Gió thổi mây bay – Phong khởi Vân động

I started with Microsoft System Center on the end of the year 2010, and the first product was Microsoft System Center Configuration Manager 2007 (SCCM). It was amazing time to research and do with the habit.

At the same time, my younger brother started SCOM (System Center Operations Manager) with the little work. May be, he didn’t focus this product, he got the focus with SharePoint 2010 beta released. I covered that product, and had some labs with the real-scenario. And the later, I have the chance to work with almost the product which tags System Center.

Now, I have time to review System Center products that I worked and researched. They are: SCCM, SCOM, SCDPM, Opalis, and SCVMM. This topic is written with my ideas and I don’t sure it’s right for you.

The advantages of System Center are centralized managing all services and tasks on the networks which based on the Domain Controller (Microsoft Environments) and business can reduce and saving cost for operations, energy and make the efficient and effective business.

All products – means SCCM, SCOM, SCDPM, Opalis and SCVMM – have these advantages but they focus in the different areas on the network and security. I think SCCM is the less effective than other products and I explain why SCCM is.

SCCM – System Center Configuration Manager – is provided the ways to control some services which is built-in Windows Server and enhanced software deployment on the clients.

Configuration Manager is defined how to control changing on the system that is approved and approved by managers or directors. System Center does not cover all but we can assume that some services – are known as Role on SCCM – are approved task because of security policy. I’m sure this because Software Update Point is running based on WSUS (Windows Server Update Service) and Software Distribution is enhanced of software deployment on Group Policy. Because of popular task so that I write at first.

Software Distribution flow-chart is shown in this picture below:

As you see in picture, we must create package which contained source set up with file extension EXE or MSI. Choosing the OS desired to deploy software; SCCM convert source set up to package that can deploy to clients and contained them to Distribution Point – the place clients to reach and get the software information to deploy.

But not at all the task, we create the advertisement to advertise the new package is available to client through agent that is configured before. Waiting the clients recognize advertise and contact the distribution point to download the packages. Clients can be installed the software on the background without notify to end-users or notify and install with the click agree to install. The enhancing of SCCM is allowed installing software on the background, this is the good news to end-users but it’s a night-mare to operations security. Why? Because almost malware can be installed on the background like Software Distribution, you don’t know exactly that what’s process is correctly running on systems, besides, if users turn-off computers and installing is corrupted, SCCM can’t install again because computers get the advertise and follow the guidance, so if you need to re-install, we must run advertised again. With SP2, Software Distribution is integrated with Application Virtualization (called App-V package), and easy to run without conflict to system library. It’s isolated solution not mitigated solution.

Change to Software Update Point, the role is similar to WSUS, actually it uses the WSUS to synchronize to Microsoft Updates. The simple workflow to create with defined criteria on Software update Point.

After synchronize to Microsoft Update, Software Update Point is provided the new ways control updates by using Search to create the folder contained updates with some conditions criteria. The templates are used to apply to clients or collections and repeat weekly, monthly or quarters. They are very useful to apply the right hotfix to right OS requirements and automatically update the critical hotfix and prevent the zero-day attacks.

Asset Intelligence and Software Metering are introduced on the SCCM, but I think they are need to improving. Asset Intelligence can create the report about the hardware; software licenses and some information about the assets, but the question are how to track them and how to mitigate them. Asset Intelligence provide the report for planning upgrade the software or system based on the standard requirement of the products – some products we must connect with the server to get information. Because of inexpensive hardware, I think that business can apply the new hardware instead of using the old computers. Why do I think so? Nowadays, almost software needs more resources, hungry RAM but new devices are cheaper than old devices and SDLC is on a short-time.

I hate to says that OSD (Operating System Deployment) is the worst function on SCCM. It need both 32-bit and 64-bit Boot Image to running the PXE Boot, it’s difficult to apply the OS with Multicast support. If you have the plan to deploy OS with Windows technology, WDS (Windows Deployment Services) on Windows Server 2008 R2 is the best choice. WDS is built to support Multicast, easy apply drivers to clients. We can create image from Reference Computer by using Create the Capture Boot Image.

OSD uses the Task Sequences to deploy the OS – we can customize the task sequence and apply the query to find the match drivers to apply, but it’s spent more time and sometime it’s a waste time because WAIK need the time to extract and apply the drivers and create the a new images. The one thing I like on OSD that is automated download and apply the OS with the my business logo, themes and download the right software, updates hotfix and I must say again, spend more time to deploy OS to many machines at the same time.

This is some reasons why SCCM is less effective than others products. And I think we agree with one or some reasons above. Now, why do we choose the most product system center I like.