Expert Reference Series of White Papers
Microsoft System
Center Configuration
Manager 2012:
What’s New and
Microsoft System Center Configuration
Manager 2012: What’s New and What’s Different
Allan Jacobs, Global Knowledge Instructor, MCT, MCITP, MCTS, MCSE
Introduction
By the time that you read this, Microsoft will have released to market its latest version of its System Center Configuration Manager (SCCM). It’s been incubating for quite some time. The last full version of SCCM that we saw was five years ago and, despite the introduction of two interim releases (R2 and R3), a complete revamp was certainly due. The folks on the System Center team have come through with a substantially overhauled new product that should provide organizations with better performance, enhanced information, and, ultimately, more control of their infrastructure.
In this white paper I will take a look at Microsoft’s new approach to its configuration management system, outlining some of the components that have changed as well as the features that have been added.
Revamped Hierarchy
Experienced SMS and SCCM administrators will be surprised by the core structural revamp of the new version. Large enterprises were encouraged in SCCM 2007 to create parent and child relationships between their sites. This resulted in the propagation of child primary sites to centralize management and reporting. That is no longer possible in SCCM 2012.
Substituting for the parent-child topology is a new top level site system called the Central Administration Server (CAS). The role of the CAS is to allow for the consolidation of all reporting and management in one location. What makes the CAS different from the previous ad-hoc central site is that it can host no clients. Essentially, Microsoft has created a flat topology.
Also changed in SCCM 2012 is the structure of the secondary site. In earlier versions secondaries were used to provide some functions in locations where bandwidth was limited. Prior-version secondary servers had no data-base and could be installed locally using the setup executable or remotely from the console of its primary. Now the secondary has its own database (SQL Express is an option) and remote install is the only way to go. Person-ally, I prefer distribution points over secondaries, but that is for another discussion.
Note that the Active Directory Schema extensions are unchanged from SCCM 2007. That should make the Direc-tory Services folks much happier for organizations that have already performed the integration of SCCM to AD.
The Console and the Ribbon
First introduced with the Office 2007 Suite, the now familiar “ribbon” graces the top of the SCCM console and as such, the console has been completely revamped. For experienced SCCM administrators, the new interface will present an initial obstacle in locating the nodes that they are accustomed to using for their day-to-day management tasks. Over time, with training, practice, and repetition, the console will become the admin’s friend, providing all of the flexibility and granularity that is needed. By abandoning the Microsoft Management Console, we are told, we will see better performance. Let’s hope so.
Site Security
In SCCM 2007, an enterprise was required to designate that a site be in either mixed or native mode, the latter requiring a secure connection between the client and the server. While we are all concerned with the security of our data, the overhead in creating a native mode environment was not necessarily worth the added peace of mind provided by an encrypted connection on the physically secure local area network. Remedying this concern, SCCM 2012 allows for different settings to be applied on the site systems within a site.
The site system that “talks” to the clients is called the management point (MP). If an organization wanted to configure one of its MPs to require a secure HTTPS connection and another to permit HTTP, it could satisfy an internal/external structure and avoid frequently unnecessary encryption.
Hardware Inventory Controls
Experienced SMS and SCCM admins have probably spent some time altering the files that were used to granu-larly control the specificity of the hardware inventory that the product collected. For those of you who never had to modify the sms_def.mof file, you missed your chance. We will now customize hardware inventory collection using the console. For the hardcore geeks, we still have our mif files, and if you are not sure what those are – well, never mind. Another plus is the ability to apply different hardware inventory at the collection level by using client settings.
Role-Based Access Control (RBAC)
Most of the servers in the Microsoft portfolio have moved to a role-based approach to allow for a careful tailor-ing of the permissions that will be provided to individual administrators. Havtailor-ing worked with many approaches to RBAC from Exchange to SharePoint to Lync Server, I can easily say that SCCM has the most flexible and user-friendly approach to RBAC that I have seen. The built-in RBAC roles should satisfy many enterprise deployments. The true power of SCCM RBAC is the ease of creating new roles and applying them to administrators. The mechanism for role creation and assignment is entirely GUI-based and allows for the cloning of an existing role and then modification either by adding or limiting its capabilities or the scope of its effectiveness.
boundar-and number of users. In 2012, we now use the collection as our primary administrative border, giving us many choices in how we assign capabilities to our IT workers.
Application Management
The structure of providing software to devices has been completely revamped in SCCM 2012. First, we no longer call it software distribution; it is now application management. Also lost is the long-standing concept of the ad-vertisement. It gets replaced with deployments. Often deployments will be provided to collections of users and not computers as had been common in the past. All of this is part of an approach that will allow the enterprise to provide individuals with the required software, depending on where and from what device they access the network.
A user accessing the network from a desktop computer will likely be provided a full local copy of an application for the computer where she typically works. For any other computer, a remote connection might be made to an App-V server where the user could run the application as if it were installed on her desktop. From a mobile device, an alternate version of the application could be deployed. The options are variable, depending on the structure of the organization.
The new Deploy Software Wizard is the engine behind the creation of these packages. Old hands at the product can still import SCCM-created packages.
Software Updates
The software update process has a number of new enhancements. Software update groups are now used to control the patches that will be deployed and automatic rules can be used to deploy the updates. There have been a significant improvements to the available monitoring tools for the software update process, which now provides detailed status information in the console as well as complete reporting on each of the elements of the update process.
User-based Management
With shifting workforces that may divide their time between their employers’ physical premises and their homes, management of users, as opposed to computers, becomes attractive to many organizations. With SCCM 2012, user-based collections are now preferable when considering such things as application deployment, software updates, and operating system deployment. This shift from system- (computer- ) based management to user-centric management appreciates that many users will have more than one device to manage.
Mobile Device Management
This brings us to the 10,000-pound elephant in the room: mobile devices. I must confess that I belong to a very small minority in the smartphone world. I use a Windows Phone and have done so for quite some time. I have watched from the sidelines (along with Microsoft) as the iPhone and the Android phones have swallowed the market. Right now SCCM 2012 does nothing for them. We can hope that the RTM version of the product will supply more, but that is doubtful. It is more likely that we will see something more substantial for all of our
phones in an early update. Right now SCCM 2012 only provides a fully featured client for the Windows Phone 5 and 6 and the Symbian phones. I am waiting.
Conclusion
This worthwhile upgrade should provide substantial opportunities for organizations to gain better control over their hardware and software resources. It is a huge step forward that will require time and patience to fully learn and understand, but in the long run should prove to be a required system in all organizations that use Microsoft servers and workstations.
Learn More
To learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge, check out the following Global Knowledge courses:
Administering System Center 2012 Configuration Manager (M10747) Deploying System Center 2012 Configuration Manager (M10748)
Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor.
About the Author
Allan Jacobs is a trainer, consultant, and writer based in New York City. While technically an independent, Allan works almost exclusively for Global Knowledge and spends a good deal of his time traveling to client sites and training centers throughout the US. While his current interests are concentrated in the Unified Communications field, he continues to work with the Windows Server and Client Operating Systems, SharePoint, and the Systems Center suite. He has served as a Technical Learning Guide at TechEd 2011, 2010 and 2009 in Unified Communi-cations, a speaker at the MCT Summit 2011 on Lync Server, as well as the MCT Virtual Summit on Office Com-munications Server 2007 R2, as an Expert at TechEd in Unified ComCom-munications and Expert at the Launch of Exchange and SharePoint 2007. Allan was also co-author of the revision of the Microsoft Official Courseware for OCS 2007 R2. In his younger days, Allan practiced law, something that he has successfully avoided for the last twelve years.
