A couple of weeks ago, I spent a day at Microsoft’s Best of MMS 2011 event in London – reacquainting myself with the latest developments in System Center. It was a pretty full day (and a pretty full venue – Microsoft’s London offices are far from ideal for this type of event, especially when the foyer is filled with partner booths) and there were plenty of demonstrations of product features and advantages (although, in true software vendor style, not too much focus on business benefits).

This post brings together my notes from the event, picking up the highlights from the keynote, supplemented with a few more from the individual product sessions:

• Consumerisation is not just about devices but also management and security.
• System Center Configuration Manager (SCCM) 2012 is about empowering users – no longer device centric but user centric – application delivery is context sensitive to the device that the user is using at that time. SCCM 2012 includes mobile device management: managing settings and policies for any device that can use Exchange ActiveSync
• Forefront Endpoint Protection (FEP) is now using SCCM – so it’s no longer necessary to have separate infrastructures for management and security – also FEP is now part of the core CAL (as is the Lync standard CAL). New 2012 release of FEP will run on SCCM 2012 (currently it runs on SCCM 2007 R2/3).
• Windows Intune is a cloud-based solution for light management/unmanaged PCs (no on premise infrastructure required). It includes software assurance for Windows Enterprise (so users can stay on the latest Windows release).
• There are various marketing pitches about the cloud – but it’s really a model for computing and not a place/destination. Cloud attributes include self-service, shared (there may be some logical partitioning), scalable/elastic, usage-based chargeback.
• IT as a service includes: IaaS (addition of infrastructure resilience); PaaS (not worried about virtual machines); SaaS (consuming an application directly from a vendor).
• Microsoft’s own datacentre infrastructure is based on extreme standardisation; business alignment (service-specific characteristics); SLA-driven architecture; and process maturity (re-imagined processes – not just automating today’s processes but thinking about the most efficient process for tomorrow, automation, change control).
• Private cloud is a combination of virtualisation and management – adopting public cloud practices internally… it’s not just about virtual machines and other infrastructure – it’s a full stack of management capabilities.
• The Microsoft stack is optimised for Microsoft software but there are also some cross-platform capabilities in System Center Operations Manager (SCOM) and in System Center Virtual Machine Manager (SCVMM).
• Cloud services (public or private) are based on a provider-consumer relationship. A typical service provider role might be a data centre administrator, whose concerns would be fabric assembly(storage/network/compute), delegation and control, flexibility and elasticity, and cost efficiency. A consumer example is an application owner, who is looking for empowerment and agility, a self-service experience, application visibility and control, and simplicity.
• System Center codename Concero is a new (web-based) product in development for (cloud) application owners, providing a view of all public and private clouds (Windows Azure subscriptions and on premise infrastructure, not just Hyper-V but ESX and Xen too). Pick a template and build out components (different tiers) for services within existing clouds. Configure the attributes that an application owner has to manage. Not just virtual machines but other data centre hardware (load balancers, etc.) too, using SCVMM in the background to deploy.
• Request a new cloud using a catalogue from System Center Service Manager (SCSM).
• Delivering a private cloud is about creating logical and standardised structures (because there is lots of legacy to manage there will always be a diverse infrastructure) and delegating portions to business functions.
• SCVMM 2012 supports creation of delegated private cloud infrastructure – create a logical cloud by defining attributes such as number of virtual machines, hypervisor choice, available service templates, and what can be done with these resources.
• Applications need to be abstracted from infrastructure (externalised configurations).
• Business empowerment is not about virtual machines though (SLA management – and self service too) – SCOM 2012 and Avicode (recent acquisition) give application insight to create dashboards for cloud applications and and drill down into alerts. These dashboards may be made available to managers via SharePoint web parts. SCOM 2012 also includes network monitoring.
• System Center Orchestrator (SCO) is the new name for Opalis (process automation tool) providing run books automating operational processes.

Some SCVMM highlights:

• SCVMM is now about far more than just virtual machines (I wonder when it will be renamed – perhaps System Center Fabric Manager?). Enhancements include:
  • Infrastructure (high availability/cluster aware, easier upgrade path, custom properties with name/value pairs, fully scriptable via PowerShell).
  • Fabric management (bare metal provisioning of Hyper-V using Windows Deployment Services and host profiles, multiple hypervisor support – Hyper-V/ESX/Xen, network management and logical modelling, storage management using standards such as SMIS, update management, dynamic optimisation, power management/smart shutdown – integrated with baseboard management controllers, cluster management).
  • Cloud management (application owner usage, capacity and capability, delegation and quota).
  • Service management (service templates, application deployment, custom command execution, image based servicing).
• SCVMM works with SCOM for load balancing (uses a connector and rebalances when limits hit which is a reactive approach) – in 2012 it also allows proactive load balancing (dynamic optimisation). This can also be used to schedule host power-downs.
• Self-service portal is integrated in SCVMM 2012. Console is now context-aware so it can be used by all user roles and they only see delegated resources.
• Server App-V is part of SCVMM 2012 – separating app state from the operating system, to enable image-based servicing and slide in a new operating system instead of traditional operating system updates. It is intended for line of business apps, not SQL, Exchange, SharePoint, etc.
• Service designer to create 3 tier applications and template them within the VMM library. Define deployment order and how to scale out. Scale out a virtual machine tier via a right click (within the service definition) – Microsoft also plans to deliver a management pack to detect service performance from SCOM and scale accordingly.
• Roles and features now part of operating system configuration in VM templates, as are application configuration items – not just virtualised but also with scripts. Deploy service and will be intelligently placed.
• Still support a server-based approach but trying to bring a service-based approach to deploying and managing apps in DC. This is also represented in SCOM.

More on SCO:

• In the private cloud change happens all the time but it’s the same change each time – so management is not about approval but logging. We can remove the manual but do need the ability to chose (to cope with diversity, move at different speeds).
• Three step process:
  • Integrate - take things (like disparate System Center products) and reference them as single entity.
  • Orchestrate - make them work together.
  • Automate - make things happen automatically
• If we jump straight to automation, we haven’t re-imagined the process. That means that if we take a bad process and automate it, we get a fast bad process! And if that breaks things, it really breaks them!
• SCO (Opalis) concepts include:
  • Activities – intelligent tasks with defined actions.
  • Integration packs – extendable connectors to communicate with other solutions (outbound – SCO has an application integration engine in a web service form for inbound communications)
  • Databus – publish and consume mechanism (when something happens, capture information, put it on the bus, send along as it works through the runbook).
  • Runbooks – system level workflows that execute a series of linked activities to complete a defined set of actions.
• SCO behaves in the same way as Opalis 6.3 with some minor UI changes and some investments in functionality but no fundamental changes in the way the product works (although it will be available in additional languages). It is a 64-bit only product.
• SCSM also has an orchestration engine that is not based on Opalis – this will remain as a separate but complementary product.
• Some integration packs have been remediated for SCO and will be available out of the box but not all – the packs remaining are not tied to service packs, etc. and will be released out of band.

The next session was, frankly, dull, droning on about SCSM and “GRC”, and I missed the presenter introducing the term (which I now know is governance risk and compliance – it was on the title slide of the deck but there was no definition). I have no notes to share as I struggled to keep up from the start…

Moving on to System Center Data Protection Manager (SCDPM):

• SCDPM 2006 provided centralised file-based backup (removing tapes from branches).
• DPM 2007 included Volume Shadow Copy Service (VSS) application support for Exchange, SQL Server and SharePoint.
• DPM 2010 included more enterprise features and client support. It still requires Active Directory but can now backup standalone machines off domain. Supported applications include Exchange, SQL Server, SharePoint, Dynamics, Virtual Server/Hyper-V, Windows Servers and Clients – and it can be used to backup SCDPM too. It can also backup highly available configurations. 
• SCDPM can create backups every 15 minutes with one full backup, then block-level differentials. Online snapshots for disk-based recovery and tape-based backups. Initial backup can be immediate, scheduled or via removable media.
• Many application owners use SCDPM and consider it as an extension to their application, rather than as a backup tool.
• SCDPM 2012 introduces a centralised management  for up to 100 SCDPM 2010/2012 servers or 50,000 sources; role based management; push to resume backups; SLA-based reporting (don’t alert every failure, just those that matter); consolidated alerts (fix one problem, not 20 alerts) and extensibility via PowerShell to script known issues.
• The console uses SCOM (it is a management pack and a few binaries) and may be integrated with a ticketing system (either SCSM or third parties products such as HP Openview via connectors). Roles are taken from SCOM (either create new roles or use existing ones).
• Infrastructure enhancements include certificate-based authentication (where there is no NTLM trust in place) and smarter media co-location (choose specific data sources to share a tape).
• Workload enhancements include SharePoint item level recovery, Hyper-V item level recovery (even when SCDPM is inside a virtual machine), and generic data source protection offering basic protection/recovery support for any referential data source with full application backup (full, delta and consistency check), original item recovery and restore as files to a network location, and XML support for applications without a VSS writer.
• There is no native protection for non-Windows applications, but virtual machines with other operating systems (e.g. Linux) can be backed up – the key is VSS support.

Some of the key points I picked up from the SCCM presentation:

• SCCM 2012 is less focused on packages and advertisements, now about applications, not scripts.
• User-centric approach, with better support for virtual environments.
• New models for communication between components.  Improved infrastructure architecture using SQL replication.
• Now includes mobile device management capabilities that were previously in System Center Mobile Device Manager as well as support for “light” management of mobile devices via Exchange ActiveSync.

Finally, SCOM 2012:

• Features simplified disaster recovery (for the SCOM servers) and monitoring improvements (so a device is monitored by a pool, not a single server).
• Support for monitoring Linux machines was introduced in SCOM 2007 R2, 2012 includes network monitoring and application monitoring (.NET and Java, when running on Windows).
• Network and application monitoring is not intended to be all-encompassing, but provides information to take to specialist teams and at least have an idea that there is an issue – more than just a gut feeling that the network or the application is “broken”.
• Introduction of dashboard templates – web and console views – can publish link with others. Can also create more complex dashboards that can be integrated with SharePoint, customise data visualisations via widgets. Dashboards and widgets are delivered via management packs.
• SCOM 2007 moved from server to service monitoring – 2012 is taking the next step.

As I look back on the day’s event I do have to congratulate the System Center product group on their openness (talking about future products in a way that helps customers and partners to plan ahead) and for running a free of charge event like this which is a great way for me to get the information I need, without the significant investment of time and money that conference attendance entails. Now, if only the Windows client and server teams would do something similar…

Slidedecks and recorded sessions from the Best of Microsoft Management Summit 2011 are available on the Microsoft website.