Automating Change Management: Configuration Manager and SMS Server
Deploying operating systems and applications and keeping them current with the latest security patches and updates can exhaust your IT maintenance budget and eat up your support staff's available time. Microsoft's solution to change management is to provide a high level of automation in order to reduce administrative overhead, tighten system security, minimize compatibility issues, and provide IT managers with actionable reports about software utilization across the network.
Microsoft's latest tool for automating change management is System Center Configuration Manager, a revamped and renamed version of Microsoft's popular Systems Management Server (SMS) 2003 and an important component of Microsoft's System Center platform for datacenter management. Progent offers comprehensive Configuration Manager consulting and support services.
Systems Management Server 2003 (SMS 2003), which has reached end-of-life, provides centralized change and configuration management for organizations managing Windows-based PC deployments of any size. From one or more centralized administrator consoles, Systems Management Server 2003 can provide support for asset management and configuration tracking, software and configuration change deployment, monitoring software usage, remote help desk support, and access to detailed system and service reports. Systems Management Server 2003 provides these functions without requiring the interaction of end users or the dispatching of IT support technicians to remote locations. This allows the centralized administration of large numbers of Windows-based PCs with minimum effort and cost.
Key features of Systems Management Server 2003
Systems Management Server 2003 addresses several strategic areas of change and update management including:
Extensive use is made of the information offered by Windows Management Instrumentation (WMI), which has been built into the Windows operating system since Windows 98. Systems Management Server 2003 uses the latest version of WMI, version 1.5, to offer the richest set of system data possible including BIOS, motherboard and enclosure data. Administrators can customize which of the more than 700 classes of system data should be recorded during an inventory scan, allowing them to select the appropriate balance between performance and inventory depth for their organization.
The Systems Management Server 2003 inventory engine is also extensible by administrators who wish to expand on the native WMI data set. Scripts or executables can be written to add additional information from the Windows registry, configuration files or application interfaces into an inventory scan. Asset information relating to non-Windows items such as computer leases, scanners, photocopiers, fax machines or human resources data can also be stored as part of the Systems Management Server 2003 inventory data set.
Software Deployment Support from Systems Management Server
A key strength of the Systems Management Server feature set has always been its rugged but flexible software deployment support for Windows-based desktops, laptops and servers. From a central console, administrators can package, replicate, target, advertise and track software packages as they are deployed to target machines across the network. Packages can be deployed with or without end-user intervention, and without any IT staff visiting the target systems.
For operating system updates or new releases such as Windows 7, application suites such as Microsoft Office, or line-of-business applications from third-party vendors or written in-house, Systems Management Server 2003 uses simple interfaces, wizards and tight integration with operating system services to significantly reduce the work required to keep software up to date.
Security Patch Management with SMS Server 2003
Systems Management Server 2003 is designed to allow administrators to quickly and effectively apply and implement critical software updates to the systems they manage. It provides key capabilities for detecting which computers are missing critical updates, providing network-wide reports of such vulnerabilities and facilitates the deployment of these critical updates.
Microsoft SMS Server 2003 provides tightly integrated solutions for the major phases of the security patch management process: Vulnerability Assessment, Deployment Planning, and Patch Deployment. For example, a particular patch installation may be configured to be re-executed on a regular basis, possibly weekly, to ensure that patches are not 'lost' when a user winds back their system using System Restore or some other back process. This ensures that not only are the targeted systems secured, but that they remain secure without further action by the administrator.
Integration of Active Directory Support with Systems Management Server 2003
The integration of Active Directory support with Systems Management Server 2003 makes it possible for administrators to target software deployments based on membership of organizational units, user groups, machine groups and even non-security objects such as Microsoft Exchange 2000 distribution lists.
This Active Directory support is accomplished by discovering the directory object memberships for all users and machines attached to the directory and adding these memberships as attributes to the inventory data held in the Systems Management Server 2003 database. Administrators may then build target sets using these Active Directory attributes in the same way that they would use hardware or software inventory attributes.
Microsoft SMS Server 2003 and Bandwidth Management
Bandwidth management options are a central feature of Systems Management Server. In addition to site-to-site WAN bandwidth features, SMS Server 2003 offers network traffic control capabilities between clients and servers. These bandwidth management capabilities are helpful in fixed LAN environments, but they are particularly powerful when used by mobile users connecting over slow dial-up connections. All traffic in both directions between the Advanced Client and a Systems Management Server is bandwidth controlled. This ensures that inventory data, software usage data and status messages also do not impede traffic during transmission to the Systems Management Servers.
SMS Server's Web-based Reporting Service
Systems Management Server 2003 includes a Web-based reporting service with more than 120 pre-built reports and the option to extend these with custom reports under administrator control. The supplied standard reports cover a variety of inventory, software usage activity and Systems Management Server operations options. A dashboard feature is also supported, allowing IT staff to insert the most useful or powerful reports into a single 'heads-up display' of Systems Management Server 2003 operations.
Systems Management Server 2003 Web reports also enable a user to drill into underlying reports by clicking on a line in a single report of interest. Each underlying report may offer greater detail to the administrator, until finally the complete inventory information for a single machine or user may be displayed.
Software Metering with Systems Management Server
Administrators can configure Systems Management Server 2003 to track software application usage by users across all managed machines on and off the network. Through the Systems Management Server Administrator Console, administrators create metering rules to monitor and control the activity of any arbitrary executable file they wish to track. Managed computers then record software usage even while disconnected from the corporate network, uploading usage reports either on a schedule or the next time a connection is available to the Systems Management Server site.
The software usage data from all machines in the network is stored in the site database and correlated with the software inventory data. To prevent the software usage data from bloating the SQL database, the data is summarized over time, rolling individual usage records into summary application records. This process is fully configurable by the Systems Management Server site administrator.
The Software Metering subsystem has been fully rebuilt in Systems Management Server 2003, improving its performance and integrating the metering user interface with the Systems Management Server Administrative console and reporting system.
How Progent Can Help You with Systems Management Server
Progent's SMS Server consultants have extensive backgrounds showing small businesses how to utilize SMS Server to save time and control costs through centralized change and configuration management. Progent's experts can show you how to implement Systems Management Server to reduce IT management's workload, improve network protection, improve efficiency by ensuring that all applications are current, enforce software licensing compliance, and monitor patterns of software usage to enable a smarter purchasing strategy. Progent's Microsoft-certified engineers can help your company make a smooth migration to Microsoft System Center 2012 Configuration Manager from SMS Server 2003 and can also assist you to upgrade to Windows Server 2012 R2.
Progent's experience providing remote support complements the benefits of Systems Management Server by saving time and labor, and Progent's CISM, CISA and CISSP-certified consultants can assist you to create a company-wide security strategy that fully exploits the many security features of Systems Management Server 2003. Progent can also provide world-class consulting services for Operations Manager, which is a crucial part of Microsoft's System Center integrated platform for managing business networks.
For more information about Progent's consulting and support services for Systems Management Server 2003, call