Situation The business of Microsoft IT is changing. Challenged by the growing number of computers and mobile devices connecting to the corporate network, requests for more end-user control over employees' managed systems, and the need to consolidate infrastructure, Microsoft IT needed to rethink client management services. Solution Using Microsoft System Center 2012 Configuration Manager, Microsoft IT designed a new client environment that provides user-centric services, reports on mobile devices, integrates health monitoring, and streamlines the client management infrastructure. Benefits Cost savings: Microsoft IT anticipates saving approximately U.S.$500,000 in the next two years due to a consolidation of servers and reduced costs for support, backup, custom tool development, and updates. Empowered end users: Microsoft IT uses the Configuration Manager Application Catalog (the catalog website) and Software Center (the local utility) to offer users an unprecedented level of control over how and when their software installations occur. Automatic client health monitoring: Using the Configuration Manager Health Evaluation feature, Microsoft IT has a robust reporting environment that not only enables them to monitor client health but also allows the client to proactively repair itself when it is not healthy. Improved system efficiency: The redesigned client management environment has consolidated the number of physical servers while ensuring that client systems always take the shortest path to the closest server. Products and Technologies Microsoft System Center 2012 Configuration Manager Microsoft SQL Server 2008 R2 How Microsoft IT Deployed System Center 2012 Configuration Manager Published: April 2012 The following content may no longer reflect Microsoft’s current position or infrastructure. This content should be viewed as reference documentation only, to inform IT business decisions within your own company or organization. Read about the approach that Microsoft IT took to implement Microsoft System Center 2012 Configuration Manager in its client management environment. This paper discusses how the consumerization of IT led Microsoft IT to rethink its client management services, the implementation of a new client management infrastructure, lessons learned from the deployment, and the benefits that Microsoft IT obtained by deploying Configuration Manager to more than 280,000 systems across the globe. Situation The consumerization of IT is affecting how the Microsoft Information Technology department (Microsoft IT) thinks about client management. As the group responsible for maintaining the Microsoft corporate network and infrastructure, Microsoft IT is tasked with managing the more than 280,000 computers and reporting on the 125,000 mobile devices that connect to the network. Microsoft IT needed to enhance its client management environment in order to better support the ever-increasing numbers of systems connecting to the network, and to accommodate employees' requests for more control over their managed systems. Microsoft IT had been using Microsoft System Center Configuration Manager 2007 to ensure that managed systems comply with corporate policies and required configuration states. As the numbers of connected systems increased throughout the company's regional domains, Microsoft IT added servers on an as-needed basis to support the additional load. Microsoft IT would also perform in-place updates as Configuration Manager 2007 evolved. However, each update utilized the same underlying architectural model. Microsoft IT wanted to redesign its infrastructure to reduce the number of physical servers and secondary sites, and improve performance by reallocating resources according to client load. With so many systems in the environment, maintaining the health of the Configuration Manager 2007 clients became a daunting task. Microsoft IT depended on custom scripts to monitor and remediate certain aspects of a client in order to keep it healthy. Not only did the scripts require continual maintenance due to code revisions and updates to support the functions, but they also lengthened users' system logon times. Finally, Microsoft IT needed to evolve its application distribution services to meet the selfservice needs of Microsoft personnel. In the company's Configuration Manager 2007–based environment, Microsoft IT used a custom packaging tool to deploy applications through Configuration Manager 2007. Turnaround time for a complex package could require 7 to 10 days and the input of several IT personnel. Microsoft IT also had to maintain a separate Configuration Manager 2007 site to ensure that production setup was completely isolated from testing efforts. Solution As the company’s first and best customer, Microsoft IT regularly adopts early releases of Microsoft technologies, tests them in a real-world environment, and provides critical feedback to improve products before they are generally available to the public. When the System Center product team began developing the next generation of Configuration Manager, Microsoft IT worked closely with the team to meet IT goals and to help ensure that System Center 2012 Configuration Manager could provide an end-to-end IT management experience. Implementation The following sections describe the process that Microsoft IT undertook to implement System Center 2012 Configuration Manager throughout the company’s client environment. The overall approach that Microsoft IT used for this large-scale process was based on the Microsoft Operations Framework, which provides guidelines for everyday IT practices and activities. As shown in Figure 1, Microsoft IT divided the System Center 2012 Configuration Manager implementation process into four main phases: Envision, Plan, Test, and Deploy. Each of these phases is described in more detail below. Envision Plan Test Deploy Figure 1. The four implementation phases that Microsoft IT followed to implement System Center 2012 Configuration Manager Envision Phase In this first phase, Microsoft IT scoped the project and clarified its vision for implementing System Center 2012 Configuration Manager. Microsoft IT had three primary objectives that it wanted to achieve by upgrading the system management environment to System Center 2012 Configuration Manager: Embrace user-centric management. System Center 2012 Configuration Manager brings a variety of user-centric initiatives that Microsoft IT wanted to offer employees. Note: A Microsoft IT Showcase paper that discusses Microsoft IT's adoption of usercentric client management is available at http://technet.microsoft.com/enus/library/hh925141.aspx. Consolidate and minimize infrastructure. By adopting System Center 2012 Configuration Manager, Microsoft IT could consolidate its Configuration Manager 2007based infrastructure and reduce overall complexity. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 2 Improve product quality. Microsoft IT wanted to validate its enterprise-scale deployment and ensure that the release version of System Center 2012 Configuration Manager was based on real-life results. Current IT Infrastructure at Microsoft To illustrate Microsoft IT's approach toward adopting System Center 2012 Configuration Manager, this section provides a high-level summary of some of the key aspects of the company's IT infrastructure. Readers can compare the numbers of users, machines, distribution of systems, and network connections to their own infrastructure as a starting point when determining the scope and scale of their own System Center 2012 Configuration Manager deployment. As shown in Figure 2, the Microsoft infrastructure (at the time of publishing this paper) includes approximately 180,000 users and 280,000 computers in multiple regions around the world. Microsoft focuses on a centralized administration model for most managed systems, so all deployment and reporting are performed from a central site. The largest site at Redmond contains approximately 120,000 systems. Other large regional sites hold approximately 15,000 clients each, and the smallest site contains fewer than 50 clients. Network performance varies by link. The fastest connections support 2.5 gigabytes per second, whereas the slowest link supports 2 megabytes per second. Figure 2. Microsoft IT infrastructure as of April 2012 Determining Which Configuration Manager Features to Use Another task in the Envision phase was to review the complete set of Configuration Manager 2007 features and the additional new features available in System Center 2012 Configuration Manager. The key existing desktop management features that Microsoft IT had been using and planned to continue with the new System Center 2012 Configuration Manager–based environment included: Hardware and software asset reporting Software deployment and update management How Microsoft IT Deployed System Center 2012 Configuration Manager Page 3 Operating system deployment Microsoft Application virtualization (App-V) deployment Malware protection Power management Microsoft IT also determined they would implement the following Configuration Manager features – some of which were new in System Center 2012 Configuration Manager, some were expanded feature sets, and others were existing features that Microsoft IT wanted to implement as part of the new deployment: Mobile device management User-centric management Auto deployment rules for updates Alerts and reporting Role-based administration (RBA) Settings management Note: For more information about the features available in System Center 2012 Configuration Manager, see http://technet.microsoft.com/en-us/library/gg699359.aspx. Envisioning was straightforward for most of the new features. Microsoft IT's user-centric management strategy is described in detail in the Microsoft IT Showcase paper at http://technet.microsoft.com/en-us/library/hh925141.aspx. Microsoft IT's mobile device management and endpoint protection implementation strategies are discussed below. Defining a Mobile Device Management Implementation Strategy In the Configuration Manager 2007-based environment, Microsoft IT did not report on mobile devices using Configuration Manager. However, in System Center 2012 Configuration Manager, the new mobile device management feature called Exchange Server connector gives Microsoft IT the ability to report on mobile devices such as Windows Phones, Androidbased devices, and iPhones that connect to Microsoft Exchange Server by using Exchange ActiveSync technology. Microsoft IT wanted to implement the new Configuration Manager–based mobile device management strategy in order to identify the different mobile devices that connect to the corporate network. Using Configuration Manager, Microsoft IT could determine the type of each connected device and its owner. Note: For more information about Microsoft IT's Exchange Server Connector implementation, see http://blogs.technet.com/b/system_center_in_action/archive/2011/09/02/configurationmanager-2012-exchange-connector-implementation-in-microsoft-it.aspx. Defining an Endpoint Protection Implementation Strategy Microsoft IT wanted to replace Microsoft Forefront Endpoint Protection with the new System Center 2012 Endpoint Protection solution that is integrated in System Center 2012 Configuration Manager. Because of this integration, Microsoft IT did not need to define a separate implementation strategy for the Configuration Manager servers. All that was How Microsoft IT Deployed System Center 2012 Configuration Manager Page 4 required was some configuration on the servers to begin deployment of the client component to targeted machines in the hierarchy. For the client strategy, the Endpoint Protection bits are automatically copied during the Configuration Manager client installation. The Endpoint Protection client then installs after the Configuration Manager client receives policies for installation. Plan Phase In the Plan phase, Microsoft IT determined the functional requirements for its System Center 2012 Configuration Manager system architecture and developed server and client migration plans. Architectural Review and Redesign Recognizing that System Center 2012 Configuration Manager cannot be installed as an upgrade on top of Configuration Manager 2007, Microsoft IT decided to take the time to carefully review its existing Configuration Manager 2007 infrastructure. A high-level view of Microsoft IT's Configuration Manager 2007–based infrastructure is shown in Figure 3. Figure 3. Microsoft IT's old Configuration Manager 2007–based infrastructure Microsoft IT took a bottom-up approach to its new architectural plan. Microsoft IT performed a detailed analysis of its worldwide Configuration Manager infrastructure and network loads to identify places where it could improve efficiency, consolidate hardware, and reduce complexity. Some of the key factors reviewed included: Size of site (in terms of number of clients) Speed of networks connecting a location to the nearest regional office or data center Numbers of servers at each site (both physical and virtual) Mapping of Active Directory sites to Configuration Manager boundaries Microsoft IT collated all this data into a single data set. After reviewing the information, several sites were identified as having an imbalance in the number of servers to clients. In How Microsoft IT Deployed System Center 2012 Configuration Manager Page 5 some places, the number of clients did not merit a stand-alone server; other locations had no server, but the number of clients merited one. Microsoft IT used the results of its architectural review to design a new topology that best uses System Center 2012 Configuration Manager features and optimizes network bandwidth across the globe. This new infrastructure is illustrated in Figure 4. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 6 Figure 4. Microsoft IT's new infrastructure based on System Center 2012 Configuration Manager The most significant changes between the old and new architectures include: Co-location of the Central Administration Site (CAS) SQL Server and CAS provider on a single server, replacing the two separate servers in Configuration Manager 2007 Removal of the stand-alone Limited Services (Patching) site, with the help of RBA and collection-level client settings Splitting the large Redmond site into two smaller sites to bring the primary site into compliance with the supported number of clients Reduction of secondary sites because many locations that had secondary sites in Configuration Manager 2007 for throttling bandwidth can be replaced with Configuration Manager distribution points (DPs), which have the ability to throttle bandwidth Aligning of secondary sites with the network layout Replacing the network load balancing solutions for management points (MPs) used in Configuration Manager 2007 with the System Center 2012 Configuration Manager MPLIST feature Table 1 summarizes the hardware that Microsoft IT implemented in its new client environment. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 7 Table 1. Hardware specifications for the new client environment Configuration Manager Roles CAS Server Memory Processor Count HP ProLiant 64 GB 2 sockets Intel Xeon 12 cores CPU L5640 24 threads (Hyperthreading) @ 2.26 GHz SE326M1 Primary Site Server Processor Type Server Model Virtual Machine 12 GB 4 cores Intel Xeon 4 threads CPU UE7450 @ 2.40 GHz Management Point Virtual Machine 6 GB 4 cores Intel Xeon 4 threads CPU UE7450 @ 2.40 GHz Software Update Point Virtual Machine 6 GB 4 cores Intel Xeon 4 threads CPU UE7450 @ 2.40 GHz Distribution Point Virtual Machine 4 GB 2 cores Intel Xeon 2 threads CPU UE7450 @ 2.40 GHz SQL Server >50,000 Clients SQL Server <50,000 Clients HP ProLiant 64 GB DL 580 G5 HP ProLiant SE326M1 48 GB 4 sockets Intel Xeon 16 cores CPU E7330 16 threads @ 2.40 GHz 2 sockets Intel Xeon 8 cores CPU L5520 16 threads (Hyperthreading) @ 2.26 GHz Note: For more information about Microsoft IT's use of hardware in the new Configuration Manager deployment, see the blog at http://blogs.msdn.com/b/shitanshu/archive/2012/04/10/configuration-manager-2012hardware-configuration-used-in-microsoft-it.aspx. Server and Client Migration Planning Once Microsoft IT formalized its new architecture plan, the next milestone was to properly plan for the phased migration of servers and clients from the legacy Configuration Manager 2007 environment to the new environment. The top priority was to deploy in a manner that would minimize content replication while allowing for uninterrupted service during system migration. Microsoft IT's approach to migration was to focus initially on the Redmond domain and migrate small groups of clients. Group Policy Objects (GPOs) in Active Directory were the mechanism used to define the specific group flagged for migration, and exclusion filters were used to prevent potential conflicts between the existing Configuration Manager 2007 environment and the new System Center 2012 Configuration Manager environment. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 8 Note: For more information about Microsoft IT's Configuration Manager client migration, see http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx. Microsoft IT designed some custom reports to monitor the prerelease server environment and Configuration Manager data replication processes. Note: Microsoft now offers a System Center Monitoring Pack for System Center 2012 Configuration Manager. For more information, see http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=29267. Microsoft IT also developed pre-upgrade and post-upgrade checklists to help track the migration progress and confirm that all critical processes were running as expected. In terms of the mobile device implementation strategy, Microsoft IT wanted to implement Exchange Server Connector with the appropriate rights to allow device information to be discovered from Exchange Server computers across the corporate domains. Because most mobile devices at Microsoft are owned by individuals, Microsoft IT limited the Exchange Server Connector account to read-only access, which provides the desired inventory reporting information. Test Phase During the Test phase, Microsoft IT built a virtual lab environment to validate the System Center 2012 Configuration Manager implementation plan. Building the Virtual Lab Environment Microsoft IT configured a virtual lab environment for its proof-of-concept (POC) hierarchy. The POC mirrored the existing Configuration Manager 2007 architecture, differing only in its smaller scale. The components of the lab are displayed in Figure 5: Figure 5. Virtual lab How Microsoft IT Deployed System Center 2012 Configuration Manager Page 9 In order for the virtual lab to accurately test the mobile implementation strategy, Microsoft IT created two new connectors for Exchange Server Connector: one for the on-premises Exchange Server Connector, and another for the cloud-based Exchange Server Connector. Validating the Content Migration To minimize client management downtime during Distribution Point and Secondary Site migration, Microsoft IT tested two content migration strategies: For validating migrating content from Configuration Manager 2007 to System Center 2012 Configuration Manager, Microsoft IT tested the System Center 2012 Configuration Manager migration feature to confirm it would move content successfully and convert packages from the Configuration Manager 2007 format to the System Center 2012 Configuration Manager format. For validating replicating content for new packages created in System Center 2012 Configuration Manager, Microsoft IT devised and tested the following content prestaging strategy for upcoming Configuration Manager Distribution Points: 1. Export all critical package content from the existing System Center 2012 Configuration Manager hierarchy using the administrator console. Copy the content through a Background Intelligent Transfer Service (BITS) job in multiple phases (based on the network layout). 2. Migrate and install the Configuration Manager Distribution Point. The Configuration Manager 2007 Distribution Point or secondary site can be migrated to the System Center 2012 Configuration Manager Distribution Point using the Upgrade feature within the Configuration Manager Console. However, a Configuration Manager 2007 server that needed to be converted to a System Center 2012 Configuration Manager secondary site had to be uninstalled in Configuration Manager 2007 and reinstalled with the new role in System Center 2012 Configuration Manager. 3. Enable the Distribution Point as Pre-Stage enabled, and then assign the Distribution Point to a test boundary group. 4. Extract content from the pre-staged location using the ExtractContent.exe utility, which is one of the tools available with the new Configuration Manager installation. 5. After validating that all content is successfully pre-staged, remove the PreStage option and configure the boundaries on the Distribution Point. Note: Microsoft IT wanted to keep some of the packages that were created in Configuration Manager 2007 but also wanted new packages that were created in System Center 2012 Configuration Manager to be available on the new Configuration Manager Distribution Points as soon as they were migrated. This meant Microsoft IT had to test and validate both packages. However, this is not a required process. Customers can migrate all content from their old Configuration Manager 2007 hierarchy directly to System Center 2012 Configuration Manager without having to create new packages. Validating the Client Migration Client migration was tested in the following manner: 1. Create a GPO and target an empty security group. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 10 2. Add machines to that security group. 3. Point the machines to the new site and upgrade it. Note: For more information about Microsoft IT's client migration testing, see http://blogs.technet.com/b/system_center_in_action/archive/2012/01/14/client-migrationblog.aspx. Validating Client Health Once the machines applied the new GPO, Microsoft IT followed these steps to test the client and confirm it was healthy. 1. Ensure the client installed successfully without any prerequisite issues. a. Because the new Configuration Manager client requires Microsoft App-V 4.6 SP1, Microsoft IT had to either ensure that the client was upgraded before installing the new client or use the IGNOREAPPVVERSIONCHECK=TRUE option on the command line to ignore the prerequisite check during the upgrade. b. Microsoft IT included multiple Management Points (MPs) on the command line to ensure that the client would be able to successfully contact an MP and that the connections would be load-balanced across the different MPs. Including multiple MPs also ensured that the client could download client bits successfully. c. Microsoft IT tested using the /forceinstall flag to ensure that the old client was fully uninstalled and the new client installed. 2. Ensure the client registered correctly with the new site. Microsoft IT tested this by using a forced site code through the command line. 3. Ensure that client agents were able to: 4. a. Request, receive, and apply policies correctly. b. Send heartbeats to the server, which processes them successfully. c. Execute hardware and software inventory cycles and confirm that the server processes the hardware and software inventory data files successfully. Ensure that the client passes a client health evaluation scheduled task using CCMEVAL.exe, and that it reports back to the site server that it completed successfully. Microsoft IT used the CCMEVALSENDALWAYS=TRUE command line option to ensure that the data was received every day for each client. Validating Mobile Device Deployment Microsoft IT tested the Exchange Server Connector in the following ways: 1. Test the Exchange Server Connector account's ability to access Exchange Server. 2. Configure the Exchange Server Connector in Configuration Manager and confirm that devices are discovered through Full sync and Delta sync. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 11 3. Confirm that the mobile device data collected through Exchange Server Connector synchronization is valid. 4. Run the mobile device management reports that list the inventory of various types of discovered devices. After validating that all features were functioning properly, Microsoft IT obtained approval from stakeholders to move the Configuration Manager implementation from the test environment into production. Deploy Phase In this phase, Microsoft IT finalized the worldwide rollout of the new Configuration Manager infrastructure that includes five primary sites and approximately 280,000 systems. Due to the scale of the rollout, Microsoft IT chose to migrate in batches in order to minimize impact to the corporate network. Microsoft IT stepped through the following sequence to deploy the new Configuration Manager environment: 1. 2. Set up the base infrastructure. a. Establish a Central Administration Site Server for the entire architecture at Redmond, which will serve as the administration and reporting site for the new Configuration Manager hierarchy. b. Create primary site and SQL Server installation on a remote server, which will cater to Redmond-based clients. Install and configure all required roles, including Management Point, Distribution Point, Software Update Point, Fallback Status Point, and Application Catalog. Migrate content. a. In the Configuration Console under the Migration node, create an association with the existing Configuration Manager 2007 environment. b. Migrate objects (packages, collections, deployments) from the existing Configuration Manager 2007 environment to the new environment using the same process described in Validating the Content Migration in the previous Test phase. 3. Populate the Application Catalog with appropriate applications based on the new application model, and direct users to this self-service application management portal. 4. Migrate clients. a. Migrate a set of approximately 1,000 Redmond clients to the first Redmond primary site using the same process described in Validating the Client Migration in the previous Test phase. b. Monitor the clients and confirm that they can obtain bits from their distribution points and can communicate with multiple management points before migrating another batch of clients. c. Repeat this process until the Redmond primary site contains approximately 65,000 clients (or roughly half the total number of clients at Redmond), and then migrate the remaining Redmond clients to the second Redmond site. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 12 5. Expand the rollout worldwide to the company's other regions, following the phased approach as described in steps 2–4 above. 6. Use the Configuration Manager built-in wizard for Exchange Server Connector to connect to Exchange Server for mobile device discovery. Note: Discovery is configured at a primary site level. Using global data replication, discovery data becomes available across all sites in the hierarchy. Results The results from deploying the new System Center 2012 Configuration Manager–based client environment are as follows: Microsoft IT successfully deployed the new solution across the client environment. As of April 2012, more than 280,000 systems in eight domains across the globe are making use of Configuration Manager. More than 150,000 clients were migrated to the new Configuration Manager environment within the first 100 days. Consolidation of servers Reduced Configuration Manager architecture to six physical servers—the CAS server plus five SQL Server computers (one for each of the five primary sites), representing a continuation of Microsoft IT's previous global virtualization initiatives. Removed the limited services site (six servers) that offered patch-only service. Reduced secondary sites from 38 to 13. Phased out the Configuration Manager 2007 network load balancing solutions for management points by using the Configuration Manager MPLIST feature. Client health monitoring Confirmed that the client health evaluation scheduled task was installed as part of the Configuration Manager client, and is scheduled to run at the appropriate time each morning. This allows for detailed reporting of current client health issues within Microsoft IT's environment. Decreased dependence on scripted custom solutions that had been used to manage client health. User centric application delivery With users accessing the new Application Catalog, Microsoft IT has begun phasing out the legacy homegrown application management solution. Microsoft IT has been able remove the custom scripting requirement for approximately 70 percent of all application deployments. In the remaining deployments, Microsoft IT is able to use the application model to prepare an application for deployment in an average of 3 to 4 days—an activity that used to require 7 to 10 days using Configuration Manager 2007 with custom-built application packages. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 13 Mobile device management Approximately 125,000 mobile devices were identified during the initial full discovery. Exchange Server connector automatically performs data collection in the background. Administrators can easily run reports (including the custom report that Microsoft built for identifying mobile devices) to review mobile device information. Best Practices When working with System Center 2012 Configuration Manager to implement a new client management environment, Microsoft IT developed and implemented these best practices: Don't automatically base your new deployment on your existing topology. Take the time to review your Configuration Manager infrastructure. Optimal implementation and configuration of your new topology is derived from a detailed review of your environment's needs. Make sure to inspect your primary sites, distribution of systems, numbers and locations of client systems, and the network paths that clients should use to access Configuration Manager servers. Take time to review roles in RBA. You want to use roles that align to users’ responsibilities, so consider the set of responsibilities that each individual has. RBA provides a great level of granularity and permissions control, but if you have personnel working in multiple roles (such as test and production), consider changing their responsibilities so that no individual can deploy to both test and production. Use SQL Server database backup to manage your backup data and reduce backup storage costs. System Center 2012 Configuration Manager stores data in the site database and replicates it across sites. By using SQL Server compressed data files for backup, Microsoft IT reduces backup storage costs when compared to using the Configuration Manager 2007 Backup task. Carefully review types and numbers of objects, data, and data replication topology. This is especially critical for large-scale, geographically distributed enterprises. Examine how you manage SQL Server data replication and object management, and how you plan to migrate users and user objects without having systems re-replicate all their data to the Configuration Manager database. Consider separating mobile devices from other systems to prevent bloating machine counts. Microsoft IT uses an “EAS_DeviceID” filter to remove mobile devices from the department’s deployment collections and compliance reports. Apply an appropriate mobile device synchronization threshold. Determine and apply an appropriate mobile device synchronization threshold in your Exchange Server Connector settings to reduce the volume of devices being synchronized at any given time. Microsoft IT set its threshold to 90 days. Use client health reporting to assist you in attacking issues that are most prevalent. Client health evaluations can resolve many issues right away, but you should also use the built-in reporting capabilities to gain insight into what issues exist in your environment. During migration, ensure your new Configuration Manager clients are not assigned to Configuration Manager 2007. Microsoft IT uses GPOs and security groups to manage this process and to deploy in phased migrations. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 14 Be familiar with the new SQL Server–based replication and use Replication Link Analyzer for troubleshooting. There are significant replication differences between Configuration Manager 2007 and System Center 2012 Configuration Manager, so make sure you differentiate between site data and global data, and know how this information is used for different Configuration Manager features. Benefits Microsoft IT’s implementation of System Center 2012 Configuration Manager derived a number of benefits: Empowered end users. Microsoft IT uses the Configuration Manager Application Catalog (the catalog website) and Software Center (the local utility) to offer users an unprecedented level of control over how and when their software installations occur. Cost savings. Microsoft IT estimates the new client environment will save the company U.S.$200,000 in infrastructure savings from reduced server, support and backup costs over the next two years. As described in the Microsoft IT Showcase paper at http://technet.microsoft.com/en-us/library/hh925141.aspx, Microsoft IT anticipates an additional estimated savings of U.S.$300,000 in custom tool development and update costs from the new user-centric client management implementation. Automatic client health monitoring and reporting. Configuration Manager Health Evaluation not only monitors client health, but the client can also proactively repair an unhealthy system. Microsoft IT can define the client reporting frequency and configure alerts to trigger when certain client health thresholds are reached. The inconsole reporting enables Microsoft IT to respond to any identified client health issue. Insight into mobile device usage. By implementing Exchange Server Connector, Microsoft IT has gained insight into the types and numbers of mobile devices connecting to the corporate network. More efficient client installations. Client installations are performed through software distribution instead of having to route back to the Management Point to obtain client bits. And because client upgrade content is automatically distributed to every Distribution Point in the hierarchy, content can be accessed more quickly and with minimal network lag. Improved system efficiency due to redesigned architecture. The new client management infrastructure consolidates servers and improves client access to sites throughout the company's global domains. Simplified backup and recovery. Microsoft IT can more easily perform backup and recovery now that all Configuration Manager bits are stored in SQL Server databases. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 15 Conclusion System Center 2012 Configuration Manager is the cornerstone of Microsoft IT's improved set of client management services that cater to today's consumerized, user-centric IT landscape. This new client environment gives employees an unprecedented level of control over their managed systems. For example, by making use of Configuration Manager Application Catalog and Software Center, employees can set a variety of system management preferences, including how and when mandatory software changes occur. Additionally, built-in Health Evaluation actively monitors and reports on client health, and can even remediate when a health issue is identified. Other Configuration Manager features are enhancing Microsoft IT's ability to monitor, report on, and manage 280,000 systems—and for the first time, report on more than 125,000 mobile devices. By taking the opportunity to perform a detailed, bottom-up review of its older Configuration Manager 2007–based infrastructure, Microsoft IT built a more efficient solution based on System Center 2012 Configuration Manager that consolidates servers and improves client access to sites throughout the company's global domains. Now that Microsoft IT has fully rolled out the new client management environment, the department has begun phasing out the old Configuration Manager 2007–based solution. Microsoft IT anticipates saving approximately $500,000 in the next two years due to a consolidation of servers and reduced costs for support, backup, custom tool development, and updates. For More Information For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre at (800) 933-4750. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to: http://www.microsoft.com/ http://www.microsoft.com/technet/itshowcase/ http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager2012.aspx http://blogs.technet.com/b/system_center_in_action/ © 2012 Microsoft Corporation. All rights reserved. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, ActiveSync, Forefront, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. How Microsoft IT Deployed System Center 2012 Configuration Manager Page 16