Roadmap

RTM RTM
RTM RTM

RTM
RTM RTM RTM

Microsoft and Interoperability

Interoperability agreements with Novell, Citrix (Xen), and Red Hat to support Linux (RedHat, Suse, CentOS) on Hyper-V
SVVP (Server Virtualization Validation Program) to certify non-Microsoft Hypervisors for Microsoft Support

CentOS
DHMC runs both Windows Server 2008 and Windows Server 2003 as guest operating systems under Hyper-V, as well as Linux. To date, DHMC has virtualized Web servers, sites on Microsoft Office SharePoint Server 2007, reporting servers, medical applications, domain controllers, file and print servers, Citrix servers, and more. Dartmouth Hitchcock Medical Center Case Study

System Center Operations Manager supports monitoring of non-Windows, including Linux Redhat and Suse + centOS, Unix HP UX, Sun Solaris and IBM AIX; from February 2013Gentoo/Debian/Oracle Linux/Universal Linux/ MacOS

System Center Virtual Machine Manager 2012 manages VMware ESX servers and Citrix XEN Servers

Microsoft Private Cloud Server Platform

Simplify with integrated physical, virtual and cloud management

Improve agility with private cloud computing infrastructure Optimize service delivery across datacenter infrastructure and business critical services

We dont have to manage our infrastructure with multiple toolswe have one central monitoring and management console from which we can care for every aspect of our environment - Doug Miller, Practice Architect, Microsoft Practice Group, CDW

Private Cloud Technologies

VIRTUALIZATION

SELF-SERVICE

MANAGEMENT

IDENTITY

 Deployment Guides are available on the Microsoft Private Cloud website:

http://www.microsoft.com/virtualization/en/us/private-cloud.aspx

Technologies used:
Technologies Virtualization Virtualization Management Advanced Management and Orchestration Basic Private Cloud Hyper-V SCVMM 2012 Advanced Private Cloud Hyper-V SCVMM 2012 Service Manager 2012 Self Service Portal Configuration Manager Operations Manager Service Manager Data Protection Manager Orchestrator

Configure
App Controller Orchestrator

Deploy

Virtual Machine Manager

Self Service
App Owner

Service Model

Service Delivery and Automation

Operations Manager Configuration Manager Data Protection Manager

DC Admin

Service Manager

Service Manager

Monitor

Operate

Application Management

Service Delivery and Automation

Infrastructure Management

Example Hybrid Deployment

Hybrid Service

Private

Fabric

Cloud

Services

Fabric Management
Hyper-V Bare Metal Provisioning
Hyper-V, VMware, Citrix XenServer Network Management Update Management Dynamic Optimization Power Management

Cloud Management
Application Owner Usage

Service Management
Service Templates Application Deployment

Capacity and Capability

Custom Command Execution

Image Based Servicing

Storage Management

Monitoring Integration

Delegation and Quota

Performance and Resource Optimization

(PRO) with SCOM and SCVMM

Workload and application aware resource optimization Create policies that SCVMM acts upon tips automatically or manually Minimize downtime and accelerating time to resolution. Enables partners to deliver value add to our mutual customers

End to End Monitoring Solution

Proactive Platform Monitoring Application and Service Level Monitoring Interoperable and Extensible Platform

Centralized monitoring across Windows, Linux and Unix Configuration change monitoring Monitor and Manage Microsoft and third party virtualization platforms Diagram data center operations and visualize status

Application & service level monitoring Problem resolution knowledge base Track and report service levels Service level dashboards

Standards based Open and extensible platform for customized support Interoperability with 3rd party management systems and help desks

SCOM 2012- Enterprise Class

Scale across IT teams and manage business critical environments

Role based security for secure delegation of access to information and task execution Aggregate monitoring of client systems Self monitoring infrastructure Leverages clustering, and agent failover for high reliability Works across AD trust boundaries

Java Monitoring Supported Platforms

Supported JEE Application Servers
IBM WebSphere Oracle WebLogic Redhat JBoss Apache Tomcat 6.1, 7.0, (8 TBD) 11gRel1, 10gRel3 4.2, 5.1, 6, (7 TBD) 5.5, 6.0, 7

Supported Operating Systems Matrix

Tomcat
RHEL SLES Solaris AIX Windows

JBoss

WebSphere

WebLogic

Managing Complex Applications with SCOM 2012 and AVIcode

End users

Web servers

Data servers Application servers

Application users

Web servers Application servers

Business Application View of application users performance

Data server s

Consistent Experience Desktop Console

SQL Server Summary Dashboard

Active Alerts

Top 5 SQL Servers database generating the most Alerts

Top 5 SQL Server computers with the highest % processor utilization

Top 5 SQL Server computers with the highest % memory utilization Top 5 SQL Server computers with the lowest % free space available

Critical SQL Server Databases

SQL Server alerts generated in the last 24 hours

SQL Server Performance Dashboard: OperationsManagerDW

SQL Server Availability over last 24 hours

SQL CPU Utilization over last 24 hours

SQL Memory Usage in KB

Total Memory: 50,000 KB

Disk Storage
Data Files: 17.6 GB

66%
Log Files: 6.93 GB

2%
SQL Server Properties

Total Memory Used on Server Total Physical Memory (MB): 1000

Available Physical Memory (MB): 200

80%

Active Alerts

SQL Server Summary DashboardServers database generating the most Top 5 SQL
Alerts

Top 5 SQL Server computers with the highest % processor utilization

Top 5 SQL Server computers with the highest % memory utilization Server computers with the lowest % free space Top 5 SQL available

Critical SQL Server Databases

SQL Server alerts generated in the last 24 hours

Supported Non MS Operating Systems

AIX
Version 5.3 (Power) Version 6.1 (Power) Version 7.1 (Power) Version 11iv2 (PARISC/IA64) Version 11iv3 (PARISC/IA64) Version 4 (x86/x64) Version 5 (x86/x64) Version 6 (x86/x64) Version 8 (SPARC) Version 9 (SPARC) Version 10 (SPARC/x86/x64) Version 9 (x86) Version 10 SP1 (x86/x64) Version 11 (x86/x64)

Version Support New versions of operating systems supported within 180 days of release Old versions supported as long as vendor provides support

HP-UX
Red Hat Enterprise Linux Solaris
SUSE Linux Enterprise Server

Network Monitoring in OpsMgr 2012

Out of the box discovery, monitoring, and reporting Server to network dependency discovery Multi-vendor support Multi protocol support
SNMPv1/v2c/v3 IPv4 and IPv6

Deliver robust platform for partners to build on

Network Monitoring
Port/Interface
Up/Down (operational & admin status) Volumes of inbound/outbound traffic % Utilization Drop & Broadcast rates

Processor
% Utilization

Memory
In depth memory counters (Cisco Only) Free memory

SCOM 2012 Network Map Design

Audit Collection Service (ACS)

Archiving audit collections for forensincs and compliance Account Management Reports
User account created/deleted/enabled/disabled, Security group changes, Changing password, Computer account creation/deletion

Access Violation
Unauthorized access attempts, Account locked

Policy Changes
Audit policy changed, Object SACL changed, Object permissions changed, Account policy changed, Privilege added/removed

System Integrity
Lost events, Audit failure, Log cleared

Security log consolidation & compliance - SCOM & interoperability

2012

2012

Client Management Infancy (NT Domain)

Groups Model

Laptops, Servers, Enterprise Scale

Comprehensive Management

Management from the Cloud

Consumerization of IT

Business Needs and IT Challenges

How can IT maintain user productivity and protect against evolving threats

Business Needs
Agility and Flexibility

IT Needs

Lower operational costs

How can IT reduce complexity and scale back infrastructure requirements

Device Choice Application Self-service Personalized Application Experience Non-intrusive management

Manage all devices through single interface Deliver applications to the user, not the device Integrated security and compliance Reduced infrastructure complexity
Single admin console

Access to org. resources across devices & platforms

Empower Users

Unify Infrastructure

Simplify Administration

Empower people to be more productive from almost anywhere on almost any device.

Reduce costs by unifying IT management infrastructure.

Improve IT effectiveness and efficiency.

Simplify Administration

Modern Management Console Role-based Administration Operating System Deployment

Improve IT effectiveness and efficiency.

Client Health Asset Intelligence

Map the organizational roles of your administrators to defined security roles Security organization role Geography Reduces error, defines span of control for the organization

Meg- WW Central System Administrator

Louis-Software Update Manager for France

Bob- US & France Security Admin

Functionality

ConfigMgr 2007

ConfigMgr 2012

Can see & update France desktops Cannot modify security settings on France desktops Cannot see All Systems or U.S. desktops

Can see & modify security settings on France and U.S. desktops Cannot update France or U.S. desktops Cannot see All Systems

Understand software installation profiles Plan for hardware upgrades Identify over or under licensing issues Track custom apps or groups of titles

Real-time Application and Hardware Intelligence

Asset Intelligence Service

Software Metering & License Reports

ConfigMgr Inventory

Asset Intelligence Catalog

CAS
PXE initiated deployment allows client computers to request deployment over the network Multi-cast deployment to conserve network bandwidth Stand-alone media deployment for no network connectivity or low bandwidth USMT 4.0 UI integration makes it easier transfer files and user settings from one machine to another
Image Task Sequence

Report

WDS PXE Server

Primary Site DP Role

Primary Site MP Role

SCCM 2012
Machine and application lifecycle
Application distribution and installation OS Deployment
Client or Servers Existing or new machine User parameters migration WIM image format Tasks sequencer Application compatibility No Mandatory Packaging Dynamic Targeting based on user affinity and/or inventory User experience control Network Access Protection integration Wake-On-Lan

Update Management
Desired Configuration Monitoring
Microsoft best practices Custom models Ability to remediate some settings Microsoft security updates Harware and software vendors catalogs Business Applications Maintenance windows

SCCM & Intel AMT Integration

- management of desktops and servers even they are stopped
Intel Core 2 Duo Processor

Intel Q35 Express Chipset with ICH9-DO

Intel 82566DM Gigabit Network Connection

Intel vPro Components

Intel Key Platform Technologies Intel Platform Software Ecosystem Solutions

Intel Active Management Technology (AMT) is a function of the chipset & network controller Hardware-based management for clients

Desktop: Intel vProTM Processor Technology

Empower Users

Unify Infrastructure

Simplify Administration

Modern Device Management User-centric Application Delivery

Empower people to be more productive from almost anywhere on almost any device. Reduce costs by unifying IT management infrastructure. Improve IT effectiveness and efficiency.

Mobile Device Management with SCCM 2012

Management for all Exchange ActiveSync (EAS) connected devices

Empower

EAS-based policy delivery Discovery and inventory Settings policy Remote Wipe

EXCHANGE CONNECTOR REPORTS

EXCHANGE CONNECTOR REPORTS

Thin Clients

Windows XP Embedded Windows Embedded Standard 2009 Windows Embedded Standard 7 Same as Thin Clients, plus POS Ready 2009 POS Ready 8

Supported Write Filters File Based Write Filters (FBFW) (preferred for scalability) Enhanced Write Filters (EWF) RAM Ability to force persistence of changes for Applications Packages and programs Software updates Task sequences Endpoint Protection client installation Eventual persistence of changes for Client agent settings Settings management remediation Power management Without write filters enabled, embedded devices can be managed like any other Windows client. When write filters are enabled, they require special handling, now provided seamlessly in SP1

POS/Kiosk

Digital Signage

Windows Embedded Standard 2009 Windows Embedded Standard 7

Repurposed PC

Windows Thin PC

Red Hat Enterprise Linux Solaris SUSE Linux Enterprise Server

Version 4 (x86/x64) Version 5 (x86/x64) Version 6 (x86/x64) Version 9 (SPARC) Version 10 (SPARC/x86) Version 9 (x86) Version 10 SP1 (x86/x64) Version 11 (x86/x64)

Supported OSs across both: Configuration Manager Operations Manager Old versions supported as long as vendor provides support Broader Linux distro support being evaluated for future releases

Hardware and Software Inventory

Software Deployment Using the Package and Program model Deploy/patch software, deploy OS patches and run maintenance scripts that target a collection Consolidated reports

 Deliver best user experience on each device Define application once < >

Delivery Evaluation Criteria

User Device type Network connection

User/Device Relationships
Primary Devices MSI App-V Windows 8 Apps Windows 8 Apps in the Windows Store Non-primary Devices VDI Remote Desktop

General Information
Application Package
< >
Administrator Properties End User Metadata

Deployment Type
App-V Windows Script Windows Installer CAB / SIS Detection Method Install Command Requirement Rules Dependencies Supersedence

Administrators publish software titles to catalog, complete with meta data to enable search Deliver best user experience on each device

IT
Users can browse, select and install directly from Catalog Application model determines format and policies for delivery

User

Unify Infrastructure

Reduced Infrastructure Requirements

Unified Management of Virtual Clients

Endpoint Protection

Compliance & Settings Management

Reduce costs by unifying IT management infrastructure.

Software Update Management

Distribution Point for Windows Azure

Central Administration Site

Central primary site administration Reporting

Primary Sites
Client management and settings Delegated administration

Secondary Sites
Content routing Distributions points

Central Administration Site

Primary Site

Primary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

Secondary Site

User-centric application delivery through Microsoft Application Virtualization or Citrix XenApp.

CONNECTION BROKER

Single admin experience for managing physical and virtual desktops. Integrates with Remote Desktop Services and Citrix XenDesktop.
Recognizes pooled and personal virtual desktops Randomizes tasks

APP-V CONFIGMGR SEQUENCER DP/MP HYPER-V

Unified Infrastructure
Simplified server and client deployment Streamlined updates Consolidated reporting

Comprehensive Protection Stack

Behavior monitoring Antimalware Dynamic Translation Windows Firewall Management

Simplified Client Setup

Ease of client setup and deployment
No separate deployment needed for endpoint protection client Endpoint Protection agent installer deployed with Configuration Manager client setup

Flexible administrative control

Administrator can force or suppress any required reboots Configurable option for automatic removal of existing AV client

Easy migration from existing solutions and automatic removal of existing clients
Symantec McAfee TrendMicro Forefront Client Security or Forefront Endpoint Protection

Client Installation Flow

EP agent installer deployed with ConfigMgr Client
EP enabled in the console- EP installation starts on the device

Silent removal of third-party products

EP client installation

Policy configuration

Signature update

Signature Update Distribution

Ensures always up-to-date security regardless of the client location
Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share)

Easier distribution process

Automatic deployment rules within ConfigMgr console

Uses distribution points and reduced definition size

Minimizes WAN impact

Corporate Network
MICROSOFT UPDATE
DELTA UPDATE SIZE: 50-2048 KB UPDATE FREQUENCY: 3 TIMES/DAY

ON THE ROAD Fallback to online update

Updates distributed through ConfigMgr, WSUS or Windows File Share

Simple Policy Administration With Templates

Simplified management for antimalware policies
Templates for different security needs Options to configure settings granularly

Centralized management for Windows firewall

Profile-based firewall policy from the same dashboard

Comprehensive Protection Stack

Building on Windows Platform Security
Reactive Techniques
(Against Known Threats) (Against Unknown Threats)

Proactive Techniques

DYNAMIC CLOUD UPDATES

APPLICATION

Dynamic Signature Service

FILE SYSTEM

Internet Explorer 8 SmartScreen

Microsoft AppLocker

Microsoft BitLocker

NETWORK

Vulnerability Shielding (Network Inspection System) Windows Firewall Centralized Management

System Center Endpoint Protection Windows 7

Microsoft Malware Protection Center

Behavior Monitoring Windows Address Space Data Execution User Account Resource Layout Prevention Control Protection Randomization Dynamic Translation and Antimalware Emulation

Dynamic Translation With Heuristics

Industry-leading proactive detection

Emulation based detection helps provide better protection Safe translation in a virtual environment for analysis

Potential Malware

Execution attempt on the system

Real Time Protection Driver Intercepts

Safe Translation Using DT

Malware Detected

Enables faster scanning and response to threats

Heuristics enable one signature to detect thousands of variants VIRTUALIZED RESOURCES

Malicious File Blocked

Behavior Monitoring and Dynamic Signature Service

Live system monitoring identifies new threats
Tracks behavior of unknown processes and known bad processes Multiple sensors to detect OS anomaly
RESEARCHERS REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS REPUTATION

Updates for new threats delivered through the cloud in real time
Real time signature delivery with Microsoft Active Protection Service Immediate protection against new threats without waiting for scheduled updates

Microsoft Active Protection Service Properties/ Behavior Sample request Sample submit Real-time signature

Network Vulnerability Shielding

Minimizes opportunities to exploit the system between vulnerability announcements and patch deployments

Based on Network Inspection System (NIS) Technology

Detects and blocks Conficker-style threats Inspects inbound and outbound network traffic Enables signatures based on patch statusdisabled on patched machines Disables traffic interception if no signatures are active

A new vulnerability discovered

A new NIS signature is released

Exploits Launched

Attack is blocked

NIS Event Logged, telemetry sent

Time to test the update patch

Update Patch Available

Patch validated and deployed

Signature MS08-067 MS09-001 MS09-050

KB KB958644 KB958687 KB975517

CVE ID CVE-2008-4250 CVE-2008-4835 CVE-2009-2532

Action Block Block Block

Release date 10/23/2008 1/13/2009 10/14/2009

Windows 7 No No No

Windows 2008 R2 No No No

Protocol RPC SMB SMB

Protect Clients with Reduced Complexity

Simple interface
Minimal, high-level user interactions

Administrative Control
User configurability options Central policy enforcement

Maintains high productivity

CPU throttling during scans Faster scans through advanced caching

Certifications and awards for Forefront technology:

VB 100% December & October 2010 on Windows 7 / 2008 VB 100% August 2009 on Windows Vista SP2 VB 100% April 2009 on Windows XP VB 100% December 2008 on Windows Vista x64 VB 100% October 2008 on Windows Server 2008 VB 100% February 2008 on Windows Server 2003 ICSA Labs certification Forefront was the first product certifed for Exchange 2007 West Coast Labs Checkmark certification

Industry thought leadership

Behavioral Classification paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference

Microsoft Solution

One infrastructure for desktop management and protection

Centralized management and protection Improved visibility and response to threats Reduced cost and complexity

ConfigMgr MP

Baseline
Assignment to collections

ConfigMgr Agent
Baseline drift Auto Remediate OR Create Alert

(to Service Manager)

Baseline Configuration Items

Active Directory File Script Software Updates WMI Registry XML MSI SQL IIS

Improved functionality
Copy settings Trigger console alerts Richer reporting

Pre-built industry standard baseline templates through IT GRC Solution Accelerator

Enhanced versioning and audit tracking

Ability to specify versions to be used in baselines Audit tracking includes who changed what

Auto Deployment Microsoft Update

Downloads updates Identifies who needs updates and reports on compliance

Faster deployment through search Schedule content download and deployment to avoid reboot during work hours

CAS Primary Site

State-based Updates

Allows individual or group deployment Updates added to groups auto deploy to targeted collections

SUP Role/WSUS

Primary Site
DP Role

Primary Site
MP Role

Optimized for New Content Model

Distributes updates
Reports compliance

Assigns policy to scan for update status or to deploy update

Reduce replication and storage Expired updates and content deleted

Security Compliance Manager

Patch Management

Security - SCCM & NAP

Corporate Network Restricted Network
SCCM Server Distribution Point SCCM Server Management Point

Requesting patch package.

Here is your patch package.

I can vouch for the client. I can vouch for the client. Its not up to date. Tell itYes, meets policy. to install patches Can you vouch for this client? Is it up to date? Requesting access. May I have access? Patches are installed. installed. I dont have any patches You are being given restricted access until patches are installed.
Client
Network Access Device (DHCP, VPN)

Should this client be restricted based on its health? Quarantine client, request Grant access. it to install patches
Network Policy Server

Client is granted access to full intranet.

Microsoft Update
Content

Windows Azure
Distribution Point

Policy

MP
FIREWALL

Corporate Network

PR1

MP

DP

Reports and Power management with SCCM

SCCM Enterprise Dashboard

2007 R3
Empower

2012
EAS User-centric

2012 SP1
Unified Win 8 Apps

Modern Device Management Application Delivery

MDM licensing Device-centric

Reduced Infrastructure Requirements

Unified Management of Virtual Clients Endpoint Protection
Unify

New
Improved Integrated Auto Remediation Improved

Flexible hierarchies
Improved Real-time actions User Profile and Data Improved
Seamless management of write filter-enabled devices

Compliance & Settings Management Software Update Management Windows Embedded Device Management Distribution Point for Windows Azure Modern Management Console Role-based Administration

New New New Improved Improved PowerShell

Simplify

Operating System Deployment

Client Activity and Health

Asset Intelligence, Inventory & Software Metering

Improved
Improved

Improved
Improved

Online Snapshots (up to 512)

Active Directory System State

Disk-based Recovery

Up to

Every 15 minutes

Data Protection Manager

Data Protection Manager Disaster Recovery with offsite replication & tape

Tape-based Backup
file services

Service Manager - The Power is in the Integration

Self Service

Compliance and Risk

IT Business Intelligence

Asset Management

Incident and Problem

Change

Knowledge Base

CMDB

Data Warehousee

Workflows

CONNECTORS
Automate and Deploy Capacity and Utilization Inventory Active Directory Alert and Usage Management

Arhitectura Service Manager

Utilizatori IT Operations IT business analysts Parteneri

Interfee utilizatori

Analyst Self-Service portal Consola Service Manager Consola Authoring

Management Packs

Incident Management

Problem Management

Asset Management

Change Management

Release Management

Risk & Compliance

Sisteme externe

Active Directory

Conectori

Service Manager SDK

Infrastructura Service Manager

VMM

ConfigMgr

CMDB
Orchestrator OpsMgr

Knowledge Base

Data Warehouse

Sincronizare cu Active Directory

Import date dintr-un Domeniu sau OU
Suport pentru forest-uri multiple

Sincronizare date Active Directory despre:

User Groups Printers Computers

Informaiile de contact pentru utilizatori Informaii organizaionale (Manager, Dept) Adrese de notificare (e-mail, IM)

Sincronizare cu SCCM
Sincronizeaz informaiile din Configuration Manager i creeaz/actualizeaz Configuration Items:
Hardware Inventory Software Inventory Software Updates

Dac exist deja CI efectueaz merge cu informaiile existente Asset Intelligence top console user este preluat ca utilizator primar Creaz incidente din erorile de conformitate Desired Configuration Management (DCM)

Creare Incidente din SCCM - DCM

Creaz Incidente automat pentru erorile de conformitate DCM
Se selecteaz Baseline-urile DCM i CI pentru care trebuie create Incidente Conectorul va sincroniza toate erorile de conformitate DCM Un workflow va crea Incidente doar pentru erorile DCM selectate

Va fi generat un incident pentru fiecare computer i CI neconform

Poate crea o mulime de incidente

Create Packages & Programs

Configure SM Portal

End User Requests Software

Manager Approves Request

Advertisement Delivered

Software Deployed

End User

Manager

Sincronizare cu SCOM
Creaz CI din obiectele descoperite de Operations Manager Creaz Service Maps din Servicii i Distributed Applications definite n SCOM Creaz Incidente din alertele Operations Manager
Sincronizeaz informaii detaliate despre alerte Actualizeaz starea Alert-ului cnd sunt modificate proprietile incidentului n Service Manager

Examplu Service Map

Defininirea dependintelor ce au ca impact disponibilitatea sistemului

SERVICE MONITORED

ALERT GENERATED

INCIDENT CREATED

INCIDENT DIAGNOSED

INCIDENT RESOLVED

INCIDENT CLOSED

IT Analyst / Operator

Service Desk Integrat

Users User Groups Computers Incident Verificare Configuraie Active Directory Hardware Inventory Software Inventory Software Updates Operator Service Manager

Configuration Manager E-Mail Service Definitions Service Maps DCM neconform Apel Suport

Alert Operations Manager Utilizator

Reports & Dashboards Portal

E-Mail & Other Clients

Excel

Price Sheet

Service manager easy customization Classes

A class describes an object The most obvious classes in Service Manager are those for work items (fi: change request, incident) and configuration items (fi: computer, user) Classes and their instances form the heart of the CMDB Extending the CMDB can be done by adding classes Attributes are properties of a class the describe the object

Service Manager easy customization

New classes can be defined by inheriting from the core model. For example, we can define a new Projector class for the overhead projector objects :

Configuration Item

Computer

User

Operating System

Projector

Serial Number (key) Make Model Location Condition Projector Condition List

List An enumeration of values (optionally hierarchical) used to constrain value choices for a given class property. Example : a List used in the Condition projector property:
ProjectorCondition {New, Working, Broken, Being repaired}

Risk Management and Compliance

SOX

PCI

EUDPP

COBIT

ISO

Internal Policies

Windows Server

Exchange

SQL

Personas Involved

Scenario -- Always Ready for an IT Audit

Map Control Objectives Implement Procedure

Activities

Process controls Configuration settings Monitoring

Managing Compliance

Program Manager

Automation

Validate Settings
Detect Failure Record Result Take Action Provide Audit Trail

Reporting

Actions

Change control Incident/issue Problem

Operations Engineer

Audit Trail

Compliance Reports Compliance History

Business Intelligence for IT

Integrated across System Center

Easy installation through Service Manager setup Supports Configuration Manager, Operations Manager, and Active Directory integration knowledge

Data Warehouse repository database

Store large amounts of dimension and fact data Provide a historical record Retain data groomed from the CMDB Model-driven: MP extends DW schema

Service Manager Dashboards

IT Process Automation and System Center Orchestrator (Opalis)

Virtual Machine Lifecycle Management Automate provisioning, resource allocation and retirement Extend virtual machine management to the cloud

Incident Management Orchestrate incident management and resolution Integrate across monitoring tools, service desks and CMDBs

Automated Configuration Management Scale automated configuration across platforms and tools Ensure reliable change with intelligent workflow branching

Microsoft Active Directory Microsoft Systems Management Server Microsoft Operations Manager Microsoft Configuration Manager Microsoft Virtual Machine Manager Microsoft Data Protection Manager Microsoft Service Manager BMC Atrium CMDB BMC Remedy AR System

HP Operations for UNIX HP Operations Windows HP Operations Solaris HP Network Node Manager HP Service Desk HP Service Manager HP Asset Manager HP iLO 2 FTP Symantec VERITAS NetBackup IBM Tivoli Enterprise Console IBM Tivoli Netcool/Omnibus IBM Tivoli Storage Manager EMC Smarts InCharge EMC Infra VMware VI / vSphere UNIX Integration

BMC Event Manager

BMC Patrol BMC BladeLogic Operations Manager CA AutoSys CA eHealth

CA Service Desk
CA SPECTRUM CA Unicenter NSM

System Center App Controller 2012

Offers intuitive and service-centric access

Intuitive servicecentric interface Library of standardized templates

Empowers application owners through self service

Role-based view Web interface Create, manage, and move resources rather than manage servers

Increases visibility and control

Private and public cloud services plus virtual machines Job tracking Change history

Applications Across Clouds

SelfService Application Management

Offers Intuitive and Service-Centric Access

Applications Across Clouds

Consistent Application Monitoring
Hybrid Service

Private

Increases Visibility and Control

Whats Changing with System Center 2012 Licensing

Simplifying & Optimizing Licensing for Private Cloud

What Stays The Same?

Managed devices require Management Licenses
Concept of an Operating System Environment (OSE) and when a Management License is required Server MLs differentiated based on virtualization rights & suited into ECI Client MLs differentiated on component functionality and suited into Core CAL / ECAL

What Changes?
Standalone products become components of integrated product Management Licenses Software Assurance is included with all licenses Server Management Licenses align to processor-based model, each license covers 2 processors The right to run Management Server software and supporting SQL Runtime are now included with every Management License. Management Server Licenses are discontinued.

Licenses Required

Deployment
Managed Servers
Management Server Licenses No Longer Required

Management Server Managed Clients

Rights to run Management Server software are included with Client MLs and Server MLs SQL runtime is included with Management Server software

2 Processors , Two VMs (OSE)

2 Processors , Unlimited VMs


2 Processors, Unlimited OSEs

Operations Manager Configuration Manager Data Protection Manager Service Manager

Virtual Machine Manager

Endpoint Protection (new)

Orchestrator
App Controller (new)

2 Processors, 2 OSEs

Enrollment for Core Infrastructure Standard

Enrollment for Core Infrastructure Datacenter

Each license covers up to 2 physical processors. ECI requires a 25 license minimum initial purchase.

http://www.microsoft.com/systemcenter http://www.microsoft.com/en-us/server-cloud/system-center/sp1-default.aspx

http://systemcenter.pinpoint.microsoft.com

http://www.microsoft.com/en-us/server-cloud/evaluate/trial-software.aspx http://www.microsoft.com/downloads/details.aspx?FamilyID=a171bcea-2dbb-4fc5-8dd1-4ec22f2eb4ef

http://blogs.technet.com/server-cloud

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be substantially modified before its commercially released. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.