SlideShare una empresa de Scribd logo
1 de 41
Descargar para leer sin conexión
Migration Strategies & Tools for Windows 7 & 8
Joe Honan
Chief Technology Officer, Janalent


                                         2012
Janalent Snapshot
•   Elite Microsoft Solutions Consulting Org since 2004
     •   WW Headquarters: Las Vegas, Nevada
     •   US Offices: Silicon Valley & San Diego, California
     •   EMEA office: Brussels, Belgium
     •   70+ Consultants and custom developers spanning North America, EMEA , and Asia
     •   500+ successful engagements on 5 continents
     •   Certified Woman, Minority-Owned Business


•   3x Microsoft Worldwide Partner of the Year Recognition
     •    Unified Communications & Messaging in 2009 and 2010 Winner
     •    Advanced Infrastructure Solutions Finalist 2008

•   Awarded 8 Advanced Microsoft Competencies & Regional Awards

•   CRN Magazine Next Gen Award
     •   2011 most innovative & nimble business & technology solutions providers
Agenda

•
•
•
•
•
Key DataPoints
The Evolving Client Environment
Six Key Client Computing Questions
    How do I manage costs?

    How do I keep my data safe and applications
    secure?

    How do I keep my mobile users productive?


    How do I take advantage of virtualization?


    Should I embrace cloud services?

    Should employees bring their own
    PCs for work?
The Need for a Complete Desktop Strategy
The desktop is more than just the Operating System




             Data & Settings                         DataApplicationConsiderations
                                                         Hardware Considerations
                                                          & User Settings Considerations
                                                      Operating System Considerations

                Applications



                         OS        How Howyou provide data
                                   How will you you support
                                        will will manage the     IsWill consumer providebe Do you know access
                                                                  How will you devices
                                                                   data searchable across  How will users how you
                                                                                                      How will many
                                    security will alldevices?
                                       How on you handle
                                          mobile devices?
                                     application lifecycle?     How manynetworks & the data from different PCs?their
                                                                PCs, localallowed on you
                                                                            images will
                                                                access from anywhere?        How can users get to
                                                                                                      manage the
                                                                                            applications you have?
                                           migration?               need to maintain?
                                                                         your network?
                                                                           cloud?          environment from other PCs?
                                                                                                       hardware
                                                                                                        lifecycle?
                  Hardware
Hybrid Clouds are becoming Mainstream




                   On-Premise
     Local                          Cloud
The Modern User Profile – Categorizing your Users
Step 1: How mobile isuser types
     3:
     2: Beginmuch PC this user?
             placing usage autonomy does this user have?
                       Great deal of autonomy and control over applications, data

Office Workers                                                                      Mobile Workers




Single, always                                                                            Highly mobile, works
connected location                                                                       both offline and online

Task Workers                                                                        Deskless Workers




                        Very little autonomy and control over applications, data
Putting it all together… Windows Optimized Desktop
Client, Server, Security, and Management Flexibility



           User Data, Profile,
                  & Settings

               Applications

           Operating System
                  & Browser


                                                       Active directory – Group policy –
                                                       Networking – Server-based client
                                                                  virtualization           Deployment – Application management
                                                                                                      – PC Monitoring
                                                                                            – IT Process & Compliance – Security
                                                                                                        management
Evolving to a User Centric Approach

 • Deliver best user experience on each device             Delivery Evaluation Criteria
 • Define application once
                                                           • User
                                                           • Device type
                                            < >            • Network connection



                                                           User/Device Relationships

                                                           Primary Devices
                                                           • MSI
                                                           • App-V
                                                           Non-primary Devices
                                                           • VDI
                                                           • Presentation Server
                                                           • Remote Desktop
                                                 Mobile
                                                 Devices
Migrating to Windows 7
Windows 7 / 8 Migration Key Goals


  Empowered Users              Enhanced Visibility             Deployment Flexibility




   Enable people to be        Get back control, while still    Capture user files, Deploy
   more productive in a     providing flexibility to support    Operating Systems and
  way that is comfortable       a dynamic workplace            Deliver Applications in a
       and efficient                                                flexible model
Migration To Windows 7
Tools, guidance, programs


          Compatibility     Imaging and          Deployment
          Analysis and      Deployment           Implementation
          Mitigation        Strategy             and Migration



                                            User State Migration Tool

                                            Volume Activation




                                     2012
The Managed “Desktop”
                                                                         Configuration control
                                                                               board
    Teams must interact with one
    another to achieve a managed                                      Enterprise Desktop             Stack
    desktop solution
                                                                                   user settings                 user profile
                                                                                                                 management             Desktop Operations
                                                                                                                                              Team
               Application                                                 individual applications
                    owner

Software                        Role                                       role-based applications
distribution                    owners
team                                                                       enterprise applications                                   Desktop Group Policy
                     Enterprise                                                                                                      Administrations
                     role owner                                                                                  security
                                                                               security configuration            management

                                                 hardware                        hardware-based                                      Security Operations
                                                 lifecycle                                                                                 Team
                                 Hardware                                       software & drivers
                                 council
                                                                                 operating system
                                                                                                                 image engineering
                                                                                   master image
                             Active directory       Helpdesk managed desktop                                                            Image Build Team
                             administrations        support team                              Security desktop
                                                                                              monitoring team
                                                image deployment
                                                         Network operations team
Deployment Approach

   Microsoft System Center Configuration
    Manager 2012
   Microsoft Deployment Toolkit 2010 (MDT)
                                                      MDT                  Configmgr
   Windows Server 2008 R2                            2010                   2012
       Windows Deployment Services (WDS)
       Windows Software Update Services 3.0 (WSUS)
       BranchCache


                                                              Windows
                                                             Server 2008
                                                                 R2
Deployment Approach: LTI

   LTI – Lite Touch Installation
   Only requires Microsoft Deployment Toolkit 2010         MDT                          ConfigMgr
    (MDT) – free download                                   2010                         2012
                                                         Lite Touch
                                                         Installation
   Contains tools and best practice guidance for           (LTI)
    deployment
   Used for Image Engineering and Image
    Deployment processes
   Includes MDT Database for role, location, computer
    and hardware based configurations                                   Windows Server
                                                                            2008 R2
   Does not provide lifecycle for desktop components
    after deployment
Deployment Technologies: OSD

   OSD – Operating System Deployment
                                                    MDT
                                                                            ConfigMgr
                                                    2010
   Requires Microsoft Configuration Manager 2012                           2012
                                                                             Operating
    infrastructure                                                            System
                                                                            Deployment
                                                                               (OSD)

   Can be used for Image Deployment process


   Provides application, hardware and security
    lifecycle after deployment
                                                           Windows Server
                                                               2008 R2
   Does not include MDT Database for role,
    location, computer and hardware based
    configurations
Deployment Approach: WDS

   WDS Standalone– Windows Deployment
    Services in Standalone
                                                   MDT                                  ConfigMgr
                                                   2010                                 2012
   Requires Windows Deployment Services Feature


   Can be used for Image Deployment process


   Does not provide lifecycle for desktop
    components after deployment                           Windows Deployment Services
                                                                (WDS)Standalone
                                                                  Windows Server
                                                                      2008 R2
   Does not include MDT Database for role,
    location, computer and hardware based
    configurations
Deployment Approach: ZTI
   ZTI – Zero Touch Deployment
   Combines MDT DB, OSD and WDS approaches
    for a fully automated deployment solution
   Requires Microsoft Configuration Manager       MDT                  Configmgr
                                                   2010                   2012
    2012 infrastructure and Microsoft Deployment
    Toolkit 2010 (MDT)                                       ZTI

   Can be used for Image Deployment process
   Provides application, hardware and security
    lifecycle after deployment                             Windows
   Includes MDT Database for                             Server 2008
                                                              R2
    role, location, computer and hardware based
    configurations
Deployment Scenarios
 New Computer
 A new installation of Windows is deployed to a
 new computer



 Upgrade Computer
 The current Windows operating
 system on the target computer is upgraded to
 the target operating system.



 Refresh Computer
 This scenario includes computers that must be
 re-imaged for image standardization or to
 address a problem.


 OEM
 A computer with an operating system installed at
 the vendor needs to be configured.
Getting There


                2012
Configuration Manager 2012 At a Glance


 Modern Infrastructure       Reduced Infrastructure Requirements

                             Unified Management of Virtual Clients

                             Endpoint Protection

                             Compliance & Settings Management

                             Software Update Management
  Reduce costs by unifying
      IT management          Power Management
       infrastructure.
                             Internet-based Client Management
Evolution of Microsoft Client Management
                                                                                                       2012




 Client Management                   Laptops, Servers,   Comprehensive    Management      Consumerization
                      Groups Model
Infancy (NT Domain)                   Enterprise Scale    Management     from the Cloud        of IT
Reduced Infrastructure Requirements

 Central Administration Site                  Primary Sites                              Secondary Sites
  • Central primary site administration       • Client management and settings           • Content routing
  • Reporting                                 • Delegated administration                 • Distributions points




                                                              Central
                                                           Administration
                                                               Site


                             Primary Site                                                 Primary Site




          Secondary Site     Secondary Site   Secondary Site            Secondary Site   Secondary Site   Secondary Site
Operating System Deployment

                                                             Multiple Deployment Method Support

                                CAS                          • PXE initiated deployment allows client
                                                               computers to request deployment over
                     Image                   Task Sequence     the network
                                                             • Multi-cast deployment to conserve
                                                               network bandwidth
                                                             • Stand-alone media deployment for no
                                                               network connectivity or low bandwidth
                                  Report                     • Pre-staged media deployment allows
                                                               you to deploy an operating system to a
WDS PXE Server   Primary Site              Primary Site        computer that
                   DP Role                   MP Role           is not fully provisioned

                                                             USMT 4.0 UI integration makes it easier
                                                             transfer files and user settings from one
                                                             machine to another
Unified Management of Virtual Clients


      User-centric application delivery through
      App-V or Citrix XenApp.

                                                                                    CONNECTION BROKER
      Single admin experience for managing
      physical and virtual desktops. Integrates with
      RDS and XenDesktop.
      • Recognizes pooled and personal virtual desktops
      • Randomizes tasks                                    APP-V   CONFIGMGR
                                                          SEQUENCER   DP/MP
                                                                                HYPER-V
Security and Compliance
Endpoint Protection

Unified Infrastructure

• Simplified server
  and client deployment
• Streamlined updates
• Consolidated reporting


Comprehensive Protection Stack

•   Behavior monitoring
•   Antimalware
•   Dynamic Translation
•   Windows and Firewall
    Management
Security and Compliance
Software Update


      Microsoft Update
                                                                                          Auto Deployment
                                               Identifies who needs updates
                                                                                          • Faster deployment through search
                                               and reports on compliance
           Downloads updates                                                              • Schedule content download and
                                                                                            deployment to avoid reboot during work
                                    CAS                                                     hours

                                                                                          State-based Updates
                                                                                          • Allows individual
 Primary Site
                                                                                            or group deployment
 SUP Role/WSUS
                                                                                          • Updates added to groups auto deploy to
                   Primary Site                 Primary Site                                targeted collections
                      DP Role                      MP Role
      Distributes updates                             Assigns policy to scan for update   Optimized for New Content Model
                                    Reports           status or to deploy update          • Reduce replication and storage
                                  compliance                                              • Expired updates and content deleted
Security and Compliance
Settings & Baseline Management

ConfigMgr MP               Baseline                             ConfigMgr Agent

                                                                                                                Auto Remediate
                                                Assignment to                                                         OR
                                                                                     Baseline drift
                                                 collections
                                                                                                          !
                                                                                                                 Create Alert
                                                                                                                (to Service Manager)


                 Baseline Configuration Items
     Active
                 Script      WMI        XML          SQL
    Directory
                Software
      File                  Registry    MSI          IIS
                Updates


Improved functionality                                               Pre-built industry standard baseline templates
• Copy settings                                                      through IT GRC Solution Accelerator
• Trigger console alerts
• Richer reporting

Enhanced versioning and audit tracking
• Ability to specify versions to be used in baselines
• Audit tracking includes who changed what
Power Management
Phase 1: Monitor

• Enable agent
• Monitor usage and activity


Phase 2: Plan

• Develop power plan for peak & non-peak hours
                                                 Non-Peak
                                                   & Peak




Phase 3: Apply Power Policy

• Apply Power Plan


Phase 4: Compliance & Analyze

• Review before and after usage and activity
• Determine savings
Internet-based Client Management

Intranet                        Internet        Reduced Complexity
                                                • Single Primary site can manage both Intranet
                                                  clients (over HTTP) and Internet clients (over
                                                  HTTPS)
     PR1
                                           MP   Flexibility
                                                • Primary sites can be configured to either support
                                                  only HTTPS roles or both HTTP and HTTPS site
                                           DP     roles
           MP     DP

                                                Reliability
                                                • Intelligent client behavior enables client to
                                                  communicate using the most secure option
      Non PKI enabled site system                 available
                                                • Tighter security enforcement by only allowing
                                                  clients with Enterprise-issued certificates to
      PKI enabled site system
                                                  communicate with the ConfigMgr roles
Modern GUI
•   Intuitive ribbon interface
•   In-console alerts
•   Global search capability
•   New collection membership rules
    allow better filtering of members
Role Based Administration

Map the organizational roles of your administrators
                                                                                  Meg- WW Central System
to defined security roles
                                                                                  Administrator

• Security organization role
• Geography
                                                                  Louis-Software Update            Bob- US & France
Reduces error, defines span of control for the organization       Manager for France               Security Admin

                                                              • Can see & update               • Can see & modify
Functionality        ConfigMgr 2007       ConfigMgr 2012        “France” desktops                security settings on
                                                              • Cannot modify security           “France” and “U.S.”
                                                                settings on “France”             desktops
                                                                desktops                       • Cannot update “France”
                                                              • Cannot see “All Systems”         or “U.S.” desktops
                                                                or “U.S.” desktops             • Cannot see “All
                                                                                                 Systems”
Client Activity and Health

•   In-console view of client health
•   Threshold-based console alerts
•   Heartbeat DDRs
•   HW/SW inventory and status
•   Remediation (same as Setting Mgmt)
Asset Intelligence, Inventory, and
Software Metering
Consolidated/simplified reporting that allows you to
• Understand software installation profiles
• Plan for hardware upgrades
• Identify over or under licensing issues
• Track custom apps or groups of titles




        Real-time Application                  Asset Intelligence Service   Software Metering & License Reports
      and Hardware Intelligence




         ConfigMgr Inventory                   Asset Intelligence Catalog
Summing it Up
Key Summary Points
Call to Action…

            Janalent Windows 7 / 8 Jumpstart Program
Questions
THANK YOU!
For more information: Jumpstart@janalent.com

          Joe.Honan@janalent.com

Más contenido relacionado

La actualidad más candente

Cmg app migration ppt
Cmg app migration pptCmg app migration ppt
Cmg app migration pptRaja Ahmed
 
Discovering Computers: Chapter 05
Discovering Computers: Chapter 05Discovering Computers: Chapter 05
Discovering Computers: Chapter 05Anna Stirling
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Systems, Inc.
 
WICSA 2012 tutorial
WICSA 2012 tutorialWICSA 2012 tutorial
WICSA 2012 tutorialLen Bass
 
September 2 Technology Trends Rpaquet
September 2 Technology Trends RpaquetSeptember 2 Technology Trends Rpaquet
September 2 Technology Trends RpaquetTom_Webb
 
Top tips for a successful desktop virtualisation implementation with Citrix a...
Top tips for a successful desktop virtualisation implementation with Citrix a...Top tips for a successful desktop virtualisation implementation with Citrix a...
Top tips for a successful desktop virtualisation implementation with Citrix a...Microsoft TechNet - Belgium and Luxembourg
 
iStart the desktop goes virtual
iStart the desktop goes virtualiStart the desktop goes virtual
iStart the desktop goes virtualHayden McCall
 
CL100.pdf
CL100.pdfCL100.pdf
CL100.pdfNovell
 
Mobilize Your Enterprise: Think Outside the Four Walls
Mobilize Your Enterprise: Think Outside the Four WallsMobilize Your Enterprise: Think Outside the Four Walls
Mobilize Your Enterprise: Think Outside the Four WallsInSync Conference
 
2nd day 2 - bsm overview
2nd day   2 - bsm overview 2nd day   2 - bsm overview
2nd day 2 - bsm overview Lilian Schaffer
 
Xen client4.5 customer-presentation-2012-12-28
Xen client4.5 customer-presentation-2012-12-28Xen client4.5 customer-presentation-2012-12-28
Xen client4.5 customer-presentation-2012-12-28Nuno Alves
 
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...Charlie78horse
 
Day 2 p2 - business services management
Day 2   p2 - business services managementDay 2   p2 - business services management
Day 2 p2 - business services managementLilian Schaffer
 
Ruckus BYOD whitepaper
Ruckus BYOD whitepaperRuckus BYOD whitepaper
Ruckus BYOD whitepaperMichal Jarski
 
System Center webinar
System Center webinarSystem Center webinar
System Center webinarSentri
 
Vmware end user computing
Vmware end user computingVmware end user computing
Vmware end user computingManas TI SA
 
Citrix Synergy Barcelona 2012 Day Two Super Session
Citrix Synergy Barcelona 2012 Day Two Super SessionCitrix Synergy Barcelona 2012 Day Two Super Session
Citrix Synergy Barcelona 2012 Day Two Super SessionCitrix
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 

La actualidad más candente (20)

Cmg app migration ppt
Cmg app migration pptCmg app migration ppt
Cmg app migration ppt
 
Discovering Computers: Chapter 05
Discovering Computers: Chapter 05Discovering Computers: Chapter 05
Discovering Computers: Chapter 05
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA Compliance
 
WICSA 2012 tutorial
WICSA 2012 tutorialWICSA 2012 tutorial
WICSA 2012 tutorial
 
September 2 Technology Trends Rpaquet
September 2 Technology Trends RpaquetSeptember 2 Technology Trends Rpaquet
September 2 Technology Trends Rpaquet
 
Top tips for a successful desktop virtualisation implementation with Citrix a...
Top tips for a successful desktop virtualisation implementation with Citrix a...Top tips for a successful desktop virtualisation implementation with Citrix a...
Top tips for a successful desktop virtualisation implementation with Citrix a...
 
iStart the desktop goes virtual
iStart the desktop goes virtualiStart the desktop goes virtual
iStart the desktop goes virtual
 
Software newsletter
Software newsletterSoftware newsletter
Software newsletter
 
CL100.pdf
CL100.pdfCL100.pdf
CL100.pdf
 
Mobilize Your Enterprise: Think Outside the Four Walls
Mobilize Your Enterprise: Think Outside the Four WallsMobilize Your Enterprise: Think Outside the Four Walls
Mobilize Your Enterprise: Think Outside the Four Walls
 
Dataplex Event 251109
Dataplex Event 251109Dataplex Event 251109
Dataplex Event 251109
 
2nd day 2 - bsm overview
2nd day   2 - bsm overview 2nd day   2 - bsm overview
2nd day 2 - bsm overview
 
Xen client4.5 customer-presentation-2012-12-28
Xen client4.5 customer-presentation-2012-12-28Xen client4.5 customer-presentation-2012-12-28
Xen client4.5 customer-presentation-2012-12-28
 
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
End User Computing &amp; Server Licensing Slides - Nhs Microsoft Licensing Wo...
 
Day 2 p2 - business services management
Day 2   p2 - business services managementDay 2   p2 - business services management
Day 2 p2 - business services management
 
Ruckus BYOD whitepaper
Ruckus BYOD whitepaperRuckus BYOD whitepaper
Ruckus BYOD whitepaper
 
System Center webinar
System Center webinarSystem Center webinar
System Center webinar
 
Vmware end user computing
Vmware end user computingVmware end user computing
Vmware end user computing
 
Citrix Synergy Barcelona 2012 Day Two Super Session
Citrix Synergy Barcelona 2012 Day Two Super SessionCitrix Synergy Barcelona 2012 Day Two Super Session
Citrix Synergy Barcelona 2012 Day Two Super Session
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 

Similar a Windows7/8 Migration Strategies

SystemCenter webinar 12 6 12
SystemCenter webinar 12 6 12SystemCenter webinar 12 6 12
SystemCenter webinar 12 6 12Sentri
 
Presentación Novedades vSphere 5.1
Presentación Novedades vSphere 5.1Presentación Novedades vSphere 5.1
Presentación Novedades vSphere 5.1Omega Peripherals
 
Microsoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementMicrosoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementIntergen
 
Mikehall FutureWorld 2010 - enabling connectivity
Mikehall FutureWorld 2010 - enabling connectivityMikehall FutureWorld 2010 - enabling connectivity
Mikehall FutureWorld 2010 - enabling connectivityMicrosoft Windows Embedded
 
Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Balaji Singh
 
Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Balaji Singh
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Sverige
 
Rsc Event Desktop Virtualisation Tvp 2
Rsc Event Desktop Virtualisation   Tvp 2Rsc Event Desktop Virtualisation   Tvp 2
Rsc Event Desktop Virtualisation Tvp 2NeilSand
 
Bright and Gray areas of Clound Computing
Bright and Gray areas of Clound ComputingBright and Gray areas of Clound Computing
Bright and Gray areas of Clound Computingpallavikhandekar212
 
Got Personally-Owned Devices? Manage Them with System Center
Got Personally-Owned Devices? Manage Them with System CenterGot Personally-Owned Devices? Manage Them with System Center
Got Personally-Owned Devices? Manage Them with System CenterC/D/H Technology Consultants
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 
Intergen Twilight Seminar: Infrastructure Management made easy
Intergen Twilight Seminar: Infrastructure Management made easyIntergen Twilight Seminar: Infrastructure Management made easy
Intergen Twilight Seminar: Infrastructure Management made easyIntergen
 
2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overviewfannaq786
 
Overview of Microsoft App-V 4.5
Overview of Microsoft App-V 4.5Overview of Microsoft App-V 4.5
Overview of Microsoft App-V 4.5ukdpe
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityDirk Nicol
 
System Center Configuration Manager 2012 Sneak Peek
System Center Configuration Manager 2012 Sneak PeekSystem Center Configuration Manager 2012 Sneak Peek
System Center Configuration Manager 2012 Sneak PeekC/D/H Technology Consultants
 

Similar a Windows7/8 Migration Strategies (20)

SystemCenter webinar 12 6 12
SystemCenter webinar 12 6 12SystemCenter webinar 12 6 12
SystemCenter webinar 12 6 12
 
Presentación Novedades vSphere 5.1
Presentación Novedades vSphere 5.1Presentación Novedades vSphere 5.1
Presentación Novedades vSphere 5.1
 
W8 client management
W8 client managementW8 client management
W8 client management
 
Microsoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementMicrosoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT Management
 
Mikehall FutureWorld 2010 - enabling connectivity
Mikehall FutureWorld 2010 - enabling connectivityMikehall FutureWorld 2010 - enabling connectivity
Mikehall FutureWorld 2010 - enabling connectivity
 
Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2
 
Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2Challenges in adopting_mobility_v2
Challenges in adopting_mobility_v2
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
 
Rsc Event Desktop Virtualisation Tvp 2
Rsc Event Desktop Virtualisation   Tvp 2Rsc Event Desktop Virtualisation   Tvp 2
Rsc Event Desktop Virtualisation Tvp 2
 
Empower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, AmytimeEmpower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, Amytime
 
Bright and Gray areas of Clound Computing
Bright and Gray areas of Clound ComputingBright and Gray areas of Clound Computing
Bright and Gray areas of Clound Computing
 
Got Personally-Owned Devices? Manage Them with System Center
Got Personally-Owned Devices? Manage Them with System CenterGot Personally-Owned Devices? Manage Them with System Center
Got Personally-Owned Devices? Manage Them with System Center
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
Intergen Twilight Seminar: Infrastructure Management made easy
Intergen Twilight Seminar: Infrastructure Management made easyIntergen Twilight Seminar: Infrastructure Management made easy
Intergen Twilight Seminar: Infrastructure Management made easy
 
2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview
 
Overview of Microsoft App-V 4.5
Overview of Microsoft App-V 4.5Overview of Microsoft App-V 4.5
Overview of Microsoft App-V 4.5
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
System Center Configuration Manager 2012 Sneak Peek
System Center Configuration Manager 2012 Sneak PeekSystem Center Configuration Manager 2012 Sneak Peek
System Center Configuration Manager 2012 Sneak Peek
 

Windows7/8 Migration Strategies

  • 1. Migration Strategies & Tools for Windows 7 & 8 Joe Honan Chief Technology Officer, Janalent 2012
  • 2. Janalent Snapshot • Elite Microsoft Solutions Consulting Org since 2004 • WW Headquarters: Las Vegas, Nevada • US Offices: Silicon Valley & San Diego, California • EMEA office: Brussels, Belgium • 70+ Consultants and custom developers spanning North America, EMEA , and Asia • 500+ successful engagements on 5 continents • Certified Woman, Minority-Owned Business • 3x Microsoft Worldwide Partner of the Year Recognition • Unified Communications & Messaging in 2009 and 2010 Winner • Advanced Infrastructure Solutions Finalist 2008 • Awarded 8 Advanced Microsoft Competencies & Regional Awards • CRN Magazine Next Gen Award • 2011 most innovative & nimble business & technology solutions providers
  • 5. The Evolving Client Environment
  • 6. Six Key Client Computing Questions How do I manage costs? How do I keep my data safe and applications secure? How do I keep my mobile users productive? How do I take advantage of virtualization? Should I embrace cloud services? Should employees bring their own PCs for work?
  • 7. The Need for a Complete Desktop Strategy The desktop is more than just the Operating System Data & Settings DataApplicationConsiderations Hardware Considerations & User Settings Considerations Operating System Considerations Applications OS How Howyou provide data How will you you support will will manage the IsWill consumer providebe Do you know access How will you devices data searchable across How will users how you How will many security will alldevices? How on you handle mobile devices? application lifecycle? How manynetworks & the data from different PCs?their PCs, localallowed on you images will access from anywhere? How can users get to manage the applications you have? migration? need to maintain? your network? cloud? environment from other PCs? hardware lifecycle? Hardware
  • 8. Hybrid Clouds are becoming Mainstream On-Premise Local Cloud
  • 9. The Modern User Profile – Categorizing your Users Step 1: How mobile isuser types 3: 2: Beginmuch PC this user? placing usage autonomy does this user have? Great deal of autonomy and control over applications, data Office Workers Mobile Workers Single, always Highly mobile, works connected location both offline and online Task Workers Deskless Workers Very little autonomy and control over applications, data
  • 10. Putting it all together… Windows Optimized Desktop Client, Server, Security, and Management Flexibility User Data, Profile, & Settings Applications Operating System & Browser Active directory – Group policy – Networking – Server-based client virtualization Deployment – Application management – PC Monitoring – IT Process & Compliance – Security management
  • 11. Evolving to a User Centric Approach • Deliver best user experience on each device Delivery Evaluation Criteria • Define application once • User • Device type < > • Network connection User/Device Relationships Primary Devices • MSI • App-V Non-primary Devices • VDI • Presentation Server • Remote Desktop Mobile Devices
  • 13. Windows 7 / 8 Migration Key Goals Empowered Users Enhanced Visibility Deployment Flexibility Enable people to be Get back control, while still Capture user files, Deploy more productive in a providing flexibility to support Operating Systems and way that is comfortable a dynamic workplace Deliver Applications in a and efficient flexible model
  • 14. Migration To Windows 7 Tools, guidance, programs Compatibility Imaging and Deployment Analysis and Deployment Implementation Mitigation Strategy and Migration User State Migration Tool Volume Activation 2012
  • 15. The Managed “Desktop” Configuration control board Teams must interact with one another to achieve a managed Enterprise Desktop Stack desktop solution user settings user profile management Desktop Operations Team Application individual applications owner Software Role role-based applications distribution owners team enterprise applications Desktop Group Policy Enterprise Administrations role owner security security configuration management hardware hardware-based Security Operations lifecycle Team Hardware software & drivers council operating system image engineering master image Active directory Helpdesk managed desktop Image Build Team administrations support team Security desktop monitoring team image deployment Network operations team
  • 16. Deployment Approach  Microsoft System Center Configuration Manager 2012  Microsoft Deployment Toolkit 2010 (MDT) MDT Configmgr  Windows Server 2008 R2 2010 2012  Windows Deployment Services (WDS)  Windows Software Update Services 3.0 (WSUS)  BranchCache Windows Server 2008 R2
  • 17. Deployment Approach: LTI  LTI – Lite Touch Installation  Only requires Microsoft Deployment Toolkit 2010 MDT ConfigMgr (MDT) – free download 2010 2012 Lite Touch Installation  Contains tools and best practice guidance for (LTI) deployment  Used for Image Engineering and Image Deployment processes  Includes MDT Database for role, location, computer and hardware based configurations Windows Server 2008 R2  Does not provide lifecycle for desktop components after deployment
  • 18. Deployment Technologies: OSD  OSD – Operating System Deployment MDT ConfigMgr 2010  Requires Microsoft Configuration Manager 2012 2012 Operating infrastructure System Deployment (OSD)  Can be used for Image Deployment process  Provides application, hardware and security lifecycle after deployment Windows Server 2008 R2  Does not include MDT Database for role, location, computer and hardware based configurations
  • 19. Deployment Approach: WDS  WDS Standalone– Windows Deployment Services in Standalone MDT ConfigMgr 2010 2012  Requires Windows Deployment Services Feature  Can be used for Image Deployment process  Does not provide lifecycle for desktop components after deployment Windows Deployment Services (WDS)Standalone Windows Server 2008 R2  Does not include MDT Database for role, location, computer and hardware based configurations
  • 20. Deployment Approach: ZTI  ZTI – Zero Touch Deployment  Combines MDT DB, OSD and WDS approaches for a fully automated deployment solution  Requires Microsoft Configuration Manager MDT Configmgr 2010 2012 2012 infrastructure and Microsoft Deployment Toolkit 2010 (MDT) ZTI  Can be used for Image Deployment process  Provides application, hardware and security lifecycle after deployment Windows  Includes MDT Database for Server 2008 R2 role, location, computer and hardware based configurations
  • 21. Deployment Scenarios New Computer A new installation of Windows is deployed to a new computer Upgrade Computer The current Windows operating system on the target computer is upgraded to the target operating system. Refresh Computer This scenario includes computers that must be re-imaged for image standardization or to address a problem. OEM A computer with an operating system installed at the vendor needs to be configured.
  • 23. Configuration Manager 2012 At a Glance Modern Infrastructure Reduced Infrastructure Requirements Unified Management of Virtual Clients Endpoint Protection Compliance & Settings Management Software Update Management Reduce costs by unifying IT management Power Management infrastructure. Internet-based Client Management
  • 24. Evolution of Microsoft Client Management 2012 Client Management Laptops, Servers, Comprehensive Management Consumerization Groups Model Infancy (NT Domain) Enterprise Scale Management from the Cloud of IT
  • 25. Reduced Infrastructure Requirements Central Administration Site Primary Sites Secondary Sites • Central primary site administration • Client management and settings • Content routing • Reporting • Delegated administration • Distributions points Central Administration Site Primary Site Primary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site
  • 26. Operating System Deployment Multiple Deployment Method Support CAS • PXE initiated deployment allows client computers to request deployment over Image Task Sequence the network • Multi-cast deployment to conserve network bandwidth • Stand-alone media deployment for no network connectivity or low bandwidth Report • Pre-staged media deployment allows you to deploy an operating system to a WDS PXE Server Primary Site Primary Site computer that DP Role MP Role is not fully provisioned USMT 4.0 UI integration makes it easier transfer files and user settings from one machine to another
  • 27. Unified Management of Virtual Clients User-centric application delivery through App-V or Citrix XenApp. CONNECTION BROKER Single admin experience for managing physical and virtual desktops. Integrates with RDS and XenDesktop. • Recognizes pooled and personal virtual desktops • Randomizes tasks APP-V CONFIGMGR SEQUENCER DP/MP HYPER-V
  • 28. Security and Compliance Endpoint Protection Unified Infrastructure • Simplified server and client deployment • Streamlined updates • Consolidated reporting Comprehensive Protection Stack • Behavior monitoring • Antimalware • Dynamic Translation • Windows and Firewall Management
  • 29. Security and Compliance Software Update Microsoft Update Auto Deployment Identifies who needs updates • Faster deployment through search and reports on compliance Downloads updates • Schedule content download and deployment to avoid reboot during work CAS hours State-based Updates • Allows individual Primary Site or group deployment SUP Role/WSUS • Updates added to groups auto deploy to Primary Site Primary Site targeted collections DP Role MP Role Distributes updates Assigns policy to scan for update Optimized for New Content Model Reports status or to deploy update • Reduce replication and storage compliance • Expired updates and content deleted
  • 30. Security and Compliance Settings & Baseline Management ConfigMgr MP Baseline ConfigMgr Agent Auto Remediate Assignment to OR Baseline drift collections ! Create Alert (to Service Manager) Baseline Configuration Items Active Script WMI XML SQL Directory Software File Registry MSI IIS Updates Improved functionality Pre-built industry standard baseline templates • Copy settings through IT GRC Solution Accelerator • Trigger console alerts • Richer reporting Enhanced versioning and audit tracking • Ability to specify versions to be used in baselines • Audit tracking includes who changed what
  • 31. Power Management Phase 1: Monitor • Enable agent • Monitor usage and activity Phase 2: Plan • Develop power plan for peak & non-peak hours Non-Peak & Peak Phase 3: Apply Power Policy • Apply Power Plan Phase 4: Compliance & Analyze • Review before and after usage and activity • Determine savings
  • 32. Internet-based Client Management Intranet Internet Reduced Complexity • Single Primary site can manage both Intranet clients (over HTTP) and Internet clients (over HTTPS) PR1 MP Flexibility • Primary sites can be configured to either support only HTTPS roles or both HTTP and HTTPS site DP roles MP DP Reliability • Intelligent client behavior enables client to communicate using the most secure option Non PKI enabled site system available • Tighter security enforcement by only allowing clients with Enterprise-issued certificates to PKI enabled site system communicate with the ConfigMgr roles
  • 33. Modern GUI • Intuitive ribbon interface • In-console alerts • Global search capability • New collection membership rules allow better filtering of members
  • 34. Role Based Administration Map the organizational roles of your administrators Meg- WW Central System to defined security roles Administrator • Security organization role • Geography Louis-Software Update Bob- US & France Reduces error, defines span of control for the organization Manager for France Security Admin • Can see & update • Can see & modify Functionality ConfigMgr 2007 ConfigMgr 2012 “France” desktops security settings on • Cannot modify security “France” and “U.S.” settings on “France” desktops desktops • Cannot update “France” • Cannot see “All Systems” or “U.S.” desktops or “U.S.” desktops • Cannot see “All Systems”
  • 35. Client Activity and Health • In-console view of client health • Threshold-based console alerts • Heartbeat DDRs • HW/SW inventory and status • Remediation (same as Setting Mgmt)
  • 36. Asset Intelligence, Inventory, and Software Metering Consolidated/simplified reporting that allows you to • Understand software installation profiles • Plan for hardware upgrades • Identify over or under licensing issues • Track custom apps or groups of titles Real-time Application Asset Intelligence Service Software Metering & License Reports and Hardware Intelligence ConfigMgr Inventory Asset Intelligence Catalog
  • 39. Call to Action… Janalent Windows 7 / 8 Jumpstart Program
  • 41. THANK YOU! For more information: Jumpstart@janalent.com Joe.Honan@janalent.com

Notas del editor

  1. Client Computing ChoicesEssential Points to Land:Complexity of OS migration, specifically in the context of Windows XP Windows 7Windows 7 is an Inflection Point: Customers are using it to think broadly about their client computing environmentThey now have a wide range of choices: trends in business (tightening budgets, mobility) and technology (virtualization, cloud services,) are generating questions about how best to decideDon’t make a decision on OS migration alone: You need a full desktop strategy Storyline: Customers have been on Windows XP for nearly 10 years. In that decade, many things have changed both in business and technology. Windows 7 is a catalyst that is causing customers to reconsider their client computing environment through the lens of making people productive – wherever they are -- while managing cost.Half of IT Pros are looking to deploy Windows 7 (Citibank), and two-thirds of firms expect to migrate to Windows 7 at some point (Forrester: Windows 7 Commercial Adoption Outlook). They have lots of questions about how to achieve this, like: How do I manage costs?According to IDC, the TCO of desktops can range widely, anywhere from $230 to $1320 per PC annually. Where organizations end up within this range depends on many factors, which we will discuss later in the presentation. Should employees bring their own PCs to work?Organizations are at risk of losing their brightest and most ambitious young employees if they cannot provide the computing environment the “digital native” generation is accustomed to. Although the present economic climate has shifted the balance of power in recruiting, this is temporary: the war for talent will persist. Some companies have responded to this war by piloting “Bring Your own PC” programs, which give workers more choice in what PC they use. This means IT departments focus more on access, security and data protection. This trend obviously has ramifications on TCO.Do I expand use of cloud services? Forrester believes that the increased availability and capabilities of all kinds of cloud services: from Web-based offerings to Software as a Service to Infrastructure as a service will be a game-changing, disruptive shift for some enterprise clients (Market Overview of Current Cloud Service Providers from Global IT providers-June 2009). The expansion of cloud services presents an opportunity for organizations to consider how best to leverage their existing investments and where to put new ones. Should I use Rich clients or thin clients? Lowering cost and improving manageability, security, and remote access drive interest in client virtualization (Forrester), and the choice between rich clients or thin clients often accompanies the choice about what kind of desktop virtualization organizations use.How do I keep my data safe and my applications secure?The average loss due to computer security incidents was $234,244 in 2009 (CSI Security Survey 2009). However, theft of proprietary data from mobile devices was far higher: According to the CSI/FBI Computer Crime &amp; Security Survey theft of proprietarydata from mobile devices tallied to $2.3M, while theft of customer data from mobile devices came to $2.2M. Given this, it’s no surprise that more than half of the respondents in MSFT research told us they need help protecting corporate data on laptops. How do I keep mobile users productive?The number of mobile workers overall will increase to more than 30 percent by 2011 (IDC), and 68% of the companies we surveyed struggle with the inability to manage PCs when those are not physically connected to the corporate network. Much of this difficulty is due to the complex and time-consuming methods of connecting to corporate networks when away from the office. This presents a huge challenge not only for end user productivity but also for security and data protection.  How can I take advantage of virtualization? The client virtualization trend has swept many industries over the past 2-3 years, leading many IT decision makers with questions about how they can benefit from the potential of virtualizing applications or full desktops. However, with the buzz around virtualization reaching a fever pitch, analysts, such as Natalie Lambert of Forrester – warn that many have misconceptions about exactly what benefits they can hope to achieve through virtualization. (Forrester: Know Your Facts: Understanding The Realities Of Desktop And Application Virtualization July 2009) Transition:Although migrating to Windows 7 might be the issue that causes enterprises to question these things, CIOs and architects should not make a decision based on migration concerns alone, but instead think about the broader desktop strategy for their organization and for their users.  All Relevant Data Points: Half of IT Pros are looking to deploy to Windows 7 (Citibank Survey)TCO$230-1320 per PC per year (IDC Core IO research 2007)Forrester: IT budgets will remain flat in the next year at 1% growth68% of Enterprises struggle managing PCs (Forrester)Security and ComplianceAverage loss due to security incidents was $234,244 in 2009 (CSI Security Survey 2009). 2009 saw huge jumps in financial fraud: from 12 percent in 2008 to nearly 20 percent Theft of proprietary data from mobile devices tallied to $2.3M, while theft of customer data from mobile devices came to $2.2M. The cost of the stolen mobile hardware itself was reported at $3.8 (Computer Security Institute/FBI Computer Crime &amp; Security Survey-looking for latest version of this)56% of respondents in MSFT research say they need help protecting corporate data on laptopsConsumerization: You lose your most ambitious employees if you cannot provide them enough computing power (anecdote of people turning down jobs bc of computing environment)
  2. The Need for a Desktop StrategyEssential Points to Land:The desktop ismore than the OSEssential to have a complete desktop strategyThere are 4 essential components of the desktop: data, applications, OS, hardware: a complete desktop strategy should consider how these things work together Storyline:The desktop is more than just the operating system: The desktop includes the applications that make your business run, the data with which you make critical business decisions, the settings that help your employees personalize their PCs and make them more productive, and the hardware your users need to access the entire computing environment.  When making client computing decisions, it is essential to have a complete desktop strategy that considers the whole desktop -- User Settings, Data, Applications, browser, and the operating system.  Each one of these desktop components comes with its own set of challenges and considerations, which should be considered in combination with the others to achieve a strategically coherent whole. Transition: Regardless of your strategy, you should be able to support certain essential capabilities for your business.
  3. Where Applications &amp; Data Can LiveEssential Points to Land:Individual componentscan sit in multiplelocationsIt’s important to have the ability to combine them to have different choices so you can choose what works for your business and your users to keep them productiveFlexibility can be good, but it can also be evil without proper managementStoryline:No longer must all the components of the desktop be confined to a single location. As an organization, you can decide where to host the applications and data and how you provide user access to these components. You can make the decision on whether they are hosted locally, on-prem, or in the cloud, or any combination of the three. We hear from customers that they have very good reasons to deploy different components in different locations. For example: they want to be able to host, for example, apps and data in either of these locations.They also want to embrace the cloud in a way that works for themThey want to leverage investments they have made in their current infrastructure It’s important to ensure that you are choosing the right deployment/management method for the right business outcome. For example, we already have customers who are experimenting with a combination of local, on-prem, and cloud hosting by using rich clients on which the operating system resides locally, applications are provided on-prem through application virtualization, and data is accessible in the cloud via many different cloud services. Transition:These customers are enjoying flexibility to choose what is right for their business. This flexibility can be good, but without proper management it can be evil. Historically, customers have had to make a tradeoff between flexibility and control. This has caused some of our customers to throw up their hands and give up on flexibility entirely as they saw complexity increase and costs skyrocket.But in doing this these customers are essentially wasting the productivity potential of the most expensive and valuable asset they have, which is their people. But the truth of the modern desktop is that you no longer have to make the tradeoff between flexibility and control. You can have the flexibility end users need to be productive and the control IT pros need to protect the business – you can make people productive while managing risk. And to get to that level of balance, you must be able to manage the parts of your computing stack across the range of locations you intend to deploy, whether local, on-prem, or in the cloud. 
  4. Segment End Users in 4 Simple StepsEssential points to land:Use a matrix to visualize your usersX-axis is about mobilityY-axis is about autonomy over applications and data on the PCStoryline:Step 1The first step in segmenting end users is to consider the level of mobility and connectivity the user has. At one end of the spectrum are users who are always connected to the corporate network and are always at a desk or workspace. On the other end are users that are highly mobile, working both online and offline, or sometimes in places that have low bandwidth.  Step 2 The second step is to consider the level of autonomy the user has over applications and data on his or her PC. It’s important to realize here that we’re not talking about job autonomy, but rather autonomy over their computer environment. For example, a doctor has a great deal of job autonomy – he can write a treatment plan and prescribe medications – but he has very little autonomy over his computer environment: he cannot simply uninstall the patient records database or delete patient data. So for the purpose of this segmentation, the doctor would fall on the low end of the autonomy spectrum. Step 3 Now that the basic matrix is set up, you can begin placing user types. The most demanding type, with high mobility and high autonomy, is the mobile worker. This is the worker who is often disconnected from the corporate network due to travel, working from home, or working in locations with limited bandwidth. Often these are highly influential users in the organization, such as senior executives, or employees that are very influential for the company’s bottom line – like field sales representatives. At the other end of the spectrum are users who are always connected to the network and have very little autonomy over their computing environment. We call this worker the Task Worker, and bank tellers and call center associates fall into this category. Task workers often work with server-based applications, such as those delivered through Terminal Services (now RDS) or the Web. The Task Worker has very little need to install applications or manipulate locally-stored data.  The category just to the right of the Task Worker is the Deskless Worker, who is highly mobile, but has little need for control over applications and data. This type of worker is often the retail associate, such as a clerk, a nurse who might move from patient room to patient room, or a manufacturing floor manager. These types of workers are good candidates for Web applications. The fourth group is probably the most familiar. These are the Office Workers, who are always connected yet require a high level of autonomy and control over their computing environment. Office workers need the flexibility to install applications and work with many data sources. However, this group is very broad, and they aren’t all best served by the same desktop infrastructure.
  5. The Windows Optimized DesktopEssential points to land:We have a broad range ofrobustsolutionsWe have experience in the enterprise spaceWe have a vision for desktop optimizationStoryline:The Windows Optimized Desktop value proposition becomes crystal clear when considering our range of options and robust possibilities: Microsoft has the best solutions for desktop to datacenter management across physical and virtual targets. Microsoft is unique among vendors for the ability to provide comprehensive management across physical and virtual, datacenter to desktop from a single console. The Windows Optimized Desktop makes it easy to connect your desktop strategy with your overall strategy for managing core infrastructure.  At the base level is client infrastructure, including Windows 7, Internet Explorer, and MDOP. Windows Server infrastructure supports client features like branch cache and direct access and, through Hyper-V, supports VDI environments. This is all tied together with the desktop-to-datacenter and physical-virtual management tools of System Center and security of Forefront for your clients and your servers. Management tools like System Center and MDOP provide the security, access, and application optimization that are important to keep IT costs in check across locally deployed systems, systems and apps that are hosted on-prem in your data center.We’re even extending management into the cloud with solutions like System Center Online desktop manager. Microsoft can help you deliver the right desktop to the right person and drive desktop delivery, access, and maintenance with the tools in the Windows Optimized Desktop.Transition:We all know that in today’s world, one size does not fit all users: Mobile and Office workers have different needs than contractors or task workers. The Windows Optimized Desktop is Microsoft’s vision for what desktop computing should be: it gives end users the flexibility they need to be productive anywhere, while providing IT the control they need to manage risk and keep costs in line. The Windows Optimized Desktop is the modern enterprise desktop experience for end users and IT administrators alike. (Introduce Vignettes as needed)
  6. Configuration Manager 2012 has an entirely new approach to application delivery – one that is optimized for the end user. The administrator defines the application once and targets it to a user or group. Configuration Manager ensures that it delivers the optimal experience for that user (or those individual users in that group) by evaluating the user’s device type and network connection capabilities. So whether they are using a laptop, VDI session, or iPad – or all of those – we’ll deliver the app to that user with the best experience on each device.The reason that this is possible is that Configuration Manager 2012 has a new application model that allows the deployment of software based on the nature of the relationship between the user and device– of “User Device Affinity.” Administrators are able to assign relationships between users and devices – and whether they are “primary” devices used primarily for corporate functions, or “Non-primary Devices” that may be personal or public devices. By understanding the relations between the user and device, you can establish rules for how applications should be treated on various devices to ensure that corporate assets are kept secure. For example: It can only install the MSI version of Microsoft Visio if the device is a primary device like a corporate laptop of the targeted user, otherwise don’t install. Another example is that you can install the MSI or App-V version of Microsoft Office when the device is a primary device of the user targeted, and install the Citrix XenApp version if the device is not a primary device. For public devices – like a Kiosk – it could prohibit access to the application entirely. This ability to define user and device relationships also enables you to pre-deploy software. Pre-deployment allows software to be installedon a user’s primary devices whether or not the user is logged in. So the IT admins are able to provide the best application experience for the user which is optimized for the specific device type.
  7. Configuration Manager 2012 is aimed right at the center of these challenges around device proliferation and user productivity, but in a way that seeks to enable the flexible workstyles demanded by users – empowering them be productive anywhere, on any device rather than seeking to “limit” or “lockdown” access. Configuration Manager 2012 provides IT a lean, unified infrastructure to deliver these new capabilities and workloads for client management, virtualization, and security. The solution puts IT in control of costs and compliance, providing an evolutionary path to new capabilities that leverage existing, people, processes, and technologies. Configuration Manager reduces the cost and complexity of IT compliance by delivering visibility, discovery, and enhanced, IT-definable remediation capabilities. It’s all designed to help IT simply and efficiently deliver a user-centric approach to client management. And because it is built by Microsoft engineers who have exceptional knowledge of Windows, Configuration Manager delivers tight interoperability with Windows, for more effective and efficient user management and security.
  8. Microsoft offers many tools to migrate to Windows 7.Assess hardware, applications and plan for new features or services you wantPrepare applications, infrastructure and images for deployment and migrate usersExpand functionality coverage, transition applications, manage the desktop environmentKey Message: An overview of the Application Compatibility Tool and the ACM. The following is detailed info regarding the usage, options, and new features within the ACT and ACM.The Application Compatibility Manager (ACM) is a tool that enables you to configure, to collect, and to analyze your data, so that you can fix any issues prior to deploying a new operating system in your organization. When you configure the ACT using it’s wizard, the ACM automatically starts. Detailed info on ACM can be referenced at http://technet.microsoft.com/en-us/library/cc766464.aspx.You can use the ACT features to:Verify your application&apos;s, device&apos;s, and computer&apos;s compatibility with a new version of the Windows operating system, including determining your risk assessmentVerify a Windows update&apos;s compatibility, including determining your risk assessmentBecome involved in the ACT Community, including sharing your risk assessment with other ACT usersUse the provided developer and test tools to test your Web applications and Web sites for compatibility with new releases and security updates to Internet Explorer®, to determine potential compatibility issues due to the User Account Control (UAC) feature, to create compatibility fixes for your application compatibility issues, and to determine any potential application installation and setup issuesWhat’s New in ACT 5.5:Updated issue detection and supported operating systemsIntegration of data from the Windows Vista Compatibility CenterAbility to audit your application data and to selectively synchronize your applications with MicrosoftUpdated documentation for the Windows compatibility fixesAbility to customize your Quick Reports viewAbility to label your individual data-collection packagesRemoval of the Internet ExplorerCompatibility Evaluator (IECE)Ability to participate in the Customer Experience ProgramCompatibility EvaluatorsThe Application Compatibility Toolkit (ACT) includes several compatibility evaluators that can be deployed as part of a data-collection package to collect information from your client computers including:Inventory CollectorUser Account Control Compatibility Evaluator (UACCE)Windows Compatibility Evaluator (WCE)Update Compatibility Evaluator (UCE)Detailed info on each of these can be found at…http://technet.microsoft.com/en-us/library/dd638366.aspxTiming: Prepare for this discussion using the info above. This is a full-featured, in-depth tool and timing can run long unless an abbreviated subset of data is discussed. If the audience is particularly interested in this topic there is a large amount of info here, however a complete breakdown of the toolkit can be found at… *http://technet.microsoft.com/en-us/library/cc722055.aspx
  9. Speech:So now that we are introduced to the different processes that make up the managed desktop solution, who is responsible for governing these processes? Here is a sample governance model that can be adapted to your enterprise:Hardware Council- Responsible for testing and certifying new hardware against the enterprise image.- Standardizes hardware purchases to limit the number of models and optimize purchasing power of the entire company.Image Build TeamBuilds and maintains the master image(s) for the enterpriseInteracts with other teams to define the applications, security and configurations in the master imageConfiguration Control Board- Tracks, reviews, and approves all required changes to the enterprise desktop and deployment mechanism including updating existing systems in the enterpriseApplication Compatibility TeamAbility to identify, test and help to troubleshoot most issues with Application Compatibility on the managed desktopApplication OwnersSMEs with ownership of individual applicationsResponsible for testing application packages against the enterprise image and deployment mechanismSecurity Operations TeamManages review and approvals of changes that affect desktop securityHelp Desk Managed Desktop Support- Supports the desktop and deployment processSecurity Desktop Monitoring TeamIdentify trend lines when systems are straying from the desired configurationPackaging TeamCreates packages and sequenced applications based on information from application ownersRole OwnersResponsible for assigning, certifying and licensing the group of applications assigned to a specific role in the enterpriseWork closely with Application owners and Software distribution teamTypically embedded in the Business Group they serveEnterprise Role OwnerResponsible for testing, certifying and licensing the group of applications assigned to all users in the enterpriseWork closely with Application owners and Software distribution teamTypically part of the Image Build TeamDesktop Group Policy AdministratorsDistribute security and other group policies that will affect the desktopDesktop Operations TeamResponsible for user data, file and print access and backupsNetwork Operations TeamResponsible for approving maintenance windows for software distribution and os deploymentResponsible for ensuring the network can handle the load and protocols neededActive Directory AdministratorsResponsible for maintaining computer accounts in AD for existing and new machinesSoftware Distribution Team- Responsible for distribution of software and dependencies to machines during desktop deployment and to existing machines
  10. Notes:Speech:The deployment approach is often one of the most important decisions in the Deployment Solution design. There are several technologies that can be used to make a deployment solution and choosing the right mix of them is considered the deployment Approach. These technologies include:System Center Configuration Manager 2007 SP2 or ConfigMgr for short is part of the System Center family of software that provides operating system deployment along with software distribution technology in conjunction with lifecycle for each of the components.Microsoft Deployment Toolkit 2010 (MDT) - Microsoft Deployment Toolkit 2010 (MDT 2010) provides a common console with the comprehensive tools and guidance needed to efficiently manage deployment of Windows 7 and Windows Server 2008 R2. Microsoft Deployment Toolkit 2010 is the recommended process and toolset to automate desktop and server deployment. Microsoft Deployment Toolkit 2010 provides detailed guidance and job aids for every organizational role involved with large-scale deployment projectsWindows Server 2008 R2 includes various improvements to help deployments:WDSWindows Deployment Services has been updated to support Windows 7 unattended installations. WDS now includes the ability to be able to dynamically deploy drivers as part of the unattended install using driver groups. This allows for fewer and more streamlined images to automatically detect the drivers or driver groups needed to download during a deployment.The multicast capabilities of WDS have also been improved to support Multiple Stream transfers.BranchCacheBranchCache is the solution in Windows 7 to minimize traffic across a slow WAN link from a data center to a branch office. It is implemented in two ways: Distributed where authorized clients request data from peers in the Branch and Centralized where authorized clients can request data from a hosted cache server locally in the Branch. In both scenarios, clients can only retrieve files they are authorized by the remote server to have access to. The BranchCache protocol is used by HTTP, SSL, SMB and BITS traffic with transparency to overlayed applications. BranchCache is a great way to distribution components of the desktop to peers within a branch without invoking the WAN link.
  11. Notes:Speech:Lite Touch Installation (LTI): LTI primarily involves the use of components and scripts in the Microsoft Deployment Toolkit (MDT) hosted on a deployment share. A script-based engine is used to run a task sequence to perform the deployment based on profiles stored in the MDT database or customized settings in an INI file. LTI deployments require minimal infrastructure to operate. Operating systems can be deployed over a network using a shared folder or locally using removable storage such as a CD, DVD, or USB flash drive (UFD). The deployment process can be initiated manually or automatically. LTI settings are configured using the MDT Deployment Workbench and further dynamic customization can be made for the specific environment. The configuration settings for each individual computer can be provided manually during the deployment process or via the MDT database.
  12. Notes:Speech:OSD: ConfigMgr innately contains a collection of features for image deployment called Operating System Deployment. These tools can be used without any other products to perform image deployment but are more commonly used in conjunction with MDT in the ZTI approach.
  13. Notes:Speech:WDS - Since Windows Server 2003 up until now with Windows Server 2008 R2 Windows Deployment Services (WDS) can be used in a standalone capacity to deploy operating systems and contains new features such as Dynamic Driver Provisioning and Allows machines being deployed through the WDS Client to get only the drivers they need as well as multicast abilities. The WDS scenario is commonly used in conjunction with LTI and ZTI solutions to provide PXE boot but rarely used in standalone mode.
  14. Notes:Speech:Zero Touch Installation (ZTI): ZTI uses desktop components and MDT scripts stored in Microsoft® System Center Configuration Manager 2007 (Configuration Manager) Packages. Configuration Manager ® policy advertises Task Sequences that deploy these packages based on profiles stored in the MDT database. Packages are deployed from Configuration Manager distribution points and thus ZTI deployments require a Microsoft System Center Configuration Manager 2007 (Configuration Manager) infrastructure. The ZTI deployment process is always initiated automatically. In a ZTI deployment, all configuration settings must be provided for each target computer being deployed. By definition, there is no manual configuration in ZTI deployment. As a result, customizing a ZTI deployment usually requires more effort than customizing a, LTI deployment, but can take advantage of greater automation.
  15. Outside of empowering users in this new world of device proliferation, we also invested heaving in ConfigMgr 2012’s ability to unify infrastructure in a way that helps IT reduce costs and improve efficiencies. In this section, we’ll talk about the new architecture that reduces infrastructure of the ConfigMgr deployment itself, integrated management of virtual clients, and end-to-end client security that covers AV, updates and compliance. We’ll finish up with power management and our updated approach to internet-based client management.
  16. Microsoft has been in the client management business for 15 years, and in that time the market has evolved dramatically. We have evolved our product line to meet the new challenges that IT departments face along the way. The last big innovation was Windows Intune in response to the cloud -- allowing us to simplify management and security without the burden of the infrastructure. And now -- to address the challenges of the consumerization of IT – we are introducing Configuration Manager 2012.
  17. First, in the 2012 release, we made a major investment to modernize the Configuration Manager architecture. You will see immediately that the Configuration Manager hierarchy is flatter than the earlier versions. This allows you to minimize infrastructure for remote offices, consolidate infrastructure for primary sites, and improve scalability. Let’s look at each of these:Minimize infrastructure for remote officesThe biggest change is that you no longer need a primary site for each remote office. Secondary sites – which can be a multipurpose server or even a user laptop – can server as the distribution point for content routing. In addition: All things like Branch distribution point, PXE service point and distribution point can now be combined in one distribution point. Distribution points can now be installed on both server and Client operating systems.Consolidating infrastructure for primary sitesNot only do you no longer need a primary site for each remote location, you no longer need to rely on separate primary sites for scale, redundancy or fault tolerance, or for geo political reasons. That means that depending on your particular environment, there could be drastic reduction in number of servers you need for primary sites. The new Central Administration Site role is used for all administration and reporting – offloading these functions from primary sites, and eliminating scale concerns. New role-based administration feature means that you no longer need a primary site for decentralized administration.Ability to create client settings at the hierarchy level – with exceptions – means you don’t need separate primary sites for servers and desktops.Multiple language packs can now be installed on primary sites, so no need for separate primary site for different language support And, as mentioned above, content distribution to remote sites is more efficient, so no longer need 3rd or 4th tier primary site for content routing – secondary sites or distribution points can be used instead. Scalability and Data Latency ImprovementsAs mentioned, the Central Administration Site is just for administration and reporting.Other work is now distributed to the primary sites as much as possible. File processing occurs once at the Primary Site and uses replication to reach other sites (no more reprocessing at each site in the hierarchy)System-generated data (HW Inventory and Status) can be configured to flow to the CAS directlyIn terms of content distribution, there are additional scalability and data improvements: PXE service point will be more scalable than the earlier version of 75 points per site and it will support multicast option.In the past you might have a secondary site with no proxy management point but a distribution point on it. Now you can get rid of that secondary site and use the distribution point to throttle and schedule content. Distribution Point grouping is also improved - you can now manage distribution to individual DPs or groups of distribution points. Content can be automatically managed based on group membership.  
  18. You will also see some enhancements in Operating System Deployments in ConfigMgr 2012. There are a few areas to highlight here:Offline servicing of images or Component-based servicing like Windows OS updates – if they are already approved,we now have the ability to deploy those updates against the images in the library offline. So as soon as the updates are available on a Patch Tuesday, these images are also made up to date.We also have improved the boot media environment- you don’t have to be site specific, boot media can be defined at a hierarchy level. This will simplify the management of your boot media – no matter where the boot media connects from, it will be able to find the right management point and right operating system images.The other area is to enable pre-execution hooks to automatically select a task sequence. This helps in that the end user doesn’t have to choose from a menu – you can automate the selection.For USMT 4.0 simplification, features like shadow copy andhardlinking are supported. The command line parameters that USMT 4.0 scans are integrated in the console so it minimizes the syntax errors for the administrators.[Graphic description]: For OS Deployment – Task Sequence:Admin creates OS image and boot image and replicates to DP.Admin creates Task Sequence and advertises to collection containing client. Client retrieves Task Sequence from MP and executes it. Client retrieves book image and OS image references in Task SequenceClient sends status as Task Sequence executes. PXE Boot (bare metal)1. Admin advertises task sequence to collection containing new computer2. New computer PXE boots3. ConfigMgr provider in WDS looks for computer in ConfigMgr database (NOTE: WDS PXE Server hosts multiple providers. ConfigMgr puts its provider first in the list)4. WDS Server downloads WinPE to new computer5. ConfigMgr code in WinPE contacts MP to get task sequence that was advertised.
  19. Outside of the infrastructure improvements, we’ve also improved the ability for ConfigMgr2012 to unify physical and virtual management. When we talk about user centric application delivery, we have to recognize that the virtual client experience is becoming more prevalent. This makes sense, as Desktop Virtualization is one of the key technologies that enables organizations to accommodate all the new user devices in the enterprise. We work with App-V and Citrix XenAppto deliver user-centric applications across multiple platforms. We have also made improvements in Citrix XenDesktop and Microsoft Remote Desktop Services interoperability that allow us to do a better job of managing VDI environments, including: Recognizes pooled and personal virtual desktops and applies policies appropriately- Pooled desktops can be excluded from tasks- Pooled desktops uniqueness is maintained so that no obsolete records are generated.We also provide protection against VDI storms- for example you can randomize updates and scans within the virtual environment so that all VMs don’t start the update process at the same time and create resource contention. Randomized tasks include:Hardware and software inventory scanningSoftware update scanning, download and installation
  20. In addition to the infrastructure consolidation we’ve already discussed around primary sites and virtual and physical management, we also have consolidated client management and security in one infrastructure. This is a core differentiator of our approach, since most companies continue to take the traditional security and management structure of two different teams- one managing desktops and the other managing security for these desktops. But this traditional approach brings with it two major issues:The security admins are frequently bogged down with the day-to-day operations of maintaining security and don’t have time to focus on the upcoming security strategies. Operational costs are high because of two different infrastructures for client management and security.By operationalizing desktop security- i.e. combining desktop management and security in one infrastructure –Microsoft has given organizations a powerful tool for improving security while also driving efficiency. System Center 2012 Endpoint Protection- which was previously known as Forefront Endpoint Protection-- is built directly on Configuration Manager 2012,consolidating the infrastructure. It also provides better protection since security policies and compliance visibility arenow in the same desktop management console. It frees up the security admins from day-to-day tasks like updating antivirus definitions – these can now be managed by the desktop admins using their existing update processes – allowingsecurity admins can focus on end-to-end security strategies.The tight integration of these two products starts at the setup,which is 100% unified. Once endpoint protection is enabled, the Configuration Manager console provides monitoring and reporting,as well as policy administration capabilities for client security. Your enterprise can utilize the existing infrastructure to centrally manage endpoint security now.
  21. Another simplification we have made with Configuration Manager 2012 is in the area of Software Updates. In ConfigMgr 2007, updatingwas built on WSUS and we had a role called Software Update Point. This gave the ability to define and roll out software updates, but there was a heavy administrative workflow to get patches approved and deployed.In ConfigMgr 2012, auto deployment rules (ADR) simplify the update deployment process. For example, ADR will help you define and automate endpoint protection definition updates in the ConfigMgr console. System Center Endpoint Protection definition updates are provided 3 times a day- and with ADR, you no longer have to manually approve these update.We also have something called state-based update groups,where we can deploy updates in groups. You can think of things like Internet Explorer or laptop security as a type of group. Relevant updates can be added to these groups automatically,and they deploy to the collections targeted in those groups. So it is almost likepre-specifyinga template for the update process. Updates are also optimized with new content model to reduce replication and storage. Expired updates and content are deleted.
  22. Remediation is an extremely important function of end-to-end client security, and we’ve added significant new functionality in ConfigMgr2012. In ConfigMgr 2007 we had what was called Desired Configuration Management.That feature has been improved upon and is now called settings management. With setting management, you can define compliance baselines across servers and clients – either manually or using pre-built baselines with tools like the IT GRC solution accelerator – and ConfigMgr will report on configuration drifts. But the big change is that now ConfigMgrwill also be able to automatically remediate the settings to bring the client back into compliance. If you don’t want to auto-remediate, you can kick off an alert to a service management console. Additional improvements to settings management include the ability to copy settings and richer reporting.
  23. The final infrastructure improvement that we’ve made in ConfigMgr 2012 is around Internet-based client management. The scenario where you have an employee working from home – and a ConfigMgr admin wants to service that employee’s machine – that was a relatively complex process with ConfigMgr2007. You had to have certificate authority infrastructure for it to work. We’ve changed this so that you can use HTTP or HTTPS and simplified PKI infrastructure to set this up to manage Internet-facing clients. With ConfigMgr 2012, you do not need site signing certificates at the primary site. We have gone to the model of securing endpoints – i.e. Communication between roles and client. We have certificates at role and client – instead of site wide setting of native or mixed mode, now, we can configure individual roles to communicate via HTTP or HTTPS. In the above diagram, when the client machine is in the Internet, it looks to connect with MP and DP that are PKI-enabled. When this client moves to Intranet, the client is intelligent enough to analyze that no PKI MP and DP are available and will connect over HTTP. However, if PR1 had another MP on the intranet, with PKI, then this client will first communicate via PKI enabled MP. So the client will always look for the most secure communication option first. Clients are also always managed when they move between internet and intranet – in our previous version, we would always look for native mode, hence when client moved to Intranet (in the above diagram), they would go to Internet MP and DP to be managed or not be managed at all. Now this is no longer the case – when the client comes to the Intranet, it will still be managed.This release offers tighter security by providing administrators the ability to allow enterprise issued certificates for client communication We have now also increased trust from just Enterprise certificates to also include CA list.
  24. Our goal with ConfigMgr 2012 was to make day-to-day operations easier for administrators. Configuration Manager 2012 has a new, redesigned administration interface. It is a modern application and not an MMC-based application like in the past. The user interface has improvements all around- for example, admins can now perform global searches and the organization of objects is more efficient enabling the administrators to get all the relevant data quickly.
  25. Configuration Manager 2012 also introduces role-based administration. It uses role-based administration to secure objects such as collections,deployments, and sites. It allows IT to organize tasks by business roles and ensures that only the relevant features are visible to any given role.This administration model centrally defines and manages hierarchy-wide access for all sites. Security roles group typical administrative tasks that are assigned to admin users. While security scopes group the permissions that are applied to object instances. Combination of security roles, scope and collections define what an administrator can view and manage.
  26. ConfigMgr2012 includes improvements that will make it much easier for administrators to monitor client health. In the admin interface, you can now get information on policy requests, heartbeat (discovery data records) information, status messages- something similar to System Center Operations Manager. We also have improved client side monitoring and remediation. There are 21 different rule checks that can be done on the client including WMI, ConfigMgr client health, antimalware service etc. The client health is seen as a live data in the console – you don’t need to run summarization of the data anymore. And you can define in-console alerts for your own customized thresholds for acceptable client health parameters.
  27. The Proof of Concept Jumpstart is designed to assist an organization in implementing a Proof of Concept solution for deploying in a test environment to a limited number of clients. The Proof of Concept deploys Windows 7, Microsoft Office 2010, APP-V, and Internet Explorer (IE) 8 in a test environment and represents the leading desktop technologies, best practices, user testing, and architectures.The Proof of Concept Jumpstart Solution from &lt;Partner Name&gt; consists of a set of repeatable services using a structured delivery framework. These deliverables and activities include:Optimized desktop value overview and review of an economic justification report based on your environment. A series of workshops and demonstrations, including: Solution Definitions workshop covering Windows 7, Internet Explorer 8, and Office 2010Application VirtualizationOffice deployment Image deploymentImage creation Application compatibility Environment and hardware assessment of 5 machines, and file remediation on a maximum of 10 documents. Lab set-up, with demonstration of tools, including the following: Microsoft Deployment ToolkitSystem Center Configuration ManagerApplication Compatibility Toolkit (ACT)Microsoft Assessment and Planning (MAP) ToolkitOffice Migration Planning Manager (OMPM)Office Environment Assessment Tool (OEAT)Generate assessment reports, review, and conduct rationalization for a selection of the applications within the assessed sample. Demonstrate and discuss remediation techniques. Create one image based on feedback collected within the workshops, using Microsoft Office 2010. You will have the option to include an Application Virtualization virtualized Office (pre-sequenced). Demonstrate user-state migration techniques. Deploy the image in the lab environment.Testing demonstrations focusing on validating the image and review of optimized desktop features. IT professional solution overview, including training resources available for optimized desktop features. Engagement closeout and Optimized Desktop proposal.