I deliberately picked the Application Catalog as the focal point of my demo/presentation at the System Center 2012 launch events in Dublin and Belfast because it shows how System Center 2012 recognises that IT services must change to empower the user and embrace IT controlled/secured/audited automation.
SMS 2003 was the first “System Center” product that I worked with. We wanted something that was more powerful than Group Policy for software deployment. The company I was working for also just signed a Microsoft enterprise agreement and we needed a software auditing solution to live up to our requirements. So I asked one of my team, who previously did consulting on SMS 2.0, to deploy it, and I learned the product from him.
The software deployment feature was powerful. We’d import or create a package containing the files. Maybe we’d have to teak or create a program to install/uninstall the package. We’d distribute the files to distribution points/secondary sites. And then we’d advertise the required program to a collection of machines. We never targeted users because they could roam and needlessly drag expensive software, such as Visio or Project, around with them, driving up our licensing costs.
It was easy to push out standard software like Adobe Reader. It would go out to all Windows XP (as it was at the time) machines. But Visio or Project? We basically had to wait on a request. A user would call the helpdesk asking for Visio and then a low priority ticket was created. That ticket could wait until the higher priority tickets were dealt with. Our Helpdesk had a 4 hour SLA so maybe 4 hours later (usually much less) they’d drop the user’s computer account into a security group for machines that should get Visio.
And here’s why I told people that you need patience with Configuration Manager. The process has gone unchanged … it’s just now we have a different way to tackle it. In the past we had to push that software. ConfigMgr/SMS would update collection memberships on a schedule, every 24 hours by default. We had a “small” network (by Microsoft or ConfigMgr standards) so we scheduled the collection to update every hour. Then it would query the new group membership and update its own membership.
On the client machine, the ConfigMgr/SMS client would automatically connect to the Management Point every hour to get new policy. At that point it would, thanks to the new Visio collection membership, realise it should install Visio. It would then download the files and install.
Think about how long this took:
- Helpdesk to respond – up to 4 hours (let’s go worst case scenario) – 4 hours
- The collection to update – we’ll say 1 hour but it could have been 24 hours – 1 hour
- The client to connect to the management point – up to 1 hour but we’ll say 1 hour
That’s a 6 hour wait for the end user to get a new application. No wonder the business thinks that IT holds them back! They can avail of cloud computing or a personal device (app on a tablet) in minutes, to deal with whatever business opportunity/challenge/threat is before them. But with our push solution, IT takes 6 hours … and that could have easily been 29 hours! That’s some “service”.
System Center 2012 is user centric. That means the user is empowered to consume IT services in an on demand basis. Those services are provided via System Center 2012, allowing IT to automate more, enable the user to consume as and when they need it, but IT can control, secure, and audit it.
Let’s take the Visio example. I can create a Visio package with the automated installation. I then create an application in System Center 2012 Configuration Manager. I can two 2 types of deployment. The first is a push, which is similar to what I discussed above. That’s for when you’ want to push out software by policy. And being a policy, the software will automatically get re-installed if it is uninstalled while the policy still applies. There is a delay in the push, but we don’t mind. That’s because we’re pushing out a policy to a large number of machines, and that’s probably something we do outside normal hours, and not to some “we want it now” demand. Adobe Reader, Office, and so on are the sorts of app that you would deploy like this.
The second approach we can use is to publish the application in the Application Catalog. Here you can list all elective software, the stuff you don’t include in your OS images or deploy on a widespread basis via policy. Visio is a perfect example of this kind of app; it’s too expensive to deploy everywhere, and a few people will have a business case to require it. When you create the application, you can add all sorts of text and keywords to describe the app and to make it searchable.
You can publish the URL to the Application Catalog to everyone’s browser via GPO. And there’s a link to it in the new utility on the managed PC called Software Center. Now a user wants Visio to open a VSD file. The click the link to open the Application Catalog. They can search, e.g. for .VSD file, and Visio appears in the results. The click the Install button, and Visio installs … just like that. It’s actually ConfigMgr doing the install, using the unattended config that you set up in the package.
Now Visio is expensive, so you don’t want everyone lashing it onto their PCs. Not a problem! With a mouse click, you configure the installation to require approval. Instead of an Install button, the user is given a Request button. They are asked to give a reason for the install and the request goes off into ConfigMgr where an administrator can review it and approve/reject it. If it’s approved, the user will get an Install button.
We’d like that request process to be more auditable and to include non-IT staff, such as a faculty or department IT budget owner. That’s where the Application Approval Workflow (AAW) comes in. This combines the deployment functionality of Configuration Manager with the process and control functionality of System Center 2012 Service Manager. Now the user can go into either the ConfigMgr Application Catalog or the portal of Service Manager, where they’d normally go to request IT services. Requesting an approval-required application will create a service ticket in Service Manager and kick off an approval workflow.
The engineering possibilities of workflow allow you to bring in alternative approvers based on your business or customer processes. In other words, a budget owner can be notified of the request, read the business case, and reject/approve the install of the application. And now IT just manages the system, instead of slowing down the business. If there is slowness with this solution, the business can only look inwards to find a cause.