IT管理系列 – 新一代組態管理與部署工具- SCCM 2007導覽 <SLIDETITLE INCLUDE=7>Title Slide</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this Microsoft TechNet session on {insert session title}. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>Let us start this session by going into more detail on exactly what we will be covering.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 魏早達 亞仕資訊

本課程所涵蓋範圍? SCCM 2007新功能的介紹 SCCM 2007 提升功能的介紹 新功能及提升功能展示 未來SCCM 2007相關Webcast所需知識的基礎 <SLIDETITLE INCLUDE=7>What we will Cover</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> [When writing the script for this slide, expand a bit on the list on the slide, do not simply list the slides items here. Think of this as the advert for the session, explain a bit more what will be covered and how.] </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>As with most TechNet sessions, some prior experience of Microsoft technologies or similar technologies is always helpful, the next slide provides a brief overview of what would be helpful, but not essential, for this session.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

預備知識 討論到SCCM 2007所提升功能部份, 需要對 SMS 2003 具備相關知識

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性的需求 異動組態管理(Desired Configuration Management) 其他額外的更新

Configuration Manager 2007 Customer momentum >300,000 beta seats deployed 20 Tap and 33 RDP Customers WW Over 20,000 downloads of beta 2 and RC Over 6,000 RTM evaluations downloaded since August General availability November ‘07 Configuration Manager Service Pack 1 Windows Server 2008/ Vista SP1 Support Currently testing, dependencies exist SCCM R2 Plan of Record Summer ‘08 SoftGrid* integration Server Provisioning scenarios (including multicast support on WDS) Forefront Client security integration (reporting only) SQL Reporting service (side by side with SMS Reports *Microsoft Application Virtualization

From the Datacenter to the Client and Beyond… Control what workloads to update when: explicit targeting and scheduling for server, desktop and devices Learn what you have before deployment or migration Software Update Software Distribution Production Support Asset Intelligence HW/SW Inventory Define configurations, partition model, OS, drivers and application suite Define Configuration standards, maintain compliancy Configuration Management Client/Server Design OS Deployment Automated delivery of OS and supporting information

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007 新的System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

Configuration Manager Console Feature SMS 2003 ConfigMgr 2007 拖曳功能 No Yes 多重選取 功能視窗 預覽視窗 精靈 少 多 功能首頁 顯示圖案 NT 3.51 細緻 目錄搜尋

Home Page 軟體派送狀態 Options Actions 狀態式顯示advertisement紀錄 指定軟體派送的連結 過濾篩選與多重選取 Bar/Pie 圖表呈現 Actions 最新、更新過的綜合報告

DEMO Configuration Manager Console Console Panes Console Actions Home Pages

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

Site System Role 大部份的Site System Role仍然存在 移除部份Site System Role Role Site Server (Primary 及 Secondary) Site Database Server Management Point Server locator Point Reporting Point Distribution Point 移除部份Site System Role Role Client access Point Sender Component Server

新的 Site System Roles Operating system deployment State migration point PXE service point* Branch distribution point Software updates management Software update point (WSUS 3.0 server) *Requires WDS – Windows Deployment Services **Requires Windows Server 2008

新的 Site System Roles Network access protection** System health validator Client deployment and distress Fallback status point Software distribution Branch distribution point Internet Based Client Management *Requires WDS – Windows Deployment Services **Requires Windows Server 2008

New Server Roles SMS 2003 Equivalent Role New Role SQL Server Management Point Primary Site Server Server Locator Point System Health Validator Reporting Point Fallback Status Point Distribution Point Software Update Point PXE Service Point Branch DP State Migration Point

Supported Client Numbers Site Role Maximum # of Client Systems Hierarchy (Central Site Server) 200,000 Primary Site Server 100,000 System Health Validator Management Point 25,000 Distribution Point (Non OSD) 4,000 Distribution Point (OSD) Limited by Network & Disk I/O State Migration Point Software Update Point (WSUS) Fallback Status Point Branch Distribution Point Limited by OS License, Network & Disk I/O

DEMO Configuration Manager 2007 Site System Roles 新增新的角色

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

What’s New in ConfigMgr OSD? Scenario SMS 2003 OSD FP ConfigMgr OSD End-to-end deployment Yes Fully automated Wipe-and-load upgrade Bare metal deployment w/PXE Loose integration w/RIS Built-in integration w/WDS Side-by-side BDD scripts Yes, w/built-in SMP Fully offline deployment No Integrated Vista upgrade planning Full server deployment Security Good Much stronger Flexibility/customizability Excellent Vista/LH compatibility Device driver management

部署情境 (1 of 4) 新機器 Wipe-and-load 完全全新安裝作業系統在工作站或伺服器 新的或重新配置的設備 安裝新版的作業系統在現有的工作站或伺服器 重新安裝應用程在新的作業系統上 對工作站而言, 需安全的儲存及回復使用者的狀態及設定在本機或檔案伺服器

部署情境(2 of 4) Side-by-side 就地升級 為現有使用者安裝新版作業系統在新的機器上 重新安裝應用程式在新的電腦 需要從舊電腦作狀態的遷移到新的電腦 就地升級 直接就原機進行作業系統升級 非全新安裝模式 就地遷移已安裝的應用程式

部署情境 (3 of 4) 運用媒體進行離線部署 使用媒體(CD/DVD, USB flash drive)部署 運用在低頻寬的環境 大的軟體套件置放在媒體中 無需連線狀態 每次需從媒體安裝 沒有狀態回報

部署情境 (4 of 4) PXE boot OEM 整合運用 WDS PXE server 配合使用Configuration Manager 公告(advertisements )來控制部署的程序 使用F12, 來自我啟動 OEM OS 已在OEM工廠預先安裝在工作站或伺服器 在置入企業網路時, 使用Task Sequencer來加入企業的基礎架構及安裝其他軟體

WDS & ConfigMgr Integration Site DB 1. Admin advertises task sequence to collection containing new computer ConfigMgr Site Server 3. ConfigMgr provider in WDS looks for computer in ConfigMgr database 4. If computer is found, WDS proceeds. If not found, WDS tries next provider ConfigMgr MP WDS Server 5. WDS Server downloads WinPE to new computer 6. ConfigMgr code in WinPE contacts MP to get task sequence that was advertised WDS PXE Server hosts multiple providers. ConfigMgr puts its provider first in the list. New Computer 2. New computer PXE boots

Driver Catalog ConfigMgr管理設備驅動程式的目錄 “Drivers” node Import drivers into this node Set properties on drivers Assign drivers to Driver Packages Driver Packages” node ConfigMgr packages that are copied to DPs Typically group related drivers into one package

Task Sequence Actions Two kinds of actions 不一定要搭配OSD運作 ConfigMgr所提供預設的Action 自行編寫的Action, 可以是一般的命令列執行檔包括 VBscript 不一定要搭配OSD運作 可以在ConfigMgr中,提供一般性目的的一連串動作

OS Deployment Architecture Configure RAID controller Format & Partition Hard Drive Deploy OS Image Add Device Drivers Reboot to New OS Start OS Deployment Check Deployment Readiness Save User State & Settings Save System Settings Reboot to WinPE Install SMS Client Install Software Updates Install Applications Restore User State & Settings Steps in old OS Steps in WinPE Steps in new OS Bare Metal starts here

Operating System Deployment DEMO Operating System Deployment

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

Software Updates Management: How is it Done? System Center Configuration Manager 2007 Universal Scan Agent (WUA) WSUS Server-based Metadata Catalog 完整的Microsoft Update 和 3rd-party 提供的內容 WSUS Integration 準確的依據遵循狀態佈署 可選擇性的下載 佈署軟體封裝 Policy-based infrastructure 佈署的範本 更新的清單 EULA management Administrative Improvements Maintenance Windows 性能改良 Pre-deadline scheduled installation Client improvements

Configuring Software Update Management in Configuration Manager 2007 Software Update Point server role 透過Site Role 精靈新增軟體更新角色 隨時都可以透過介面或精靈變更軟體更新原件的設定， “Component Configuration -> Software Update Point Component” Enable and configure the Software Updates client agent 可設定排程掃描 設定更新安裝的方式及佈署前的評估

Configuring Software Update Management in Configuration Manager 2007 Software Update Point server role 透過Site Role 精靈新增軟體更新角色 隨時都可以透過介面或精靈變更軟體更新原件的設定， “Component Configuration -> Software Update Point Component” Enable and configure the Software Updates client agent 可設定排程掃描 設定更新安裝的方式及佈署前的評估

Configuration Manager 2007 SUM Architecture 4/3/2019 10:38 PM Configuration Manager 2007 SUM Architecture Microsoft Confidential - Do Not Distribute

Configuration of Software Update Points 4/3/2019 10:38 PM SUP = WSUS +Configuration Manager 的元件 可搭配現有的WSUS使用 最上層 SUP與Microsoft Update做更新同步 Software Update Point (SUP) Role 可與Site Server 並存於同一台伺服器 可安裝於Site Server以外的伺服器 Supported configurations WSUS 可以支援 NLB的架構 NLB 支援容錯並可支援超過100,000 用戶端電腦 後端資料庫支援 SQL clusters Each WSUS server supports 25,000 clients Regional roaming only 掃描時間設定避免與WSUS同時間 Clients will always use assigned site SUP Microsoft Confidential - Do Not Distribute © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 35

SUM End-to-End

Internet Based Client Management 4/3/2019 10:38 PM Internet Based Client Management Manage clients without a VPN Road Warriors (Sales force, Consultant) Point Of Sale (Restaurant, Retail store, Gas station) Employee’s home computers Roam in and out intelligently Converge with standards based technology PKI for certificate management SSL/TLS for secure HTTP communication Firewall for SSL termination “Deliver a secure and reliable infrastructure to enable IT administrators in an enterprise to manage computers on the internet with the same level of control as computers on the intranet.”

Network Access Protection Secure your network perimeter Core feature for Configuration Manager End point and infrastructure protection through Health Policy Compliance enforcement Dependencies exist with Windows Server 2008 Validates the health of client systems as defined by corporate security policy Policy Validation Restricts access from protected network regions based on client health state. Quarantine Provides access to resources allowing clients to correct security policy compliance deficiencies Network Restriction Automatic enforcement of changes to defined corporate security policies ensuring sustained policy compliance Ongoing Compliance

Remote Control: What’s New Completely rewritten! Significantly faster performance Using Vista native “collaboration” technology Back-ported to Windows XP and Windows Server 2003 Underlying protocol: RDP Same basic functionality as SMS 2003: No need for end-user acceptance of new session NEW! 3 levels of access Full control View only None Still integrated with Remote Assistance

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

什麼是 DCM ? DCM 可以讓管理者作下列事情 : 定義企業組態的標準 報告所管理Windows系統組態規範狀態 結合DCM 組態規範資料與 ConfigMgr 的其他功能來修正用戶端

應用情境 偵測伺服器組態設定 “偏移” 協助 Helpdesk 進行疑難排解, 並且 “及時解決”” 異動組態規範報告 預先及事後的變更驗證 大約 ½ 的非計劃性的停機時間導因於組態設定的錯誤 ! 協助 Helpdesk 進行疑難排解, 並且 “及時解決”” Helpdesk 對IT而言是最大的 “人員成本” 異動組態規範報告 針對異動的組態, 定義及報告違反實質組態的政策 預先及事後的變更驗證 確認系統已經就緒 驗證計劃性變更的精確及效力

概觀 : DCM名詞及概念 組態項目 Configuration Item (CI) 組態的基本單元, 可以從ConfigMgr 管理的機器偵測、套用及移除 Application CI Operating System CI General CI Software Updates CI 組態基準線 Configuration Baseline 由不同的CIs組合而成, 根據下列型態 : Required Optional Prohibited 以組態狀態設定collections的條件

Microsoft DCM Knowledge Microsoft IT “Best Practices” Exchange 2003 & 2007 SQL 2000 & 2005 Windows Server 2003 AD/DNS/WINS/DHCP Sharepoint 2003 & 2007 Product group “Best Practices” Configuration Manager server roles Vulnerability Assessment Operations Manager 2007 Virtual Machine Manager 2007 Sharepoint 2007 SQL 2005

DEMO 異動組態管理 (Desired Configuration Management) 組態項目 (Configuration Items) 組態基準線 (Configuration Baselines

議題大綱 SCCM 2007 的藍圖 提升 Configuration Manager Console的功能及操作 SCCM 2007新的Site System Role 提升Operation System Deployment的功能 增進安全性需求 異動組態管理(Desired Configuration Management) 其他額外的更新

What’s changed in Software Distribution? 4/3/2019 10:38 PM What’s changed in Software Distribution? New Features Copy Package Wizard Maintenance Windows Branch Support Improvements Improved Package cache control Binary delta replication Client Branding Wake on LAN

DEMO Maintenance Windows 設定maintenance windows

Device Management - Core Scenarios 4/3/2019 10:38 PM Device Management - Core Scenarios Device = CE, PPC, Windows Mobile (SmartPhone) Basic Management Hardware/Software inventory File collection Software distribution Settings management - Password policy management, Security policy management Support for Smartphone Over-the-air management of devices Connection Management

Device Management - Core Scenarios 4/3/2019 10:38 PM Device Management - Core Scenarios Internet Based Management Fallback Status Point LOB Device Management CE on ARM at RTM Deployment Automated client distribution via SMS Advanced Client desktop Full integration with SCCM 07 Over-the-air client upgrade

其他加強功能 Inventory Discovery Asset Intelligence features added Last usage inventory Auto-created metering rules Discovery Discover “Extended Active Directory Attributes” Supports hosting Configuration Manager 2007 Site database on Microsoft SQL Server 2005 Clustered Server Volume Shadow Copy Service (VSS)-based backup Services off-line for minutes Snapshot data moved to backup location

課程回顧 System Center Configuration Manager 2007主要是延伸自 SMS 2003既有功能, 並加上 : 新功能(DCM,NAP,IBCM) 功能提升(SUM,SWD,DM) 更容易的安裝方式 全新管理主控台 可以直接由SMS 2003 SP2 或 SP3進行升級

Resources Technical Communities, Webcasts, Blogs, Chats & User Groups http://www.microsoft.com/communities/default.mspx Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet Trial Software and Virtual Labs http://www.microsoft.com/technet/downloads/trials/default.mspx System Center Home page http://www.microsoft.com/systemcenter

在何處取得 TechNet 相關資訊？ 訂閱 TechNet 資訊技術人快訊 http://www.microsoft.com/taiwan/technet/flash/ 訂閱 TechNet Plus http://www.microsoft.com/taiwan/technet/ 參加 TechNet 的活動 http://www.microsoft.com/taiwan/technet/ 下載 TechNet 研討會簡報與錄影檔 http://www.microsoft.com/taiwan/technet/webcast/

Q&A

<SLIDETITLE INCLUDE=0>Tag line</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>