Q&A: A power user’s view of SCCM 2012

Microsoft’s System Center suite is getting a major overhaul this year, and it’s now been released. Ronald Barrett, a technical architect at the Gotham Technology Group and Windows admin expert, is one of the early power users of the System Center Configuration Manager component. In this interview, he shares his experience in using SCCM 2012.

[ Take J. Peter Bruzzese’s tour of what’s new in System Center 2012. | Stay abreast of key Microsoft technologies in InfoWorld’s Technology: Microsoft newsletter. ]

Bruzzese: What have you found to be the most impressive aspects of Configuration Manager?

Barrett: First and foremost, the switch to user-centric management is huge. In an era when BYOD (bring your own device) has become the rule rather than the exception, IT needs to find a way to bring users the productivity they crave while maintaining control over the corporate data. Configuration Manager’s application delivery model makes that possible.

In addition, the new look of the management console makes navigating and management even easier. Microsoft has also added endpoint protection and the software update roles using WSUS (Windows Server Update Services) to centrally manage a system from OS deployment to the decommissioning of a system. SCCM 2012 is meant to handle everything that system needs in between. And in working with it over the last seven months, it all works very well.

Bruzzese: What issues have you run into while deploying SCCM 2012 in the field?

Barrett: In my first experience with Configuration Manager, I tried to overdeploy. I was designing a lab based on three geographical locations. In my head, I needed to design a hierarchy that included a CAS (central administration site) and three primary sites. My thinking was the CAS does not directly host clients and, because we have three locations, I would deploy a CAS and three primary sites and centrally manage everything. However a single primary site can manage up to 100,000 clients, so after setting up the entire lab and running into issues with the SQL database replication, I found that a single primary site design with the management and distribution point site roles placed in the remote locations was just fine. Don’t over deploy Configuration Manager. There are a few reasons to have a CAS and build out an entire hierarchy, but in most deign scenarios, a single primary site with multiple management and distribution Point roles will work fine.

Bruzzese: How does SCCM 2012 compare to earlier versions like SMS (Systems Management Server)?

Barrett: Earlier versions of SMS were really nothing more than a glorified scripting engine, basically a layer (and a sometimes difficult-to-understand layer) between the script and the machine. Also in the past, we targeted systems rather than users. Even when we attempted to target users, it was not simple. SCCM 2012 not only makes it easy, but the installs are state-based, which means SCCM 2012 has intelligence built in so that it will not reinstall a targeted application to a user over and over.

Bruzzese: Are there any features you believe are missing?

Barrett: I think that the operating system deployment capability is still a bit immature, considering that MDT (Microsoft Deployment Toolkit) 2010 was way more advanced, and MDT 2012 adds about 100 deployment options. It just seems weird that Microsoft did not incorporate those features into SCCM 2012 out of the box. But it’s not a complete loss, since you can integrate MDT 2012.

Bruzzese: What is the biggest change you have seen in application deployments?

Barrett: The new application management model provides a powerful and flexible way to deliver applications to users. Again, that user-centric mantra comes forward. But not only can you target users, but you can target how to deliver those applications: Direct installs, virtualized (via App-V or XenApp), or for the Windows Mobile and Nokia platforms. With user device affinity, you can decide how an application gets delivered and not have to worry about what device the users are working with — the application will get delivered.

Another big change is that App-V deployment types do not require an App-V Management Server. Sequence an app and distribute to a distribution point, and then deploy. You can even add the App-V client as a dependency, so there is no need to install it beforehand. So App-V application deployments have gotten simpler to manage.

Bruzzese: Explain the benefits of RBA (role-based administration) and security scopes.

Barrett: RBA makes it possible to hand over specific administrative functions without making everyone a full administrator. While this is not a new concept, SCCM 2012 has greatly improved upon it with the 14 built-in security roles.

The use of security scopes makes the management of security roles even more granular. An application author can be limited to administrating only the collection within his or her security scope. Likewise, you can limit OSD (Open Software Description) to workstation administrators also based on the collections; because they are limited by their security groups, there is no chance of pushing a Windows 7 install to a server.

Bruzzese: Typically, what other components of System Center do you like to use to work with SCCM?

Barrett: Configuration Manager has some hooks into Operations Manager that are useful for centralizing your application management. But really, the entire System Center Suite’s components can be used together. SCCM 2012 can be used to deploy VMs using Zero Touch Installation. Those VMs could be requested via System Center App Controller. A ticket can be created in Service Manager, and the VM could be provisioned and hosted in Virtual Machine Manager. Run books created in Orchestrator can be used to call Configuration Manager to deploy an OS to a server.

Bruzzese: To close out this interview, how would you sum up SCCM to InfoWorld’s readers?

Barrett: The ability to deliver an OS, apps, and services to a user anytime, anywhere is really what makes Configuration Manager awesome. The deep-linking and side-loading capabilities that were demoed at the Microsoft Management Summit 2012 conference last week will allow you to deliver apps to iOS and Android systems either through the app store or as a push, and that makes this a great tool to finally take control of the devices on your corporate network, whether they are owned by the organization or not.

This article, “Q&A: A power user’s view of SCCM 2012,” was originally published at InfoWorld.com. Read more of J. Peter Bruzzese’s Enterprise Windows blog and follow the latest developments in Windows at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.