Situation
The business of Microsoft IT is changing.
Challenged by the growing number of
computers and mobile devices
connecting to the corporate network,
requests for more end-user control over
employees' managed systems, and the
need to consolidate infrastructure,
Microsoft IT needed to rethink client
management services.
Solution
Using Microsoft System Center 2012
Configuration Manager, Microsoft IT
designed a new client environment that
provides user-centric services, reports
on mobile devices, integrates health
monitoring, and streamlines the client
management infrastructure.
Benefits
 Cost savings: Microsoft IT
anticipates saving approximately
U.S.$500,000 in the next two years
due to a consolidation of servers and
reduced costs for support, backup,
custom tool development, and
updates.
 Empowered end users: Microsoft IT
uses the Configuration Manager
Application Catalog (the catalog
website) and Software Center (the
local utility) to offer users an
unprecedented level of control over
how and when their software
installations occur.
 Automatic client health monitoring:
Using the Configuration Manager
Health Evaluation feature, Microsoft IT
has a robust reporting environment
that not only enables them to monitor
client health but also allows the client
to proactively repair itself when it is
not healthy.
 Improved system efficiency: The
redesigned client management
environment has consolidated the
number of physical servers while
ensuring that client systems always
take the shortest path to the closest
server.
Products and Technologies
 Microsoft System Center 2012
Configuration Manager
 Microsoft SQL Server 2008 R2
How Microsoft IT Deployed System
Center 2012 Configuration Manager
Published: April 2012
The following content may no longer reflect Microsoft’s current position or infrastructure. This
content should be viewed as reference documentation only, to inform IT business decisions
within your own company or organization.
Read about the approach that Microsoft IT took to implement Microsoft
System Center 2012 Configuration Manager in its client management
environment. This paper discusses how the consumerization of IT led
Microsoft IT to rethink its client management services, the
implementation of a new client management infrastructure, lessons
learned from the deployment, and the benefits that Microsoft IT
obtained by deploying Configuration Manager to more than 280,000
systems across the globe.
Situation
The consumerization of IT is affecting how the Microsoft Information Technology department
(Microsoft IT) thinks about client management. As the group responsible for maintaining the
Microsoft corporate network and infrastructure, Microsoft IT is tasked with managing the
more than 280,000 computers and reporting on the 125,000 mobile devices that connect to
the network. Microsoft IT needed to enhance its client management environment in order to
better support the ever-increasing numbers of systems connecting to the network, and to
accommodate employees' requests for more control over their managed systems.
Microsoft IT had been using Microsoft System Center Configuration Manager 2007 to ensure
that managed systems comply with corporate policies and required configuration states. As
the numbers of connected systems increased throughout the company's regional domains,
Microsoft IT added servers on an as-needed basis to support the additional load. Microsoft IT
would also perform in-place updates as Configuration Manager 2007 evolved. However,
each update utilized the same underlying architectural model. Microsoft IT wanted to
redesign its infrastructure to reduce the number of physical servers and secondary sites, and
improve performance by reallocating resources according to client load.
With so many systems in the environment, maintaining the health of the Configuration
Manager 2007 clients became a daunting task. Microsoft IT depended on custom scripts to
monitor and remediate certain aspects of a client in order to keep it healthy. Not only did the
scripts require continual maintenance due to code revisions and updates to support the
functions, but they also lengthened users' system logon times.
Finally, Microsoft IT needed to evolve its application distribution services to meet the selfservice needs of Microsoft personnel. In the company's Configuration Manager 2007–based
environment, Microsoft IT used a custom packaging tool to deploy applications through
Configuration Manager 2007. Turnaround time for a complex package could require 7 to 10
days and the input of several IT personnel. Microsoft IT also had to maintain a separate
Configuration Manager 2007 site to ensure that production setup was completely isolated
from testing efforts.
Solution
As the company’s first and best customer, Microsoft IT regularly adopts early releases of
Microsoft technologies, tests them in a real-world environment, and provides critical feedback
to improve products before they are generally available to the public. When the System
Center product team began developing the next generation of Configuration Manager,
Microsoft IT worked closely with the team to meet IT goals and to help ensure that System
Center 2012 Configuration Manager could provide an end-to-end IT management
experience.
Implementation
The following sections describe the process that Microsoft IT undertook to implement System
Center 2012 Configuration Manager throughout the company’s client environment. The
overall approach that Microsoft IT used for this large-scale process was based on the
Microsoft Operations Framework, which provides guidelines for everyday IT practices and
activities.
As shown in Figure 1, Microsoft IT divided the System Center 2012 Configuration Manager
implementation process into four main phases: Envision, Plan, Test, and Deploy. Each of
these phases is described in more detail below.
Envision
Plan
Test
Deploy
Figure 1. The four implementation phases that Microsoft IT followed to implement
System Center 2012 Configuration Manager
Envision Phase
In this first phase, Microsoft IT scoped the project and clarified its vision for implementing
System Center 2012 Configuration Manager. Microsoft IT had three primary objectives that it
wanted to achieve by upgrading the system management environment to System Center
2012 Configuration Manager:

Embrace user-centric management. System Center 2012 Configuration Manager
brings a variety of user-centric initiatives that Microsoft IT wanted to offer employees.
Note: A Microsoft IT Showcase paper that discusses Microsoft IT's adoption of usercentric client management is available at http://technet.microsoft.com/enus/library/hh925141.aspx.

Consolidate and minimize infrastructure. By adopting System Center 2012
Configuration Manager, Microsoft IT could consolidate its Configuration Manager 2007based infrastructure and reduce overall complexity.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 2

Improve product quality. Microsoft IT wanted to validate its enterprise-scale
deployment and ensure that the release version of System Center 2012 Configuration
Manager was based on real-life results.
Current IT Infrastructure at Microsoft
To illustrate Microsoft IT's approach toward adopting System Center 2012 Configuration
Manager, this section provides a high-level summary of some of the key aspects of the
company's IT infrastructure. Readers can compare the numbers of users, machines,
distribution of systems, and network connections to their own infrastructure as a starting point
when determining the scope and scale of their own System Center 2012 Configuration
Manager deployment.
As shown in Figure 2, the Microsoft infrastructure (at the time of publishing this paper)
includes approximately 180,000 users and 280,000 computers in multiple regions around the
world. Microsoft focuses on a centralized administration model for most managed systems,
so all deployment and reporting are performed from a central site. The largest site at
Redmond contains approximately 120,000 systems. Other large regional sites hold
approximately 15,000 clients each, and the smallest site contains fewer than 50 clients.
Network performance varies by link. The fastest connections support 2.5 gigabytes per
second, whereas the slowest link supports 2 megabytes per second.
Figure 2. Microsoft IT infrastructure as of April 2012
Determining Which Configuration Manager Features to Use
Another task in the Envision phase was to review the complete set of Configuration Manager
2007 features and the additional new features available in System Center 2012 Configuration
Manager. The key existing desktop management features that Microsoft IT had been using
and planned to continue with the new System Center 2012 Configuration Manager–based
environment included:

Hardware and software asset reporting

Software deployment and update management
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 3

Operating system deployment

Microsoft Application virtualization (App-V) deployment

Malware protection

Power management
Microsoft IT also determined they would implement the following Configuration Manager
features – some of which were new in System Center 2012 Configuration Manager, some
were expanded feature sets, and others were existing features that Microsoft IT wanted to
implement as part of the new deployment:

Mobile device management

User-centric management

Auto deployment rules for updates

Alerts and reporting

Role-based administration (RBA)

Settings management
Note: For more information about the features available in System Center 2012
Configuration Manager, see http://technet.microsoft.com/en-us/library/gg699359.aspx.
Envisioning was straightforward for most of the new features. Microsoft IT's user-centric
management strategy is described in detail in the Microsoft IT Showcase paper at
http://technet.microsoft.com/en-us/library/hh925141.aspx. Microsoft IT's mobile device
management and endpoint protection implementation strategies are discussed below.
Defining a Mobile Device Management Implementation Strategy
In the Configuration Manager 2007-based environment, Microsoft IT did not report on mobile
devices using Configuration Manager. However, in System Center 2012 Configuration
Manager, the new mobile device management feature called Exchange Server connector
gives Microsoft IT the ability to report on mobile devices such as Windows Phones, Androidbased devices, and iPhones that connect to Microsoft Exchange Server by using Exchange
ActiveSync technology.
Microsoft IT wanted to implement the new Configuration Manager–based mobile device
management strategy in order to identify the different mobile devices that connect to the
corporate network. Using Configuration Manager, Microsoft IT could determine the type of
each connected device and its owner.
Note: For more information about Microsoft IT's Exchange Server Connector implementation,
see http://blogs.technet.com/b/system_center_in_action/archive/2011/09/02/configurationmanager-2012-exchange-connector-implementation-in-microsoft-it.aspx.
Defining an Endpoint Protection Implementation Strategy
Microsoft IT wanted to replace Microsoft Forefront Endpoint Protection with the new System
Center 2012 Endpoint Protection solution that is integrated in System Center 2012
Configuration Manager. Because of this integration, Microsoft IT did not need to define a
separate implementation strategy for the Configuration Manager servers. All that was
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 4
required was some configuration on the servers to begin deployment of the client component
to targeted machines in the hierarchy.
For the client strategy, the Endpoint Protection bits are automatically copied during the
Configuration Manager client installation. The Endpoint Protection client then installs after the
Configuration Manager client receives policies for installation.
Plan Phase
In the Plan phase, Microsoft IT determined the functional requirements for its System Center
2012 Configuration Manager system architecture and developed server and client migration
plans.
Architectural Review and Redesign
Recognizing that System Center 2012 Configuration Manager cannot be installed as an
upgrade on top of Configuration Manager 2007, Microsoft IT decided to take the time to
carefully review its existing Configuration Manager 2007 infrastructure.
A high-level view of Microsoft IT's Configuration Manager 2007–based infrastructure is
shown in Figure 3.
Figure 3. Microsoft IT's old Configuration Manager 2007–based infrastructure
Microsoft IT took a bottom-up approach to its new architectural plan. Microsoft IT performed
a detailed analysis of its worldwide Configuration Manager infrastructure and network loads
to identify places where it could improve efficiency, consolidate hardware, and reduce
complexity. Some of the key factors reviewed included:

Size of site (in terms of number of clients)

Speed of networks connecting a location to the nearest regional office or data
center

Numbers of servers at each site (both physical and virtual)

Mapping of Active Directory sites to Configuration Manager boundaries
Microsoft IT collated all this data into a single data set. After reviewing the information,
several sites were identified as having an imbalance in the number of servers to clients. In
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 5
some places, the number of clients did not merit a stand-alone server; other locations had no
server, but the number of clients merited one.
Microsoft IT used the results of its architectural review to design a new topology that best
uses System Center 2012 Configuration Manager features and optimizes network bandwidth
across the globe. This new infrastructure is illustrated in Figure 4.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 6
Figure 4. Microsoft IT's new infrastructure based on
System Center 2012 Configuration Manager
The most significant changes between the old and new architectures include:

Co-location of the Central Administration Site (CAS) SQL Server and CAS
provider on a single server, replacing the two separate servers in
Configuration Manager 2007

Removal of the stand-alone Limited Services (Patching) site, with the help of
RBA and collection-level client settings

Splitting the large Redmond site into two smaller sites to bring the primary
site into compliance with the supported number of clients

Reduction of secondary sites because many locations that had secondary
sites in Configuration Manager 2007 for throttling bandwidth can be replaced
with Configuration Manager distribution points (DPs), which have the ability
to throttle bandwidth

Aligning of secondary sites with the network layout

Replacing the network load balancing solutions for management points
(MPs) used in Configuration Manager 2007 with the System Center 2012
Configuration Manager MPLIST feature
Table 1 summarizes the hardware that Microsoft IT implemented in its new client
environment.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 7
Table 1. Hardware specifications for the new client environment
Configuration
Manager Roles
CAS Server
Memory
Processor Count
HP ProLiant
64 GB
2 sockets
Intel Xeon
12 cores
CPU L5640
24 threads
(Hyperthreading)
@ 2.26 GHz
SE326M1
Primary Site
Server
Processor
Type
Server Model
Virtual Machine
12 GB
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Management
Point
Virtual Machine
6 GB
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Software Update
Point
Virtual Machine
6 GB
4 cores
Intel Xeon
4 threads
CPU UE7450
@ 2.40 GHz
Distribution Point
Virtual Machine
4 GB
2 cores
Intel Xeon
2 threads
CPU UE7450
@ 2.40 GHz
SQL Server
>50,000 Clients
SQL Server
<50,000 Clients
HP ProLiant
64 GB
DL 580 G5
HP ProLiant
SE326M1
48 GB
4 sockets
Intel Xeon
16 cores
CPU E7330
16 threads
@ 2.40 GHz
2 sockets
Intel Xeon
8 cores
CPU L5520
16 threads
(Hyperthreading)
@ 2.26 GHz
Note: For more information about Microsoft IT's use of hardware in the new Configuration
Manager deployment, see the blog at
http://blogs.msdn.com/b/shitanshu/archive/2012/04/10/configuration-manager-2012hardware-configuration-used-in-microsoft-it.aspx.
Server and Client Migration Planning
Once Microsoft IT formalized its new architecture plan, the next milestone was to properly
plan for the phased migration of servers and clients from the legacy Configuration Manager
2007 environment to the new environment. The top priority was to deploy in a manner that
would minimize content replication while allowing for uninterrupted service during system
migration.
Microsoft IT's approach to migration was to focus initially on the Redmond domain and
migrate small groups of clients. Group Policy Objects (GPOs) in Active Directory were the
mechanism used to define the specific group flagged for migration, and exclusion filters were
used to prevent potential conflicts between the existing Configuration Manager 2007
environment and the new System Center 2012 Configuration Manager environment.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 8
Note: For more information about Microsoft IT's Configuration Manager client migration, see
http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx.
Microsoft IT designed some custom reports to monitor the prerelease server environment
and Configuration Manager data replication processes.
Note: Microsoft now offers a System Center Monitoring Pack for System Center 2012
Configuration Manager. For more information, see
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=29267.
Microsoft IT also developed pre-upgrade and post-upgrade checklists to help track the
migration progress and confirm that all critical processes were running as expected.
In terms of the mobile device implementation strategy, Microsoft IT wanted to implement
Exchange Server Connector with the appropriate rights to allow device information to be
discovered from Exchange Server computers across the corporate domains. Because most
mobile devices at Microsoft are owned by individuals, Microsoft IT limited the Exchange
Server Connector account to read-only access, which provides the desired inventory
reporting information.
Test Phase
During the Test phase, Microsoft IT built a virtual lab environment to validate the System
Center 2012 Configuration Manager implementation plan.
Building the Virtual Lab Environment
Microsoft IT configured a virtual lab environment for its proof-of-concept (POC) hierarchy.
The POC mirrored the existing Configuration Manager 2007 architecture, differing only in its
smaller scale. The components of the lab are displayed in Figure 5:
Figure 5. Virtual lab
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 9
In order for the virtual lab to accurately test the mobile implementation strategy, Microsoft IT
created two new connectors for Exchange Server Connector: one for the on-premises
Exchange Server Connector, and another for the cloud-based Exchange Server Connector.
Validating the Content Migration
To minimize client management downtime during Distribution Point and Secondary Site
migration, Microsoft IT tested two content migration strategies:

For validating migrating content from Configuration Manager 2007 to System Center
2012 Configuration Manager, Microsoft IT tested the System Center 2012
Configuration Manager migration feature to confirm it would move content
successfully and convert packages from the Configuration Manager 2007 format to
the System Center 2012 Configuration Manager format.

For validating replicating content for new packages created in System Center 2012
Configuration Manager, Microsoft IT devised and tested the following content prestaging strategy for upcoming Configuration Manager Distribution Points:
1.
Export all critical package content from the existing System Center 2012
Configuration Manager hierarchy using the administrator console. Copy the
content through a Background Intelligent Transfer Service (BITS) job in
multiple phases (based on the network layout).
2.
Migrate and install the Configuration Manager Distribution Point. The
Configuration Manager 2007 Distribution Point or secondary site can be
migrated to the System Center 2012 Configuration Manager Distribution
Point using the Upgrade feature within the Configuration Manager
Console. However, a Configuration Manager 2007 server that needed to
be converted to a System Center 2012 Configuration Manager secondary
site had to be uninstalled in Configuration Manager 2007 and reinstalled
with the new role in System Center 2012 Configuration Manager.
3.
Enable the Distribution Point as Pre-Stage enabled, and then assign the
Distribution Point to a test boundary group.
4.
Extract content from the pre-staged location using the ExtractContent.exe
utility, which is one of the tools available with the new Configuration
Manager installation.
5.
After validating that all content is successfully pre-staged, remove the PreStage option and configure the boundaries on the Distribution Point.
Note: Microsoft IT wanted to keep some of the packages that were created in Configuration
Manager 2007 but also wanted new packages that were created in System Center 2012
Configuration Manager to be available on the new Configuration Manager Distribution Points
as soon as they were migrated. This meant Microsoft IT had to test and validate both
packages. However, this is not a required process. Customers can migrate all content from
their old Configuration Manager 2007 hierarchy directly to System Center 2012 Configuration
Manager without having to create new packages.
Validating the Client Migration
Client migration was tested in the following manner:
1.
Create a GPO and target an empty security group.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 10
2.
Add machines to that security group.
3.
Point the machines to the new site and upgrade it.
Note: For more information about Microsoft IT's client migration testing, see
http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx.
Validating Client Health
Once the machines applied the new GPO, Microsoft IT followed these steps to test the client
and confirm it was healthy.
1.
Ensure the client installed successfully without any prerequisite issues.
a.
Because the new Configuration Manager client requires Microsoft App-V
4.6 SP1, Microsoft IT had to either ensure that the client was upgraded
before installing the new client or use the
IGNOREAPPVVERSIONCHECK=TRUE option on the command line to
ignore the prerequisite check during the upgrade.
b.
Microsoft IT included multiple Management Points (MPs) on the command
line to ensure that the client would be able to successfully contact an MP
and that the connections would be load-balanced across the different MPs.
Including multiple MPs also ensured that the client could download client
bits successfully.
c.
Microsoft IT tested using the /forceinstall flag to ensure that the old client
was fully uninstalled and the new client installed.
2.
Ensure the client registered correctly with the new site. Microsoft IT tested this by
using a forced site code through the command line.
3.
Ensure that client agents were able to:
4.
a.
Request, receive, and apply policies correctly.
b.
Send heartbeats to the server, which processes them successfully.
c.
Execute hardware and software inventory cycles and confirm that the
server processes the hardware and software inventory data files
successfully.
Ensure that the client passes a client health evaluation scheduled task using
CCMEVAL.exe, and that it reports back to the site server that it completed
successfully. Microsoft IT used the CCMEVALSENDALWAYS=TRUE command line
option to ensure that the data was received every day for each client.
Validating Mobile Device Deployment
Microsoft IT tested the Exchange Server Connector in the following ways:
1.
Test the Exchange Server Connector account's ability to access Exchange Server.
2.
Configure the Exchange Server Connector in Configuration Manager and confirm
that devices are discovered through Full sync and Delta sync.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 11
3.
Confirm that the mobile device data collected through Exchange Server Connector
synchronization is valid.
4.
Run the mobile device management reports that list the inventory of various types of
discovered devices.
After validating that all features were functioning properly, Microsoft IT obtained approval
from stakeholders to move the Configuration Manager implementation from the test
environment into production.
Deploy Phase
In this phase, Microsoft IT finalized the worldwide rollout of the new Configuration Manager
infrastructure that includes five primary sites and approximately 280,000 systems. Due to the
scale of the rollout, Microsoft IT chose to migrate in batches in order to minimize impact to
the corporate network.
Microsoft IT stepped through the following sequence to deploy the new Configuration
Manager environment:
1.
2.
Set up the base infrastructure.
a.
Establish a Central Administration Site Server for the entire architecture at
Redmond, which will serve as the administration and reporting site for the
new Configuration Manager hierarchy.
b.
Create primary site and SQL Server installation on a remote server, which
will cater to Redmond-based clients. Install and configure all required roles,
including Management Point, Distribution Point, Software Update Point,
Fallback Status Point, and Application Catalog.
Migrate content.
a.
In the Configuration Console under the Migration node, create an
association with the existing Configuration Manager 2007 environment.
b.
Migrate objects (packages, collections, deployments) from the existing
Configuration Manager 2007 environment to the new environment using
the same process described in Validating the Content Migration in the
previous Test phase.
3.
Populate the Application Catalog with appropriate applications based on the new
application model, and direct users to this self-service application management
portal.
4.
Migrate clients.
a.
Migrate a set of approximately 1,000 Redmond clients to the first Redmond
primary site using the same process described in Validating the Client
Migration in the previous Test phase.
b.
Monitor the clients and confirm that they can obtain bits from their
distribution points and can communicate with multiple management points
before migrating another batch of clients.
c.
Repeat this process until the Redmond primary site contains approximately
65,000 clients (or roughly half the total number of clients at Redmond), and
then migrate the remaining Redmond clients to the second Redmond site.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 12
5.
Expand the rollout worldwide to the company's other regions, following the phased
approach as described in steps 2–4 above.
6.
Use the Configuration Manager built-in wizard for Exchange Server Connector to
connect to Exchange Server for mobile device discovery.
Note: Discovery is configured at a primary site level. Using global data replication,
discovery data becomes available across all sites in the hierarchy.
Results
The results from deploying the new System Center 2012 Configuration Manager–based
client environment are as follows:

Microsoft IT successfully deployed the new solution across the client environment.
As of April 2012, more than 280,000 systems in eight domains across the globe are
making use of Configuration Manager.

More than 150,000 clients were migrated to the new Configuration Manager
environment within the first 100 days.

Consolidation of servers



Reduced Configuration Manager architecture to six physical servers—the
CAS server plus five SQL Server computers (one for each of the five primary
sites), representing a continuation of Microsoft IT's previous global
virtualization initiatives.

Removed the limited services site (six servers) that offered patch-only
service.

Reduced secondary sites from 38 to 13.

Phased out the Configuration Manager 2007 network load balancing
solutions for management points by using the Configuration Manager
MPLIST feature.
Client health monitoring

Confirmed that the client health evaluation scheduled task was installed as
part of the Configuration Manager client, and is scheduled to run at the
appropriate time each morning. This allows for detailed reporting of current
client health issues within Microsoft IT's environment.

Decreased dependence on scripted custom solutions that had been used to
manage client health.
User centric application delivery

With users accessing the new Application Catalog, Microsoft IT has begun
phasing out the legacy homegrown application management solution.

Microsoft IT has been able remove the custom scripting requirement for
approximately 70 percent of all application deployments. In the remaining
deployments, Microsoft IT is able to use the application model to prepare an
application for deployment in an average of 3 to 4 days—an activity that used
to require 7 to 10 days using Configuration Manager 2007 with custom-built
application packages.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 13

Mobile device management

Approximately 125,000 mobile devices were identified during the initial full
discovery.

Exchange Server connector automatically performs data collection in the
background. Administrators can easily run reports (including the custom
report that Microsoft built for identifying mobile devices) to review mobile
device information.
Best Practices
When working with System Center 2012 Configuration Manager to implement a new client
management environment, Microsoft IT developed and implemented these best practices:

Don't automatically base your new deployment on your existing topology.
Take the time to review your Configuration Manager infrastructure. Optimal
implementation and configuration of your new topology is derived from a detailed
review of your environment's needs. Make sure to inspect your primary sites,
distribution of systems, numbers and locations of client systems, and the network
paths that clients should use to access Configuration Manager servers.

Take time to review roles in RBA. You want to use roles that align to users’
responsibilities, so consider the set of responsibilities that each individual has. RBA
provides a great level of granularity and permissions control, but if you have
personnel working in multiple roles (such as test and production), consider changing
their responsibilities so that no individual can deploy to both test and production.

Use SQL Server database backup to manage your backup data and reduce
backup storage costs. System Center 2012 Configuration Manager stores data in
the site database and replicates it across sites. By using SQL Server compressed
data files for backup, Microsoft IT reduces backup storage costs when compared to
using the Configuration Manager 2007 Backup task.

Carefully review types and numbers of objects, data, and data replication
topology. This is especially critical for large-scale, geographically distributed
enterprises. Examine how you manage SQL Server data replication and object
management, and how you plan to migrate users and user objects without having
systems re-replicate all their data to the Configuration Manager database.

Consider separating mobile devices from other systems to prevent bloating
machine counts. Microsoft IT uses an “EAS_DeviceID” filter to remove mobile
devices from the department’s deployment collections and compliance reports.

Apply an appropriate mobile device synchronization threshold. Determine and
apply an appropriate mobile device synchronization threshold in your Exchange
Server Connector settings to reduce the volume of devices being synchronized at
any given time. Microsoft IT set its threshold to 90 days.

Use client health reporting to assist you in attacking issues that are most
prevalent. Client health evaluations can resolve many issues right away, but you
should also use the built-in reporting capabilities to gain insight into what issues
exist in your environment.

During migration, ensure your new Configuration Manager clients are not
assigned to Configuration Manager 2007. Microsoft IT uses GPOs and security
groups to manage this process and to deploy in phased migrations.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 14

Be familiar with the new SQL Server–based replication and use Replication
Link Analyzer for troubleshooting. There are significant replication differences
between Configuration Manager 2007 and System Center 2012 Configuration
Manager, so make sure you differentiate between site data and global data, and
know how this information is used for different Configuration Manager features.
Benefits
Microsoft IT’s implementation of System Center 2012 Configuration Manager derived a
number of benefits:

Empowered end users. Microsoft IT uses the Configuration Manager Application
Catalog (the catalog website) and Software Center (the local utility) to offer users an
unprecedented level of control over how and when their software installations occur.

Cost savings. Microsoft IT estimates the new client environment will save the
company U.S.$200,000 in infrastructure savings from reduced server, support and
backup costs over the next two years. As described in the Microsoft IT Showcase
paper at http://technet.microsoft.com/en-us/library/hh925141.aspx, Microsoft IT
anticipates an additional estimated savings of U.S.$300,000 in custom tool
development and update costs from the new user-centric client management
implementation.

Automatic client health monitoring and reporting. Configuration Manager Health
Evaluation not only monitors client health, but the client can also proactively repair
an unhealthy system. Microsoft IT can define the client reporting frequency and
configure alerts to trigger when certain client health thresholds are reached. The inconsole reporting enables Microsoft IT to respond to any identified client health
issue.

Insight into mobile device usage. By implementing Exchange Server Connector,
Microsoft IT has gained insight into the types and numbers of mobile devices
connecting to the corporate network.

More efficient client installations. Client installations are performed through
software distribution instead of having to route back to the Management Point to
obtain client bits. And because client upgrade content is automatically distributed to
every Distribution Point in the hierarchy, content can be accessed more quickly and
with minimal network lag.

Improved system efficiency due to redesigned architecture. The new client
management infrastructure consolidates servers and improves client access to sites
throughout the company's global domains.

Simplified backup and recovery. Microsoft IT can more easily perform backup
and recovery now that all Configuration Manager bits are stored in SQL Server
databases.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 15
Conclusion
System Center 2012 Configuration Manager is the cornerstone of Microsoft IT's improved set
of client management services that cater to today's consumerized, user-centric IT landscape.
This new client environment gives employees an unprecedented level of control over their
managed systems. For example, by making use of Configuration Manager Application
Catalog and Software Center, employees can set a variety of system management preferences,
including how and when mandatory software changes occur.
Additionally, built-in Health Evaluation actively monitors and reports on client health, and can even
remediate when a health issue is identified. Other Configuration Manager features are
enhancing Microsoft IT's ability to monitor, report on, and manage 280,000 systems—and for
the first time, report on more than 125,000 mobile devices.
By taking the opportunity to perform a detailed, bottom-up review of its older Configuration
Manager 2007–based infrastructure, Microsoft IT built a more efficient solution based on
System Center 2012 Configuration Manager that consolidates servers and improves client
access to sites throughout the company's global domains. Now that Microsoft IT has fully
rolled out the new client management environment, the department has begun phasing out
the old Configuration Manager 2007–based solution. Microsoft IT anticipates saving
approximately $500,000 in the next two years due to a consolidation of servers and reduced
costs for support, backup, custom tool development, and updates.
For More Information
For more information about Microsoft products and services, call the Microsoft Sales
Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre
at (800) 933-4750. Outside the 50 United States and Canada, please contact your local
Microsoft subsidiary. To access information via the World Wide Web, go to:
http://www.microsoft.com/
http://www.microsoft.com/technet/itshowcase/
http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager2012.aspx
http://blogs.technet.com/b/system_center_in_action/
© 2012 Microsoft Corporation. All rights reserved.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, ActiveSync, Forefront, Windows, and Windows
Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries. All other trademarks are property of their respective owners.
How Microsoft IT Deployed System Center 2012 Configuration Manager
Page 16