SIM214: Client Management and Security Roadmap

This was a great session covering Systems Center Configuration Manager 2012 and ForeFront EndPoint Protection (FEP) 2012, which are both in the beta phases. Both products have undergone major changes from their previous releases. The major highlights of this session are:

1. The products now integrate management, security, and compliance into a single pane of glass.
2. SCCM 2012 is now in beta 2, and will be publicly available shortly.
3. SCCM now has a full ribbon UI and deeply integrated search. You will not recognize the console if you are a SCCM 2007 user. It is now modern and much more usable.
4. SCCM brings a personalized app store to your IT users via a web site. It can deliver applications via App-V, XenApp, or many other deployment types. Workflow and approval are built-in, so users can only select apps they are authorized to use.
5. VDI is a first class citizen and unique deployment options for situations such as pooled XenDesktop VMs.
6. SCCM is aware of the desktop type (physical, virtual, pooled virtual, etc.) and you can easily create collections based on these desktop types.
7. SCCM has built-in randomization features so that you don’t get VDI storms with software updates, A/V updates, reboots, etc.
8. You can easily setup exclusion rules for pooled VDI desktops, so that you don’t deploy patches or software updates to them, since you update the master image, not the cloned VMs.
9. FEP 2012 is now in beta 1.
10. FEP 2012 is deeply integrated with SCCM 2012, and can now natively deploy A/V signature updates without the use of a WSUS server.
11. FEP 2012 A/V updates are also randomized and VDI aware, so don’t create update storms.
12. End point compliance is now integrated into a single console so you can manage items such as the Windows firewall, IE settings, office security, A/V settings, etc.). No more multiple products or windows to ensure endpoint compliance.
13. For internet connected systems, there are now automatic A/V deployment rules so you can automatically push signature updates without manually creating or approving new packages.
14. You can easily report on malware infections on a per-user basis, not just per-device basis. So you can track WHO is impacted or targeted by malware infections, in addition to what device needs remediation.
15. Microsoft and Citrix have worked closely to properly manage XenDesktop/XenApp servers in conjunction with SCCM/FEP 2012. The native integration of VDI scenarios with both products is really impressive.

Bottom line, the 2012 wave of products is a major upgrade. If you are going down the VDI road, the deep integration and awareness of VDI unique problem sets is a big win. Things that you couldn’t easily do to, or even do at all, are just a few clicks away. By the end of 2011 the entire Systems Center suite of products are due to RTM. If you are a current SCCM/FEP user, I would urge you to get the betas and start using them in a lab environment.