PART-2

Enterprise Mobility + Security Practice

IDENTITY AND ACCESS MANAGEMENT

Today’s User to have multiple identities for everything from Windows Active Directory to SaaS applications like DropBox and Concur. As a business, ensuring that the data stored by your users with these identities is available and secure is of upmost importance.

Identity Management is another “Must-Have” service offering for Cloud Managed Service Providers (MSPs). For MSPs focused on productivity and mobility solutions, ID management is natural add-on. However, ID management is an integral part of infrastructure deployments as well. It’s a security discipline in which an MSP will conduct the administration of IDs on behalf of their customers. This ensures the right individuals have access to the right on-premises, hybrid, or public cloud resources at the right times for the right reasons.

To meet customer needs, in their ID management offering, MSPs will define user group resource policies in Active Directory, implement single sign-on, federate identities across apps and other resources, and handle rights management – ensuring that the right users have the correct access. On behalf of their customers, MSPs that develop mature ID management policies can lower associate costs and become more agile in supporting new business initiatives – all while staying compliant with industry and regulatory standards.

DEFINE YOUR STRATEGY

SYSTEM CENTER 2012R2 CONFIGURATION MANAGER SYSTEM REQUIREMENTS

Welcome, I would like to start System Center 2012R2 Configuration Manager deployment series with little information about its basics and then we will look into its new features and design considerations. System Center 2012R2 delivers unified management across on-premises, service provider and Windows Azure environments, in a manner that’s simple and cost-effective, application focused, and enterprise-class. System Center 2012R2 offers exciting new features and enhancements across infrastructure provision, infrastructure monitoring, application performance monitoring, automation & self-service, and IT service management. The Microsoft names it as Cloud OS, System Center enables the Microsoft Cloud OS by delivering unified management across on-premises, service, and Windows Azure environments. 

What’s New In System Center 2012R2 Configuration Manager

1. System Center 2012R2 Configuration Manager now supports deployment of Windows 8.1 and Windows Server 2012R2. There is added support for boot images created by using the Windows Automated Installation Kit (WAIK) for Windows 7 and based on Windows PE.
2. System Center 2012R2 Configuration Manager is now integrated with Windows Intune and this is named as Unified Modern Device Management. This means you can use System Center 2012R2 Configuration Manager together with Windows Intune to manage a broad array of PCs and devices covering Windows, Windows RT, Macs, Windows Phone, Apple iOS and Android.
3. You can now select Rseultant Client Settings (RSOP) from the Configuration Manager console to view the effective client settings that will be applied to the selected device. This is another great feature.
4. You can now reassign Configuration Manager clients, including managed mobile devices, to another primary site in the hierarchy. Clients can be reassigned individually or can be multi-selected and reassigned in bulk to a new site.
5.  Compliance Settings – New mobile device settings and mobile device setting groups have been added.
6. Profiles – There are new Certificate Profiles, VPN Profiles and Wi-Fi Profiles introduced in System Center 2012 R2 Configuration Manager and the supported devices include those that run iOS, Windows 8.1 and Windows RT 8.1, and Android. 
7.  Software Updates – There is a new maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. You can now change the deployment package for an existing automatic deployment rule. New software updates are added to the specified deployment package every time an automatic deployment rule is  run. A new feature called Software updates preview lets you review the software updates before you create the deployment.
8. 2. Application Management – Web applications in System Center 2012 R2 Configuration Manager are a new deployment type that allows you to deploy a shortcut to a web-based app on users devices.
9. Collections – A new management option allows you to configure maintenance windows to apply to task sequences only, software updates only, or to all deployments.
10. Reporting – Configuration Manager reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles.

  System Center 2012 R2 Configuration Manager Design Considerations

    Before we install the System Center 2012 R2 Configuration Manager it would be better to have an idea on System Center 2012 R2 Configuration Manager Site and System Roles and how are we going to install the roles and their limits. In most of the cases planning for hardware and software requirements for Configuration manager takes more time, so it is very important to understand about the site and system role scalability.

   1) Central Administration Site – A central administration site can support up to 25 child primary sites. When you install a Central Administration Site and use an Enterprise or Datacenter edition of SQL Server, the hierarchy can support a combined total of up to 400,000 devices. So you must plan for CAS only when an organization has over 1,00,000 clients.

    2) Primary Site – Each primary site can support up to 250 secondary sites and up to 1,00,000 clients.

    3) Secondary Site – A secondary site supports a maximum of 5,000 clients. For secondary sites SQL Server must be installed on the site server computer and in a location if there are fewer than 500 clients, consider a distribution point instead of a secondary site.

    4) Management Point – Each primary site supports up to 10 management points and each primary site management point can support up to 25,000 computer clients. Each secondary site supports a single management point which must be installed on the site server computer.   

    5) Distribution Point – With System Center 2012 R2 Configuration Manager each primary and secondary site supports up to 250 distribution points and each distribution point supports connections from up to 4,000 clients. Each primary site supports a combined total of up to 5,000 distribution points. This total includes all the distribution points at the primary site and all distribution points that belong to the primary site’s child secondary sites. Each primary and secondary site supports up to 2000 additional distribution points configured as pull-distribution points. For example, a single primary site supports 2250 distribution points when 2000 of those distribution points are configured as pull-distribution points.

    6) Software Update Point – A software update point that is installed on the site server can support up to 25,000 clients.

    7) Fallback status point – Each fallback status point can support up to 100,000 clients.

     

   Thanks for learning

   Enterprise Mobility Part-2