This post is a part of the nine-part “What’s New in Windows Server & System Center 2012 R2” series that is featured on Brad Anderson’s In the Cloud blog. Today’s blog post covers how System Center 2012 R2 Configuration Manager and Windows Intune allow application delivery to all major device types and application management from a single console and how it applies to Brad’s larger topic of “People-centric IT.” To read that post and see the other technologies discussed, read today’s post: “Making Device Users Productive and Protecting Corporate Information.”
Because employees use a wide variety of devices (such as Windows x86 and x64 PCs, laptops, Windows RT tablets, Windows Phones, iPads, iPhones and Android devices), it becomes very difficult for the IT admin to manage applications built for different device platforms and deploy them to different devices for end users. As noted in Brad Anderson’s People Centric IT blog post Making Device Users Productive and Protecting Corporate Information, with Configuration Manager and Windows Intune, we’ve made it easy to ensure that applications are delivered in the optimal method for each device to ensure worker productivity.
Configuration Manager allows the administrator to model the application with multiple deployment types (for example, MSI installers, Windows Store links, iOS applications, etc.) and then to deploy it to collections of users or devices.
The application evaluates the user’s device type and other requirements (for example, the amount of free storage space, etc.) specified by the administrator to select the appropriate deployment type to install on the user’s device. So whether your employee is using a laptop, VDI session, an iPad, or all of those, it can deliver the app to that user with the best experience on each device. Because of the integration between Windows Intune and Configuration Manager, you can now extend application delivery to all major device types by using a single management console. Applications can include locally installed MSI packages, side-loaded Windows 8 modern applications (appx), App-V virtual applications on Windows devices, remote applications using Microsoft virtualization solutions, web links, or public applications stored in the Windows Store, App Store, or Google Play. Compliance reporting is available for the application across all the deployment types, making it easy for IT Admins to keep track of overall compliance while at the same time monitoring any issues with particular deployment types. The diagram below illustrates the flexibility offered by the application model to deploy to the user and choose the appropriate app delivery mechanism based on the user’s device.
Let’s consider one more example where the IT admin wants to make Skype available to employees. The IT admin can model the Skype application with multiple deployment types based on platforms. For example, for Windows 7 and below, MSI based installation can be specified. For Windows 8 and above, Skype can be made available for end users to install from the Windows Store. For iOS and Android devices, Skype can be downloaded and installed from the appropriate app store. Here is how the application model for Skype with multiple deployment types will look like in the Configuration Manager console:
With the release of System Center 2012 R2 Configuration Manager, we have added quite a few new features for application management. Here is a quick overview of the new features:
Windows 8.1 modern application and app bundle support: Windows 8.1 Preview introduced the app bundle (or .appxbundle package) to help optimize the packaging and distribution of a Windows Store app and resource packages to users. Configuration Manager can now help you deploy LOB apps built using the side-loaded .appxbundle packages. We have extended the existing “Windows app package (.appx)” deployment type to now recognize the .appxbundle package files to create this deployment type.
Web application deployment: It is now easy to publish web applications (e.g. SaaS application links, internal web sites, LOB web applications) by using Configuration Manager. IT admins can use the new deployment type “Web Application” to publish the web applications and make them available to the end users in their company portal self-service application. This makes the discovery of web applications really easy for the employees and they can then install shortcuts for these web applications from the company portal on their devices.
Required (“Push”) installation of applications on mobile devices: In System Center 2012 Configuration Manager SP1, applications could be made available for end users to install from the self-service company portal application. We received a lot of feedback from our customers that they need a way to push commonly used corporate applications to mobile devices. With the System Center 2012 R2 Configuration Manager release, IT admins can now push the applications to mobile devices similar to the way they used to push applications on PCs. This required install support for applications is available across Windows (RT, x86), iOS platform based devices and Android support is in the works also. Web applications, side-loaded Windows app packages and App Package for iOS can be pushed with the System Center 2012 R2 Configuration Manager. Deep linked store apps (for example, Windows Store, Apple Store) cannot be pushed to the user’s devices and can only be made available for end users to install them from the respective stores.
Application removal from mobile devices: With System Center 2012 R2 Configuration Manager, IT admins can uninstall a previously deployed application from a mobile device. IT admins can create an “uninstall” deployment for the application to explicitly remove the application from the devices. Retiring the device from management also triggers a selective wipe of corporate information including removal of corporate applications deployed through Configuration Manager.
Automatic VPN connection: One of the new features of Windows 8.1 is that now it supports a VPN platform that allows for the automatic opening of VPN connections under certain conditions. For example, you have a sales dashboard application that requires access to the sales contact database that is only available on your corporate network. Let us suppose that the sales manager is on the road and he needs to use the sales dashboard application from his personal tablet running Windows 8.1. With System Center 2012 R2 Configuration Manager and the Windows Intune service, you can not only deploy the sales dashboard application to the user but also configure it to automatically open a VPN connection when needed. The user can just click and launch the application and because Configuration Manager associated the sales application to the VPN profile, the underlying VPN platform will automatically detect that this application requires VPN connectivity and will automatically open a VPN connection to the corporate network. All this happens seamlessly in the background and the end user doesn’t even realize that VPN was connected so that he could work on his application.
In order to configure this feature, there are 2 steps:
When the application is installed on the device by the end user, Configuration Manager also automatically associates it to the VPN profile.
Note: This feature is currently supported only on non-domain joined Windows 8.1 devices.
In summary, user centric application management with Configuration Manager and Windows Intune helps IT admins to provide the right set of applications to employees on their devices of choice while easily managing the application lifecycle for the corporate applications.
--Nilesh Bhide and Dilip Radhakrishnan
To see all of the posts in this series, check out the What’s New in Windows Server & System Center 2012 R2 archive.
This posting is provided "AS IS" with no warranties and confers no rights.
COMMENT REPERER LES PERIPHERIES LINUX AVEC SCCM 2014 R2