Using data dedupliation with Configuration Manager

Microsoft recetly published an blogpost with how we can use data deduplication with Configuration Manager.

Now the reason why you would use Data deduplication is to save space, since this works on a file level it allows us to remove redudant chunks on files within a volume.

So instead of having file with a chuch of A B C D E F F F we would just have A B C D E F, im simple terms . I have written about how to use data deduplication within one of m y previous posts here, this shows how to trigger a schedule and setting it up using PowerShell

Now in terms of using it with Configuration Manager, there are some couple of things you might want to note.It is supported using data deduplication on a distribution point, but not on the source files. Meaning that we can use deduplication on volumes where the content library is located. This on the other hand, allows us to reduce a good amount of storage on our distribution point, but again it requires that the server is running Windows Server 2012 or 2012 R2.

XenMobile vs Configuration Manager & Intune

So this is a discussion I often meet, and will come across more the next weeks and months ahead I belive Smilefjes
Many of the customers I work with are often a full blowen Citrix customer or more forwards Microsoft.

Many are facing the discussion mobility how do we embrace it ? (or from another point of view, how do we manage it ?) and they are doing some research and find often that XenMobile or Intune shows up. So whats the difference between the two ?

Citrix has a long time been the master of delivering workspaces to a user and to any type of device, and with the release of CloudGateway Enterprise they were entering towards delivering mobile based features (for instance allowing them to deliver mobile based applications to a user device trough Citrix client) and with the purchase of ZenPrise last year they went full in. Zenprise was a fullblown MDM solution and now they have integratet CloudGateway (Cloudgateway was the old product which included Storefront, Gateway and AppController) with ZenPrise which is now known as XenMobile Enterprise.

This fits well for Citrix’s image (any device anywhere) and now they can manage any device as well (as long as it is mobile). Also they have developed sandboxed based applications under the category Worx and they can also deploy any applications from the vendors different stores. These Worx applications use Micro-VPN functionality to connect to the infrastructure and are completely seperated from other apps inside the mobile client.
To break it down in components XenMobile (Enterprise) consists of
* Netscaler (Gateway)
* Storefront
* AppController
* XenMobile MDM
* Sharefile

Then on the other side you have Microsoft, which is coming from a client management standpoint, and they have been there for quite some time. With the latest release of Configuration Manager, Microsoft released a connection with Intune which allowed buisneses to manage mobile devices via Intune directly from Configuration Manager.
So all mobile devices needed to be setup to talk to Intune in order to be managed.
Configuration Manager has also expanding it support to include Linux / Mac / Thin Clients as well as mobile devices with Intune, so microsoft has operated in the management part for a long time.
Instead of aiminig for a on-premise solution Microsoft har put everything in their cloud. So whenever Microsoft deployes a new feature to Intune every customer of Intune gets it without needing to do anything.
They also have an integration to exchange to allow the IT-guys to control mobile devices trough Active Sync (this also includes Office 365)
There is a new intune release coming with a new release of Configuration Manager the 18th of October.

But can these two products compete?
Well… they have some of the same features which is device management, Citrix has more advanced features with XenMobile and with Worx and Micro-VPN etc. Microsoft has full support for Windows phone and Windows RT (And coming with iOS and Android with an company portal app pretty soon) and Intune might have what you need but nothing fancy.

What we need to remember is that Configuration Manager is a fullblown client management suite, with patching, deploying operating systems, applications, baselining, antivirus, with Intune it gets mobile device management capability. XenMobile is not in this category, it gives you mobile management, mobile application management, sandboxing applications, give any device application delivery trough Citrix Receiver.

So if you are a System Center customer with Configuration Manager and your IT-guys use ConfigMgr for management, adding Intune might be an easy way to go ahead, and by using Intune you leave the feature set to Microsoft, they need to continue development and will add more features as new release become available (So you will get the new releases for free since its a cloud based solution which you get buy a monthly basis). For other customers which needs advanced features such as selective wipe and the ability to seperate buisness and private data and more advanced security features and deep suppor for all vendors (Except Windows) XenMobile is for you. Zenprise was one of the market leading vendors before Citrix bought them up.

If you compare the cost (for Intune the cost pr user is 6$ pr month so for one year you have 72 USD. You also need Configuration Manager for it to make any sense.) You can also get a discount if you are EAS or EA agreement already which makes Intune more viable.
XenMobile Enterprise on the other hand is not so much more expensive then a regular Intune subscribtion of course it requires alot more infrastructure then Intune does.

So hopefully you got a bit more understanding on what seperates Intune from XenMobile! Smilefjes

Cloud based distribution points

Well, along time since I’ve managed to blog! Smilefjes But ill give a quick update about the book im writing. Im writing a book about Configuration Manager which is going to cover high-availability and performance tuning, really exiting times! It takes up alot of my time therefore my lack of blogging lately.
Anways, this is something I’ve post poned some while now, which is cloud based distribution points!

Cloud-based distribution points is something that came with Service Pack 1 in System Center. Cloud-based DPs are really much like a regular DP except for the following:

* You cannot use a cloud-based distribution point to host software updates
* You cannot use a cloud-based distribution point for PXE or multi-cast deployments
* You cannot use a cloud-based distribution point during a task sequence that requires a task to Download content locally when needed by running task sequence.
* You cannot use a cloud-based distribution point to offer packages that are setup with run from Distribution Point
* You cannot use a cloud-based distribution point to host virtualized applications
* You cannot set a cloud-based distribtuion point as pull-based or as source distribution point.

Content that is sent from the Configuration Manager to Azure is copied encrypted. In order to setup a Cloud DP you need a couple of things.
First of you need a management certificate which you can use against Azure you can follow my recipe from my previous post.

You also need to generate a certificate which should be created using the same PKI structure as for the regular Configuration Manager solution. This certificate should be created using the web server template. This certificate should contain a FQDN which your clients should be able to resolve using DNS.
You can read more about the certificate here –>

After these two prerequsites are in place we can create the distribution point (if you have SP1 the option to create one are under Administration –> Hierachy –> Cloud –>

Here we have to enter the subscripbtion ID this we can get from Azure and the management certificate.


Next we choose what region and what site this DP should be assosicated with, as well as add a certificate generated by our internal PKI for the DP.
Next we configure alerts and thresholds. After this is done we have to change the client policy to allow access to cloud DP


And we can se in the monitoring pane that the cloud DP is functional.


Under the FQDN enter a name for the server (which resembles the certificate name) this record has to be added the the DNS-zone either internally (if only for internal clients) or on the external zone) the IP-adress of the Distribution Point in Azure is found under cloud services.


After this is done, we also have to modify the clients policy settings to allow clients access to the distribution point. If you go into the storage blob and under containers you can see the different packages that have been distributed to the cloud DP.


If you want to scale out with more cores to the cloud DP you can go into the cloud service and use the scale function

after I have distributed content I can see the package ID under the container in the storage pane.


And there we go, will try to write up a follow-up which covers multi cloud DP points.

Azure Pack configuration for Windows Server 2012 R2

So Microsoft has released the new wave of products into preview, including the next version of Katal (Azure Services) for Microsoft, called Azure Pack. This pack transforms your datacenter into Azure allowing users to sign up using plans and be able to use your infrastructure into a IaaS platform.

You can download the trial for Azure Pack here –>

Now there are some prerequisites for using this pack.
You can read more about them here –>

But in order to integrate Azure pack with your on-premise solution it uses Service Provider Foundation (Which is included in the Orchestrator installation media)


Not that this requires the installation of SCVMM 2012 R2 Console on the same machine as SPF since it uses the VMM APIs to communicate with it.

It also requires some other prerequisites such as


WCF Data Services 5.0 can be found here –>

.NET features 4.5 WCF is a part of .Net 4.5 which can be installed from Server Manager

Management ODATA IIS is also a part of 2012 R2 installation media

ASP.NET MVC 4 can be downloaded from here –>

Next we configure a database for use for SPF


In this database the SPF stores information such as
Usage Records
Gallery Items
And Tenants Stamps

Next we choose where to deploy the SPF files and what certificate we want to use.
In my case for this demo I used a self-signed certificate.


Next we define credentials for the admin web service


NOTE: If you choose Network Service here you need to make sure that the machine account is a VMM administrator

In my case I choose a Service Account and entered a domain user.
After that you are done with SPF


Next we move on to the Azure Pack installation
You can download the pack from here –>

All it does is download a profile which uses webdeploy.


Now by default it will install all the web roles on the same servere


Click I accept (ill come back to what the different roles do)
And Note this installing part may take some time.

After that is done, press Continue and ill will start the Service Management Configuration site.


It will open a browser window on the localhost on port 30101, and again we will have to define a Database and server for the Azure Pack.

Here you have the option to use a Windows user or a regular SQL user.
Remember that you have to enable Mixed Mode on the SQL server in order to use regular SQL users.


Make sure that you write down the passphrase. If you forget or lose this passphrase, there is no way to recover it. This is used to encrypt and decrypt the Configuration Store..

Next we define a FQDN for the host


After this is done it will start configuring the different roles on the Server


After that is done we continue on with the configuration


NOTE: You may need to log out of your system and log back in before you can access the management portal for administrators. This is due to Windows authentication and the need to add the security group to your security token.

If you continue to see an access denied error, even after logging back in, close all Internet Explorer windows, and run Internet Explorer as an administrator.

Now the setup will open a browser on port 30091 which is the default port for the management portal for administrators



Now you can see the difference between “Katal” and Azure Pack

Katal (The old version)


(Azure Pack the New one)


New stuff is including
Reporting provider (This is also a feature that is on the Orchestrator installation media)
Service Bus Clouds (Read more about setting up service bus here –> )
Automation (This requires Service Management Automation web service)

So in my case I define the Service Provider Foundation endpoint for Azure Pack
And then Go to VM Clouds and connect to my VMM Management Server.

Add some bugs when connecting to my cloud but after a IISreset it worked just fine


This gets the cloud container from VMM, from here I can view resources in my cloud


Now for the end-user I can sign up using the tenant portal.
Which is on the same server you installed Azure Pack only on port 30081 remember thou that you need to create a plan and publish it in order for users to subscribe to that plan.

Here I signed up with a regular user account


Choose Add Plan and select a public plan which was created on the management portal.
Note thou that here we have external users created we can also use AD authentication

For the tenant portal you can configure this using ADFS here –>

Note when you sign up for a plan you need to go back to the administration portal and approve the subscription.

Now If I want to automate a task associated with VM create I can do this in the management portal


All for this time, all dive in a bit more when I got the time Smilefjes 
Stay tuned

One system to manage them all

Microsoft has seen that all environments aren’t all black and white. Some have Linux/Unix based systems, some have Mac’s and some are just sitting on a terminal such as Wyse or Igel.
And then there are some that just use a tablet (iPad or Android based) Some are lucky enough to have a Windows 8 RT based tablet such as Microsoft Surface or Samsung ATIV.
What problems arise with all these devices and consumerization of IT ?


With all the different components in the mix, IT is having a hard time managing all this different devices. They usually have different systems to manage different devices.
Since they usually have one system that is good on Unix but doesn’t have features that work on Android or IPhones. With the surge of next generation workers people wish to bring their own device within the business.
(This Dilbert comic shows the frustration that IT-people have in many occasions) Smile

Now Microsoft has been good at managing what they do best, Windows. They have done so since the first release of ConfigMgr in 1994 (Good old SMS) The biggest chance in ConfigMgr 2012 is that the system is now more User-Centric.
Meaning that the system is “aware” of users within the environment, previously it was aimed at just the device.
And with the upcoming release of Service Pack 1 there are multiple news that make the IT-admin work easier.

* Support for Linux/Unix based Systems
* Support for Mac OSX
* Support for Windows Embedded
* Support for Android and IPhones (5 & 6) (Using Windows Intune Connector)
* Support for Windows 8 Phones and Windows RT (Using Windows Intune Connector)

Now if you are missing some devices here, ConfigMgr also has support for devices that support Exchange ActiveSync, so therefore ConfigMgr can be the center of your IT-management infrastructure. It still remains to see what functionality comes with Intune connector to mobile devices. (And if it can compare with other MDM systems on the market.) the main problem with MDM is that people are concerned about their private data on their devices since IT in some forms can manage their devices.
You can read more about it here –>

You can look at this video interview with Wally Mead which is head of development of ConfigMgr if you wish to know more about Intune and SP1

Since a lot are competition on this front, ConfigMgr might gain the edge because of it’s wast support for devices, low cost and integration with other system center products.

Integration possibilities:

* System Center
* XenApp XenDesktop
* App-V
* Secunia
* AppSense
* + Much moresyst

With all these possibilities ConfigMgr can become a central point for managing all of your devices. 

Automating Configuration Manager 2012 SP1 with PowerShell

First part of this series, I showed how you could run and install all the necessary prerequisites silent and automated, this time I will write a bit more instead of just adding the commands.
In Service Pack 1, Configuration Manager will finally include cmdlets for PowerShell this allows for a scripted and automated setup process. Therefore I took the liberty of creating this post which will show you how-to.

Now with this you can actually create a script for a new customer (If you already have knowledge of the customers infrastructure) with contains all the necessary you need to setup a fully site. Then where you are at the customer, run the script and take the rest of the day of.

Now what do we need in order to setup a fully Configuration Manager site?

We need a boundary group (Which contains a boundary, refer my earlier post –> ) Which again contains a distribution group and is assigned a site.
And we need to activate discovery objects to fetch information such as Users, Group, Computer objects.
We also need to setup AD publish (In case we did a manual ConfigMgr site agent install we wouldn’t have to setup this but for the administration ease we are going to do so)
Next we are going to Create Computer Collection which is going to include our test servers. We are also going to Create User Collection b
After that we are going to Create an application which we are going to deploy to our computer collection

All using PowerShell.
Now in order to start PowerShell against Configuration Manager, just click the file button inside the Console and press the Connect using PowerShell.

You can use the get-command –module ConfigurationManager to show all the commands available for Configuration Manager
You can also use the get-help cmdlets if you are unsure of the parameters that you need to use.
Also you can use the get-help cmdlets –examples if you want to show some examples.

NOTE: Will trying to get this fully automated, I find its hard with the current release of the PowerShell cmdlets but still I’ve gotten far.  So this post will be updated periodically.

Create a new Boundary: New-Cmboundary -type ADsite -value «Default-First-Site-Name»

Create a new BoundaryGroup: New-CmboundaryGroup -name Test -DefaultSiteCode TST

Add boundary to group:
Add-CMBoundaryToGroup -Boudaryid 16777218 -GroupName «Test»

I got this BoundaryID using Get-CMboundary since the command didn’t parse the value ID properly.

You can use the Get-Cmboundary and Get-CmBoundaryGroup to view the values. And you need to add the site code to the command so it assigns
that as the default site for the boundary group.

Get info from Active Directory Forest: New-CMactiveDirectoryForest -ForestFqdn demo.local -EnableDiscovery $true

Install Configuraiton Manager Agent: Install-CMClient -DeviceName ConfigMgr -includeDomainController $false -AlwaysInstallclient $false -SiteCode TST

Create a new device collection: New-CMdevicecollection -name «My Servers» -LimitingCollectionName «All Systems» -RefreshType Manual

Still more to come

Beta of System Center 2012 Service Pack 1 released!

This update includes the following:
The Beta of System Center 2012 Service Pack 1 (“SP1”) enables System Center customers to jointly evaluate System Center 2012 with Windows Server 2012 and Windows 8. The Beta is for evaluation purposes only and not to be used in production as described in the EULAs associated with the product. No license keys are required to do this evaluation. The Beta includes updates and enhancements to the following System Center 2012 components:

  • Virtual Machine Manager
    • Improved Support for Network Virtualization
    • Extend the VMM console with Add-ins
    • Support for Windows Standards-Based Storage Management Service, thin provisioning of logical units and discovery of SAS storage
    • Ability to convert VHD to VHDX, use VHDX as base Operating System image
  • Configuration Manager
    • Deployment and management of Windows 8 and Windows Server 2012
    • Distribution point for Windows Azure to help reduce infrastructure costs
    • Automation of administrative tasks through PowerShell support
    • Management of Mac OS X clients and Linux and UNIX servers
    • Real-time administrative actions for Endpoint Protection related tasks
  • Data Protection Manager
    • Improved backup performance of Hyper-V over CSV 2.0
    • Protection for Hyper-V over remote SMB share
    • Protection for Windows Server 2012 de-duplicated volumes
    • Uninterrupted protection for VM live migration
  • App Controller
    • Service Provider Foundation API to create and operate Virtual Machines
    • Support for Azure VM; migrate VHDs from VMM to Windows Azure, manage from on-premise System Center
  • Operations Manager
    • Support for IIS 8
    • Monitoring of WCF, MVC and .NET NT services
    • Azure SDK support
  • Orchestrator
    • Support for Integration Packs, including 3rd party
    • Manage VMM self-service User Roles
    • Manage multiple VMM ‘stamps’ (scale units), aggregate results from multiple stamps
    • Integration with App Controller to consume Hosted clouds
  • Service Manager
    • Apply price sheets to VMM clouds
    • Create chargeback reports
    • Pivot by cost center, VMM clouds, Pricesheets
  • Server App-V
    • Support for applications that create scheduled tasks during packaging
    • Create virtual application packages from applications installed remotely on native server

So much interesting stuff here! looking forward to trying it out this week! Smile