April, 2008

It seems to be a common question:  Why does MDT 2008 still use VBScript during OS deployments, rather than moving to something more "cutting edge" like PowerShell.  So let's review a few reasons:

• You probably don't yet want to use PowerShell in your old operating system.  Imagine if we shipped a solution that said "before you can upgrade your machine from Windows XP to Windows Vista, you first need to deploy .NET Framework 2.0 and PowerShell 1.0 to all of your XP computers."  Deploying these technologies to an OS that might not yet have them, when you are then just going to wipe that OS to install a new OS, adds an unnecessary burden.
• PowerShell isn't supported in Windows PE because Windows PE doesn't include .NET Framework support.  So any scripting that we have to run in Windows PE can't be written in PowerShell.
• PowerShell isn't supported in Windows Server 2008 Server Core, as Server Core doesn't include .NET Framework support (and therefore no PowerShell either).  We don't want to have to create a PowerShell script that would run on Windows Server 2003 or a full install of Windows Server 2008, but then create a VBScript to run on Windows Server 2008 Server Core installation option.
• IT administrators are still much more familiar with VBScript than with PowerShell.  We want you to be able to read the scripts, and make modifications if necessary.  (This is the same reason we don't just convert it all to C++: we want you to be able to understand it.)

As time goes by, PowerShell will become more and more prevalent, so we'll revisit this periodically.  At this point, it's safe to say that your VBScript knowledge will serve you well for quite some time.

Now, supporting PowerShell on the MDT/ConfigMgr server (for configuration of task sequences; importing source files for apps, OSes, drivers, patches, etc.; populating databases; etc.) makes much more sense, so we are investigating what additional PowerShell support we can provide there.  (You can do some things now, as our server-side components are written in .NET.)  There is nothing committed at this point, though.  If you're interested in something like that, please let me know.

Bill Anderson talked this morning about System Center Configuration Manager.  Of course, the session started with the Top 10 list:

What other uses have you found for SCCM 2007?

10.  Use inventory to find out what music you have where.

9.  Use task sequences to operate the model railroad in your basement.

8.  Use daily mandatory advertisement to automate morning procedures.

7.  Inventory and metering to track electronic comic book collection.  (The picture of Ed is a new classic.)

6.  Use DCM to re-balance your stock portfolio.

5.  Inventory and NAP for (controlling/quarantine) kids.

4.  Inventory and distribution for wine cellar.

3.  Configuration Pack for MD-80 aircraft.

2.  SMS in the news.  (Ministers dismissed by SMS.  SMS the musical.  Man divorces two wives in three minutes using SMS.  Dead wife contacts man via SMS.)

1.  NAP for public restrooms.  (Finland's roadside toilets now accessible only by SMS.)

OK, so maybe you have to be there to appreciate the list :-)

Next up, Bill showed a video of Jarvis Davis's OS deployment capabilities at Campus Crusade for Christ, easily operated by his 5-year-old daughter.  I suspect you'll be able to watch this yourself soon :-)

On to the real content.  First, Bill is covering a lot of information, and while I can type quickly I still can't type as fast as he talks.  So I'll do my best in outline mode.  Bill summarized the last year since ConfigMgr 2007 has been released: 

• ConfigMgr has 5.8 million lines of code with 3.2 million lines of test automation code and 2000 VMs running 40,000 test cases. 
• 385 individual UI pieces used in 1100 different places
• 2 million words of documentation as of SP1
• 40+ TAP and RDP customers, with over 200,000 clients deployed prior to RTM, with 77 DCRs and 484 bugs filed as a result of TAP feedback.
• MSIT has 2000,000 ConfigMgr clients with 2 hierarchies spanning 14 sites, using SUM, asset management, 140 software distributions.  Working on NAP, OSD, DCM, IBCM, Application Virtualization.
• Software quality metrics sends data to Microsoft about your MMC and feature usage when you opt in.  Enable the "Customer Experience Improvement Program."
• Support feedback:
• 60-70% of support calls are advisory (asking for help, not bugs or problems)
• See KB 945898 for info about a bug in the Offer Status Summarizer
• New site deployment and SMS 2003 upgrade issues are common
• Active directory schema extension issues
• SQL issues with SPNs, accounts, name resolution
• Client and network firewalls getting in the way
• MyITForum.com and Technet.microsoft.com forums are very active
• TechNet will be upgraded in the next 30-60 days
• Scale and performance
• Hardware and software inventory is multithreaded
• Provider can run on a separate server
• Less overhead with secondary sites since there are no more legacy clients
• Site backup uses VSS and is very fast, offline for only a few minutes
• State messages generate new load on ConfigMgr servers (client deployments, software updates, configuration baseline evaluations, CAL tracking) - stagger these if possible
• Native mode adds 10-15% overhead on client
• Consider placing SQL Server on a different server with a dedicated gigabit network link
• Tune you I/O as ConfigMgr is I/O-heavy
• Slight penalty running on 64-bit (WOW64), but not an issue with less than 50-70K machines
• SDK released in Mach 2008
• All areas documented: site server (SMS provider), admin UI, client SDK
• Lots of additional documentation (400K words in SMS 2003, 1.1 million in ConfigMgr), twice as many of code snippets, 10 full samples, DCM authoring guides
• Documentation improvements
• Quizzes
• Updated documentation provided through a hotfix - download from the download center
• Superflows, providing interactive content (animation, hyperlinks, etc.) on the inner workings of various ConfigMgr functions - download these, even print them

Now, looking ahead:

• ConfigMgr SP1
• Six hotfixes and one customer DCR rolled in
• Infrastructure to support R2 features
• Windows Server 2008 support
• Vista SP1 support details
• Asset Intelligence 1.5
• Intel AMT integration
• ConfigMgr R2
• Application virtualization management
• Client status reporting
• New OSD server provisioning scenarios
• Multicast support
• Unknown computer support
• SQL Reporting Services support
• Forefront Client security integration
• Planning time
• Requirements gathering, scenarios, functional specs, "passionate discourse" (arguing), customer visits, prototyping

Brady Richardson then gave a demonstration of a new prototype showing some thoughts around improving Desired Configuration Management: generating new DCM baselines automatically by watching the installation of an application (comparing before and after). 

Bill and Brady then talked about the main pillars for the next version of ConfigMgr:

• Embracing the end-user of the future
• Administrator experience
• Simplifying
• Do what we do today, better

Maybe by next year's MMS 2009 conference the full details for the next release of ConfigMgr will be available.

There are 42 breakout sessions and 23 hands-on labs related to ConfigMgr 2007 this week, as well as 20+ members of the ConfigMgr product group at the event.

Bob Muglia presented today's keynote session, talking about the problems of the Dynamic Datacenter and solutions that are possible.  First up, Michael Kelley demonstrated how System Center Configuration Manager 2007 can be used to deploy an OS to servers in a datacenter.  As part of this, Michael showed the new Dell PowerEdge Server Deployment configuration pack to help with the hardware configuration: setting up RAID configuration, configuring BIOS settings for Hyper-V, etc.

That's the first announcement:  The Dell PowerEdge Server Deployment configuration pack.  This will be available in a few weeks for downloading from the Dell web site.

The next part of Michael's demo showed how to configure the operating system after it's been installed.  He used the Microsoft Deployment Toolkit to install roles (Hyper-V, Active Directory Domain Services, etc.) and then took it the next step and used MDT to configure AD, automating the process of turning the server into a new domain controller.

No new announcement there - that functionality is already present in Microsoft Deployment Toolkit 2008 :-)

Next, Michael showed how to configure the Configuration Manager 2007 R2 multicast capabilities, enabling scalable mass deployments of servers in the datacenter, while minimizing the overall impact on the datacenter's network.

That's another announcement, if you hadn't already heard:  Configuration Manager 2007 R2 will add multicast capabilities for OS deployment, leveraging the capabilities provided in Windows Deployment Services in Windows Server 2008, when R2 releases later this year.  It's available in beta now via the Connect web site.

Bob talked then talked about how the Microsoft TechNet and MSDN web sites are now completely virtualized, running with Hyper-V.  Performance is very good, and is very competitive with VMware ESX.

Maybe not an announcement, but a great public declaration: Microsoft is already using Hyper-V for large-scale production use.

To help with the management of Hyper-V and VMware ESX, Bob introduced Rakesh Malhotra to talk about managing virtual machines using System Center Virtual Machine Manager 2008, the new version that fully supports Hyper-V and VMware ESX management.

Another announcement: The System Center Virtual Machine Manager beta is available today.

Rakesh also showed how Virtual Machine Manager (VMM) is built on top of PowerShell, generating scripts to perform all the UI tasks.  Bob talked about how Hyper-V doesn't yet support "Live Migration" but will in the future.  (Right now, it supports "Quick Migration", which basically uses Windows clustering to save the state of a machine, move it to a new node, and start it up again.) VMM does support VMware's VMotion capabilities.

To help with the setup of "Quick Migration", VMM supports setting up high availability VMs using Windows clustering.  VMM also integrates with System Center Operations Manager 2007, helping with the monitoring and control of your virtual machine environment.  This SCOM integration implements "PRO tips", enabling SCOM to make suggestions for changes to your environment (e.g. add a new IIS server), with a single button "Implement" capabilities to make those changes using automatically-generated PowerShell scripting.

Bob then talked about application virtualization, using products like SoftGrid or using capabilities provided in IIS, SQL Server, and other applications that enable single operating systems to run multiple independent workloads.  This lead into the discussion of modeling: initially using something like SCOM to enable health modeling of your environment, but expanding well beyond that in the future.  Bob originally said five years ago that this was a 10-year vision, with five more years of work to fully implement the original vision.

Next up, Barry Shilmover demonstrated the cross platform extensions for System Center Operations Manager 2007, supporting various Unix and Linux environments.  This solution leverages OpenPegasus (a CIMOM implementation, similar to WMI), OpenWSMan (an open-source WS-Man framework), and some specific OpsMgr providers running on the Unix/Linux hosts to provide information back to the OpsMgr server for monitoring, reporting, etc. - all the standard OpsMgr functionality.  Barry also showed an Oracle management pack from Quest and a MySQL one from Xandros, a management pack for Apache and PHP from Xandros, and more.

Another announcement:  The beta version of the Cross Platform Extensions for System Center Operations Manager 2007 is available today.

Bob also talked about new connectors for OpsMgr that enables integration with Tivoli and HP Openview. 

If you are looking for DVDs from past Microsoft conferences (MMS 2007, TechEd 2007, etc.), they are available online through the Microsoft Event DVD store.  See http://shop.ecompanystore.com/mseventdvd for the details. 

For those that wanted to attend this year's conferences but weren't able to, these DVDs should be available too within a few months after the completion of the conference.  I hope pricing will be close to last year's.

As we make plans for the next version of the Microsoft Deployment Toolkit, it would be great if you could provide feedback on what you think about the current version, including:

• Why you are (or aren't) using it
• What you think the best feature is
• What you think the worst feature is
• What enhancements you would like to see
• What deployment types you are using (Lite Touch, ConfigMgr, SMS 2003)
• How many machines you have deployed, and what operating system you deployed (XP, Vista, 2003, 2008)

Feel free to post your comments to this blog entry, or if you would prefer you can e-mail them to me directly at mniehaus@microsoft.com.  Go ahead, bury me in e-mail - make me regret asking for it :-)

I forgot that we are also hosting a Birds of a Feather session, as quite a few of you requested one:

BN01 Microsoft Deployment Toolkit 2008 (formerly BDD 2007) Q&A

Wednesday, April 30 5:30 PM - 6:45 PM, Marco Polo 804
Track(s): Solution Accelerators
Session Type(s): Birds-Of-A-Feather
Products(s): Configuration Manager 2007, Solution Accelerators, Windows Client, Windows Server

This birds-of-a-feather session gives you the opportunity to ask your peers and the Solution Accelerator development team technical questions about the Microsoft Deployment Toolkit 2008 solution accelerator, Windows deployment tools and challenges, System Center Configuration Manager OS deployment capabilities, or any related topic. Audience participation is encouraged, and no question should be considered too simple or too complex.

This year, we didn't make the mistake of scheduling it at the same time as the MyITForum party :-)

I'm settled in now for what I hope will be another great Microsoft Management Summit conference, back in Las Vegas this year at the Venetian hotel.  Having been to the real Venice back in November after the TechEd IT Forum conference in Barcelona, I have to say that this version of Venice is smaller, cleaner, and smells better - in other words, fake, just like the rest of Vegas :-)

I've already seen many familiar faces, and plenty of new ones, at the SCCMExpert/Adaptiva gathering this evening, which was well attended.  Tomorrow the conference begins.  Fortunately for me, the real fun doesn't start until Thursday, when Tim and I have three sessions:

SY04 Advanced OS Deployment with Configuration Manager - Part 3: Extending OS deployment with the Microsoft Deployment toolkit

Thursday, May 1 10:15 AM - 11:30 AM, Bellini 2001B
Speaker(s): Tim Mintner, Michael Niehaus
Track(s): Solution Accelerators, Systems Management

Microsoft Deployment is the next version of Business Desktop Deployment (BDD) 2007. New features in Microsoft Deployment integrate with and extend the native OS deployment functionality of Configuration Manager 2007 while providing thorough project management guidance.  Examine how the Microsoft Deployment toolkit uses and extends the OS deployment capabilities presented in part 1 and 2, providing new wizards, task sequence templates, additional server deployment automation and other features.

SY05 Advanced OS Deployment with Configuration Manager - Part 4: Provisioning your Windows Deployment with Microsoft Deployment (BDD)

Thursday, May 1 11:45 AM - 1:00 PM, Bellini 2001B
Speaker(s): Tim Mintner, Michael Niehaus
Track(s): Solution Accelerators, Systems Management

Now that you have a good understanding of the OS deployment features and functionality provided by Configuration Manager and Microsoft Deployment, we'll explore ways to create dynamic, data-driven deployment processes.  We will discuss performing rules-based, data-driven deployments; using external data sources; adding your own scripts and customizing those provided with Microsoft Deployment; overriding task sequence properties and other advanced topics.

SN02 What's New in the Microsoft Deployment Toolkit (MDT) 2008? Updates for Windows Server 2008 and Windows Vista SP1

Thursday, May 1 2:30 PM - 3:45 PM, Veronese 2401B 
Speaker(s): Tim Mintner, Michael Niehaus
Track(s): Solution Accelerators

Windows Server 2008 and Windows Vista SP1 introduce new changes in the underlying service stack and Windows Automated Installation Kit. These changes are addressed in the second release of the Microsoft Deployment Toolkit (formerly BDD). This session will introduce MDT 2008 changes, focused on Windows Vista SP1 support and Windows Server deployment. MDT 2008 provides broader support for deploying Windows Servers, including automated role installation using Server Manager in Windows Server 2008. This session will be presented first hand by solution developers and provide an overview of the Solution Accelerator, updates versus previous versions, tool demonstrations and the current roadmap and release schedule for future MDT releases.

No, I'm not quitting to go work for McDonald's.  (The thought has crossed my mind a few times - what a joy it would be to have a job that you could completely forget about as soon as you walked out the door for the day.  Too bad they don't pay as well.)  I'm thinking more about the idea of asking customers if they would like something else, especially if it would add very little additional cost.

OK, so what the heck does this have to do with Windows deployment?  Well, imagine that you are a customer and have brought in a consultant to help you with your Windows XP deployment.  They have installed Microsoft Deployment Toolkit 2008, gathered the installation files, applications, drivers, etc., and produced a Windows XP image and deployment process.  Then they ask a simple question:

While we're at it, would you like us to create a Windows Vista image for you too?  It will only take a few additional hours.

That might sound like a stretch, but there are consultants out there that are doing exactly that.  The bulk of the process is the same - and has already been completed for the Windows XP work.  So why not, I'll take a Windows Vista image too :-)

What's even more amazing:  Talking to consultants who will create the Windows Vista image at the same time, without even asking the customer if they want one and without adding any additional cost.  Later they'll say, "Oh, by the way I also created a Windows Vista image in case you want to start piloting with that."  That's very cool.

I mentioned the SCAP to DCM conversion tool in my previous post, but there's another ConfigMgr 2007 DCM-related beta that our Solution Accelerator Team released this week.  It's the Security Baseline Management toolkit, containing 12 new DCM configuration packs that you can use with ConfigMgr to determine compliance with the security guidelines published by Microsoft.  The download for the beta version of this tool is available at http://www.microsoft.com/downloads/details.aspx?familyid=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en&tm.

If you work for or with the US federal government, you may have heard of the Federal Desktop Core Configuration (FDCC) program, as well as the Security Content Automation Protocol (SCAP).  See these links for more information:

• http://csrc.nist.gov/fdcc/, which talks about the FDCC program.
• http://nvd.nist.gov/scap.cfm, which describes what SCAP is.
• http://www.microsoft.com/industry/government/federal/fdccdeployment.mspx, which shows how Microsoft Services can help you implement FDCC (using Microsoft Deployment Toolkit of course).
• http://blogs.technet.com/fdcc, the Microsoft Services FDCC team's blog, with all sorts of information about implementing FDCC.

My group, the Solution Accelerators Team, recently released a beta of a new tool that can also help with this: the SCAP Conversion Tool for DCM.  See http://www.microsoft.com/downloads/details.aspx?FamilyID=22e5b9a0-fa7b-4d43-bcea-7084ae6f40f5&displaylang=en for the download.  Basically, this tool will take an SCAP definition file and convert it into a Configuration Manager 2007 DCM configuration pack.  Then you can use ConfigMgr to validate your compliance with the SCAP baselines.