console for out-of-band management enables administrators to perform advanced techniques such as serial over LAN, IDE redirection, BIOS password bypass, and manual power control. This allows an administrator to remotely mount a bootable troubleshooting image (ISO image), boot into the BIOS to change the boot order, or turn the targeted machine on or off at will.

To that end, when the user contacts the help desk with a nonfunctioning operating system, the help desk administrator can proactively take the appropriate actions. For example, the standard operating procedure might look starkly different from just creating a ticket and dispatching a desktop support technician. It may be that the help desk administrator reboots into the BIOS, leveraging the serial-over-LAN capabilities, and changes the boot order in the BIOS so that the network card is the first in the boot order. From there, a diagnostic tool is mounted with IDE redirection, which shows the administrator that the operating system has some corrupt DLLs. Thus, the administrator can then provision a role-based operating system image to this user to reimage the workstation. A process or help desk ticket that might have been very expensive or time consuming now becomes a streamlined process that results in the user having less downtime and a higher degree of satisfaction with their help desk experience.

Asset Intelligence

Asset Intelligence, which was included within Configuration Manager 2007, now comes with its own node within the Administrator console. This isn’t the only new aspect of Asset Intelligence; AI also became part of the Software + Services initiative within Microsoft. The services component of AI is not a fee-based feature but is just another extension of the holistic approach; it includes the following functionality:

· New catalog and license management UI in the Configuration Manager Administrator console

· The ability to customize the local catalog, in other words, create new categories and families

· On-demand or scheduled catalog update synchronization through the Configuration Manager console

· The ability to tap software assets unknown to the catalog and pass them up to the online service for async identification

· The ability to import licensing data from Microsoft and compare it to installed inventory

Asset Inventory is one of the reporting structures used to analyze and ensure that every asset on the system is being used properly and report this to management. This ability is part of change and configuration management for ITIL and MOF; we’ll discuss this further in Chapter 12.

Application Virtualization Management

With the newest release of App-V, Configuration Manager 2012 leverages its existing infrastructure and extends its reach to deliver virtual applications:

· It integrates Microsoft App-V 4.6 and App-V 5.0 with ConfigMgr 2012.

· Application Virtualization Management (AVM) allows you to use Configuration Manager to manage and deploy virtual applications, when possible, to make managing virtual applications for the Configuration Manager administrator the same experience as managing standard or physical software.

· AVM has version checking, user-based targeting, and streaming functionality.

Operating System Deployment Enhancements

Although Configuration Manager 2007 was good at deploying operating systems, a couple of improvements were needed in order to compete in the marketplace. The following enhancements now round out the offerings of Configuration Manager in the enterprise:

· With ConfigMgr 2012, an unknown machine can now receive a task sequence to install an operating system.

· There is support for multicasting operating system images to a PXE environment—for well-connected LANs leveraging Windows Server 2008 R2 technologies, on the same distribution point.

SQL Reporting Services Integration

SQL Reporting Services (SRS) is an evolution of reporting just as previous technologies have been. The Microsoft management team has standardized on SRS for reporting within the System Center family of products. The SRS integration within Configuration Manager 2012 enhancements includes the following:

· The new server role Reporting Services point

· The ability to manage, browse, and run SRS Configuration Manager reports from the Configuration Manager console

Centralized Power Management

Saving energy and preserving the environment are important goals for IT professionals and organizations. The ability to control the power-saving settings on workstations is a great achievement for many organizations. Also important are the abilities to monitor the power consumption, create different power plans based on organization need and different operational departments, and check compliance and remediate those workstations that are in noncompliance. It’s easy to manage these situations on SQL Reporting Services.

System Center Endpoint Protection

This feature brings the ability to scan and secure system resources from viruses or malware. System Center Endpoint Protection enables businesses to align security and management to improve endpoint protection while greatly reducing operational cost.

Endpoint Protection is built on three pillars: simplify, integrate, and protect.

1. Simplify Creates a single administrator experience for managing and secure endpoints.

2. Improves visibility for identifying and remediating potentially vulnerable endpoints.

3. Integrate Lowers ownership cost by using a single infrastructure for both endpoint management and security.

4. Deploys effortlessly to hundreds of thousands of endpoints.

5. Protect Provides highly accurate detection of known and unknown threats.

6. Actively protects against network-level attacks by managing Windows Firewall configurations.

Summary

Now that you have read about ITIL, MOF 4.0, and a high level overview of System Center 2012 R2 Configuration Manager, it’s time to dive into all details related to ConfigMgr 2012 R2. In the next chapter, you will learn about planning a ConfigMgr infrastructure. Make sure to read all subsequent chapters. This book will give you all types of inside information about the product.