Microsoft and Interoperability
“DHMC runs both Windows Server 2008 and Windows Server 2003
as guest operating systems under Hyper-V, as well as Linux. To date,
DHMC has virtualized Web servers, sites on Microsoft Office
SharePoint® Server 2007, reporting servers, medical applications,
domain controllers, file and print servers, Citrix servers, and more.”
Dartmouth Hitchcock Medical Center Case Study
Interoperability agreements with Novell,
Citrix (Xen), and Red Hat to support Linux
(RedHat, Suse, CentOS) on Hyper-V
SVVP (Server Virtualization Validation
Program) to certify
non-Microsoft Hypervisors for Microsoft
Support
System Center Operations Manager
supports monitoring
of non-Windows, including Linux – Redhat
and Suse + centOS, Unix – HP UX, Sun
Solaris and IBM AIX; from February 2013-
Gentoo/Debian/Oracle Linux/Universal Linux/
MacOS
System Center Virtual
Machine Manager 2012 manages VMware
ESX servers and Citrix XEN Servers
CentOS
Microsoft Private Cloud – Server Platform
Simplify with integrated physical, virtual
and cloud management
Improve agility with private cloud
computing infrastructure
Optimize service delivery across
datacenter infrastructure and business
critical services
“We don’t have to manage our infrastructure with multiple tools…we have one
central monitoring and management console from which we can care for every
aspect of our environment” - Doug Miller, Practice Architect, Microsoft Practice
Group, CDW
SELF-SERVICE
VIRTUALIZATION
MANAGEMENT
Private Cloud Technologies
IDENTITY
Build your own Private Cloud
• Deployment Guides are available on the Microsoft Private Cloud website:
• http://www.microsoft.com/virtualization/en/us/private-cloud.aspx
• Technologies used:
Technologies Basic Private Cloud Advanced Private Cloud
Virtualization Hyper-V Hyper-V
VirtualizationManagement
SCVMM 2012 SCVMM 2012Service Manager 2012Self Service Portal
AdvancedManagement and Orchestration
Configuration ManagerOperations ManagerService ManagerData Protection ManagerOrchestrator
Self
Service
Service
Delivery and
Automation
Deploy
Configure
Service
Model
DC
Admin
Operate
Monitor
Virtual Machine Manager
Operations Manager
App Controller
Service Manager Service Manager
Orchestrator
Configuration
Manager
Application
Management
Service Delivery and
Automation
Infrastructure
Management
Data Protection
ManagerApp
Owner
Example Hybrid Deployment
Hybrid Service
Private
Fabric
Hyper-V Bare Metal
Provisioning
Hyper-V,
VMware, Citrix XenServer
Network Management
Storage Management
Update Management
Dynamic Optimization
Power Management
Monitoring Integration
Fabric
ManagementCloud
Management
Application
Owner Usage
Capacity and
Capability
Delegation and
Quota
Cloud
Service
Management
Service Templates
Application
Deployment
Custom Command
Execution
Image Based
Servicing
Services
Performance and Resource Optimization (PRO) with SCOM and SCVMM
• Workload and application aware resource optimization
• Create policies that SCVMM acts upon tips automatically or manually
• Minimize downtime and accelerating time to resolution.
• Enables partners to deliver value add to our mutual customers
Centralized monitoring across Windows, Linux and Unix
Configuration change monitoring
Monitor and Manage Microsoft and third party virtualization platforms
Diagram data center operations and visualize status
Proactive Platform
Monitoring
End to End Monitoring Solution
Application & service level monitoring
Problem resolution knowledge base
Track and report service levels
Service level dashboards
Application and
Service Level
Monitoring
Standards based
Open and extensible platform for customized support
Interoperability with 3rd
party management systems and help desks
Interoperable and
Extensible Platform
SCOM 2012- Enterprise ClassScale across IT teams and manage business critical environments
• Role based security for secure delegation of access to information and task execution
• Aggregate monitoring of client systems
• Self monitoring infrastructure
• Leverages clustering, and agent failover for high reliability
• Works across AD trust boundaries
Windows
AIX
Solaris
Java Monitoring – Supported Platforms
RHEL
SLES
Tomcat
JBoss WebSphere WebLogic
Supported JEE Application ServersIBM WebSphere 6.1, 7.0, (8 TBD)
Oracle WebLogic 11gRel1, 10gRel3
Redhat JBoss 4.2, 5.1, 6, (7 TBD)
Apache Tomcat 5.5, 6.0, 7
Supported Operating Systems Matrix
Managing Complex Applications with SCOM 2012 and
AVIcode
End users
Web servers
Application serversData servers
Data servers
Application servers
Web servers
Application users
Business
Application
View of application user’s
performance
Consistent Experience – Desktop Console
Active Alerts Top 5 SQL Servers database generating the most Alerts
SQL Server Summary Dashboard
Top 5 SQL Server computers with the highest % processor
utilization
Top 5 SQL Server computers with the highest % memory utilization Top 5 SQL Server computers with the lowest % free space
available
SQL Server alerts generated in the last 24 hours
Critical SQL Server Databases
SQL Server Performance Dashboard: OperationsManagerDW
SQL Server Availability over last 24 hours SQL CPU Utilization over last 24 hours
SQL Memory Usage in KB
Total Memory Used on
Server
80%
Total Memory: 50,000 KBDisk Storage
Data Files: 17.6 GB
66%
2%Log Files: 6.93 GB
SQL Server Properties
Total Physical Memory (MB): 1000
Available Physical Memory (MB): 200
Active Alerts Top 5 SQL Servers database generating the most
Alerts
SQL Server Summary
Dashboard Top 5 SQL Server computers with the highest % processor
utilization
Top 5 SQL Server computers with the highest % memory utilizationTop 5 SQL Server computers with the lowest % free space
available
SQL Server alerts generated in the last 24
hours
Critical SQL Server Databases
Supported Non MS Operating Systems
• Version 5.3 (Power)• Version 6.1 (Power)• Version 7.1 (Power)
AIX
• Version 11iv2 (PA-RISC/IA64)
• Version 11iv3 (PA-RISC/IA64)
HP-UX
• Version 4 (x86/x64)
• Version 5 (x86/x64)
• Version 6 (x86/x64)
Red Hat Enterprise
Linux
• Version 8 (SPARC)• Version 9 (SPARC)• Version 10
(SPARC/x86/x64)
Solaris
• Version 9 (x86)• Version 10 SP1
(x86/x64)• Version 11 (x86/x64)
SUSE Linux Enterprise
Server
Version Support
• New versions of operating systems supported within 180 days of release
• Old versions supported as long as vendor provides support
Network Monitoring in OpsMgr 2012
• Out of the box discovery, monitoring, and reporting
• Server to network dependency discovery
• Multi-vendor support
• Multi protocol support
− SNMPv1/v2c/v3
− IPv4 and IPv6
• Deliver robust platform for partners to build on
Network Monitoring
• Port/Interface − Up/Down (operational & admin status)
− Volumes of inbound/outbound traffic
− % Utilization
− Drop & Broadcast rates
• Processor− % Utilization
• Memory− In depth memory counters (Cisco Only)
− Free memory
SCOM 2012 – Network Map Design
Audit Collection Service (ACS)Archiving audit collections for forensincs and compliance
Account Management Reports
User account created/deleted/enabled/disabled, Security group changes, Changing password, Computer account creation/deletion
Access Violation
Unauthorized access attempts, Account locked
Policy Changes
Audit policy changed, Object SACL changed, Object permissions changed, Account policy changed, Privilege added/removed
System Integrity
Lost events, Audit failure, Log cleared
Security log consolidation & compliance - SCOM & interoperability
2012
Client Management
Infancy (NT Domain)Groups Model
Comprehensive
Management
Laptops, Servers,
Enterprise Scale
Consumerization
of IT
Management
from the Cloud
2012
Business Needs and IT Challenges
Business NeedsAgility and Flexibility
IT NeedsLower operational costs
How can IT maintain
user productivity
and protect against
evolving threats
How can IT reduce
complexity and scale
back infrastructure
requirements
• Device Choice
• Application Self-service
• Personalized Application Experience
• Non-intrusive management
• Manage all devices through single interface
• Deliver applications to the user, not the device
• Integrated security and compliance
• Reduced infrastructure complexity
Access to org. resources
across devices & platforms
Single admin
console
Empower Users
Empower people to be
more productive from
almost anywhere on
almost any device.
Simplify
Administration
Improve IT effectiveness
and efficiency.
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Simplify
Administration
Improve IT effectiveness
and efficiency.
Modern Management Console
Role-based Administration
Operating System Deployment
Asset Intelligence
Client Health
Functionality ConfigMgr 2007 ConfigMgr 2012
Meg- WW Central System
Administrator
Louis-Software Update
Manager for France
Bob- US & France
Security Admin
• Can see & update “France” desktops
• Cannot modify security settings on “France” desktops
• Cannot see “All Systems” or “U.S.” desktops
• Can see & modify security settings on “France” and “U.S.” desktops
• Cannot update “France” or “U.S.” desktops
• Cannot see “All Systems”
Map the organizational roles of your administrators
to defined security roles
• Security organization role
• Geography
Reduces error, defines span of control for the organization
Understand software installation profiles
Plan for hardware upgrades
Identify over or under licensing issues
Track custom apps or groups of titles
Software Metering & License Reports
Asset Intelligence Service
Asset Intelligence Catalog
Real-time Application
and Hardware Intelligence
ConfigMgr Inventory
• PXE initiated deployment allows client
computers to request deployment over the
network
• Multi-cast deployment to conserve
network bandwidth
• Stand-alone media deployment for no network
connectivity or low bandwidth
USMT 4.0 UI integration makes it easier transfer
files and user settings from one machine to another
CAS
Primary Site
MP Role
Primary Site
DP Role
Image Task Sequence
Report
WDS PXE Server
SCCM 2012 Machine and application lifecycle
Update Management•Microsoft security updates•Harware and software vendors catalogs•Business Applications•Maintenance windows
Desired Configuration Monitoring•Microsoft best practices•Custom models•Ability to remediate some settings
Application distribution and installation•No Mandatory Packaging•Dynamic Targeting based on user affinity and/or inventory•User experience control•Network Access Protection integration•Wake-On-Lan
OS Deployment•Client or Servers•Existing or new machine•User parameters migration•WIM image format•Tasks sequencer•Application compatibility
SCCM & Intel AMT Integration- management of desktops and servers even they are stopped
Intel® Q35 Express Chipset
with ICH9-DO
Intel Platform Software
Ecosystem Solutions
Intel Key Platform
Technologies
• Intel® Active Management Technology (AMT) is a function of the chipset & network controller
• Hardware-based management for clients
• Desktop: Intel® vProTM Processor Technology
Intel® 82566DM Gigabit
Network Connection
Intel vPro
Components
Intel® Core ™ 2 Duo Processor
Empower Users
Empower people to be
more productive from
almost anywhere on
almost any device.
Modern Device Management
User-centric Application Delivery
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Simplify
Administration
Improve IT effectiveness
and efficiency.
Management for all
Exchange ActiveSync (EAS)
connected devices
• EAS-based policy delivery
• Discovery and inventory
• Settings policy
• Remote Wipe
Empower
7
Mobile Device Management with SCCM
2012
EXCHANGE CONNECTOR REPORTS
EXCHANGE CONNECTOR REPORTS
• Windows XP Embedded• Windows Embedded Standard 2009• Windows Embedded Standard 7
Thin Clients
Same as Thin Clients, plus
• POS Ready 2009
• POS Ready 8POS/Kiosk
• Windows Embedded Standard 2009
• Windows Embedded Standard 7Digital Signage
• Windows Thin PCRepurposed PC
Supported Write Filters
• File Based Write Filters (FBFW)
(preferred for scalability)
• Enhanced Write Filters (EWF) RAM
Ability to force persistence of changes for
• Applications
• Packages and programs
• Software updates
• Task sequences
• Endpoint Protection client installation
Eventual persistence of changes for
• Client agent settings
• Settings management remediation
• Power management
Without write filters enabled, embedded devices can be managed like any other Windows client. When write filters are enabled, they require special handling, now provided seamlessly in SP1
• Version 4 (x86/x64)
• Version 5 (x86/x64)
• Version 6 (x86/x64)
Red Hat Enterprise Linux
• Version 9 (SPARC)
• Version 10 (SPARC/x86)Solaris
• Version 9 (x86)
• Version 10 SP1 (x86/x64)
• Version 11 (x86/x64)
SUSE Linux Enterprise Server
Supported OS’s across both:
• Configuration Manager
• Operations Manager
Old versions supported as long as vendor provides support
Broader Linux distro support being evaluated
for future releases
Hardware and Software Inventory
Software Deployment
• Using the Package and Program model
• Deploy/patch software, deploy OS patches and run
maintenance scripts that target a collection
Consolidated reports
• Deliver best user experience on each device
• Define application onceDelivery Evaluation Criteria
• User
• Device type
• Network connection
User/Device Relationships
Primary Devices
• MSI
• App-V
• Windows 8 Apps
• Windows 8 Apps in the Windows Store
Non-primary Devices
• VDI
• Remote Desktop
< >
Detection Method
Install Command
Requirement Rules
Dependencies
Supersedence
Administrator Properties
End User Metadata
Application “Package”
App-V
Windows Script
CAB / SIS
Windows Installer
General Information
Deployment Type
< >
IT
Administrators publish software titles
to catalog, complete with meta data to
enable search
• Deliver best user experience
on each device
Users can browse, select and install
directly from Catalog
• Application model determines
format and policies for delivery
User
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Reduced Infrastructure Requirements
Unified Management of Virtual Clients
Endpoint Protection
Software Update Management
Compliance & Settings Management
Distribution Point for Windows Azure
Central Administration Site
• Central primary site administration
• Reporting
Primary Sites
• Client management and settings
• Delegated administration
Secondary Sites
• Content routing
• Distributions points
Central
Administration
Site
Primary Site Primary Site
Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site
CONNECTION BROKER
User-centric application delivery through
Microsoft Application Virtualization or
Citrix XenApp.
Single admin experience for managing
physical and virtual desktops. Integrates with
Remote Desktop Services and Citrix
XenDesktop.• Recognizes pooled and personal virtual desktops
• Randomizes tasks
HYPER-V
CONFIGMGR
DP/MP
APP-V
SEQUENCER
Unified Infrastructure
• Simplified server
and client deployment
• Streamlined updates
• Consolidated reporting
Comprehensive Protection Stack
• Behavior monitoring
• Antimalware
• Dynamic Translation
• Windows Firewall Management
Signature
update
Policy
configuration
EP client
installation
Silent removal
of third-party
products
EP enabled in
the console- EP
installation
starts on the
device
EP agent installer
deployed with ConfigMgr
Client
Simplified Client Setup
Ease of client setup and deployment• No separate deployment needed for endpoint protection client
• Endpoint Protection agent installer deployed with Configuration Manager client setup
Flexible administrative control• Administrator can force or suppress any required reboots
• Configurable option for automatic removal of existing AV client
Easy migration from existing solutions and automatic removal of existing clients• Symantec
• McAfee
• TrendMicro
• Forefront Client Security or Forefront Endpoint Protection
Client Installation Flow
Signature Update Distribution
Ensures always up-to-date security regardless of the client location• Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share)
Easier distribution process• Automatic deployment rules within ConfigMgr console
Minimizes WAN impact • Uses distribution points and reduced definition size
MICROSOFT UPDATE
ON THE ROAD
Fallback to
online update
Corporate Network
Updates distributed through
ConfigMgr, WSUS or Windows
File Share
DELTA UPDATE SIZE: 50-2048 KB
UPDATE FREQUENCY: 3 TIMES/DAY
Simple Policy Administration With Templates
Simplified management for
antimalware policies• Templates for different
security needs
• Options to configure settings
granularly
Centralized management for
Windows firewall• Profile-based firewall policy
from the same dashboard
Comprehensive Protection Stack Building on Windows Platform Security
Proactive Techniques (Against Unknown Threats)
APPLICATION
FILE SYSTEM
NETWORK
Reactive Techniques (Against Known Threats)
Behavior Monitoring
Data Execution
Prevention
Address Space
Layout
Randomization
Windows
Resource
Protection
Antimalware
Internet Explorer® 8
SmartScreenMicrosoft BitLocker
Dynamic Translation and
Emulation
Vulnerability Shielding (Network Inspection System)
Windows Firewall Centralized Management
DYNAMIC CLOUD UPDATES
Mic
roso
ft M
alw
are
Pro
tect
ion
Cen
ter
Dyn
am
ic S
ign
atu
re
Serv
ice
System Center Endpoint Protection
Windows 7
Microsoft AppLocker
User Account
Control
Dynamic Translation With Heuristics
Real Time
Protection
Driver
Intercepts
Industry-leading proactive
detection• Emulation based detection
helps provide better protection
• Safe translation in a virtual
environment for analysis
Enables faster scanning
and response to threats• Heuristics enable one
signature to detect thousands
of variants
Potential
Malware Execution attempt on
the system
VIRTUALIZED
RESOURCES
Safe
Translation
Using DT
Malware
Detected
Malicious
File Blocked
Behavior Monitoring and Dynamic Signature Service
Live system monitoring identifies
new threats
• Tracks behavior of unknown
processes and known bad processes
• Multiple sensors to detect OS
anomaly
Updates for new threats delivered
through the cloud in real time
• Real time signature delivery with
Microsoft Active Protection Service
• Immediate protection against new
threats without waiting for scheduled
updates
RESEARCHERS REPUTATION
REAL-TIME
SIGNATURE
DELIVERY
BEHAVIOR
CLASSIFIERS
Microsoft Active
Protection Service
Properties/
Behavior
Real-time
signature
Sample
request
Sample
submit
1 2 3 4
Network Vulnerability Shielding• Minimizes opportunities to exploit the system between vulnerability
announcements and patch deployments
• Based on Network Inspection System (NIS) Technology
• Detects and blocks Conficker-style threats
• Inspects inbound and outbound network traffic
• Enables signatures based on patch status—disabled on patched machines
• Disables traffic interception if no signatures are active
A new NIS signature is released
Exploits LaunchedAttack is
blocked
Patch validated
and deployed
NIS Event Logged, telemetry sent
Time to test the update patch
Update Patch
Available
A new vulnerability
discovered
Signature KB CVE ID Action Release date Windows 7 Windows 2008 R2 Protocol
MS08-067 KB958644 CVE-2008-4250 Block 10/23/2008 No No RPC
MS09-001 KB958687 CVE-2008-4835 Block 1/13/2009 No No SMB
MS09-050 KB975517 CVE-2009-2532 Block 10/14/2009 No No SMB
MS09-050 KB975517 CVE-2009-3103 Block 10/14/2009 No No SMB
MS10-020 KB980232 CVE-2010-0269 Block 4/13/2010 Yes Yes SMB
MS10-012 KB971468 CVE-2010-0020 Detect Only 2/9/2010 Yes Yes SMB
Protect Clients with Reduced Complexity
Simple interface• Minimal, high-level user
interactions
Administrative Control• User configurability options
• Central policy enforcement
Maintains high productivity• CPU throttling during scans
• Faster scans through advanced
caching
Certifications and awards for Forefront technology:
VB 100% December & October 2010 on Windows 7 / 2008
VB 100% August 2009 on Windows Vista SP2
VB 100% April 2009 on Windows XP
VB 100% December 2008 on Windows Vista x64
VB 100% October 2008 on Windows Server 2008
VB 100% February 2008 on Windows Server 2003
ICSA Labs certification – Forefront was the first product
certifed for Exchange 2007
West Coast Labs’ Checkmark certification
Industry thought leadership
“Behavioral Classification” paper delivered at 2006 European
Institute for Computer Antivirus Research (EICAR) conference
Microsoft SolutionOne infrastructure for desktop management and protection
Improved visibility and response to threats
Reduced cost and complexity
Centralized management and protection
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
Software
UpdatesFile
Active
Directory
Baseline Configuration Items
Auto Remediate
OR
Create Alert (to Service Manager)!
Improved functionality• Copy settings
• Trigger console alerts
• Richer reporting
Enhanced versioning and audit tracking• Ability to specify versions to be used in baselines
• Audit tracking includes who changed what
Pre-built industry standard baseline templates
through IT GRC Solution Accelerator
Assignment to
collectionsBaseline drift
CAS
Primary SiteMP Role
Primary SiteDP Role
Assigns policy to scan for update
status or to deploy updateDistributes updates
Reports
compliance
Microsoft Update
Primary SiteSUP Role/WSUS
Identifies who needs updates
and reports on compliance
Downloads updates
Auto Deployment• Faster deployment through search
• Schedule content download and
deployment to avoid reboot during work
hours
State-based Updates• Allows individual
or group deployment
• Updates added to groups auto deploy to
targeted collections
Optimized for New Content Model• Reduce replication and storage
• Expired updates and content deleted
Security Compliance Manager
Patch Management
Network Policy ServerClient Network
Access
Device
(DHCP,
VPN)
SCCM Server
Management Point
SCCM Server
Distribution Point
May I have access?
I don’t have any patches installed. Should this client be restricted
based on it’s health?
Can you vouch for this client?
Is it up to date?
I can vouch for the client.
It’s not up to date. Tell it to install patches
You are being given restricted
access until patches are installed.
Requesting patch package.
Here is your patch
package.
Requesting access.
Patches are installed.
Quarantine client, request
it to install patches
Corporate Network
Restricted Network
I can vouch for the client.
Yes, meets policy.
Grant access.
Client is granted access to full intranet.
Security - SCCM & NAP
PR1
MP
MP DP
Windows Azure
Distribution Point
Microsoft
Update
Policy
Content
FIREWALL
Corporate Network
Reports and Power management with SCCM
SCCM Enterprise Dashboard
Em
po
wer
Un
ify
Sim
plify
Role-based Administration
Distribution Point for Windows Azure
Software Update Management
Reduced Infrastructure Requirements
Application Delivery
Modern Device Management
Compliance & Settings Management
Endpoint Protection
Unified Management of Virtual Clients
Operating System Deployment
Asset Intelligence, Inventory & Software Metering
2007 R3
MDM licensing
Device-centric
2012
EAS
User-centric
New
Improved
Integrated
Auto Remediation
Improved
New
Improved
Improved
2012 SP1
Unified
Win 8 Apps
Flexible hierarchies
Improved
Real-time actions
User Profile and Data
Improved
New
Improved
Improved
Modern Management Console New PowerShell
Client Activity and Health Improved Improved
Windows Embedded Device ManagementSeamless management of
write filter-enabled devices
Online Snapshots (up to 512)
Disk-based
Recovery
Tape-based
Backup
Data Protection
Manager
Up to
Every 15 minutes
Disaster Recovery
with offsite replication & tape
Data Protection Manager
Active Directory®
System State
file services
CONNECTORS
Asset Management
Self Service IT Business Intelligence
Service Manager - The Power is in the Integration
Automate and Deploy
Capacity and Utilization
Inventory and Usage
Alert Management
Incident and Problem
WorkflowsKnowledge Base Data WarehouseeCMDB
Active Directory
Change
Compliance and Risk
Arhitectura Service Manager
Analyst
Consola Authoring
Interfeţe
utilizatori
Sisteme
externe
Self-Service
portal
Infrastructura
Service
ManagerData
WarehouseCMDB
Service Manager SDKActive
Directory
ConfigMgr
OpsMgr
Knowledge
Base
Consola
Service Manager
Conectori
Management
Packs Change
Management
Problem
Management
Incident
Management
Utilizatori IT
Operations
IT business
analysts
Parteneri
Asset
Management
Risk &
Compliance
Release
Management
Orchestrator
VMM
Sincronizare cu Active Directory
• Import date dintr-un Domeniu sau OU
− Suport pentru forest-uri multiple
• Sincronizare date Active Directory despre:
− User
− Groups
− Printers
− Computers
• Informaţiile de contact pentru utilizatori
• Informaţii organizaţionale (Manager, Dept)
• Adrese de notificare (e-mail, IM)
Sincronizare cu SCCM• Sincronizează informaţiile din Configuration
Manager şi creează/actualizează Configuration Items:
− Hardware Inventory
− Software Inventory
− Software Updates
• Dacă există deja CI efectuează “merge” cu informaţiile existente
• Asset Intelligence top console user este preluat ca utilizator primar
• Crează incidente din erorile de conformitate Desired Configuration Management (DCM)
Creare Incidente din SCCM - DCM
• Crează Incidente automat pentru erorile de conformitate DCM
− Se selectează Baseline-urile DCM şi CI pentru care trebuie create Incidente
− Conectorul va sincroniza toate erorile de conformitate DCM
− Un workflow va crea Incidente doar pentru erorile DCM selectate
• Va fi generat un incident pentru fiecare computer şi CI neconform
− Poate crea o mulţime de incidente
Create Packages & Programs
Configure SM Portal
Advertisement Delivered
Software Deployed
End User Requests Software
End User
Manager Approves Request
Manager
Sincronizare cu SCOM
• Crează CI din obiectele descoperite de Operations Manager
• Crează Service Maps din Servicii şiDistributed Applications definite în SCOM
• Crează Incidente din alertele Operations Manager
− Sincronizează informaţii detaliate despre alerte
− Actualizează starea Alert-ului când sunt modificate proprietăţile incidentului în Service Manager
Examplu Service MapDefininirea dependintelor ce au ca impact disponibilitatea sistemului
ALERT GENERATED
INCIDENT CREATED
INCIDENT RESOLVED
INCIDENT DIAGNOSED
INCIDENT CLOSED
SERVICEMONITORED
IT Analyst / Operator
Service Desk Integrat
Active Directory
Configuration Manager
Operations Manager
Operator
Service Manager
Users
User Groups
Computers
Hardware Inventory
Software Inventory
Software Updates
Service Definitions
Service Maps
Incident
Apel
Suport
Alert
DCM
neconform
Verificare Configuraţie
Utilizator
Portal
Reports &
DashboardsE-Mail &
Other Clients
Excel
Price Sheet
Service manager – easy customizationClasses
• A class describes an “object”
• The most obvious classes in Service Manager are those for work items (fi: change request, incident) and configuration items (fi: computer, user)
• Classes and their “instances” form the heart of the CMDB
• Extending the CMDB can be done by adding classes
• Attributes are properties of a class the describe the object
Service Manager easy customization
• New classes can be defined by inheriting from the core model. For example, we can define a new “Projector” class for the overhead projector objects :
• List – An enumeration of values (optionally hierarchical) used to constrain value choices for a given class property.
Example : a List used in the “Condition” projector property:
ProjectorCondition {New, Working, Broken, Being repaired}
Configuration Item
Computer UserOperating
SystemProjector
•Serial Number (key)
•Make
•Model
•Location
•Condition – Projector
Condition List
Risk Management and Compliance
Personas Involved
Windows Server
SQLExchange
SOX PCI
COBIT
EUDPP
Internal
PoliciesISO
Scenario -- Always Ready for an IT Audit
Program
Manager
Operations
Engineer
Ma
na
gin
g C
om
pli
an
ce
Provide Audit
Trail
AutomationImplement Procedure
Map Control Objectives
ValidateSettings
Detect Failure
RecordResult
TakeAction
Activities• Process controls• Configuration settings• Monitoring
Reporting
Actions• Change control• Incident/issue• Problem
Audit Trail• Compliance Reports• Compliance History
Business Intelligence for IT
• Integrated across System Center
− Easy installation through Service Manager setup
− Supports Configuration Manager, Operations Manager, and Active Directory integration knowledge
• Data Warehouse repository database
− Store large amounts of dimension and fact data
− Provide a historical record
− Retain data groomed from the CMDB
− Model-driven: MP extends DW schema
Service Manager Dashboards
IT Process Automation and System Center Orchestrator (Opalis)
Automate provisioning,
resource allocation and
retirement
Extend virtual machine
management to the cloud
Orchestrate incident
management and resolution
Integrate across monitoring
tools, service desks and
CMDBs
Scale automated
configuration across
platforms and tools
Ensure reliable change with
intelligent workflow
branching
Virtual Machine Lifecycle Management Incident Management Automated Configuration
Management
Microsoft Active Directory
Microsoft Systems Management Server
Microsoft Operations Manager
Microsoft Configuration Manager
Microsoft Virtual Machine Manager
Microsoft Data Protection Manager
Microsoft Service Manager
BMC Atrium CMDB
BMC Remedy AR System
BMC Event Manager
BMC Patrol
BMC BladeLogic Operations Manager
CA AutoSys
CA eHealth
CA Service Desk
CA SPECTRUM
CA Unicenter NSM
HP Operations for UNIX
HP Operations Windows
HP Operations Solaris
HP Network Node Manager
HP Service Desk
HP Service Manager
HP Asset Manager
HP iLO 2
FTP
Symantec VERITAS NetBackup
IBM Tivoli Enterprise Console
IBM Tivoli Netcool/Omnibus
IBM Tivoli Storage Manager
EMC Smarts InCharge
EMC Infra
VMware VI / vSphere
UNIX Integration
System Center App Controller 2012
Offers intuitive and service-centric access
• Intuitive service-
centric interface
• Library of
standardized
templates
• Role-based view
• Web interface
• Create, manage, and
move resources rather
than
manage servers
Empowers
application owners
through self service
Increases visibility
and control
• Private and public cloud
services plus virtual
machines
• Job tracking
• Change history
Applications Across CloudsSelf–Service Application Management
Offers Intuitive and Service-Centric Access
Applications Across CloudsConsistent Application Monitoring
Hybrid Service
Private
Increases Visibility and Control
What’s Changing with System Center 2012 Licensing
Simplifying & Optimizing Licensing for Private Cloud
What Stays The Same?
Managed devices require
Management Licenses
Concept of an Operating System
Environment (OSE) and when a
Management License is required
Server MLs differentiated based on
virtualization rights & suited into
ECI
Client MLs differentiated on
component functionality and
suited into Core CAL / ECAL
What Changes?
Standalone ‘products’ become
components of integrated product
Management Licenses
Software Assurance is included with
all licenses
Server Management Licenses align to
‘processor-based’ model, each license
covers 2 processors
The right to run Management Server
software and supporting SQL
Runtime are now included with every
Management License. Management
Server Licenses are discontinued.
Management
Server
• Rights to run Management
Server software are included with
Client MLs and Server MLs
• SQL runtime is included with
Management Server software
Managed Clients
Managed Servers
Licenses Required Deployment
Management Server
Licenses
No Longer Required
2 Processors , Two VMs (OSE) 2 Processors , Unlimited VMs
• Operations Manager
• Configuration Manager
• Data Protection Manager
• Service Manager
• Virtual Machine
Manager
• Endpoint Protection
(new)
• Orchestrator
• App Controller (new)
2 Processors, 2 OSEs
2 Processors, Unlimited OSEs
Each license covers up to 2
physical processors. ECI
requires a 25 license
minimum initial purchase.
Enrollment for Core
Infrastructure
Standard
Enrollment for Core
Infrastructure
Datacenter
http://www.microsoft.com/systemcenter
http://www.microsoft.com/en-us/server-cloud/system-center/sp1-default.aspx
http://systemcenter.pinpoint.microsoft.com
http://www.microsoft.com/en-us/server-cloud/evaluate/trial-software.aspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=a171bcea-2dbb-4fc5-8dd1-4ec22f2eb4ef
http://blogs.technet.com/server-cloud
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be
substantially modified before it’s commercially released. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.