Microsoft has christened System Center Configuration Manager (SCCM) 2007 as
the new incarnation of its vaunted System Management Server (SMS). The System
Center moniker acts as an umbrella that covers Microsoft's family of manageability
tools. Along with Configuration Manager, the current list of System Center solutions
includes Operations Manager, Data Protection Manager, Reporting Manager, Essentials,
Virtual Machine Manager, and Capacity Planner. The company also recently announced
a new Help desk offering called System Center Service Desk (SCSD). But SCCM
is the senior member of the System Center lineup, and it's arguably the anchor
component.
Let's take a look at SCCM's architecture and the solid set of tools it provides for
managing your entire Windows infrastructure, highlighting some of the new and
exciting features of SCCM 2007. Then, let's drill down into what you need to know
about putting the new generation of Microsoft systems management software to work
in your environment.
Built on 4 Pillars
SCCM is a major retooling of previous SMS technologies and capabilities. In
its introduction of the new product, the Microsoft product team uses an analogy
of four pillars upon which the new system is built. The pillars are simplicity,
deployment, security, and configuration.
Simplicity. The simplicity pillar represents a worthwhile goal
for a product with so many capabilities. Toward this end, Microsoft has rolled
feature packs and add-ons into the core product so that administrators no longer
need to find, download, and integrate such tools individually. A new setup routine
tracks and displays setup tasks as they occur and builds a management point
so that the SCCM installation is ready to begin client deployment following
setup. Microsoft has also introduced the notion of maintenance windows and integrated
Wake on LAN (WOL) capabilities, both of which let SCCM administrators more easily
control when and how the tool's operations occur on managed systems. The Microsoft
Management Console (MMC) 3.0–based UI, which Figure
1 shows, gets some terrific enhancements, including drag-and-drop and search
folders. Microsoft has streamlined many administrative tasks with dynamic wizards
to reduce the complexity of operations. Another great new feature—Volume
Shadow Copy Service (VSS)–enabled backups for SCCM site systems—further
simplifies administrators' lives.
Deployment. The deployment pillar focuses on making SCCM a
complete solution for deploying both server and desktop OSs throughout the enterprise,
in addition to applications and updates. These capabilities have existed in
some fashion in SMS 2003, but Microsoft has redesigned them to integrate the
latest Windows OS deployment technologies—such as Windows Preinstallation
Environment (PE), Windows Imaging Format (WIM), and User State Migration Tool
(USMT)—into an unattended OS deployment process. The product uses a task-sequencing
engine during the deployment process to ensure that necessary steps (e.g., installing
drivers and applications, restoring user documents and settings) occur.
Security. The security pillar is primarily composed of two
security initiatives that make SCCM a better tool for managing security updates
for your enterprise and make the SCCM infrastructure more secure than previous
SMS versions. The first initiative involves enhanced vulnerability assessment
and remediation technology, and the second initiative involves seamless, end-to-end,
mutual authentication between SCCM systems and managed clients—whether
they're connected via the Internet or on the LAN or roaming between the two.
Configuration. The configuration pillar entails giving IT organizations
the ability to model and manage a desired configuration for a given system type.
SCCM administrators can create management policies to establish a baseline for
system-configuration items, including hardware configuration, installed software,
system load, and specific settings. The system can report on compliance with
the baseline configuration and can take knowledge-driven actions based on particular
out-of-compliance conditions.
Core SCCM Features
Total cost of ownership (TCO) was once a huge driver for promoting tools to
better manage IT systems, but the term TCO seems to have fallen out of vogue.
However, we should never underestimate the necessity of keeping the cost of
managing desktop and server systems in check. IT organizations are responsible
for maintaining a healthy TCO bottom line.
That's where SCCM comes in. SCCM is
geared toward increasing the overall effectiveness of IT organizations, streamlining provisioning, and managing computing resources
while minimizing the overhead of doing so.
The following core SCCM features all contribute in the effort of accomplishing these lofty
goals: software distribution, inventory and
reporting, device management, OS deployment, software update management, remote
tools, desired configuration management, network access protection, and Internet-based
client management.
Software distribution and updates. Software distribution
is a huge part of SCCM and has been since the first version of SMS. Software
distribution is the ability to remotely deploy software—typically an
application—to one or more client systems. That summation sounds simple
enough, but modern businesses' software-deployment needs reach far beyond simply
installing a given software package onto a group of desktop computers. Attention
must be paid to a target system's connection type, system type, and usage pattern,
as well as the overall bandwidth of the network you're using for delivery. Furthermore,
once you've installed a software package, it will likely need updates over the
course of its service life. You can use collection machine variables—which
help you categorize computers based on certain parameters (e.g., OS, memory,
disk)—to ensure that SCCM targets only appropriate systems for certain
software. Background Intelligent Transfer Service (BITS) and maintenance windows
ensure that software installation doesn't hamper a user's productivity. If an
uncooperative user insists on powering off his or her system each night, you
can use WOL to power it on for software maintenance. SCCM uses binary deltas—with
DFS replication (DFSR) hashing—to minimize the bandwidth impact of application
updates for sites and distribution points across your network. (A binary delta
copies only changed bits of an application update. For example, if you have
a 700MB Microsoft Office package and you need to change one file, only the differences
in that file will need to be transferred for the entire package to be current—as
opposed to the entire 700MB package.)
Inventory and reporting. Even small IT shops can have
trouble getting a clear picture of the hardware and software assets that comprise
their fleet. SCCM's inventory and reporting features help with this challenge.
You can configure the inventory component to collect hardware and software information
from client systems at a prescribed interval. The reporting component then assembles
appropriate pieces of the collected data into meaningful reports. These reports
can be quite simple (e.g., a breakdown of desktop computer platforms) or quite
complex (e.g., HP laptops in the accounting department with a specific BIOS
version and video driver version, running Microsoft Internet Explorer—IE—7.0
on Windows XP SP2). Software-inventory and software-metering reports can also
help you get a firm grasp on license management.
Device management. Device management—which Microsoft
really should call mobile device management—originated as a feature
pack add-on to SMS 2003. The company has enhanced the feature and incorporated
it into SCCM. Device management lets you perform on mobile devices management
functions similar to those available to traditional clients. For example, you
can perform hardware and software inventory, file collection, software distribution,
settings control, and password management. Current SCCM-manageable devices include
those running Windows Mobile software on Pocket PC, or smart phones and devices
running Windows CE. The SCCM documentation—accessible from the Learning
Path—contains an exhaustive list.
Previous
Register
