Event: TechCamp 2014 On June 19/20 In Dublin

Another community event is coming on June 19th and 20th in Citywest in Dublin. This time, with TechCamp 2014, we’re switching to a more “here’s how to do it” style of presentation. Based on feedback, we’ll have 1 track per day, over 2 days. Day 1 (June 19th) will focus on Hybrid Cloud, mixing Windows Server, System Center, and Microsoft Azure content into one track. On day 2 (June 20th) the focus switches over to the public cloud, and products like Office 365 and Windows Intune.

Most of the speakers are MVPs sharing their knowledge and experience with these technologies, with keynotes by local Microsoft product-line managers.

You can choose to register for either or both days.

Please retweet, post on Facebook, LinkedIn, share with workmates, customers, etc.


UR1 For System Center 2012 R2 Is Available – Be Careful

Microsoft has released Update Rollup 1 for System Center 2012 R2, covering everything except Endpoint Protection and Configuration Manager (they’re almost a separate group).

As usual with update rollups, I would caution you to let others download, install, and test this rollup. Don’t approve it for deployment for another month. And even then, make sure you read each product’s documentation before doing an installation.

Those who lived through URs over the last 12-18 months will remember that System Center had as bad, if not worse, time than Windows Server 2012 with these Update Rollups.


Update Rollup 5 for System Center 2012 Service Pack 1 was also released. The same advice applies; don’t deploy for 1 month and let others be the guinea pigs.

Microsoft Application Approval Workflow Available for Download

Just arrived in my inbox:

The Microsoft Solution Accelerators Team is pleased to announce that Microsoft Application Approval Workflow is now available for download

The Application Approval Workflow (AAW) takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 – Service Manager service request, allowing flexible approval lists and activities.      

The AAW illustrates the integration of the components of System Center 2012, taking the basic functionality of the ConfigMgr 2012 Application Catalog and extending it into the Service Catalog of Service Manager.

Key feature list:

  • Sync Configuration Manager applications data into the Service Manager database.
  • Monitor and transport Configuration Manager Application Catalog requests requiring approval to Service Manager and open a service request.
  • Return the completed approval workflow status to Configuration Manager for handling.
  • Allow administrators to define and maintain application selection criteria for specific applications or application groups and specific users or user groups.
  • Track service application requests and view application catalog contents in Service Manager.

Want to Consult on System Center 2012? Then You Cannot Avoid Service Manager or Orchestrator

In the “2007” generation of System Center (how I refer to the last generation of the suite including the 2010 and 2008 R2 products), I quite happily avoided Opalis (which I was quite vocal about not liking) and Service Manager (which was quite rightly a niche product).  I put my focus on VMM, ConfigMgr, OpsMgr, and a little DPM.

Folks, the game has changed.  It’s one thing to hear MSFT marketing talk about it, or to hear it for 5 days straight at a conference.  But it’s something completely different when customers are demanding it.  Organisations want a service centric IT department with self-service, automation, governance, deep monitoring, and …. and … you get the picture. 

That means 2 things:

  • You need System Center 2012 Orchestrator for the automation and deep integration into the rest of System Center, AD, and 3rd party products
  • You need System Center 2012 Service Manager as a portal to the IT department and the service catalogue that it provides

At MMS we just had one session after another that illustrated how some business scenario could be dealt with using some component(s) of System Center in combination with the above two products.  Every time, the user would request a service in Service Manager, Orchestrator would orchestrate the tasks, and the rest of System Center would implement the desired changes, possibly requiring some manual approval via a service ticket.

With this huge increase in demand, I’ve come to the conclusion that I cannot avoid Service Manager or Orchestrator anymore.  They’re very different to the “2007” generation of the same products, and people are aware of the need for solutions that do what these products do.  With those two products gluing the rest of System Center together, you can have an incredible service delivery from your (or your customers’) IT organisation.  I will have to learn these two products.  Damn you Microsoft!  Now I need to learn:

  • Windows 8
  • Windows Server 2012 Hyper-V
  • Pretty much all of System Center 2012
  • And let’s not forget that Office wave 15 beta is around the corner


MMS2012 – System Center 2012 Monitoring and Operations Tips and Advice

Speaker: Gordon McKenna and Sean Roberts, Inframon

I’m live blogging this session so hit refresh to see more.

Private Cloud MOC and Certification

New exams and certifications.  70-246 Monitoring and Operating a Private Cloud.  70-247 Configuring and Deploying a Private Cloud.

  • MCSA + 70-246 + 70-247 = MCSE: Private Cloud
  • 70-640 + 70-642 + 70-646 = MCSA

The two training courses are available now.

10750 – Module 4: Monitoring Private Cloud Services

To do J2EE APM you download an opensource Java bean.  OpsMgr network monitoring is network monitoring for server guys. Existing solutions for network guys won’t be replaced.  OpsMgr network monitoring gives the server guys the tools to find a troublesome link/device and enable them to tell the n/w guys.  Port stitching figures out what ports your monitored servers are talking to and shows that to you.

MP Templates are a good starting point.  Check out the new Visio tool and the MP Authoring tool (latter requires significant time investment). 

Distributed Application Monitoring

A new distributed application monitoring tool.  3 types of line:

  • Reference relationship: no impact … dotted line
  • Hosted relationship, e.g. database hosted by database instance.  Health will roll up.
  • Containment: Group of servers.  With aggregate rollup monitor, server goes red, group goes red.

Note that default management pack is no longer there!  Forces you to save your authoring in a suitable MP.  Yay!

Health rolls up to 1 of 4 things:

  • Availability
  • Performance
  • Configuration
  • Security

We can configure the rollup to go up to a level of our choice, e.g. don’t roll up or roll up to top level of distributed application.

  • Presentation Tier – anything user sees
  • Business Tier: back or middle tiers.

Creates a service level dashboard for the new MP based on the distributed app model.  Add the OpsMgr dashboard viewer and adds the webpart into SharePoint.  Grab the URL of the dashboard link in OpsMgr and edit the web part properties to paste the Dashboard link.  Now the SLA dashboard appears in SharePoint.


  • Always build out service models in the DAD (distributed application developer).  Good eye candy wins prizes!  I concur – have personal experience of that.
  • Use three tier service models that match your business functions
  • Use MP templates for true pro-active monitoring
  • Use APM to stop developer VS IT Pro arguments
  • Create a dedicate SharePoint portal for dashboard and reports

10750 – Automating Incident Creation, Remediation, and Change Requests

Orchestrator components:

  • Orchestration console on IIS (Silverlight)
  • Runbook server(s): usually local to servers
  • Management server running Runbook designed and deployment manager
  • SQL DB

Download integration pack, register it with management server, deploy IP to runbook servers, open Runbook Designer to use it.

Install OpsMgr R2 integration pack  Define a connection to the OpsMgr server.  You then have the actions available to use.  Do the same for Service Manager.

Demo with web service crashing and auto remediation.  OpsMgr detects event.  Orchestrator waits for that event.  It tries to restart the event.  Creates ticket to auto restart IIS.  If that fails, it lodges a ticket in Service Manager for manual OK to reboot the server.

Opens up Runbook designer.  Browses into Runbooks and we see the book in question.  Runs the runbook tester, toggles break point, and runs it.  Now he stops the website.  The runbook kicks off, and they step through the actions.  We get into Service Manager where there’s a change request for a reboot.  That’s approved and the web server is rebooted.

Note: there is a maximum of 50 running runbooks on a Runbook Server.

When configuring a runbook

  • Handle failure and warning links
  • Replace the default strings
  • Change link colours
  • Limit the number of activities for each Runbook
  • Enable runbook logs to an external file

10750 – Module 7: Problem Management In The Private Cloud

Incident = one time occurrence that can be handled by an operator.  Problem is more complex, e.g. engineering issue that requires escalation.

Information stored in Problem Log in Service Manager.  Another demo of automated problem record creation.  An alert will come in in OpsMgr for a DB that goes offline.  The alert auto pipes in as an incident in Service Manager.  Many instances of it in the demo.  It’s a problem.  A problem record is manually created from these incidents.  He fills in information in the New Problem form. 

Now he kills the DB again. 

There’s a runbook that is looking for occurrences of that incident.  It’ll get the service details and the incidents for this service, output data to text file, count lines, if there’s more than X occurrences then it will create a problem based on the data in the file.  This workflow replaces the above manual task for this particular incident.

Hints and tips

  • Target object and classes and use groups to override
  • Be aware of the inheritance for each class
  • Limit the size and activity of a runbook
  • Download and use the Cloud Processes Pack.  Create request driven processes for many cloud services functions such as project, capacity pools, and virtual machines.  Can introduce the concept of charge back billing.  Supplies cloud service runbooks.  Project = collection of capacity pools.


Service Manager 2012 “Service Ticketing”

Import Management Packs

  • Service Manager CMDB can become aware of your environment from OpsMgr if:
  • You import MP in OPsMgr
  • AND import MP in Service Manager
  • ConfigMgr data is pulled in, including primary devices for users
  • AD
  • Orchestrator runbooks are also importable: LOB and 3rd party management tools

Other options:

  • Import files
  • Write/buy 3rd party connectors

Some sets of data can come from multiple sources.  All that’s mapped into one object in the CMDB. 

Self Service Portal Features

Service Catalog, Silverlight web part hosted in SharePoint:

  • Role based access
  • Users fill forms to create service requests
  • Dynamic forms

Help Articles and more

Supported Configurations:

  • SharePoint site and WCS (web content server) co-located with SM management server
  • SharePoint site and/or WCS remote from SM management server

Can use SharePoint Foundation 2010 or Enterprise.  Can reuse existing SP farms.


A user wants access to an app and fills out a form requesting it and gives a business case.  A ticket is created, and awaits an approval/rejection.  The helpdesk admin can see the ticket with available actions in the portal.  Click approve and the automated activity does the work, in this case adding the requestor to a security group in AD.

He browses the now accessible web app.  But it crashes.  So now he opens an incident ticket. 

SLA Capabilities

  • Features calendars, business hours, holidays.  SLA metrics in the box.
  • Service level objects are supported for all work items.  Specify target and warning thresholds. 
  • Notifications when you are about to or have breached SLAs.


He opens the previous incident.  We can see there is an SLO (service level objective) in the form of time left until SLA is breached.  This is defined in Administration, Service Level Management, Service Level Objectives. 



System Center 2012 Technical Documentation Downloads

Smell that?  We’re getting close to release!  Microsoft has released a bunch of technical documentation downloads for System Center 2012:

And there’s a lot of related downloads available too:

  • Microsoft Security Compliance Manager: Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.
  • System Center 2012 – Service Manager Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Service Manager component.
  • System Center 2012 – Orchestrator Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Orchestrator component.

And there are some new management packs too!  Check the catalog, read the documentation, prep, download, import, and configure as specified in that documentation you made sure to read first, rather than lazily importing the management packs via the import GUI and hoping for the best Smile

Application Catalog Is The Killer Feature In System Center 2012 Configuration Manager

I deliberately picked the Application Catalog as the focal point of my demo/presentation at the System Center 2012 launch events in Dublin and Belfast because it shows how System Center 2012 recognises that IT services must change to empower the user and embrace IT controlled/secured/audited automation.

The Past

SMS 2003 was the first “System Center” product that I worked with.  We wanted something that was more powerful than Group Policy for software deployment.  The company I was working for also just signed a Microsoft enterprise agreement and we needed a software auditing solution to live up to our requirements.  So I asked one of my team, who previously did consulting on SMS 2.0, to deploy it, and I learned the product from him.

The software deployment feature was powerful.  We’d import or create a package containing the files.  Maybe we’d have to teak or create a program to install/uninstall the package.  We’d distribute the files to distribution points/secondary sites.  And then we’d advertise the required program to a collection of machines.  We never targeted users because they could roam and needlessly drag expensive software, such as Visio or Project, around with them, driving up our licensing costs.

It was easy to push out standard software like Adobe Reader.  It would go out to all Windows XP (as it was at the time) machines.  But Visio or Project?  We basically had to wait on a request.  A user would call the helpdesk asking for Visio and then a low priority ticket was created.  That ticket could wait until the higher priority tickets were dealt with.  Our Helpdesk had a 4 hour SLA so maybe 4 hours later (usually much less) they’d drop the user’s computer account into a security group for machines that should get Visio. 

And here’s why I told people that you need patience with Configuration Manager.  The process has gone unchanged … it’s just now we have a different way to tackle it.  In the past we had to push that software.  ConfigMgr/SMS would update collection memberships on a schedule, every 24 hours by default.  We had a “small” network (by Microsoft or ConfigMgr standards) so we scheduled the collection to update every hour.  Then it would query the new group membership and update its own membership. 

On the client machine, the ConfigMgr/SMS client would automatically connect to the Management Point every hour to get new policy.  At that point it would, thanks to the new Visio collection membership, realise it should install Visio.  It would then download the files and install.

Think about how long this took:

  • Helpdesk to respond – up to 4 hours (let’s go worst case scenario) – 4 hours
  • The collection to update – we’ll say 1 hour but it could have been 24 hours – 1 hour
  • The client to connect to the management point – up to 1 hour but we’ll say 1 hour

That’s a 6 hour wait for the end user to get a new application.  No wonder the business thinks that IT holds them back!  They can avail of cloud computing or a personal device (app on a tablet) in minutes, to deal with whatever business opportunity/challenge/threat is before them.  But with our push solution, IT takes 6 hours … and that could have easily been 29 hours!  That’s some “service”.

The Present

System Center 2012 is user centric.  That means the user is empowered to consume IT services in an on demand basis.  Those services are provided via System Center 2012, allowing IT to automate more, enable the user to consume as and when they need it, but IT can control, secure, and audit it.

Let’s take the Visio example.  I can create a Visio package with the automated installation.  I then create an application in System Center 2012 Configuration Manager.  I can two 2 types of deployment.  The first is a push, which is similar to what I discussed above.  That’s for when you’ want to push out software by policy.  And being a policy, the software will automatically get re-installed if it is uninstalled while the policy still applies.  There is a delay in the push, but we don’t mind.  That’s because we’re pushing out a policy to a large number of machines, and that’s probably something we do outside normal hours, and not to some “we want it now” demand.  Adobe Reader, Office, and so on are the sorts of app that you would deploy like this.

The second approach we can use is to publish the application in the Application Catalog.  Here you can list all elective software, the stuff you don’t include in your OS images or deploy on a widespread basis via policy.  Visio is a perfect example of this kind of app; it’s too expensive to deploy everywhere, and a few people will have a business case to require it.  When you create the application, you can add all sorts of text and keywords to describe the app and to make it searchable.

You can publish the URL to the Application Catalog to everyone’s browser via GPO.  And there’s a link to it in the new utility on the managed PC called Software Center.  Now a user wants Visio to open a VSD file.  The click the link to open the Application Catalog.  They can search, e.g. for .VSD file, and Visio appears in the results.  The click the Install button, and Visio installs … just like that.  It’s actually ConfigMgr doing the install, using the unattended config that you set up in the package.

Now Visio is expensive, so you don’t want everyone lashing it onto their PCs.  Not a problem!  With a mouse click, you configure the installation to require approval.  Instead of an Install button, the user is given a Request button.  They are asked to give a reason for the install and the request goes off into ConfigMgr where an administrator can review it and approve/reject it.  If it’s approved, the user will get an Install button.

The Future

We’d like that request process to be more auditable and to include non-IT staff, such as a faculty or department IT budget owner.  That’s where the Application Approval Workflow (AAW) comes in.  This combines the deployment functionality of Configuration Manager with the process and control functionality of System Center 2012 Service Manager.  Now the user can go into either the ConfigMgr Application Catalog or the portal of Service Manager, where they’d normally go to request IT services.  Requesting an approval-required application will create a service ticket in Service Manager and kick off an approval workflow. 

The engineering possibilities of workflow allow you to bring in alternative approvers based on your business or customer processes.  In other words, a budget owner can be notified of the request, read the business case, and reject/approve the install of the application.  And now IT just manages the system, instead of slowing down the business.  If there is slowness with this solution, the business can only look inwards to find a cause.