Microsoft has finally delivered a version of System Center that recognises the need to configure non-Windows devices and connect to disparate cloud services.
SCCM R2 is likely to be the first tool system administrators play with after Microsoft’s major update to the System Center suite, aligned with the release of Windows Server 2012 R2 and the Windows 8.1 client operating system.
For those new to System Center – it is a suite of IT management and automation products. While each product within System Center provides incremental value to the sysadmin, Microsoft's licensing model ensures that unlocking the value of R2 relies on deploying the whole suite.
The products in the full System Center suite are:
- Configuration Manager (deploying operating system images and distributing software to clients)
- App Controller – (to manage virtual machines between Windows Server on-premise and Windows Azure cloud services)
- Data Protection Manager – (Microsoft’s centrally managed backup software)
- Orchestrator – (Workflow management for automation of processes and tasks)
- Operations Manager – (Server and application monitoring)
- Virtual Machine Manager – (To manage the creation of virtual machines)
- Service Manager – (ITIL-structured Helpdesk ticketing software)
System Center Configuration Manager ticks some immediate boxes for sysadmins.
The R2 version installs fairly seamlessly over the top of the previous SCCM 2012 SP1, so any IT shop that has kept up to date will have the easiest install.
But there is a steep learning curve for entry-level users. SCCM has its complexities – first-time installs shouldn’t expect to have it up and running from scratch in a few hours without first getting their head around the nuances of its structure and design.
Regardless of your experience, the most sensible approach is to follow Microsoft's own detailed instructions on upgrading. Mercifully, your users probably won’t notice an outage if you get something very wrong – unless your user-base are the types that use the self-service portal to install new applications routinely.
And make sure you have done a backup. If you do, recovery is relatively easy.
R2 includes the many of the policy and configuration settings you’d come to expect from prior versions of SCCM, such as Windows Operating System Deployment, Application Management (in both the old SCCM 2007 packages style and the newer 2012 Applications style), Endpoint Protection management for your anti-virus needs along with all the monitoring and log files you could ask for.
So what’s new?
Support for the latest operating systems
SCCM R2 makes the most sense if you’re already committed to deploying the latest Microsoft operating systems. It provides full support for both Windows 8.1 and Windows Server 2012 R2.
Yes, older versions of SCCM can manage these operating systems with the applying of a patch, but to deploy them you'll need the latest configuration tool.
SCCM R2 goes some way to addressing the growing disconnect between a Microsoft-centric world and a broader ecosystem of cloud services connected to a variety of mobile devices.
With R2, Microsoft has attempted to create stronger links between SCCM – designed for management of on-premise devices – and Windows Intune, with its focus on mobile devices connecting to cloud services. The integration between SCCM R2 and Intune allows sysadmins to control both from the one console.
Intune helps to manage those mobile users savvy enough to self-service register their device and pull down applications on demand, rather than having their computing experience centrally-controlled. It’s not for everyone, but it is a pretty handy edition.
Combining SCCM with Intune also gives Microsoft some authority to claim it now offers a mobile device management (MDM) suite. The dynamic duo enable a sysadmin to manage devices running the big three mobile operating systems: iOS (v6 minimum), Android (v4 minimum) and Windows Phone 8/Windows RT.
Sysadmins are likely to appreciate new compliance settings (such as forced password rules to secure access, or roaming settings to avoid those ugly phone bills when users travel overseas), as well as app deployment features and a means of keeping track of hardware inventory.
There is, however, an extra cost associated with use of Intune. Microsoft offers it as a bundle with SCCM for slightly cheaper than if it was purchased standalone – but you’re still looking at $4 per user, per month.
Even without Intune, SCCM allows for the most basic management of mobile devices. If data security isn’t a critical issue for you, sysadmins can still connect to Microsoft Exchange to see all your ActiveSync connected devices, but you can do little more than block or wipe a device.
It’s worth noting that SCCM doesn’t and never has supported Blackberry – probably because any IT shop with a decent sized fleet would already have a Blackberry Enterprise Server to look after them.
In any case, SCCM’s support for the two major non-Windows mobile devices shows that Microsoft is starting to get the message that a monopolistic approach won’t cut it with today’s sysadmins, faced with the typical requests from executives for a particular brand of phone.
In past versions of SCCM, we’ve always found the setting of policies to be relatively straightforward. But one major shortcoming was the lack of an easy way to view what policies you’ve set for a particular device or group of devices.
Microsoft has more or less solved this issue in SCCM R2 by mirroring a function built for Active Directory (Resultant Set of Policy). The 'Resultant Client Settings' option on the SCCM R2 console which will show you all the configuration settings being applied. This helps to ensure a particular client is correctly configured for such settings as Anti-Virus via System Center Endpoint Protection (another tied in product with SCCM), or if the client has the correct Wake ON LAN settings.
Connect those devices
Another new feature that SCCM 2012 R2 introduces is Compliance Profiles.
Remote Connection, Certificates, VPNs and Wi-Fi settings can now be pushed out to clients using these profiles, and should make life a lot easier.
You could, for example, give all your users the settings for the work wifi access point automatically, and push out these settings to all mobile and Windows 8.1 devices. Staff walk in to the office and immediately connect to the internal network without having to configure settings.
Alternatively, staff leaving the office can have a fully configured VPN connection ready to connect to the moment they leave. And if wifi SSID changes? Just update the profile and push it out company wide.
This is the sort of basic automation that kills off unnecessary help desk tickets.
R2 expands on the recently introduced support for Apple Mac OS X devices (first appeared in SCCM 2012 SP1), with devices running Mountain Lion now supported.
This is another nod from Microsoft, realising heterogeneous environments are a reality and that it can only keep sysadmins using its products of all popular operating systems can be managed from the same console.
Read on for Powershell updates, pricing and our final say....