MMS 2008

For the past week I've been out in Las Vegas for the Microsoft Management Summit (MMS) 2008.  Last year I did a better job of posting after each day, but I attribute a lot of that to the fact that a) I had just started my job at Microsoft the week before, and b) it was my first MMS.  This year I had a very different experience at MMS as it was nice to branch out into other topics in which I'm interested.  I attended only a few SCCM-specific sessions, and none on MDT or WSUS.

One of my big take-aways from the week in general is PowerShell.  Holy cow!  Why have I waited so long to learn it!  PowerShell is the cat's meow.  Every attendee was given a copy of Ed Wilson's Step-by-Step guide, which looks to be a great reference.  Monday I attended a session for beginners (I know, but I am) led by James McCaffrey who gave a great overview.  I went directly from that session to the lab to start on the four hands-on labs specific to PowerShell.  I didn't get through them all until Wednesday, but now feel pretty comfortable with the basics.  I know I won't be truly at home with PowerShell until I start using it regularly, but that will be very soon.

One of the HOLs was an introduction to PowerShell v2 using the community technology preview that is currently available.  Some of the cool features of the next version include remote runspaces (v1 doesn't have a good remote story), great script debugging, and a graphical shell that has a command line, output area, and script editor (complete with tag coloring and tab completion).

Wednesday I also attended a session run by Greg Ramsey from Dell where he showed many practical uses of PowerShell scripts to automate tasks in SMS/ConfigMgr.  He promised to soon have the content available on his blog and/or as articles on myITforum.com.  His presentation also included a large set of ConfigMgr console extensions (one per node) that will display the GUID on each node, which is essential to have when writing console extensions.  So not something to add for every day use due to the overhead placed on the console with the large number of extensions, but very useful on a one-off basis when developing console extensions.

There were three keynotes during the week.  Bob Muglia (Sr. VP, Server & Tools) spoke on Tuesday about Dynamic IT - a continuation of similar speeches on our good friend the Dynamic Systems Initiative.  The highlight of this was a demonstration by Barry Shilmover of the new OpsMgr cross-platform support leveraging open source standards such as WS-MAN and OpenPegasus.  So no more excuses that OpsMgr can't be used to monitor heterogeneous environments.

On Wednesday Brad Anderson (GM, Management Division) spoke about the Dynamic Desktop: focus less on the device and more on the user.  There was a demo by Bill Anderson on how a user's settings, documents and applications can be made available on (most) any device regardless of location.  Dave Randall did a demo of the Intel AMT plugin for ConfigMgr, showing the out-of-band, remote power and BIOS control capabilities for desktops.  Neal Myerson also gave a technology preview of a new thing called Attached Knowledge Services; basically Customer Experience Improvement Program on steroids.  Customers send infrastructure data to Microsoft, who crunches and analyzes it, and then provides it back to the customer along with data from other customers (unidentified) for purposes of comparison.  It presents it in a scorecard format allowing customers to see how their environment is performing against best practices as well as others, including display by industry and environment size.

Debra Chrapaty (VP, Global Foundation Services) spoke Thursday morning.  GFS is the arm of Microsoft that provides the infrastructure for MSN, Live, Hotmail, XBox Live, etc.  They support hundreds of thousands of servers worldwide in many datacenters (including four new ones under construction in San Antonio, Chicago, Dublin and Quincy, WA).  With the large amount of automation they require, one server engineer alone supports upwards of 5000 servers!  They recently did a pilot project of OpsMgr 2007; the size of the pilot: 1000 servers!  It was amazing to hear about the scale of GFS and what a great proving ground it is for our products.

As for some of the more notable sessions I attended...

ConfigMgr State of the Nation.  This is a regular session each year in which Bill Anderson (Principal Program Manager, ConfigMgr) reviews what's happened in the past year, where things are now, and gives some insight into where things are going.  Since it has been eight months since RTM the presentation was mostly retrospective, but he provided some interesting statistics.  ConfigMgr 2007 RTM contains 5.8 million lines of code, which is the largest in the System Center family.  The second largest in the System Center family is the ConfigMgr test automation infrastructure at 3.2 million lines of code.  The ConfigMgr test environment has over 2000 VMs that are used (in Bill's words) to ensure we don't ship another SMS 2.0.  Brady Richardson came out (to a standing ovation from the myITforum.com crowd) to show a prototype of a tool that is under development currently called "learnapps" that captures information about a specific application to create configuration items and baselines to use with Desired Configuration Management.  The next version of ConfigMgr (v5) will include a significant UI update; the current console is very useful if you know how the database is structured.  It will probably conform to the new "Outlook"-style that is common among the other System Center products.  Next year's State of the Nation will probably provide a first look at v5.

Paul Thomsen (Sr. SMS Engineer, MSIT) had a session on SMS/ConfigMgr Client Health, a topic about which he is very passionate and frequently writes about on his blog.  In his work in MSIT he's been able to develop a lot of knowledge, expertise and guidance on the Client Health discipline.  The primary theme is "bucketization" - breaking down the environment into a hierarchy of health states.  Currently there is no one tool that "solves the problem" but with a combination of a variety of tools and documentation the problem is manageable.  The old Client Health Tool is not supported with ConfigMgr but Paul confirms that it does work.  ConfigMgr R2 will introduce a successor to CHT in Client Status Reporting.  ConfigMgr v5 should have a much more robust solution.  Additionally 1E's WakeUp tool provides some client health management functionality, and the new v5.5 available this summer will improve upon that.

Introduction to Forefront 'Stirling' - a session by Brad Wright on the next version of the Forefront family of products including Forefront Client Security (FCS), Forefront for Exchange/Sharepoint/OCS, and Internet Security and Acceleration (ISA) Server (to be renamed to Forefront Threat Management Gateway [TMG]).  Stirling will provide Management, Visibility and Dynamic Response across the suite.  He provided a walkthrough of a scenario in which a workstation is affected by malware.  Currently most environments require many manual steps involving the network admin (and specialized software monitoring the edge devices), the desktop admin (and separate software enforcing policy and desktop scans), the security admin receiving notification of the issue, and the user.  Stirling integrates the various systems through the Security Assessment Channel, allowing the systems to intercommunicate allowing for faster detection, remediation and notification without a lot of manual intervention.  It's built on top of OpsMgr 2007 and integrates with SQL, WSUS, AD, NAP and ConfigMgr.  The focus of the product is not on knobs and technology, but policy and assets.  Beta 1 is currently available and another beta will be released before RTM next year.

Jeffrey Sutherland gave a great session on DCM.  He talked about the Boulder (DCM & SCAP) project that just recently released as a beta and will RTW on 5 June 2008.  He went deep into the DCM XML and talked about the tools available in the ConfigMgr Toolkit: DCM Model Verification Tool and DCMSubVar.  The former provides the ability to validate custom XML against the DCM schema as well as do a basic test of custom XML against the local system, basically DCM in a box, producing the same local report that's available through the ConfigMgr client control panel.  The latter tool gives the ability of constructing more complicated CIs that can do variable substitution and chaining.

Another great aspect of this DCM session (so great it deserves its own paragraph!) was a demo of Silect's CP Studio.  This tool has the Configuration Baseline Creation Wizard that scans a "golden" system capturing system and application settings to build custom CIs and baselines.  You can import existing baselines and work with them in the studio environment as well as run tests against systems.  I spoke with the Silect rep later in the Expo Hall; it's not an inexpensive product but seems to be very powerful and useful.  I hope to get some time soon to play with the trial version.

While on the topic of vendors there was one other in the Expo Hall that I found interesting enough to mention: Bit9.  They provide products and a service around application whitelisting, basically a background check for applications.  An interesting idea, although my immediate questions to them were around using the service in a disconnected environment, which I don't think they understood.  Regardless, I found it intriguing.  They have a tool available for download to do one-off queries against their online service for specific applications.

Quest did a session on Wednesday on ConfigMgr in a Heterogeneous Environment where they discussed their Quest Management Xtensions (QMX) for ConfigMgr 2007 that were released on 11 April 2008.  These provide the ability to manage a variety of major UNIX and Linux distributions as well as Mac OSX using the native ConfigMgr console.  Extensible hardware and software inventory, software distribution, software metering and remote control are the primary features currently available.  QMX does not modify the ConfigMgr database or server roles; it extends the console to provide non-Windows specific functions, and then places a QMX agent on the clients to provide WMI-like functionality that communicates with the MP and DP just like a regular Windows client.  Later this year they hope to include support for native mode security and next year they plan on providing support for DCM as well as a WSUS-like component for update identification.  Right now they can distribute non-Windows updates via software distribution, but you still have to manually identify which patches are necessary.  They are exploring the possibility of doing OS deployment, but obviously that's a much more complicated beast.

Finally here's a rundown of the notable dates I picked up throughout the week:

  • ConfigMgr SP1 - May 2008
  • ConfigMgr R2 RC - July 2008
  • MDOP 2008 - Q3 2008
  • Next major release of most System Center products - throughout 2010
  • Forefront 'Stirling' RTM - H1 2009
  • Quest Management Xtension support for DCM and Patch Management - 2009