Transcript UD-B305 Features and Solutions Used Orchestrator Runbooks Software Update Point List Macintosh Client Management Automatic Client Deployment User Centric Application Delivery.

UD-B305
Features and Solutions Used
Orchestrator Runbooks
Software Update Point List
Macintosh Client Management
Automatic Client Deployment
User Centric Application Delivery
Infrastructure Experiences
Real World @ Microsoft IT
Infrastructure
• 6 Primary Sites
• 13 Secondary Sites
• 250 Distribution Points
PCs & Devices
• ~300,000 clients
• ~125k mobile devices
Users
• ~98k FTEs
• ~82k Vendors
Unified Device
Mgmt
Site
~98K devices *
Redmond
Site 1
75k Clients
Redmond
Site 2
75k Clients
Active Directory
Federation
Server 2.0
AD
User Discovery
corp domains
MS Online
Directory Sync
(DirSync)
Intune
Subscription
Connector
Site role
North & South
America
35k Clients
Europe,
MidEast, Africa
40k Clients
Australia &
Asia
75k Clients
MS Online
Directory Services
(MSODS)
Used
Orchestrator
Runbooks
< >
Used
Configuration Files
as Input for
Runbook
More In Depth Session: UD-B319
 Thursday, April 11, 2013 | 12:00 PM-1:15 PM
 UD-B319- Microsoft IT - How Microsoft IT
upgrades System Center Configuration Manager
using System Center Orchestrator Automation
• To kick off & monitor execution units (tasks) on
target servers to be upgraded
• To leverage existing scripts & create new ones
Task Configuration File
• Run (Task Location, Command, Parameter Variables),
Expected Output, Run Order, Success Criteria
• One time creation of automation types / versions
of product (CM12 SP1 Upgrade, New CM07 Infra
w/WSUS 3.0 SP2, New CM12 SP1 Infra)
Build Configuration File
• Where to run, Parameters, Start Task ID,
Stop Task ID, Execute (Yes/No)
Upgrade Tasks Automated
Task Type
Description
Test DB Upgrade
Test DB Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Upgrade
Common
Common
Backup DB, Copy & Restore DB
Run Test DB Upgrade
Backup old CM Logs
Copy Source Bits
Run QC Checks
Disable SQL Agent Jobs
Upgrade CAS, Primary, Secondary Sites
Import MOF Customizations
Re-Enable Application Catalog Performance Counters
Re-Apply Custom Share Permissions
Run Post QC checks
Monitor Logs
Execute SQL Script files
Automated
Upgrades –
Consistent
deployments
Entire hierarchy
upgraded in 24
hours
Windows Azure
Content
Policy
MP
FIREWALL
More info available here:
http://blogs.technet.com/b/configmgrteam/archive/2013/01/31/newdistribution-points-in-configuration-manager-sp1.aspx
PR1
MP
DP
More info available here:
http://technet.microsoft.com/enus/library/gg682168.aspx
Automatic Client Upgrades
Key Benefits
Both Client Push and
Software Distribution
based upgrades have
Administrator overhead
Upgrades any clients
less than hierarchy
version to minimum
client version
Publishing new client via
WSUS may cause server
overload
Provide an automatic
deployment mechanism
to distribute client
language packs
Automatic Client
Upgrade
Simple, Easy, and
Automatic
Provided a simple and
automatic method for
upgrading clients
Ensured clients remained at
a minimum baseline client
version
Ensure pre-reqs and
language packs serviceability
Automatic Client Upgrades Enabled
Sequence of Events
Scheduled Task
Automatic Client Upgrades @ Microsoft IT
Enabled for ~270,000
clients geo distributed
across five primary sites
Advanced
Modern Device
Management
Simplified
Administration
Experience
Administration
Available user targeted apps



DeepLink support






In console deployment monitoring
Build
Enterprise builds LOB app or gets
app from ISV outside of the store
Sign
Sign with Enterprise trusted cert
Publisher name in the certificate and
package must match
Cer tify
Certify LOB app using Windows App
Certification kit
Deploy
Deploy using System Center 2012
Configuration Manager SP1
App-V in ConfigMgr SP1
Virtual Application Connection
Next Generation
DSC
• Packages can be deployed in multiple
Virtual Application Connection Groups
• Configuration is separate from packages
Integrated w/
App-V Mgmt.
Server and
ConfigMgr
• Create and configure via Server User
Interface or PowerShell
• Know the dependencies
Manage in
Standalone Mode
App-V 4.6 SP2 and App-V 5.0 can
coexist for easy migration!
Supported
Configurations
• Can use PowerShell to create
and manage
• Applications + Plugins
• Applications + Middleware
• Applications + Applications
Convert Packages to App-V 5.0
Deploy the App-V 5.0 client via Configuration Manager
Copy App-V apps, create App-V 5.0 DTs and supersede
Create Virtual Environments
Deploy App-V apps
Mac Management @ Microsoft IT
• Collaborated with Microsoft IT certificate team to obtain appropriate user cert
• Leveraged user enrollment model for Mac agent installation
• Automated ConfigMgr SP1 agent installation using a custom script to reduce actions from user side
1
2
3
• Deployed Skype and SCEP via Software Distribution deployments
• Deployed below Microsoft IT security policies to all enrolled Mac machines
Policy
Setting
Screen Saver Idle Time
900 (Seconds)
Require Password at Screen Saver
Yes
Alphanumeric Required: Yes
MinChars=8
MaxFailedLoginAttemps=8
MaxDaysUntilChangePassword=70
Password Strength
Mac Management Food For Thought
• Provides Microsoft IT an on-prem native management solution for managing
Mac’s across the Yammer, Skype and MacBU/Apex business groups
• Less complex network design as Device Management Point is not internet facing
• Met Corp Security requirements by driving the Product Team to leverage user
cert based enrollment vs. machine cert based enrollment
•
•
•
•
Mac’s in Microsoft IT are not domain joined
Devices need to be corpnet connected
Published Mac agent bits and script on boundary servers
Changed client settings using Settings Management
• Deadline time for software distribution: 120 minutes
• Reboot delay: 60 minutes
Unified Device Management Scope @ MSIT
Native Management Scope
Device Enrollments and Modern Apps
Windows Phone 8
• Current: 140
• Planned: 24k
Windows RT
• Current: 35
• Planned: 19k
Apps Published
• 9 WP8 LOB
• 1 Deep Linked
Apps Published
• 12 WinRT Apps
• 2 Deep Linked
Unified Device Management Solution @ MSIT
Unified Management @ MSIT
Unified Device Management Architecture
• Windows PCs, Mac’s: ConfigMgr SP1
• WP, Android, Smart Phones, etc: EAS
• WP8, WinRT, iOS: Intune (native mgmt.)
• ConfigMgr 2012 SP1 on-prem infra
• Windows Intune Wave D cloud
• Exchange connector (reporting)
• Single pane of glass and simplified
administration
• Managed via ConfigMgr console
Simplified Administration
Unified Device Management
•
•
•
•
•
•
•
•
Device scale – 100k user limit
Company portal and WIPE scenarios evaluated for Windows Phone 8 and Windows RT devices
Corporate Security EAS policies enforced via Settings Management
Exchange connector used to consolidate inventory and merge device records
End user education provided via enrollment and Microsoft IT work smart guides
Created FAQs and support guides for Help Desk and Microsoft Tier 2 support teams
Developed custom inventory reports to provide a consolidated view of enrolled devices
Microsoft IT broad device management communications/enrollments planned for June 2013
More In Depth Session: UD-B311
 Wednesday, April 10, 2013 | 2:45 PM - 4:00 PM
 UD-B311- Deploying System Center 2012 Configuration
Manager SP1 With Windows Intune
Enabled Wake Up Proxy agent installation
using custom client agent setting
Identified DA gateway address and configured
Traced network performance after Wake Up
Proxy agent installation during pilot
Targeted Wake Up Proxy agent on regions
having high opt out: 16k machines
Food For Thought
3 machines be awake randomly
Ping should be enabled in the network






ConfigMgr 2012 SP1 is now supported on SQL 2012 with a minimum cumulative update of
CU2 and not supported in SQL 2012 SP1 http://support.microsoft.com/kb/2817245
Cumulative Update 1 for System Center 2012 Configuration Manager Service Pack 1 http://support.microsoft.com/kb/2817245
Reports improvement in SP1 for using role based administration defined in console
If you love automation, then don’t forget to check out 471 Configuration Manager SP1
PowerShell Cmdlet available here http://technet.microsoft.com/en-us/library/jj821831.aspx
Explore Pull Distribution Point for Content Management and to save WAN traffic cost for
sites saving large distribution points
New updated toolkit for SP1 for additional add on such as content library transfer etc.
download from here: http://www.microsoft.com/enus/download/details.aspx?id=36213&WT.mc_id=rss_alldownloads_all
 Microsoft IT Windows Phone 8, Windows RT and iOS
enrollment guides: http://sdrv.ms/10f5g2y
 Microsoft IT Mac enrollment script: http://sdrv.ms/10f5s1M
 Makeappx and signtool article : http://msdn.microsoft.com/enus/library/windows/desktop/hh446767(v=vs.85).aspx
• UD-B328 The Top Ten Lessons Learned in Managing SQL
& Reporting
• UD-B319 How Microsoft IT Upgrades System Center
Configuration Manager 2012 Hierarchy with System
Center Orchestrator Automation
• UD-B311 Deploying System Center 2012 Configuration
Manager SP1 With Windows Intune
• System Center in Action Site
•
http://blogs.technet.com/b/system_center_in_action
• Technical Case Study: How Microsoft IT Deployed System
Center 2012 Configuration Manager
•
http://technet.microsoft.com/en-us/library/hh913620.aspx
• Technical Case Study: User-Centric Client Management with
System Center 2012 Configuration Manager in Microsoft IT
•
http://technet.microsoft.com/en-us/library/hh925141.aspx
• Shitanshu Verma’s Blog
•
http://blogs.msdn.com/b/shitanshu