albertwt Posted May 11, 2011 Share Posted May 11, 2011 Hi All,We are trying to work out whether or not to purchase SCCM 2012 or some other technology to assist with desktop/server fleet management. Today have many disparate systems that all do a subset of what we need. In addition to that we have Windows 7 upcoming and need to deploy it and hundreds of application packages.The new technology MUST:Deploy Windows 7 to any bare bones machine (including driver insertion)Deploy Windows 2008 to any bare bones machine regardless (including driver insertion)Deploy Software from MSIDeploy Software from Non-MSI (flat file, single registry key, third party installer)Deploy Software based on Active Directory Group MembershipDeploy Software with ‘pre-requisites and supersedes’ smarts built inDeploy Windows Security PatchesDeploy Windows Security Patches with respect to groups (ie node A is patched fully before node B is patched)Ability to Permanently exclude Security Patches that are irrelevant to a systemAbility to Disapprove a Security PatchesReport on Windows Security Patch GapsReport on software deployments for licensing complianceSupport a replicated Multi-tiered infrastructure deployments (Internal, DMZ-I, DMZ-E info all in the same Microsoft SQL database)Be supported by the supplying vendor on a vmware platformProvide a configuration management database that lets you put manual descriptions hardware, asset and IP addressing information inThe new technology SHOULD:Allow you to Add/Remove things from an SOE without having to recreate SOE from scratch.Deploy user based software that installs on first run instead of installing all your apps upon first log inAllow administrative removal of an application from a machine when you’re out of a groupAutomatically associate users to machines based on the last log onReport on hardware inventoryReport on software inventoryReport on user to machine inventoryNot require the user to have local administrative privilegesAny kinds of suggestion and input will be greatly appreciated.Thanks Link to comment Share on other sites More sharing options...
Tripredacus Posted May 11, 2011 Share Posted May 11, 2011 Ah I know a tool that can do all of that... but I think its more expensive than SCCM... Altiris:http://www.symantec.com/business/theme.jsp?themeid=altirisI have not used it since Symantec bought it tho, so it must be better now than then I hope! Link to comment Share on other sites More sharing options...
albertwt Posted May 12, 2011 Author Share Posted May 12, 2011 ah yes, thanks man, we are not into Altiris because it is quite expensive for us. Link to comment Share on other sites More sharing options...
IcemanND Posted May 12, 2011 Share Posted May 12, 2011 As far as SCCM 2007 (current release), 2012 is supposed to be released end of 2011-beginning of 2012, see comments below:The new technology MUST:DOES IT (Need PXE boot or vPRO to turn machines on if you complete hands off) - Deploy Windows 7 to any bare bones machine (including driver insertion)DOES IT (Need PXE boot or vPRO to turn machines on if you complete hands off) - Deploy Windows 2008 to any bare bones machine regardless (including driver insertion)Needs to configure OSD (Operating System Deployment in SCCM)DOES IT - Deploy Software from MSI - can be imported and SCCM will create the package for you with Attended, unattended, per-user, per-computer, and uninstall options created in four easy clicks.DOES IT - Deploy Software from Non-MSI (flat file, single registry key, third party installer)Or run and executable file, or script, or any number of other tasks related to running programs and tasksSORT OF - Deploy Software based on Active Directory Group Membershipn SCCM you create Collections based on your desired target group of machines needing a piece of software. Collections are created using SQL queries of information in the SCCM database and can be based on almost anything you can think of including AD groups or OU membership.Partly - Deploy Software with 'pre-requisites and supersedes' smarts built inYou can create software packages for deployment and assign other packages that need to be installed before that package is installed. For supersedes there isn't something "built-in" you could create an uninstall package and have it run before your updated package installs though.YES! All the way down - Deploy Windows Security PatchesDeploy Windows Security Patches with respect to groups (ie node A is patched fully before node B is patched)Ability to Permanently exclude Security Patches that are irrelevant to a systemAbility to Disapprove a Security PatchesReport on Windows Security Patch GapsWSUS can be added to and controlled by SCCM and will do all of the above, including putting a patch back on a machine if a user removes it, removing a patch if you disapprove it, only applies patches relevant to the target system even if the systems are not configured the same so if a machine has Office 2007 and Office 201 patches are in the assigned patch list it will not install them until it sees Office 2010 is installed on the machine. If you have seen the reports you get from WSUS the reports you get in SCCM for patches are 100 times better. We have both WSUS and SCCM with WSUS, the machines looking at WSUS alone are 33% further behind on patch compliance than the machines using SCCM/WSUS combination.DOES IT - Report on software deployments for licensing complianceWith conditions - Support a replicated Multi-tiered infrastructure deployments (Internal, DMZ-I, DMZ-E info all in the same Microsoft SQL database)As long as the SCCM server has access to reach machines in all of the networks.Be supported by the supplying vendor on a vmware platformOfficially not on VMWare, but it does run just fine in VMWare. It is only an issue if they feel the issue you call about is base hardware related. Be sure you discuss with Microsoft what your deployment size will be so you size your "servers" apropriately, and talk with your VM supplier to do the same.Absofrigginlutely - Provide a configuration management database that lets you put manual descriptions hardware, asset and IP addressing information inthrough multiple methods you can extend the inventory database and what is collected from machinesThe new technology SHOULD:Allow you to Add/Remove things from an SOE without having to recreate SOE from scratch. - Can't think of anything where you have to start over from scratch, at least I have not had to yet, we phased in various different features and no one knew we added them until we turned on all the lights and announced it.Deploy user based software that installs on first run instead of installing all your apps upon first log in - It all depends upon how you create your packages and tasksAllow administrative removal of an application from a machine when you're out of a group - It all depends upon how you create your packages and tasks - can also create packages to perform uninstallsAutomatically associate users to machines based on the last log on - not directly but can be done. Don't recall if that was something I added to the inventory r if it previously existed.Report on hardware inventoryReport on software inventory - or network address, or subnet, printers, peripherals, encryption, or what else can you come up with?Report on user to machine inventory - not sure what you mean by this one but probably, database extending might be neededNot require the user to have local administrative privileges - programs can be advertised or assigned and can be set to install with admin rights or with user rightsI've been using SCCM in two different environments for seven years now and would never want to be without it. We started with a small subset of features and have been adding more as need/demand arises. Link to comment Share on other sites More sharing options...
albertwt Posted May 12, 2011 Author Share Posted May 12, 2011 ah that does sounds very promising Iceman.thanks for your clarification, at the moment installing SCCM 2012 is as hard as squeezing blood out of stone ()" Link to comment Share on other sites More sharing options...
IcemanND Posted May 13, 2011 Share Posted May 13, 2011 Been there, took over a year for us to implement SMS 3, SCCM 2007 was out for more than 2 years before we upgraded to it, hopefully once 2012 is released we can get it deployed in less than a year this time.If you have more questions let me know, or check out myitforum.com there is a very large and knowledgeable SCCM community there. Link to comment Share on other sites More sharing options...
albertwt Posted May 13, 2011 Author Share Posted May 13, 2011 many thanks man for your response and sharing here. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now