system center 2016 10 nyheder på 60 min
TRANSCRIPT
System Center 2016
10 nyheder på 60 min
Per LarsenMicrosoft MVP – Enterprise MobilitySolution Architect | [email protected] | m: +45 3078 1828 | f: +45 7025 2575Co-Organizer - Everything Windows User Group Denmark | www.ewug.dkMicrosoft Partner Technology Solutions Professional (P-TSP)in: http://www.linkedin.com/in/perlarsen1975 | t: @PerLarsen1975Blog: http://osddeployment.dk P
Mikael Bach JakobsenSenior Consultant | [email protected] | m: +45 3078 0471 | f: +45 7025 2575in: https://www.linkedin.com/in/mbjakobsen| t: @MikaelbJakobsen
System Center 2016 – 10 nyheder på 60 min1. Config Manager CB & LTSB2. Optimized on Azure3. Windows Store for Business4. Windows Defender Advanced Threat Protection5. Health Attestation
System Center 2016 – 10 nyheder på 60 min6. SC 2016 SCVMM7. SC 2016 SCOM 8. SC 2016 SCDPM 9. SC 2016 SM & SCO10.Operations Management Suite (OMS)
Config Manager CB & LTSB
1511
• Deploy, upgrade, and manage Windows 10, including new features
• Manage Windows as a Service
• Servicing model for ConfigMgr Current Branch
• Combined end-user portal
1602
• Client online status• Support for SQL
Server Always On• Windows 10 Device
Health Attestation reporting
• Office 365 update management
• Conditional Access support for PC management
1606
• Windows Anniversary Edition support
• Windows Information Protection
• Windows Defender Advanced Threat Protection
• Windows Store for Business integration
• Windows Hello for Business
• Content status links in admin console
• End user portal improvements
4,142
6,10510,28
6
Configuration Manager Current Branch tenants by version
1511 1602 1606
20,533 total tenants
9.47
13.86
17.17
Configuration Manager Current Branch clients by version
1511 1602 1606
40,497,142 million total clients
Configuration Manager
Current branch (version 1511) CB (1602) CB (1606)
Fall 2015 2016
Branch Availability Windows 10 features supported
Support Windows Servicing Model supported
Current BranchGenerally available on 12/8/2015 with updates released periodically throughout the year
New features, security updates, and bug fixes
Can defer updates for up to 12 months before you must deploy updates to maintain support
Windows 10 Current Branch, Current Branch for Business, and Long Term Servicing Branch
CB (1610) CB (17xx)
2017
LTSB (1606)
CB (1602) CB (1606)
Fall 2015 2016
Periodic updates every few months
CB (17xx)
2017
LTSB (1606)
Reduced features; Ad-hoc security updates only
Long-Term Servicing Branch (LTSB)
Generally available on 10/12/2016. No new features and support for new OS releases. Security fixes only.
Only the Windows 10 mgmt. features released up to ConfigMgr version 1606. No new Windows features will be supported in the future.
10-year fixed support; different from traditional 5+5.
Only up to Windows Server 2016 and Windows 10 LTSB (1607). CB/CBB is not supported. New OS releases won’t be supported.
Is this “Configuration Manager 2016” ?• No. The Configuration Manager release included with System
Center 2016 should not be considered as “System Center 2016 Configuration Manager”.
• The included release is a baseline version of 1606 with two installation options:• Configuration Manager (current branch - version 1606)
(default)• Configuration Manager (LTSB – version 1606)
What is removed from LTSB?• Support for the future releases of Windows 10 LTSB and
Windows Server• Support for Windows 10 CB/CBB• The ability to add a Microsoft Intune Subscription, which prevents
the use of• Hybrid MDM• On-premise MDM
• Windows 10 Servicing Dashboard and Servicing Plans • Asset Intelligence• Cloud-based Distribution Point• Support for Exchange Online as an Exchange Connector• Any pre-release features available in ConfigMgr (current branch)
What is LTSB intended for?• LTSB of Configuration Manager is intended for a scenario when
customers allow their Software Assurance (SA) or equivalent subscription rights (such as EMS) to expire as of Oct 1st 2016.
• Per product terms, customers cannot use the Current Branch.• In the past, customers could install System Center 2012 R2
Configuration Manager.• Starting on Oct 1st 2016, LTSB provides an alternative install
option with a 10-year fixed support lifecycle policy.
Should customers use Current Branch or LTSB?It simple…..
Unless customer’s SA or equivalent subscription rights are expired, they should use the Current Branch of Configuration Manager.
Optimized on Azure
Windows Update for BusinessWindows Store for Business
Office 365Microsoft Azure
Operations Management Suite (OMS)
Windows Defender Advanced Threat ProtectionHealth Attestation
Azure Active Directory
Windows as a Service
Configuration Manager
Microsoft Cloud Services
Microsoft Intune
Windows Upgrade Analytics
Manage traditional clients that roam on the Internet• Without additional infrastructure • Without exposing infrastructure to the Internet• Easily configured through the Configuration Manager console• Key features continue to work on the device when not on the corporate
network• Settings• Software updates• Applications• Hardware and software inventory• Endpoint protection
Cloud-based management service
Cloud-based management servicearchitecture
DP
MP
Site Server
Proxy Connector Point
Proxy Service
Azure
FirewallFirewall
DMZ
SUP
HTTPS
HTTPSMutual SSL
HTTPSMutual SSL
HTTPSMutual SSL
Client Cert
Root Cert
Client Cert
Root Cert
SSL Cert
SSL Cert
SSL Cert
SSL Cert
Root Cert
HTTPSMutual SSL
Root Cert
Root Cert
Root Cert
AD CA
Cloud DP
Windows Update
Windows Store for BusinessFind, acquire, manage, and distribute apps on Windows 10
Windows Store for BusinessONE PLACE FOR YOU
Volume acquisition and distribution
Acquire Store apps and Line-of-Business apps
Flexible deployment to meet your needs
Designed for organizations
Curated for business orfor education
Apps owned and managed by your organization
Easy and familiar for your users
Simple discovery and installation of apps
Automatic app updates by default
To find, acquire, manage, and distribute apps on Windows 10
Option 1Assign app licenses directly to users
Option 2Use a private store page
Option 3Integrate with management tools
For organizations and departments that do not want to use app management tools
Simple invitation model targeting specific users
Users receive an email or can go to My Library in Windows Store to install and launch organizational apps
For organizations and departments that do not want to use app management tools
Provides users flexibility to choose organization apps to install
Admin chooses apps to appear in company tab in the Windows Store; users self-discover
For organizations that want to leverage existing app management tools
Supports complex management options including dynamic groups, update management, push installation, etc.
Users can find and use Windows Store for Business apps pushed to their device(s) or on a company-approved portal
App distribution options
Application Distribution via System Center Configuration Manager (CM) and/or Intune
Organizational apps acquired
Organizations acquire apps in Windows Store for Business
Includes internal line-of-business and public Store free and paid apps
Paid apps are purchased in bulk during acquisition
Inventory synchronize
d
System Center Configuration Manager and/or Intune connects with Windows Store for Business APIs
Apps, metadata and licensing information is synchronized
Policies and distribution
Administrator defines necessary policies and distributions
Distribution is performed
Deployed to users
Apps get deployed to Windows 10 users and policies enforced
App updates can happen from the Store or managed with Management Tools
System Center Configuration Manager and/or IntuneWindows Store for Business
Windows 10
Windows Defender Advanced Threat Protection
WINDOWS DEFENDER ADVANCED THREAT
PROTECTIOND E T E C T, I N V E S T I G AT E A N D R E S P O N D T O TA R G E T E D
AT TA C K S
Unique threat intelligence knowledge base
Rich timeline for investigation
Behavior-based, breach detection
Built in to Windows, cloud powered
ADDING A POST-BREACH MINDSET TO THE WINDOWS 10 DEFENSE STACK
PRE-BREACH POST-BREACH
Windows Defender ATP
Breach detection investigation &
response
Breach detection investigation and
response
Windows Defender Advanced Threat Protection
(ATP)
Device protection
Device Health attestation
Device Guard
Device Control
Security policies
Device protection
Device Health Attestation
Device Guard
Device Control
Security policies
Information protection
Device protection / Drive encryption
Enterprise Data Protection
Conditional access
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Identity protection
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello :)
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello ;)
Identity protection
Device protection / Drive encryption
Windows Information Protection
Conditional access
Information protection
Health Attestation
TODAY HEALTH IS ASSUMED
Unknown PC health
Important resources
OneDriveFile servers
Email Network
1
Authenticated access request
2You’re in
ConfigMgr and Intune TO GATE ACCESS BASED ON DEVICE INTEGRITY AND HEALTH
Device Health Attestation enables:
1Authenticated access request
2Prove you are healthy
5Here is the proof
Important resources
OneDriveFile servers
Email Network
Windows Cloud Attestation and Intune
Attestationrequest
3
Attestationresponse
4
45
SC 2016 VMM
Cluster Rolling Upgrade
Cluster
Seamless
Zero downtime for hosted VMs
Effortless
VMM orchestrates the process
WS 2012 R2
WS 2012 R2 WS 2016
Safe
Maintain backup SLA using DPM
Upgrade WS 2012 R2 host cluster to WS 2016
•Nano Server• New minimal-footprint installation
option in WS2016• Better resource utilization• Faster reboots• Fewer updates
•Bare metal to Nano Server• Compute clusters• Storage clusters (hyper-converged or
disaggregated)
Nano Server provisioning
Hyper-converged cluster creation• Use VMM to create
cluster and check S2D checkbox
• A hyper-converged cluster gets provisioned with a global pool and up to two tiers – capacity and performance
• Use VMM to create CSV for use as VM storage
Storage Pool
Storage Space Virtual Disks
Virtual Machines
Cluster Shared Volumes
Software Storage Bus
Shielded VMs
• VMs whose data, at rest or in transit, can’t be snooped by malware or malicious fabric admins
• Create new shielded VMs or shield existing unshielded VMs
WS 2016
Shielded VM
Admin
XNo access w/o credentials
XNo access to VM data
SC 2016 SCOM
Operational simplicity
Monitoring Experience
• MP discoverability• Data-driven alert management
(alert noise reduction)• Schedule maintenance mode• In-place upgrade
Improved Fundamentals
• Scale improvements for X-Plat• Performance improvements• Improved UI responsiveness• Removing Silverlight
dependencies
• Nano server compatible SCOM agent• Agent installation experience is at
par with full agent installation• Supported workloads - DNS, IIS,
Failover Cluster, and Base OS (more to come…)• MPs of Nano compliant workloads
is updated, to use PowerShell instead of VB Script/JScript
Nano server monitoring
Based on .Net Core
PowerShell based MP framework
Based on .Net Framework
VBScript/JScript based MP framework
AD integration & cross-domain monitoring
Application log collection & ACS
ICMP, OLE DB, URLs, & Process monitoring
.Net application monitoring
SCOM Agent for Server Core
SCOM Agent for Nano server
Storage monitoring reimagined
System Center 2016 Operations Manager
PowerShell
Actions
Windows Server
Health Service
Storage System
Discovery
User Notifications Dashboards
Focus on relevant objects (Cluster/Storage subsystem, volumes and file shares)
No dependency on VMM Management Pack
New visualizations
HTML5 Web Console
No Silverlight dependencies
Access Web Console from
different browsers
Faster web console
HTML5-based dashboard views
SC 2016 DPM
What’s new in DPM 2016
SC 2016 DPM
• ReFS Cloning• Deduplication• VHDX• Workload-Volume
Affinity
$Reduced TCO
WS 2016Private Cloud
• 3X Faster Backups• 50% storage savings• 2X scale• Reduced storage costs
Modern DPM Storage• Resilient VM backups
with RCT• Backup VMs stored on
S2D• Rolling Cluster
Upgrade – Don’t miss backup SLA
SC 2016 SM & SCO
Service Management Automation
PowerShell ISE plugin for authoring
Support for PowerShell scripts in SMA
Windows Management Framework 5.0 support
Service Manager
HTML Self Service Portal
Significant Performance Improvements
Service catalog, including support for Lync 2013 & Skype for Business
Integrate people, process, and knowledge
Efficient resource utilization and SLA tracking
Easy publishing andconsumption of IT services
Deploy cloud services and process automatically
IT demands
Automate service delivery
Service Manager and Automation
System Center 2016 SMA and SM deliver
SM 2016 performance improvementsCreating WI
10xfaster
Workflows
1.5xfaster
Portal page load
<2s
WI capacity
45+/min
each taking <0.5s
AD connectorSCCM connector
Groups n Queues2x
faster
ECL grooming
67%faster
50%faster
3xfaster
Operations Management Suite (OMS)
•Log analytics• Use OMS log analytics to gain insight and troubleshoot
•Network performance monitoring• Live-monitor performance parameters of networks within and across
datacenters using OMS NPM. Works with and complements SCOM network fault monitoring
•SCOM assessment• Get insights into the health of your SCOM deployment, and remediation
assistance using OMS SCOM Assessment
Available now
MicrosoftOperations Management Suite
Premises Datacenter
WINDOWS
LINUX
HYPER-VWINDOWSLINUX
VMWareWINDOWSLINUX
SC and OMS – Enabling new capabilities
System Center 2016
• Comprehensive management of heterogeneous infrastructure and workloads
• Breadth of coverage• Integration • Rich ecosystem
• Rich analytics• Scale and agility• Operational simplicity • New services• Reach from anywhere
+
Network Performance Monitor
Physical Network
SDN Controller
BGP
BGP
OMS
Agent Agent AgentActive probes
Auto detect subnets & paths
Custom alert rules
Detect faults
Analytics-driven monitoring
Determine e2e loss & latency
NPM Service
Agents can be placed across DC/clouds
Live intra and inter-network performance monitor
Device Agnostic
Application Dependency Monitor Feature description
Brings big picture applications to OMS and System Center
Delivers seamless visibility into Azure Hybrid Cloud and on-premises workloads
Built on BlueStripe Software’s market leading technology
Status: Private Preview
Patch management
Grouping and Orchestration
• Grouping (AD, WSUS, SCCM collections)• Hybrid proxy support• On-demand/recurring schedule• Patch reporting using Log Analytics telemetry• Linux patching Reporting/Installation
Patch Insights• Patch dashboards, searching. Time
estimates applying patches• One time parallel execution
• Patch Orchestration• Ability to do pre/post actions• Sequence: Applying patches to a group
of servers
Workload Aware/Approvals
• Workload aware patching leveraging ADM• Linux patching extended• Patch approvals and management• Microsoft products patching• Patch co-ordination across workload
owners/patch owner
Windows Upgrade Analytics
Windows Upgrade Analytics
• Workflow visualization from pilot to deployment
• Powerful upgrade readiness insights and recommendations about the computers, applications and drivers
• Risk based approach to app rationalization
• Microsoft guidance on app and driver compatibility issues
Sign up via http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics
Allows the enterprise IT to quickly identify and focus on the critical issues impeding upgrades; provides data driven insights to plan and manage the upgrade process end to end
Windows Upgrade Analytics and ConfigMgr
© 2015 Atea A/S. All rights reserved.This presentation is for informational purposes only. Atea A/S makes no warranties, express or implied, in this summary.
Thank you