Transcript Internet Based Client Management

Μειώστε τα κόστη, αυξήστε την ασφάλεια και την
συμβατότητα των συστημάτων σας
Νάσος Κλαδάκης
Technical Account Manager
MCT MCSE MCTS CTT+
Agenda
•
•
•
•
•
•
•
Introduction
Dynamic Systems Initiative
Systems Management & Microsoft System Center
System Center Configuration Manager 2007
System Center Operations Manager 2007
System Center Data Protection Manager 2007
Q/A.
2
Intro
What kinds of business drivers are you facing today?
i.e. 24/7 uptime
Branch offices
Are you experiencing any of the following business issues?

Control costs
- No system uniformity for conflicts and problem resolution
- Constant security breaches and subsequent clean-up efforts
- Too many remote site visits in branch operations

Improve service levels
- Service interruptions from security breaches
- Desktop configuration conflicts
- Out-of-compliance remote systems and legacy line-of-business (LOB)
applications

Drive agility
- Cannot adapt to changing business conditions
- Cannot rapidly provision new capabilities
- Manual provisioning and configuration
- Slow software deployment
Infrastructure Optimization Model
Uncoordinated,
manual
infrastructure
Cost
Center
Basic
Managed IT
Infrastructure
with limited
automation
More
Efficient Cost
Center
Standardized
Managed and
consolidated IT
Infrastructure
with maximum
automation
Business
Enabler
Rationalized
Fully automated
management,
dynamic resource
Usage , business
linked SLA’s
Strategic
Asset
Dynamic
Microsoft System Center
•
System Center Products
•
•
•
•
Configuration Manager 2007*
Operations Manager 2007*
Data Protection Manager 2007*
Virtual Machine Manager 2007*
(*System Center Server Management Suite Enterprise)
• Capacity Planner 2007
• System Center Essentials 2007
• Mobile Device Manager 2008
5
Τι θα καλύψουμε
•
System Center Configuration Manager 2007
•
System Center Operations Manager 2007
•
System Center Data Protection Manager
2007
6
Configuration Manager Overview
Configuration Manager - the new SMS
1996
SMS 1.2 - Remote Control, SW Delivery
1999
SMS 2.0 - HW Inventory
SMS 2003 - Security Updates, Mobile WAN
2003
SMS 2003 OS Deployment Feature Pack
SMS 2003 Device Management Feature Pack
2004
Acquisitions: AssetMetrix, Softricity
SMS 2003 R2 - Custom Updates, Vulnerability
Assessment
2006
2007
2008
SMS 2003 SP3 - Asset Intelligence
System Center Configuration Manager 2007
System Center Configuration Manager 2007 R2
System Center Configuration Manager
• Automated solution for assessing,
migrating and deploying windows server
and client operating systems
• Broad support for advanced delivery:
•Operating systems
•Applications
•Software and hardware updates
•Support for both physical and virtual
environments
•Increased scenario support:
•Corporate Network
•Branch locations
•Mobile Workforce
•Home workers (Internet based)
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
New features, better control of your site hierarchy
Operating system deployment
• State migration point
• PXE service point*
• Branch distribution point
Software updates management
• Software update point (WSUS 3.0 server)
• Branch distribution point
Network access protection**
• System health validator
Client deployment and distress
• Fallback status point
Software distribution
• Branch distribution point
• Internet Based Client Management
*Requires WDS – Windows Deployment Services
**Requires Windows Server 2008
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Comprehensive Deployment and Updating
The Fully Deployed Site
SMS 2003 Equivalent Role
SQL Server
SQL Server
New Role
Reporting Point
Primary Site Server
Distribution Point
System Health Validator
Server Locator Point
Fallback Status Point
Management Point
Software Update Point
Branch DP
PXE Service Point
State Migration Point
Improved performance with Object Optimization
Object optimizations
•
•
•
•
•
Multithreaded Hardware Inventory
Optimized status message insertion
Eliminated object replication to secondary sites
Multithreaded File Dispatch Manager on MP
SUM reporting now uses state messages,
not hardware inventory (won’t overload
hardware inventory processing)
Site optimizations
• Backup now uses VSS technology—very fast!
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Client Requirements
Resource
Minimum Required
Recommended
CPU
Pentium 233 MHz / AMD64 / x64
Pentium 4 – 1GHz+
Memory
256 MB (380 for OSD)
512 MB (OSD)
Network
10 mb/s
100 mb/s
Disk
150 MB (plus OSD)
200 MB
Server OS
Client OS
Device OS
Windows Server 2003 SP1+
Windows Vista (Business only)
Pocket PC 2003
Windows Server 2003 R2
Windows XP SP2+
Pocket PC 2005
Windows Server 2008
Windows Embedded Point of Sale
Pocket PC Phone 2003
Windows 2000 Server SP4
Windows XP Embedded
Pocket PC Phone 5.0
Windows Fundamentals for
Legacy PCs
Smartphone 2003
Windows 2000 Professional SP4
Smartphone 5.0 / 6.0
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Operating System Deployment
• Highly automated solution for
assessing, migrating and deploying
windows server and client operating
systems
• Common toolset and process
• End-to-end deployment
automation support
• Assess migration readiness for
Windows Server 2008, Vista and
Office 2007
• Built in reports for minimum and
recommended settings
• Enable dynamic deployment of
drivers at runtime
• Organize, replicate and deploy
packages
• Utilize Windows PnP detection
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Controlling Task Sequence Steps
Condition
An optional test. If the test returns
true, the action is executed. If the test
returns false, the action is skipped
Action
The actual work to perform. Typically
a command line action – map a
network drive, reboot, run a script, etc.
Continue-on-Error flag
Governs behavior if the action
completes with an error
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Windows Deployment Automation
Significant improvements to existing scenarios
Increased range of scenario support
New
machine
-Clean install
-Wipe and Load
-No migration
considerations
- New or
repurposed
hardware
Wipe-andload
- Target and
install new OS
to existing H/W
- Application
reinstall under
new OS
- Securely
save/restore
user state &
settings
Side-byside
- Machine to
machine
- User and app
data migration
- Application
reinstall
-Securely
save/restore
user state &
settings
In-place
migration
Offline with
removable
media
- Scripted,
targeted OS
upgrade
- Not wipe and
load
- Sent as
software
distribution
package
Comprehensive
Deployment
and Updating
- Install without
network
- Removable
media is source
- CD/DVD,USB
flash drive
- Good for low
bandwidth,
mobile staff
Enhanced
Insight and
Control
PXE boot
- WDS
integration,
network boot
delivered
- PXE style
delivery
- Lite touch,
network
connection
based
Optimized for
Windows and
Extensible
Beyond
Software Distribution
•Enhancements to a core feature, and
new levels of control for package delivery
•New Features:
•Simplify application replication with
Copy Package Wizard
•Control when change happens with
Maintenance Windows
•Reduce your infrastructure with
Branch Distribution Points
•Improvements:
•Efficient troubleshooting with
improved Package Cache control
•Lower network traffic with Binary
delta replication
•Client Branding for User Experience
•Wake on LAN support guarantees
delivery
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
MSI Utility for Application Virtualization
•Provides interoperability through a single
management interface
•Deploy and manage SoftGrid virtualized apps
•Reduce application conflicts and testing
•Run previously-conflicting applications and
multiple versions side by side
•Quickly repair damaged applications
•Help streamline migrations
•Push entire virtualized applications to target
computers.
•Supports ‘no login’ scenario
•Supports Windows desktop, laptop, and
Terminal Services
•Integrate asset discovery
•Includes asset discovery reports
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Software Updates
•Built on WSUS 3.0 architecture
•Included as Managed Server role in site
hierarchy
Full benefits of site management, Binary Delta
Replication etc.
•Provides Compliance assessment
Security updates / vulnerability assessment
Application updates
•All Microsoft software updates categories plus:
•OEMs and software vendors (ISVs)
•Internally-developed applications (LOB)
•Full integration into other areas of
Configuration Manager:
•OS Deployment
•Internet Based Client Management
•Windows Server 2008 NAP
•System Center Update Publisher
•Desired Configuration Management
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Define and Enforce System Health
Network Access Protection
Validate Corporate Policy at the perimeter
• Validates the health of client systems as defined by corporate security policy
Place untrusted systems in lockdown area - Quarantine
• Restricts access from protected network regions based on client health state.
Control system access with Network Restriction
• Provides access to resources allowing clients to correct security policy
compliance deficiencies
Perform Ongoing Compliance with constant perimeter
health check
• Automatic enforcement of changes to defined corporate security policies
ensuring sustained policy compliance
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Enhanced Insight and Control
Reporting
• Enhanced report capabilities for:
• Application Compatibility
• Application Compatibility
Toolkit Integration
• Asset Intelligence
• Software category, family
usage reports
• OS Deployment
• Granular process tracking,
deep insight into OS
Deployment steps
• Desired Configuration
Management
• Compliancy adherence
• Vulnerability Assessment
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Asset Intelligence
Derive Meaningful business terminology from software inventory
•
•
•
•
Asset Intelligence translates inventory data
into information
• Rich reports that help optimize software
and hardware usage
Improved control of IT systems helps ensure
they comply with a defined desired state
• Enhancing availability, security features
and performance
• Streamlining your systems compliance
efforts
Microsoft and third party best practice
configuration knowledge improve
configuration definition and maintenance
Simplify administration through improved
usability and services
Top Software
Products Installed
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Desired Configuration Management
•
•
•
•
•
•
•
•
•
Identify required and prohibited
configurations
Report on compliance definitions
Improve availability, security, and
performance
Provide defined configuration
baselines
Remediate non-compliance
Regulatory compliance is defined
Dashboards visibility into compliance
status
Custom configuration baselines for
your business, workload or regulatory
requirements
Leverage Microsoft and third party
Configuration Packs
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Get Secure Stay Secure
Security Improvements and Integration
Software Update Management
Integrated patch management for Microsoft, 3rd party and LoB
Applications
Network Access Protection
Network perimeter health validation and state control
Internet Based Client Management
Manage your clients outside of Corporate boundaries
OS Deployment
Securely migrate, build and deploy current OS and User
settings
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Internet Based Client Management
•
Manage clients without a VPN
•
•
•
•
•
Road Warriors (Sales force, Consultant)
Point Of Sale (Restaurant, Retail store,
“Deliver a secure and reliable infrastructure to
Gas station)
enable IT administrators in an enterprise to
Employee’s home computers
manage computers on the internet with the
same level of control as computers on the
Roam in and out intelligently
intranet.”
Converge with standards based
technology
•
•
•
PKI for certificate management
SSL/TLS for secure HTTP
communication
Firewall for SSL termination
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Manage your Devices just like your Desktops
•Device = CE, PPC, Windows Mobile (SmartPhone)
•Basic Management
•Hardware/Software inventory
•File collection
•Software distribution
•Settings management - Password policy management, Security policy
management
•Support for Smartphone
•Over-the-air management of devices
•Connection Management
•Internet Based Management
•Fallback Status Point
•LOB Device Management
•CE on ARM at RTM
•Deployment
•Automated client distribution via SMS Advanced Client desktop
•Full integration with SCCM 07
•Over-the-air client upgrade
Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
Configuration Manager 2007
Optimized for Windows and Extensible Beyond
•
•
•
•
Built on a robust Windows technology
foundation to drive greater efficiency and
better maximize your infrastructure
investments
Improve system availability by employing
Microsoft best practice expertise for the
operating system and applications
3rd party and custom applications for
deployment, updating and desired state
configuration
Support of non-Windows platforms by our
System Center partner ecosystem Comprehensive
Deployment
and Updating
Enhanced
Insight and
Control
Optimized for
Windows and
Extensible
Beyond
From the Datacenter to the Client and Beyond…
Control what workloads to
update when: explicit targeting
and scheduling for server,
desktop and devices
Learn what you have before
deployment or migration
Software Update
Software Distribution
Production Support
Define
Configuration
standards, maintain
compliancy
Configuration
Management
Asset Intelligence
HW/SW Inventory
Client/Server
Design
OS Deployment
Automated delivery of OS
and supporting
information
Define configurations,
partition model, OS,
drivers and application
suite
Configuration Manager Licensing
31
Operations Manager Overview
System Center Operations Manager 2007
•
•
End-to-End
Service
Management
•
•
Best of Breed
for Windows
•
Increased
Efficiency and
Control
•
Proactive management of your IT services
Integrated monitoring of distributed
applications, the end user perspective, and
supporting infrastructure
Reduces your problem resolution time
Management packs that include Microsoft
expertise for applications, servers, and
clients
Simplifies managing your IT environment
and improves time to value
Role based security, self monitoring
infrastructure, and improved scalability
End to End Service Monitoring
•
•
End to End Monitoring = watching all
services
True Service Health = health of all
subcomponents
Synthetic Transactions
•
•
•
How do we know a service is running
• Is it started?
• Is it listening on a certain port?
Does this mean it’s really working?
• How about does it respond appropriately to a query?
• What about remote queries?
Synthetic Transactions
• Remote agent performs a real action and expects an
appropriate response
Synthetic Transactions
•
Examples
•
Making a change to a record on one domain
controller and watching for the change on another


•
Really tests replication
Provides functionality and performance measurements
Connect to Exchange as Outlook does and verify
that Exchange responds appropriately

Again, acts like a real user to really test functionality
Architecture Overview
•
Operational Database
•
•
Root Management Server
•
•
Can be clustered
Management Server
•
•
Can be clustered
Additional capacity and redundancy
Operator Console
•
•
•
Integrated Admin/Ops
Role-based Security
Outlook-style interface
Architecture Overview
•
Reporting Data Warehouse
•
•
Reporting Server
•
•
Real-time replication (not daily DTS job)
Uses SQL Reporting Services
OpsMgr Agent
•
•
Deployable via OpsMgr/SCCM/Sysprep
Integrated ACS forwarder
Architecture Overview
•
Audit Database
•
•
•
Stores and archives security events
Can be clustered
Audit Collector
•
Collects security events from ACS forwarders
(OpsMgr clients where enabled)
Architecture Overview
•
Web Console Server
•
•
Provides web interface – looks like OWA
View alerts, run tasks, access diagrams, etc
Architecture Overview
•
Gateway Server
• For untrusted domains/workgroups
• Note the gateway server in the DMZ
Corp.Contoso.com
DMZ.Contoso.com
Corp
Messaging
E-Commerce
Production Plant #1
Agentless Exception Monitoring (AEM)
•
•
•
Processes Dr. Watson messages from desktops and
servers
Provides for enterprise reporting on application
crashes
Makes this information useful to the organization
OpsMgr 2007 Operator Console
•
•
•
Rich Client Desktop Application
Automatically refreshes
Very customizable
Sealed Management Packs
•
•
•
MPs are sets of rules that define system health and allow monitoring
• Things to look for…
• Ways to respond…
• Related knowledge…
In OpsMgr 2007, MPs can be “Sealed”
• Cannot be inadvertently modified
MPs also have knowledge for each alert that can be generated
• Links to Microsoft KB articles
• Ways to go about…

Troubleshooting

Resolving
• Allows tracking of company knowledge for each alert as well
Delegating Monitoring Responsibilities
Operations Manager Licensing
46
Data Protection Manager
Overview
Backup/Restore remains the single most costly IT
administrative task.
The cost of managing data protection and storage
is 5x - 7x the cost of purchasing the hardware.
More specifically, 74% of storage costs are for
management and administration, with only 12%
going to hardware.
– Gartner
97% of all tape restores are single files
– Strategic Research
85% of tape restores are for data less than 30 days
– IDC
Tape Restores fail
•
41% - according to Yankee Group
•
66% - according to Strategic Research
•
70% - according to Promise
Due to a variety of reasons, including
unreadable tape, corrupted indexes,
mechanical issues with tape changer, unable
to locate tape, etc.
Customer Data Protection Pain Points
Every office is backing itself up – with non-IT staff


“Distributed backups
are painful”


WAN not feasible to sustain centralized backups
Branch offices must back up themselves using non-technical
staff and non-scalable and less mature equipment
Corporate IT must remotely administer and monitor ###’s of
independent branch backup jobs
Shrinking Backup Window
Recovery is unreliable and painful



“Backups are hard.
Recoveries are worse”

Finding and recovering data from tapes is slow – hours to days
Typical recovery takes hours or days
42% of companies had a failed recovery in past year
Enterprise backups can fail due to the size of the data
Costs are too high


“70% of my backup
costs are labor”

Too many hours of labor spent on backup and recovery
Too many tapes, hardware purchases
Massive data growth increases costs All recoveries are done by IT
administrators
What does DPM do?
•
Agent on production servers capturing bytelevel changes as they occur
•
Near continuous (hourly) protection of files
•
Multiple scheduled snapshots per day
•
Easy IT or End-User restore – fast from disk
Solutions With DPM
Disk to Disk … to Tape
Active
Directory
Clients
Active Directory
 Scheduled auto-discovery job
 Queries AD for new servers
 Maintains ACL’s
 Redirects shadow copies
Solutions With DPM
Disk to Disk … to Tape
Active
Directory
Clients
File Servers
Agents






Protects Win2000, 2003, WSS2003 (non-clustered), 2008
Agents track / synchronize data from production servers to DPM
All agent communication initiated from DPM
Each protected volume has sync log (10% of volume size)
Agent overhead 3-5%
Deployed via DPM UI
Solutions With DPM
Disk to Disk … to Tape
Active
Directory
Clients
File Servers
DPM Servers
DPM Server
 Windows Server 2003, 2008 or Storage Server
 AD, SQL, Reporting Services
 Lots of disks (1.3X)
 Virtual Disk Service
 Installed parallel to tape
Solutions With DPM
Disk to Disk … to Tape
Snapshots
Active
Directory
Clients
File Servers
DPM Servers
Snapshots
 Snapshots created for quick recovery
 Multiple, schedule driven point-in-time copies
 User-friendly, wizard driven set up and restore
Solutions With DPM
Disk to Disk … to Tape
Snapshots
Active
Directory
Clients
File Servers
DPM Servers
Customer Scenarios
 Fast Restoration from Disk
 End User Recovery (via DPM client)
 IT Admin can restore entire servers, volumes, shares
Tape Library
-- with Service Pack 1
Online Snapshots (up to 512)
Disk-based
Recovery
Active Directory®
System State
Up to Every
15 minutes
DPM 2007
with integrated Disk & Tape
Windows XP
Windows Vista
Tape-based
Archive
Windows Server 2003
Windows Server 2008
file shares and directories
Offline tape
DPM 2007
Continuous Data Protection for Windows Application and File Servers
Rapid and Reliable Recovery from disk instead of tape
Advanced Technology for enterprises of all sizes
DPM Walkthru
• Task : End-User Restore
• from Windows Explorer
Original Files
Overwritten
Right-click on any file
or directory
PVC
Previous Versions Client
is an applet that extends
Windows Explorer and
Office applications with
this simple new tab.
Available since Windows
Server 2003 and VSS.
Usually installed silently
via
Group Policy
Open
document
Keep the new one
AND
Restore the old one
Restore the old one
WAN Support
•
Easy bandwidth wizard
•
On-the-wire Compression
•
QOS usable
•
IPsec capable
Implementation Scenarios
Branch office data protection
Backup process


Clients

Athens
DPM Server
Benefits
Corporate WAN

Clients
Crete
Headquarters




Clients
London
Agent deployed to branch
office servers
Agent captures data and
replicates to DPM server in HQ
DPM takes snapshots to
enable recovery at multiple
points in time
Rapid & reliable recovery
including end user recovery
Less potential data loss
Easy and efficient scheduling
and management
No trained staff needed
in branch
Reduce tape equipment
requirements in the branch
Completing the D2D2T scenario
Snapshots
Active
Directory
File Servers
Clients
DPM
Servers
Tape Library
Allows for restore of DPM server itself (system state, replicas)
Enables restore of any file object on production servers from tape
Provides ISV’s ability to control this process through their software applications
Solutions available: Yosemite, Veritas, CommVault, Windows Backup
-- with Service Pack 1
Online Snapshots (up to 512)
Disk-based
Recovery
Active Directory®
System State
Up to Every
15 minutes
DPM 2007
with integrated Disk & Tape
Windows XP
Windows Vista
Tape-based
Archive
Windows Server 2003
Windows Server 2008
file shares and directories
Offline tape
DPM 2007
Continuous Data Protection for Windows Application and File Servers
Rapid and Reliable Recovery from disk instead of tape
Advanced Technology for enterprises of all sizes
Top 10 Reasons To Deploy DPM
•
•
•
•
•
•
•
•
•
•
Recover files in minutes instead of hours
Eliminate the backup window of your production servers
Shrink potential data loss down to 1 hour
No more failed recoveries
Get easy instant backup verification
Enable end users to perform their own recoveries
Setup and protect your file servers in minutes
Advanced functionality at low cost
Rich out-of-box reporting and monitoring functionality
Remove tapes from branch offices and centralize
backups at datacenter
Data Protection Manager Licensing
82
System Center Essentials
Overview
System Center Essentials in General
84
System Center Essentials Licensing
85
Q&A
© 2008 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.