Systems Management Systems Management Server 2003:Server 2003:Technical DrilldownTechnical Drilldown

AgendaAgenda

SMS 2003 Feature DrilldownSMS 2003 Feature DrilldownSoftware Update ManagementSoftware Update Management

OS Image DeploymentOS Image Deployment

Mobile Device ManagementMobile Device Management

Deploying & Upgrading SMS 2003Deploying & Upgrading SMS 2003

SMS Future RoadmapSMS Future Roadmap

Software Update Software Update ManagementManagement

SMS Feature Drilldown:SMS Feature Drilldown:

1. 1. Assess Environment to be PatchedAssess Environment to be Patched

•Create/maintain baseline of systemsCreate/maintain baseline of systems•Discover AssetsDiscover Assets•Inventory ClientsInventory Clients 1. Assess1. Assess 2. 2.

IdentifyIdentify

4. Deploy4. Deploy 3. 3. Evaluate Evaluate & Plan& Plan

2. Identify New Patches2. Identify New Patches

• Identify new patchesIdentify new patches• Determine patch relevance Determine patch relevance • Verify patch authenticity Verify patch authenticity

& integrity& integrity

3. Evaluate & Plan Patch 3. Evaluate & Plan Patch DeploymentDeployment

•Perform risk assessmentPerform risk assessment•Plan patch release processPlan patch release process•Complete patch acceptance Complete patch acceptance testingtesting

4. Deploy the Patch4. Deploy the Patch

•Deploy patchDeploy patch•Report on progressReport on progress•Handle exceptionsHandle exceptions

•Review deploymentReview deployment

Software Update ManagementSoftware Update ManagementRecommended processRecommended process

• DiscoveryDiscovery• SW/HW InventorySW/HW Inventory• Run ComplianceRun Compliance

ReportsReports

1. Assess1. Assess 2. 2. IdentifyIdentify

4. Deploy4. Deploy 3. 3. Evaluate Evaluate & Plan& Plan

• Sync and DSUWSync and DSUW• Update reportsUpdate reports

• ScanScan• CollectionsCollections• Update reportsUpdate reports

• DSUWDSUW• Status messagesStatus messages• Update reportsUpdate reports

Software Update ManagementSoftware Update ManagementSMS 2003 ProcessesSMS 2003 Processes

SMS 2003: What it DoesSMS 2003: What it DoesIdentifies & deploys missing Windows and Identifies & deploys missing Windows and Office security patches on target systemsOffice security patches on target systems

Can deploy any patch, update, or application in Can deploy any patch, update, or application in Windows environmentsWindows environments

Inventory management & inventory based Inventory management & inventory based targeting of software installstargeting of software installs

Install verification and detailed reportingInstall verification and detailed reporting

Flexible scheduling of content sync & installsFlexible scheduling of content sync & installs

Central, full administrative control over installsCentral, full administrative control over installs

Bandwidth optimized content distributionBandwidth optimized content distribution

Software metering and remote control Software metering and remote control capabilitiescapabilities

Identify

New Update

Deploy

Assess

Evaluate & Plan

SMS 2003 Patch Management: SMS 2003 Patch Management: BenefitsBenefits

Gives administrators control over patch Gives administrators control over patch management management

Allows staging & testing of updates before installationAllows staging & testing of updates before installation

Fine-grained control of patch management optionsFine-grained control of patch management options

Automates key aspects of the patch management Automates key aspects of the patch management processprocess

Can update a broad range of Microsoft products Can update a broad range of Microsoft products (not limited to Windows and Office)(not limited to Windows and Office)

Can also be used to update third party software and Can also be used to update third party software and deploy & install any software update or applicationdeploy & install any software update or application

High level of flexibility via use of scriptingHigh level of flexibility via use of scripting

SMS 2003 Patch Management: SMS 2003 Patch Management: How It WorksHow It Works

FirewallFirewall

SMS SMS Site ServerSite Server

SMS DistributionSMS DistributionPointPoint

SMS ClientsSMS Clients

SMS ClientsSMS Clients

MicrosoftDownload Center

SMS DistributionSMS DistributionPointPoint

2.2. Scan components Scan components replicate to SMS replicate to SMS clientsclients

1.1. Setup: Download Security Setup: Download Security Update Inventory and Office Update Inventory and Office Inventory Tools; run Inventory Tools; run inventory tool installerinventory tool installer

3.3. Clients scanned; scan Clients scanned; scan results merged into results merged into SMS hardware SMS hardware inventory datainventory data

4.4. Administrator uses Administrator uses Distribute Software Distribute Software Updates Wizard to Updates Wizard to authorize updatesauthorize updates

6.6. Software Update Installation Software Update Installation Agent on clients deploy Agent on clients deploy updatesupdates

7.7. Periodically: Sync component Periodically: Sync component checks for new updates; scans checks for new updates; scans clients; and deploys necessary clients; and deploys necessary updatesupdates

5.5. Update files downloaded; Update files downloaded; packages, programs & packages, programs & advertisements advertisements created/updated; packages created/updated; packages replicated & programs replicated & programs advertised to SMS clientsadvertised to SMS clients

SMS ClientsSMS Clients

What the SMS Administrator What the SMS Administrator SeesSees

What the SMS End User What the SMS End User SeesSees

SMS 2003 Reporting ExampleSMS 2003 Reporting Example

Summary of Patch ComplianceSummary of Patch Compliance

Detailed Patch Distribution StatusDetailed Patch Distribution Status

SMS Inventory Tool for SMS Inventory Tool for Microsoft UpdatesMicrosoft Updates

Builds on Windows Update agent for Builds on Windows Update agent for scanning and installationscanning and installation

Scan tool does not require WUS server or Scan tool does not require WUS server or Internet connectivityInternet connectivity

WU agent is native to all new Windows WU agent is native to all new Windows operating systems starting with Windows operating systems starting with Windows Server 2003 SP1Server 2003 SP1

Distributed as an add-on install by SMS Distributed as an add-on install by SMS for older operating systemsfor older operating systems

SMS Inventory Tool for SMS Inventory Tool for Microsoft Updates (cont)Microsoft Updates (cont)

ConsistencyConsistencySMS results will be consistent with Microsoft SMS results will be consistent with Microsoft Update (MU) and Windows Update/Automatic Update (MU) and Windows Update/Automatic Updates (WU/AU)Updates (WU/AU)

CoverageCoverageFor Security updates, update rollups, and service For Security updates, update rollups, and service packspacksWindows, SQL Server, Exchange, Microsoft Windows, SQL Server, Exchange, Microsoft OfficeOfficeEventually ALL Microsoft ProductsEventually ALL Microsoft Products

Rich CatalogRich CatalogAutomatic download for all languagesAutomatic download for all languagesIncludes Command line switchesIncludes Command line switches

SMS 2003 PerformanceSMS 2003 PerformanceScenario:Scenario:Deployment of a 9Mb Security Patch package to 100,000 client Deployment of a 9Mb Security Patch package to 100,000 client

machines on a “well connected network”.machines on a “well connected network”.

ActivityActivity TimeTime

Creation of Advertisement and Creation of Advertisement and make available to client machinesmake available to client machines

28 mins, 10 secs28 mins, 10 secs

Creation of package and distribute Creation of package and distribute to Distribution points.to Distribution points.

20 mins (Can be concurrent 20 mins (Can be concurrent with advertisement creation)with advertisement creation)

Polling of Advertisements by client Polling of Advertisements by client machinesmachines

63 mins (assuming online 63 mins (assuming online client, worse case scenario)client, worse case scenario)

Download and execution of Download and execution of package by clients.package by clients.

7 mins (average download 7 mins (average download time)time)

Total Optimal Time for Software Total Optimal Time for Software Distribution to a clientDistribution to a client

1 hour, 38 mins, 10 secs.*1 hour, 38 mins, 10 secs.*

Case Study: Marathon OilCase Study: Marathon OilOver 12,000 production laptops and desktops Over 12,000 production laptops and desktops managedmanaged 100% upgraded to SMS 2003 from SMS 2.0 100% upgraded to SMS 2003 from SMS 2.0 Software Deployment improvementsSoftware Deployment improvements

Over 6 week period deployed 1,021,463 Over 6 week period deployed 1,021,463 software/patch distributionsoftware/patch distribution

198 failures = 99.9% success rate198 failures = 99.9% success rate70 new software packages added over 6 week period 70 new software packages added over 6 week period

SMS 2.0 comparison: SMS 2.0 comparison: Average success rate ~70%Average success rate ~70%

Improved performanceImproved performanceAdvanced SMS client and new protected Advanced SMS client and new protected Distribution Point features means 1/3 saving in Distribution Point features means 1/3 saving in number of SMS Site servers required (HW cost number of SMS Site servers required (HW cost saving over SMS 2.0 = $100k)saving over SMS 2.0 = $100k)Volume of software distribution related helpdesk Volume of software distribution related helpdesk calls down 20% over SMS 2.0calls down 20% over SMS 2.0

Case Study: TelecommCase Study: TelecommA Telecommunications CompanyA Telecommunications Company

33rdrd Largest SMS Largest SMS

200,000 Desktops200,000 Desktops

>5,000 Locations>5,000 Locations

Avg. Bandwidth <1MbAvg. Bandwidth <1Mb

With SMS 2003With SMS 2003

>1.5M Payloads/Mo.>1.5M Payloads/Mo.

Remediation <5.6%Remediation <5.6%

Daily InventoryDaily Inventory

25 Min Advertisement25 Min Advertisement

$3.4M Est. Savings$3.4M Est. Savings

Package Delivery From Package Delivery From 6 Days to 4 Hours6 Days to 4 Hours

86%86%67%67%

v2.0v2.0v1.2v1.2

97.2%97.2%

v2003v2003

Case Study: Various CustomersCase Study: Various CustomersDivine Managed SystemsDivine Managed Systems

20,000 packages to 1200 servers in 4 hrs20,000 packages to 1200 servers in 4 hrsCode Red - 99.3% accuracy, 99.95% availabilityCode Red - 99.3% accuracy, 99.95% availability

CNFCNF3,000 workstations, 700 geographical locations3,000 workstations, 700 geographical locations30,000 patches total, 3 failures30,000 patches total, 3 failuresMS Solution for ManagementMS Solution for ManagementMarriage of SMS + ITIL for complete solutionMarriage of SMS + ITIL for complete solution

Motorola, IncMotorola, Inc65,000 workstations65,000 workstationsOver 807,000 successful patches deployed in 2002Over 807,000 successful patches deployed in 2002

Microsoft internalMicrosoft internalPatched 7,000 servers in 7 hours with 100% Patched 7,000 servers in 7 hours with 100% accountabilityaccountabilityPatch 60,000 workstations in 36 hours with 94% Patch 60,000 workstations in 36 hours with 94% compliancecompliance

Inventory Tool for Dell UpdateInventory Tool for Dell Update

Enables SMS 2003 Software update feature to Enables SMS 2003 Software update feature to ScanScan andand DeployDeploy updates from Dell updates from Dell

BIOS and firmware updatesBIOS and firmware updatesDriver updatesDriver updatesDell system application updatesDell system application updates

Uses same framework as other update inventory Uses same framework as other update inventory tools tools little learning curve little learning curveSupports 4Supports 4thth generation and later Dell servers generation and later Dell serversReleased Jan 2005Released Jan 2005IncludesIncludes

Scan tool, Sync tool, Update to DSUW, ReportsScan tool, Sync tool, Update to DSUW, ReportsSolution AcceleratorSolution Accelerator

Dell UpdateDell Update

OS Image DeploymentOS Image Deployment

SMS Feature Drilldown:SMS Feature Drilldown:

SMS 2003 OS DeploymentSMS 2003 OS DeploymentKey FeaturesKey Features

Integrated with SMS 2003Integrated with SMS 2003Inventory based planning/targetingInventory based planning/targeting

Uses SMS software distributionUses SMS software distribution

SMS management of replication of images SMS management of replication of images throughout distributed enterprisesthroughout distributed enterprises

Centralized tracking and statusCentralized tracking and status

Advanced desktop imaging format Advanced desktop imaging format (Microsoft Imaging file - .WIM)(Microsoft Imaging file - .WIM)

File-based and non-destructiveFile-based and non-destructive

Eliminates duplicate filesEliminates duplicate files

Smaller images / high compression Smaller images / high compression (3:1 compression)(3:1 compression)

SMS 2003 OS DeploymentSMS 2003 OS DeploymentKey Features (continued)Key Features (continued)

Advanced image installation task sequencingAdvanced image installation task sequencingUser Notification balloonsUser Notification balloons

State capture and restoreState capture and restoreUSMT or customUSMT or custom

Optional SMS advertisementOptional SMS advertisementExecuted during State Restore phaseExecuted during State Restore phase

Custom actionsCustom actionsAbility to include and execute custom installation scriptsAbility to include and execute custom installation scripts

SMS packages can be executed as part of installation SMS packages can be executed as part of installation sequencesequence

Target Machine

SMS Advanced Client Agent Windows-Present

SMS OSD FP - Hands-off ImagingSMS OSD FP - Hands-off Imaging

BDD Zero Touch Desktop BuildsBDD Zero Touch Desktop BuildsSMS OSD FP - Hands-off ImagingSMS OSD FP - Hands-off Imaging

BDD Zero Touch Desktop BuildsBDD Zero Touch Desktop Builds

MOM

HardDisk

Logs all activity

SMSServer

SMS inventory used to create a “collection” – SMS inventory used to create a “collection” – machines are targeted for refreshmachines are targeted for refresh

Client receives advertisement for OS Client receives advertisement for OS refresh, saves user staterefresh, saves user state

11

22

33SMS delivers bootable WinPE image SMS delivers bootable WinPE image using WIM to existing OS partitionusing WIM to existing OS partition

Image is personalized and boots to Image is personalized and boots to full OS with SMS agentfull OS with SMS agent

55

66

77

Compressed WIM OS image is Compressed WIM OS image is downloaded & installeddownloaded & installed

SMS Advanced Client agentSMS Advanced Client agentstarts upstarts up

SMS delivers role based SMS delivers role based applications & post OS config. applications & post OS config. User state is restoredUser state is restored

88

Application Delivery

SMS ClientAgent Pre-OS

WinPE Image Delivery

Boot files are modified, reboots to Boot files are modified, reboots to WinPE on hard disk & cleans off disk WinPE on hard disk & cleans off disk partitionpartition

44

OS Image Delivery

BootableWinPE

OS

Core Usage ScenariosCore Usage Scenarios

Refresh Computer (In-place)Refresh Computer (In-place)Central planning, targeting and distribution of Image Central planning, targeting and distribution of Image PackagesPackages

Computer state and user state is savedComputer state and user state is saved

Image is installedImage is installed

Other SMS advertised programs rapidly installedOther SMS advertised programs rapidly installed

Computer and user state is restoredComputer and user state is restored

Centralized status reportingCentralized status reporting

Help Desk Recovery (break / fix)Help Desk Recovery (break / fix)Administrator inserts Image Installation CD Administrator inserts Image Installation CD or distributes via SMSor distributes via SMS

Machine is re-imaged (wipe/load)Machine is re-imaged (wipe/load)

User state is migrated if possibleUser state is migrated if possible

Core Usage ScenariosCore Usage ScenariosContinuedContinued

New Computer InstallationNew Computer InstallationImaging process booted via CD or RISImaging process booted via CD or RIS

Image is installed from SMS DPImage is installed from SMS DP

Automate the installation to run Automate the installation to run unattendedunattended

Centralized status reportingCentralized status reporting

Device ManagementDevice Management

SMS Feature Drilldown:SMS Feature Drilldown:

Windows CEWindows CE

Windows XP Windows XP EmbeddedEmbedded

Pocket PC/Pocket PC/SmartphoneSmartphone

SMS Device SolutionsSMS Device Solutions

XP EmbeddedAdvanced Client

Device Management Feature Pack

Windows Mobile Management Client

Feature Set Feature Set Hardware and software inventoryHardware and software inventory

Discovery dataDiscovery dataHardware ID (used as SMS ID), device name, OS nameHardware ID (used as SMS ID), device name, OS name

Hardware inventoryHardware inventoryGroups for video, OS details, CPU, etcGroups for video, OS details, CPU, etc

Extensible via custom dll file on the deviceExtensible via custom dll file on the device

Software inventorySoftware inventoryList of files or applications on the Windows CE file List of files or applications on the Windows CE file systemsystem

Configuration similar to desktop Configuration similar to desktop

Specify directories and wildcard file extensionsSpecify directories and wildcard file extensions

File collectionFile collectionIdentical to existing SMS 2003 client configurationIdentical to existing SMS 2003 client configuration

Feature Set Feature Set Software distributionSoftware distribution

TargetingTargetingDevice targeting via discovery or inventory dataDevice targeting via discovery or inventory data

Software distributionSoftware distributionSimple download and execute command line modelSimple download and execute command line modelCheckpoint restart for downloadsCheckpoint restart for downloads

Device programDevice programSimplified version of standard SMS programSimplified version of standard SMS programNetwork characteristics for download; ‘only when Network characteristics for download; ‘only when docked’, ‘only over a fast network’docked’, ‘only over a fast network’

Device advertisementDevice advertisementSimplified version of standard SMS advertisementSimplified version of standard SMS advertisementSimpler interval scheduling, supports recurrenceSimpler interval scheduling, supports recurrenceMandatory (assigned) or optional advertisementsMandatory (assigned) or optional advertisements

StatusStatusStatus messages for download started, program Status messages for download started, program execution start and finishexecution start and finish

Feature Set Feature Set Settings managementSettings management

Wizard that plugs into the SMS Administrator Wizard that plugs into the SMS Administrator ConsoleConsole for creating settings packagefor creating settings package

Allows most common PocketPC settings to be Allows most common PocketPC settings to be defined:defined:

Networking: PPP, VPN, GPRSNetworking: PPP, VPN, GPRSApplications: Exchange server, Email, IE ProxyApplications: Exchange server, Email, IE ProxySecurity: Installation of certificatesSecurity: Installation of certificates

Settings applied via software distributionSettings applied via software distributionSMS package automatically created for the SMS package automatically created for the settings bundlesettings bundleTargeting to devices via inventory query based Targeting to devices via inventory query based collectionscollectionsSettings are applied on the device using standard Settings are applied on the device using standard PocketPC XML configurationPocketPC XML configuration

Feature Set Feature Set Password policy managementPassword policy management

Centralized control of device password policyCentralized control of device password policy

Define whether user has to configure a numeric or Define whether user has to configure a numeric or strong passwordstrong password

If password not set then user must set before If password not set then user must set before continuingcontinuing

Power off timeout maybe definedPower off timeout maybe defined

Administrator defined ‘lockout’ strong password Administrator defined ‘lockout’ strong password applies after certain failed device entry attemptsapplies after certain failed device entry attempts

ImplementationImplementationPassword applet contained in a separate install Password applet contained in a separate install from core clientfrom core client

Admin console definition of settings use Device Admin console definition of settings use Device Settings ManagerSettings Manager

Deployment & UpgradeDeployment & Upgrade

Preparing for SMS 2003Preparing for SMS 2003New Deployment or SMS 2.0 UpgradeNew Deployment or SMS 2.0 Upgrade

Verify server software requirementsVerify server software requirements

Prepare Active Directory environmentPrepare Active Directory environmentExtending the Active Directory schemaExtending the Active Directory schema

Decide on SMS 2003 security modeDecide on SMS 2003 security mode

Prepare SMS site systems for Prepare SMS site systems for SMS 2003SMS 2003

Select client installation methodSelect client installation method

Upgrading SMS 2.0Upgrading SMS 2.0to SMS 2003to SMS 2003

Only SMS 2.0 SP4+ can be upgradedOnly SMS 2.0 SP4+ can be upgraded

Once prepared, the upgrade from SMS 2.0 to Once prepared, the upgrade from SMS 2.0 to SMS 2003 is a simple process, just like a SMS 2003 is a simple process, just like a service packservice pack

Must be aware of the reduced platform Must be aware of the reduced platform support in SMS 2003support in SMS 2003

SMS site systems must be Windows 2000 SP3+SMS site systems must be Windows 2000 SP3+

No Netware clientsNo Netware clients

No SQL Server 6.5No SQL Server 6.5

No support for Windows 95 or lowerNo support for Windows 95 or lower

No Windows ME or Windows XP Home EditionNo Windows ME or Windows XP Home Edition

SMS 2003 Deployment SMS 2003 Deployment Readiness Wizard (DRW)Readiness Wizard (DRW)

Verifies the SMS 2.0 site’s readiness to be upgraded Verifies the SMS 2.0 site’s readiness to be upgraded to SMS 2003to SMS 2003

Analyzes data from the local SMS site databaseAnalyzes data from the local SMS site database

Can verify local primary site or any child secondary Can verify local primary site or any child secondary sites of the local primarysites of the local primary

Individual or all secondary sitesIndividual or all secondary sites

Launched as a command line programLaunched as a command line programRun on the SMS 2.0 site serverRun on the SMS 2.0 site serverCan run as command line program with switches to run Can run as command line program with switches to run silentlysilently

Must be run with pass results within 7-days prior to Must be run with pass results within 7-days prior to the upgradethe upgrade

Setup process will not run unless DRW passes all testsSetup process will not run unless DRW passes all testsSetup will continue if only “Warnings” are foundSetup will continue if only “Warnings” are found

SMS Future RoadmapSMS Future Roadmap

Microsoft Updates ScannerMicrosoft Updates Scanner System Center ReportsSystem Center Reports SMS V4SMS V4

SMS Inventory Tool For SMS Inventory Tool For Microsoft UpdatesMicrosoft Updates

Next generation SMS security update scan toolNext generation SMS security update scan toolBuilds on Windows Update agent for scanning Builds on Windows Update agent for scanning and installationand installation

Standalone scan tool - does not require Update Service server or Standalone scan tool - does not require Update Service server or Internet connectivityInternet connectivity

Distributed as a stand-alone install by SMS for older Distributed as a stand-alone install by SMS for older operating systemsoperating systemsBenefitsBenefits

ConsistencyConsistencySMS results will be consistent with Microsoft Update (MU) and Windows SMS results will be consistent with Microsoft Update (MU) and Windows Update/Automatic Updates (WU/AU) Update/Automatic Updates (WU/AU)

CoverageCoverageWindows, SQL Server, Exchange, Microsoft OfficeWindows, SQL Server, Exchange, Microsoft OfficeEventually ALL Microsoft ProductsEventually ALL Microsoft Products

Rich catalogRich catalogAutomatic download for all languagesAutomatic download for all languagesIncludes Command line switchesIncludes Command line switchesIncludes support for 64-bit operating systemsIncludes support for 64-bit operating systems

System CenterSystem CenterReporting ManagerReporting Manager

Integrated data warehouse behind SMS/MOMIntegrated data warehouse behind SMS/MOMUsing SQL Reporting Services for reportingUsing SQL Reporting Services for reportingWhy YOU should look at it:Why YOU should look at it:

Promo – Customers with SA on SMS can Promo – Customers with SA on SMS can get for freeget for freeGet reporting to an offline store to not interfere with Get reporting to an offline store to not interfere with SMS ops database, optimized for reporting SMS ops database, optimized for reporting performanceperformanceSQL Reporting is the long-term for SMS/MOM – get SQL Reporting is the long-term for SMS/MOM – get there NOW!there NOW!Cool reports for intersection of SMS and Cool reports for intersection of SMS and business databusiness dataWe’ll DISCLOSE the schema on this oneWe’ll DISCLOSE the schema on this oneIf you’ve got MOM – even better!If you’ve got MOM – even better!

Intranet to Internet secure infrastructureIntranet to Internet secure infrastructureIntegration with Windows Longhorn Integration with Windows Longhorn Network Access ProtectionNetwork Access Protection

Systems Management ServerSystems Management ServerVersion 4Version 4

Desired configuration managementDesired configuration managementIT policies and industry compliance IT policies and industry compliance Model-basedModel-based

Simplified, role-based UISimplified, role-based UIUnified OS deploymentUnified OS deployment

Longhorn/Office 12 Longhorn/Office 12 upgrade assessmentupgrade assessment – – The ability to identify and The ability to identify and resolve hardware and resolve hardware and software incompatibilities software incompatibilities with Windows/Office before with Windows/Office before upgrading.upgrading.

Machine replacementMachine replacement – – The ability to migrate The ability to migrate desktops and servers from desktops and servers from old hardware to new old hardware to new hardware preserving state.hardware preserving state.

Disconnected/remote Disconnected/remote deploymentdeployment – Enable – Enable administrators/users to administrators/users to deploy Windows via CD set deploy Windows via CD set or DVD with or without or DVD with or without network connectivitynetwork connectivity

Vulnerability reporting Vulnerability reporting – – Enterprise-wide Enterprise-wide vulnerability reportingvulnerability reporting

Quarantine integration for Quarantine integration for patch and vulnerabilitypatch and vulnerability – – Prevent workstations from Prevent workstations from accessing corporate accessing corporate resources when they are resources when they are not properly patched or not properly patched or when they have vulnerable when they have vulnerable configurations..configurations..

Internet facing scenariosInternet facing scenarios – Software distribution, – Software distribution, asset management, patch asset management, patch management and desired management and desired configuration across the configuration across the Internet without requiring a Internet without requiring a VPNVPN

Patching improvementsPatching improvements – – Selectively downloading Selectively downloading only the patches that apply only the patches that apply to a given system reduces to a given system reduces network traffic and closes network traffic and closes the WUS gap.the WUS gap.

Fully functional out of the Fully functional out of the boxbox – Simple MSI setup – Simple MSI setup that ends with a fully that ends with a fully functional SMS site.functional SMS site.

Simplification of SMS Simplification of SMS distribution hierarchydistribution hierarchy – – Leveraging workstations as Leveraging workstations as dist. points can reduce dist. points can reduce infrastructure and cost.infrastructure and cost.

Task-based UITask-based UI – Simple – Simple and intuitive task-based and intuitive task-based administrator interface for administrator interface for patching, quarantine, OS patching, quarantine, OS deployment, software deployment, software distribution and desired distribution and desired configuration monitoringconfiguration monitoring

Install in a time windowInstall in a time window – – Allow administrators to Allow administrators to install software in install software in designated time windowsdesignated time windows

Proactive best practice Proactive best practice evaluation/notificationevaluation/notification – – Notification of any deviation Notification of any deviation from a desired configuration from a desired configuration for a system or an for a system or an application (ie. ports, application (ie. ports, vulnerabilities, …). For MS vulnerabilities, …). For MS applications this includes applications this includes being inline with Best being inline with Best Practices in the BPA’s. Practices in the BPA’s.

Regulatory compliance Regulatory compliance verificationverification – Notification – Notification of any deviation from of any deviation from regulatory compliances regulatory compliances such as SOX, HIPPA, …such as SOX, HIPPA, …

Ability to create and edit Ability to create and edit configuration definitions configuration definitions easilyeasily – use the knowledge – use the knowledge provided by your vendor, or provided by your vendor, or customize and create your customize and create your own.own.

SMS 4.0 – Key InvestmentsSMS 4.0 – Key InvestmentsUnified OSUnified OSdeploymentdeployment SecuritySecurity SimplicitySimplicity

DesiredDesiredconfigurationconfiguration

On-line ResourcesOn-line ResourcesSystems Management Server HomepageSystems Management Server Homepage

http://www.microsoft.com/http://www.microsoft.com/smserver/default.mspxsmserver/default.mspx

EvaluationEvaluationhttp://www.microsoft.com/smserver/evaluation/2003/default.mhttp://www.microsoft.com/smserver/evaluation/2003/default.mspxspx

Webcasts, Events and ChatsWebcasts, Events and Chatshttp://www.microsoft.com/smserver/community/sharpen.mspxhttp://www.microsoft.com/smserver/community/sharpen.mspx

CommunityCommunityhttp://www.microsoft.com/smserver/community/default.mspxhttp://www.microsoft.com/smserver/community/default.mspx

PartnersPartnershttp://www.microsoft.com/smserver/partners/default.mspxhttp://www.microsoft.com/smserver/partners/default.mspx

Solution AcceleratorsSolution Acceleratorshttp://www.microsoft.com/msm/http://www.microsoft.com/msm/

MMS 2005 DVD ResourcesMMS 2005 DVD Resources

SC01:SC01: SMS - State of the UnionSMS - State of the Union

SC02:SC02: Managing non-Windows Clients with SMS2003 and Managing non-Windows Clients with SMS2003 and PartnersPartners

SC03:SC03: Troubleshooting SMS 2003Troubleshooting SMS 2003

SC04:SC04: Managing and configuring your mobile devices withManaging and configuring your mobile devices withSystems Management Server 2003Systems Management Server 2003

SC05:SC05: Technical Drilldown: Systems Management Server 2003Technical Drilldown: Systems Management Server 2003OS Deployment Feature PackOS Deployment Feature Pack

SC07:SC07: Best Practices - Security Update Management withBest Practices - Security Update Management withSystems Management Server 2003Systems Management Server 2003

SC08:SC08: Using SMS and Network Access Protection forUsing SMS and Network Access Protection forSystem Health Management.System Health Management.

SC09:SC09: Planning and Deploying SMS2003Planning and Deploying SMS2003

SC24:SC24: Using SMS on a Large Scale - Microsoft IT’s Best Using SMS on a Large Scale - Microsoft IT’s Best PracticesPractices

© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.