Vol. 37, #8 - July 8, 2013 - Issue #937
Managing PCs, Tablets and Phones
- Editor's Corner
- PCs, Tablets and Phones: Managing IT in an Age of Consumerization with System Center 2012 SP1 and Windows Intune
- Tip of the Week
- Recommended for Learning
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- WindowsNetworking.com Webinar: Is it Time to Graduate from WNLB?
- Register for Webcasts
- Tech Briefing
- Microsoft Deployment Toolkit 2013 Preview Now Available
- Microsoft Server Virtualization Calculator
- IPv6 for the Windows Administrator: Why you need to care about IPv6
- IPv6 for the Windows Administrator: IPv6 Fundamentals
- Managing VMware Workstation VMS Remotely with WSX
- BOOK EXCERPT: Troubleshooting Storage Using Event Logs
- Windows Server 2012 R2 Preview Inbox Driver Support on Dell PowerEdge Servers
- Guide To The New Unified Smart Search Feature In Windows 8.1
- The Journey to ISO 27001 (Part 1)
- Planning and migrating a small organization from Exchange 2007 to 2013 (Part 3)
- GFI MailEssentials - Voted WindowSecurity.com Readers' Choice Award Winner - Email Anti Virus
- Windows Server News
- Negating network latency's effects without bending law of physics
- How inline deduplication is changing the VDI storage landscape
- Virtualizing legacy servers without pulling out your hair
- VMware vSphere basics: ESXi host cluster, vCenter and shared storage
- WServerNews FAVE Links
- This Week's Links We Like. Fun Stuff.
- WServerNews - Product of the Week
- Instantly See WHO Has Permission to Do WHAT With a Free Tool
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about managing PCs, tablets and phones with a guest editorial from Keith Mayer, a Senior Technical Evangelist at Microsoft focused on Windows infrastructure, data center virtualization, systems management and private cloud.
Interestingly, when I searched Dilbert.com for a comic strip on the topic of "tablets" the only result that came back was this:
Then I tried another search for "BYOD" on Dilbert.com and it came up with null results.
Could it be that Dilbert is behind the times when it comes to enterprise computing?
Send me your thoughts at [email protected] LOL.
And now on to our guest editorial from Keith Mayer...
PCs, Tablets and Phones: Managing IT in an Age of Consumerization with System Center 2012 SP1 and Windows Intune
Today, end-users have more device choices than ever before … and, this could bring some great news for us: IT consumerization trends have the potential to dramatically lower our hardware acquisition and maintenance costs, and they also provide end-users with broader flexibility in matching devices to their unique work styles. But … how do we manage platform security, stability and consistent application experiences in a world where users are accustomed to "Bring Your Own Device" (BYOD)?
In this article, we'll step through enabling the new capabilities provided by System Center 2012 SP1 and Windows Intune to provide a comprehensive management solution for traditional corporate devices side-by-side with BYOD scenarios. By leveraging these features, we'll see how we can balance cost, security, and user experience to capitalize on the value of IT consumerization for our organizations and our end-users.
What is "Consumerization of IT"?
"Consumerization of IT" refers to the broad availability of IT hardware, software and services that end-users increasingly enjoy today -- making it possible for them to select their own technology solutions, potentially without the consent of the IT team within their organization. As younger and more technically-capable professionals enter the workforce, the demands to support a wider array of technology choices is growing -- and, with good reason: by providing flexible technology offerings, many organizations have seen a shift towards improved worker productivity by allowing each worker to more closely tailor device choices to their unique work styles and preferences. By offering a technology stipend to these workers for procurement of devices, organizations have also experienced a reduction in costs and effort associated with hardware procurement and break/fix support. As IT professionals, this means that we're finding our roles to be evolving to encompass extending management, security and application policies to a much wider variety of platforms than we've traditionally been accustomed.
It's all about achieving balance …
Of course, the needs of each organization and set of end-users can be very different. Part of your role within your organization may be helping to arrive at the best balance of end-user flexibility with organizational governance -- after all, in most organizations IT is still expected to provide management and oversight of data security, application availability and end-user support. In many organizations, this means that IT teams may find themselves defining different levels of support as a sort of consumerization "service level agreement" or SLA, such as:
- Premium support and full network access for a finite number of approved and tested technology platforms, generally aligned to the common technology choices that IT has traditionally made available to end-users.
- Basic support and access to core network applications for a larger number of mobile technology platforms -- tested and supported by IT for access to a subset of applications.
- Limited support and access to applications to all other devices via application proxies -- commonly delivered via web-based application services or Remote Desktop solutions.
Of course, the correct mix of support levels, application access, security and manageability is something that will likely be a unique blend on an organization-by-organization basis. However, by taking a scaled approach towards consumerization, as defined in the example above, you'll be able to offer flexibility that will likely satisfy the majority of your users while still being able to provide consistent levels of IT support that are prudent for your organization.
Challenges in Managing BYOD Devices
Once you've defined the consumerization "service level agreement" within your organization, you'll probably find that you'll need to extend a certain amount of centralized IT management capabilities to a new set of BYOD mobile devices in order to meet your SLA commitments. Specifically, many organizations find that they need to be able to manage application deployments, ensure compliance with IT security policies and perform basic remote administrative tasks, such as remote block and wipe, across a new range of mobile devices. Implementing centralized management for these requirements on managed corporate devices is no problem -- tools such as System Center Configuration Manager have traditionally provided deep management capabilities for devices that are integrated into an organization's internal network and Active Directory infrastructure. However, extending centralized management to previously unmanaged BYOD devices is an altogether new set of challenges -- after all, BYOD devices are usually not connected to an internal network infrastructure, let alone have any support for centralized identity stores such as Active Directory.
Managing Enterprise Devices and BYOD Mobile Devices from a Single Management Console
In System Center 2012 Service Pack 1, the Configuration Manager team set its sights on addressing the challenge of managing BYOD mobile devices side-by-side with managed corporate devices. In the SP1 release, Configuration Manager can be tightly integrated with the cloud-based Windows Intune management service to extend centralized management to common mobile device platforms, such as:
- Windows RT devices, such as the Surface RT and various RT-based OEM devices
- Windows Phone 8 mobile devices
- Apple iPad and iPhone devices ( iOS 5.0 or later )
- Android mobile phone and tablet devices
By integrating both System Center 2012 SP1 and Windows Intune together, Windows Intune effectively becomes a cloud-based "management point" for delivering application, compliance and inventory policies to mobile device platforms from the System Center management console.
Go here for more info about System Center 2012 SP1:
Go here for more info about Windows Intune:
What management tasks can I perform against BYOD Mobile Devices?
The management capabilities of each mobile device platform can vary -- and this is definitely something to consider when defining the SLA policies for your organization. In the table shown below, you'll find details on support for specific management tasks with each mobile device platform when using System Center 2012 Service Pack 1 and Windows Intune together:
Windows Phone 8
Retire, wipe, remove, and block devices
Compliance settings for password settings, email management,
security, roaming, encryption, and wireless communication.
Line-of-business app management for internal enterprise apps
App installation from a public app store
How do I get started with integrating System Center 2012 SP1 and Windows Intune?
To get started with integrating System Center 2012 Service Pack 1 and Windows Intune, you'll need these prerequisite items:
- An installation of System Center 2012 Configuration Manager with Service Pack 1 applied.
A free evaluation kit for System Center 2012 SP1 is available at:
- An activated Windows Intune subscription.
A free trial subscription for Windows Intune for evaluation purposes is available at:
- A publicly registered DNS domain that matches your internal Active Directory User Principal Name (UPN) Suffix.
Once you've taken care of the above prerequisites, you'll perform the following three general tasks to integrate your on-premises System Center 2012 SP1 Configuration Manager installation with Windows Intune for unified mobile device management.
1. Deploy and configuration directory synchronization
Directory synchronization provides the ability to securely integrate your list of internal AD user accounts and security groups with Windows Azure Active Directory, which is the directory service that supports Windows Intune in the cloud. Once completed, this allows a consistent set of users and groups to be leveraged by both System Center 2012 SP1 and Windows Intune for management of both corporate and mobile devices that are operated by end-users.
Figure 1: Installing Windows Azure Active Directory Sync Setup
2. Create a Windows Intune subscription in System Center 2012 SP1 Configuration Manager
Defining Windows Intune subscription information in System Center 2012 SP1 Configuration Manager allows Configuration Manager to manage the Windows Intune subscription centrally. Along the way, you'll also identify the mobile device platforms that you wish to manage via Windows Intune and the certificates for securely authenticating to each platform.
Figure 2: Create Windows Intune Subscription Wizard
3. Add the Windows Intune Connector site system role in System Center 2012 SP1 Configuration Manager
The Windows Intune Connector maintains bi-directional network communications between System Center 2012 SP1 Configuration Manager and Windows Intune. Via this connector, System Center 2012 SP1 will be able to deploy applications, policies and remote management commands to Windows Intune for passing on to the appropriate mobile devices. This connector also receives hardware inventory and mobile device status information from Windows Intune for representation in the central System Center 2012 SP1 Configuration Manager console.
Figure 3: Add the Windows Intune Connector site system role
How can I use System Center 2012 SP1 to manage BYOD Mobile Devices?
After System Center 2012 SP1 Configuration Manager and Windows Intune are integrated into a unified management solution, you'll be able to manage BYOD mobile devices in a manner that's consistent with how enterprise corporate devices are managed within System Center 2012 SP1.
- To deploy new managed applications, you'll find mobile device application types for Windows RT, Windows Phone, iOS and Android integrated within the Create Application Wizard in System Center 2012 SP1 Configuration Manager.
Figure 4: Create Application Wizard in System Center 2012 SP1 Configuration Manager
- To manage compliance of security and configuration settings, you'll also be able to create standard Configuration Items and Configuration Baselines for mobile devices in System Center 2012 SP1 Configuration Manager.
Figure 5: Create Configuration Item Wizard in System Center 2012 SP1 Configuration Manager
- To remotely manage hardware inventory, remotely wipe or retire mobile devices, you'll be able to right-click on the appropriate enrolled mobile device in a Mobile Device Collection in System Center 2012 SP1 Configuration Manager.
Figure 6: Managing Mobile Devices in System Center 2012 SP1 Configuration Manager
How do I learn more about BYOD Mobile Device Management in System Center 2012 SP1?
Ready to set this up in your own lab? To learn more about the new mobile device management capabilities in System Center 2012 SP1 with Windows Intune, be sure to check out the following additional resources below:
WATCH: Managing Mobile Devices with System Center 2012 SP1 and Windows Intune
DO IT: Step-by-Step -- BYOD Mobile Device Management with System Center 2012 SP1 and Windows Intune
GET CERTIFIED: Free Exam Study Guide for Exam 70-243, Administering and Deploying System Center 2012 Configuration Manager
About Keith Mayer
Keith Mayer is a Senior Technical Evangelist at Microsoft focused on Windows Infrastructure, Data Center Virtualization, Systems Management and Private Cloud. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of IT professionals worldwide on the design and implementation of enterprise technology solutions.
You can find Keith online at:
Send us feedback
Got feedback about anything in this issue? Let us know at [email protected]
Tip of the Week
Beginning with Windows Server 2012 the default installation option is the Server Core option, not the GUI option.
Then install the RSAT management tools on another box and manage your servers remotely.
This way you can reap the benefits of Server Core (less patching, fewer reboots, smaller disk footprint, reduced attack surface) while enjoying all the ease of being able to manage your servers using the GUI tools Microsoft provides.
Just my two cents!
For more on Server Core, see here:
Recommended for Learning
This week we have a few titles from O'Reilly that we've had a chance to look at:
Cloud Architecture Patterns
Walks you through the fundamentals of cloud computing by building an application running on Windows Azure.
Building Web, Cloud, & Mobile Solutions with F#
Another walkthrough of developing an application that runs on Windows Azure, this time with lots of code.
High-level overview of planning an enterprise search solution for your business. Platform-agnostic so not a walkthrough, but still worth a read.
Quote of the Week
"Sometimes it is not enough to do our best; we must do what is required." - Winston Churchill
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Admin Tools We Think You Shouldn't Be Without
Track virtualization health at-a-glance with SolarWinds free VM Monitor. This free tool allows you to continuously monitor a VMware or Hyper-V host and associated virtual machines. Download now.
Free Tool: Idera Server Backup Free – fast, disk-based continuous data protection for Windows and Linux servers – backs up and restore files in minutes
New. Altaro Hyper-V Backup v4. Powerful new features, faster and easier to use than ever. Still free (forever) for 2 VMs, still competitively priced. Download now.
Find out where all the free space has gone on your hard drive:
Convert VMware-based virtual machines and disks to Hyper-V-based virtual machines and disks:
Microsoft Worldwide Partner Conference on July 7-11, 2013 in Houston, USA
Microsoft TechEd Australia on September 3-6, 2013 in Gold Coast, Australia
Microsoft TechEd New Zealand on September 10-13, 2013 in Auckland, New Zealand
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]
WindowsNetworking.com Webinar: Is it Time to Graduate from WNLB?
Are you avoiding deployment of an advanced Load Balancer due to concerns about the complexity involved? Do you rely on MS WNLB because of its ease of implementation? What additional features are available with an intelligent load balancer, are they worth the cost and are they really all that complicated? These are some of the important questions that Network administrators need to answer when deciding if the time is right to make the change from using MS WNLB to another Load Balancing solution.
Join J. Peter Bruzzese, Microsoft Certified Trainer (MCT), and Cofounder/CIO of ClipTraining on Thursday, July 18th, 2013 at 11am ET / 10am CT / 8am PT to learn tips and secrets about load balancing, when it’s time to move up from using MS NLB, and which types of load balancers to consider.
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our 100,000 subscribers about? Contact [email protected]
Microsoft Deployment Toolkit 2013 Preview Now Available (Microsoft Deployment Toolkit Team Blog)
The Client Management team is happy to announce the availability of the Microsoft Deployment Toolkit (MDT) 2013 Preview. Be sure to read which platforms are supported for deployment using MDT 2013 and which are not!
Microsoft Server Virtualization Calculator (Hosted by MindTree on behalf of Microsoft)
The Microsoft Server Virtualization Calculator compares the cost of virtualizing applications on Microsoft Windows Server 2012 Hyper-V to VMware vSphere 5.1.
IPv6 for the Windows Administrator: Why you need to care about IPv6 (Ask PFE Blog)
Should you care about IPv6? Read this and find out!
IPv6 for the Windows Administrator: IPv6 Fundamentals (Ask PFE Blog)
The Premier Field Engineers demystify IPv6 addressing!
Managing VMware Workstation VMS Remotely with WSX (VirtualizationAdmin.com)
David Davis looks at how to manage VMware's recently released WSX - a HTML5 browser-based GUI for Workstation 9 virtual machines and ESXi hosts.
BOOK EXCERPT: Troubleshooting Storage Using Event Logs (WindowsNetworking.com)
Thomas Roettinger, a Program Manager with the Partner and Customer Ecosystem Team at Microsoft, provides two examples of how to use the Windows Event Logs to troubleshoot storage issues in a Hyper-V environment.
Windows Server 2012 R2 Preview Inbox Driver Support on Dell PowerEdge Servers (Dell TechCenter Blogs)
A blog post about the current state of driver support for Dell servers.
Guide To The New Unified Smart Search Feature In Windows 8.1 (Addictive Tips)
Smart Search, the search feature in Windows 8.1 integrates with Bing to let you quickly find local apps, files, SkyDrive content, and web content from the Start Screen.
The Journey to ISO 27001 (Part 1) (WindowsSecurity.com)
Ricky M. Magalhaes begins a two part article that will take you through an introduction to ISO 27001.
Planning and migrating a small organization from Exchange 2007 to 2013 (Part 3) (MSExchange.org)
Steve Goodman concludes his series of articles by continuing discovery collecting more information about Exchange, before beginning to collect relevant Client information.
GFI MailEssentials - Voted WindowSecurity.com Readers' Choice Award Winner - Email Anti Virus (WindowsSecurity.com)
GFI MailEssentials was selected the winner in the Email Anti Virus category of the WindowSecurity.com Readers' Choice Awards. Symantec Norton AntiVirus and BitDefender Antivirus were runner-up and second runner-up respectively.
Negating network latency's effects without bending law of physics
While moving your applications to the cloud can deliver key scalability benefits, this transition can also introduce a number of networking issues that can end up hindering performance and user experience. Luckily, there are ways to avoid network latency pain points in the cloud -- find out more inside.
How inline deduplication is changing the VDI storage landscape
Many IT pros claim that managing storage in their virtual desktop infrastructure is a significant challenge. As a result, a new technology has been developed to address this issue -- inline deduplication. Find out more about this innovative approach to VDI storage inside this essential tip.
Virtualizing legacy servers without pulling out your hair
Many businesses adopt server virtualization to take advantage of its cost-saving and high availability benefits, but what most IT pros don't realize is that it can also breathe new life into legacy servers. Inside, discover the top reasons to virtualize legacy servers and learn what this approach can offer.
VMware vSphere basics: ESXi host cluster, vCenter and shared storage
When it comes to VMware vSphere virtualization, you must first create a solid foundation -- and the same best practices can be applied to any data center or number of servers. Inside, learn more about the three vSphere basics -- multiple identical ESXi hosts, shared storage for VMs and vCenter Server.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Water Car Panther is the fastest amphibious car in the World - capable of 80 mph (127 km/h) on the road and 44 mph (70 km/h) on water.
Martha Stewart shares her trick for peeling a whole head of garlic in just a few seconds.
Love apparently knows no boundaries in the animal kingdom. Check out these animal odd couples:
France Has An Incredible Talent: 11 year old Raffi wows the audience with an incredible Rock 'n' Roll performance:
Bride and groom Gary and Tracy Richardson asked Reverend Kate Bottley to put a twist on their traditional wedding.
Supercats - a compilation of cats doing all sorts of funny and amazing things to the music of 'Jump' by Van Halen.
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com
Ingrid Tullochis Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.