Microsoft plans to play up its System Center line this week as a wave of products hits the streets.
At TechEd IT Forum 2007 in Barcelona this week, Microsoft said that its Virtual Machine Manager 2007, Data Protection Manager 2007 and Configuration Manager 2007 are now generally available. Microsoft also said it has added a bundled license.
The license, called System Center Server Management Suite Enterprise, costs $1,290 per device and includes the Enterprise Server management licenses for Configuration Manager 2007, Operations Manager 2007 and Data Protection Manager 2007.
At the core of this wave of systems management products is Configuration Manager, a tool for Windows shops to install operating systems, release security updates, distribute software and to inventory software and hardware. Microsoft invested more in new OS deployment features alone than it did in the entire feature set of Configuration Manager's predecessor, Systems Management Server (SMS) 2003, and has redesigned the software updates' capabilities based on WSUS 3.0.
One tool makes updates infrastructure-wide
WSUS 3.0 is now an integrated sever role within Configuration Manager for scanning and patching systems. All Microsoft updates, security related or not, line of business applications and third-party patches from ISVs are now supported via the WSUS integration.
"We're giving [IT shops] one tool now to update across the entire environment," said Eric Berg, director of product management in Microsoft's Windows and Enterprise Management division. "That is a major infrastructure upgrade."
IT managers have for some time been asking Microsoft to add a feature in SMS that would allow patches to be sent out automatically to a specific set of machines, and not all systems at once.
A new feature called maintenance windows gives IT managers more granular control over when patches are sent, and to which machines.
"The single most important feature for us is the maintenance window, because before using SMS [the task of] deploying security patches was problematic for us," said Brian J. Uzwiak, manager of network and information services for Wake Forest University Baptist Medical Center in Winston-Salem, N.C. "We have some devices that are directly connected to a patient that have to be excluded from the automatic updates and only patched when we're sure they aren't being used."
To ease some administration burdens, Configuration Manager now uses pre-defined templates for software updates that have reduced this administration task from a 17-step to a three-step process in some cases, Berg said.
When Windows Server 2008 becomes available, IT managers will be able to control the server's Network Access Protection desktop quarantine feature through Configuration Manager. Using Configuration Manager with NAP automatically quarantines and patches systems before it allows them to connect to the network.
Simplifying OS deployment process
With Vista already out the door and Windows Server 2008 due out early next year, it's no wonder Microsoft is attempting to take the guesswork out of mass OS deployments with a new automated task sequencer.
"It's a task-driven way to be able to automate the end-to-end process of deploying an OS anywhere from bare metal to fully deploying and personalizing it," Berg said. The task sequencer lets IT managers define each step in the OS deployment process, which are then sequenced and automated, he said.
A new Windows Imaging Format, or WIM, developed for Vista, supports both client and server OS deployments. The format has a driver catalogue that takes a basic WIM, applies it to many different types of systems and inserts the needed driver types for a specific type of hardware.
The new format addresses a familiar problem for IT shops in which images had different drivers for every device that had to be associated with a particular image, Berg said.
Offline provisioning is also now available by putting a full desktop OS image on a USB key that can upload the image to desktops not connected to the network. A connector is now built into Configuration Manager 2007 to distribute software agents from the Application Compatibility Toolkit as well. It sends back a report detailing which machines are ready for an upgrade, or not.
Remote management requires PKI, but not a VPN
The Internet-based client management feature gives IT managers full management functionality across the Internet, without having to have a system connected over a VPN.
"What we do is full mutual authentication using certificates between the client and server so that all remote control and remote configuration management can happen over the Internet," Berg said.
There will be a catch in this approach for many IT shops, however, said Brian Tucker, service line architect for systems integrator Intrinsic Technologies LLC, based in Lisle, Ill.
"In order to use [Internet-based client management] in Configuration Manager you have to be in native mode and it requires a PKI," Tucker said. "A lot of companies don't have certificates set up and most run in a mixed mode because it's the most simplistic mode. Most [companies] have not invested in certificate authorities because it takes a lot of extra configuration."
At this point, most IT shops are just learning about Configuration Manager 2007, said Tucker. He has been told by several customers that they plan to wait until the first service pack comes out before moving to the product. In his own experience, he said Configuration Manager has worked well out of the box.
For remote management, testers will also see a server-less branch feature in which IT can use a dedicated desktop, for example, to send out updates to other machines at that branch, versus sending updates multiple times over the WAN.
Lastly, Wake-On-LAN now gives IT managers the ability to wake up a turned off machine, send out patches and turn the system back off.