Wednesday, August 31st, 2011 Posted in: Blog, Infrastructure Management
Tags: ConfigMgr 2012, Configuration Manager 2012, IT Security, Microsoft SCCM, Microsoft Security Partner, Microsoft System Center, SCCM, SCCM 2012, Software Update Groups, Systems Management
CSS Blog |
SCCM 2012: Software Update Improvements
Posted by: Rick Delserone
We are all familiar with how Configuration Manager 2007 handled software updates and, without speaking for everyone who was using SMS 2003, we can probably agree that 2007 made multiple strides forward in making the update process easier. We can all celebrate again as Configuration Manager 2012 is set to deliver another step forward in making the management for software updates easier and more efficient.
There are some differences that will require some adjusting to, as Update Lists have been replaced with more effective Software Update Groups, but all things considered, I believe the individuals managing software updates within their environment will not be disappointed.
Updates Search
In ConfigMgr 2007 it was common practice to create search folders in order to quickly and easily find updates based on specific criteria to facilitate the deployment process. This ability is still available in ConfigMgr 2012 but has a slightly different feel in the new console.
First, the “All Software Updates” node literally does contain all synchronized updates. This provides the ability to perform an on the fly search of the entire updates database, eliminating the need to navigate through the folders containing different update types as in ConfigMgr 2007. In ConfigMgr 2012, once you have added the criteria on which to base your search, you can simply select “Save Current Search As,” provide it a name, and that search will be available in the Saved Searches option in the ribbon.
Software Update Groups
Although the terminology is different, the Software Update Groups resemble Update Lists from ConfigMgr 2007. More of the benefits from the new software update groups are in the console redesign. When viewing the Software Update Groups, you simply select the Update Group and in the bottom viewing pane, and the compliance of the systems will be seen. This however shows compliance based on how many systems have installed all of the required updates from within Update Group.
Automatic Deployment Rules
One of the most useful and efficient improvements that will be experienced in the release of Configuration Manager 2012 is the ability to configure Automatic Deployment Rules for Software Updates. This function provides software update administrators with the ability to design an almost hands off solution to the standard update process.
The creation of automatic deployment rules can be as broad ranged or detailed as required by the updates admin. These rules:
- Can be targeted to specific collections
- Have the ability to create new software update groups or add to existing groups
- Auto accept license agreements
- Adhere to custom criteria
- Run on a specified schedule
- Generate alerts based on compliance
For example, an organization publishes all Windows 7 and XP updates released on Patch Tuesday that are classified with a severity level above “Low.” An automatic deployment rule would be created as follows:
As some of the updates that might be included within the Update Group created by the automatic deployment rule may have license agreements, it must be determined if these updates will be deployed. The option exists to allow the auto deployment rule to accept the EULA when it runs its evaluation. The deployment settings tab has the option to deploy or not deploy based on the existence of an included license agreement.
The criteria for the rules are configured with similar options that were available in the search folders from with ConfigMgr 2007.
After the criteria have been setup to fulfill the necessary requirements, the evaluation schedule would be configured to execute on the 2nd Tuesday of every month. The deployment schedule, download settings, and deployment package configurations are similar to the options available in ConfigMgr 2007.
Once the auto deployment rule is in place, all of the Patch Tuesday updates will be automatically available to the workstation environment without the need of the administrator to select updates, create and update list and download and deploy the updates. This entire process will be completed and can simply be validated.
With this type of automation availability, the overall workload will be reduced and the deployment efficiency greatly increased regardless of the environment being managed. For all intents and purposes, Configuration Manager 2012 is another large step forward in the development of systems management. I, for one cannot, wait to be able to deliver this product upon its release and provide systems administrators with the tool set to improve the quality of their environment. As stated previously, this is just one portion of the improvements that await us all in ConfigMgr 2012. Check back for additional insight into the next generation of Systems Management.
Click here to read my other blog on SCCM 2012.
2 Responses to “SCCM 2012: Software Update Improvements”
Leave a Reply
-
Notify me of more blogs like this one
-
Rick Delserone
Subscribe via RSS »-
Other readers also read this blog
Categories
-
Events
- Coffee Talk- 6/22: ConfigMgr- Virtualized Apps & Data/System Recovery
- Coffee Talk- 5/18: ConfigMgr 2012, SCEP 2012
- Enterprise Enablement of iOS Devices Roadshow Event- Boston 5/22
- Enterprise Enablement of iOS Devices Roadshow Event- Hartford 5/24
- System Center in the Real World: Four-Part Live Webinar Series
-
Press Releases
- CSS RECEIVES MICROSOFT’S U.S. ENTERPRISE SERVICES AWARD
- CSS Announces “New and Improved” Innovative Sales Team Structure
- CSS ANNOUNCES NEAR PERFECT CUSTOMER SATISFACTION SCORES
- CSS Announces CRT, an Advanced, Comprehensive Solution for Managing PKI Certificates in a Microsoft Environment
- CSS Earns Distinction through Demonstrated Technology Success and Customer Commitment
-
Tags
Active Directory Active Directory Rights Management Services AD Antimalware Protection apple Certificate Reporting Tool ConfigMgr 2012 Configuration Manager 2012 consumerization CRT digital certificate digital pki FEP FIM Forefront Identity Manager (FIM) Got PKI? iOS iOS 5 iPad iPhone IT Security McAfee Microsoft Active Directory Microsoft Active Directory AD Microsoft Antimalware Microsoft FEP Microsoft FIM Microsoft Forefront Endpoint Protection Microsoft Forefront Endpoint Protection Best Practices Microsoft Forefront Identity Manager Microsoft PKI Microsoft Public Key Infrastructure Microsoft SCCM Microsoft Security Partner Microsoft System Center SCCM SCCM 2012 SCEP Symantec System Center System Center 2012 System Center Configuration Manager Systems Management Win7 XP End of Life
I am struggling with the philisophical differences around Software Updates in 2012. The Update List in 2007 gave me some nsight into what Updates “Might” be deployed to a group of systems. I also used it as a check point to ensure updates we had chosen to defer (IE 9 for instance) were not deployed to the “average”System. We have been creating Update Packages and Update Lists, that basically were al of the Updates released in the prior month. We then created on-going deployments for specific systems, based on role, OS, schedule that we updated with those items we wanted to deploy from the monthly “list.” I am having trouble seeing how I can duplicate that functionality with the Automatic deployment rules. I have a re-curring Deployment targeting all Server 2003 x86 systems, Systems are divided into several scheduling groups, I add new updates to a single Deployment, and the schedules take care of the rest… Is there something I’m missing that could help me continue on this track, or do I need to re-design what we are doing? Thanks
Dean:
The bulk (if not all) of the functionality that you are describing in your post is still available in ConfigMgr 2012. Let me first say that using the Automatic Deployment rules is not a requirement for Software Updates deployment but an additional benefit. The Software Update Groups can be created with the same ideology that you currently deploy in your Software Update lists. The Auto Deployment rules would allow you have updates added to your re-occuring deployments, based on the criteria that you specify, without the need for any manual intervention. Granted there is not an organization that I know of that would “completely” automate their update deployments but there are many benefits to have automation available. Does this provide any clarity to your understanding??
Kind Regards