Remarks by Brad Anderson, General Manager, Management and Services Division, about how Windows 7 simplifies configuring enterprise applications
Microsoft Management Summit
Las Vegas, Nev.
April 29, 2009
BRAD ANDERSON: (Applause, music.) Good morning, everyone. Welcome to day two, day three, however you want to think about this. Boy, let me say “Thank you.” you know, in times where dollars and currency is tough, your time is precious, it’s not lost on us that you’re spending that time with us and we really do appreciate that.
You know, in terms of MMS as we think about what we’re going to talk about, I think about this as a conversation that we have with all of you with the industry every year where we come to talk about the things that we’re going to do over the next year, we talk about long-term vision and we come the next year and we come back and give a report on have we delivered on our commitments, give you some more details on what those long-term visions are, refine it, give you some tangible progress on what we’re doing.
I think Bob did a great job of that yesterday talking about, first of all, the commitments we made last year around cross-platform, around application virtualization, and Bob walked through that. How we think about the cloud, how we think about these long-term investments we’re making around the dynamic data center.
Today, we’re going to focus on the client. We’re going to talk about the trends, the changes, the things that are happening that are driving fundamental changes in the way that our end users want to use the desktop and the things that we’re doing and the investments that we’re making to help you deliver on those needs, deliver on those changes that we’re asking for.
But let me just say a couple of things here first of all. For those of you who have been behind the scenes at MMS, you’ll know that there were a couple of individuals who have been key parts of this since day one. Individuals like Martin Day and Stephanie Todd, who for all 10 years have labored behind the scenes, made sure that this is one of the world’s premiere events from an IT professional standpoint. Let’s give them some applause. (Applause.)
Something else I think is really interesting is, you know, last year kind of the collector’s item was the flying pig, right? The collector’s item this year – anybody know what it is? It’s the Wally pin. Anybody seen these yet? They’re actually going on eBay for $1,000 right now. There are three of them that MVPs made. Another key part of MMS has been Wally, let’s show Wally some appreciation as well. (Applause.)
All right, so let’s talk a little bit about a couple of key highlights that I thought you’d be interested in. First of all, in an economic time when it seems like there’s just bad news after bad news, I think it’s always great to celebrate some of the successes. And I’m going to give you some details and some insights into some of the things that we’re doing with the management business at Microsoft. Again, let me say, thank you. You are making bets on Microsoft, you’re making bets on the technology that comes out of our organization, and we feel that stewardship, we feel that responsibility.
What we’re seeing in the business in a time when most companies are happy if they’re reporting flat year-on-year earnings, the management business at Microsoft is the fastest-growing business at Microsoft. Let me give you a couple of data points: All-up, we’ve now gone through three of our four quarters in the fiscal year. Our business is growing at more than 20 percent year over year.
If you separate out the server business, so our business of managing servers, that business is growing at more than 40 percent this year. In the last 90 days, we had more than 1,000 new customers – 1,000 new customers purchase the System Center Server suite. The MDOP business is growing at more than 100 percent year over year. There are now 14 million licenses of that available in the market.
Again, thank you. You know, you’re placing your bets, you’re making your long-term bets on the technology that is coming out from Microsoft, and we’re going to make sure that we deliver on the commitments that we’ve made to you. Now, before I jump into the actual conversation, let me give you a little bit of background on the division that I have the opportunity to lead, what it does at Microsoft.
We call ourselves the Management and Services Division. And you should think about our group as responsible for all of the manageability and all the management technology that comes out from Microsoft. So the underlying technology in Windows, that’s Power Shell and WMI and WS management, group policy, Windows update, all the desktop optimization pack and System Center. We think about this as one cohesive set of capabilities.
You know, I have the wonderful opportunity to figure out how we balance our investment across what we put in Windows and in MDOP and in System Center. But in the top of my mind, I think about that as a continuum. And if you were to ask the question, “What do you need to have to make sure you have a well-managed desktop or a well-managed client?” you need all three of those. And we’re going to talk about that in more detail as we go on this morning.
First, I want to start with a couple of high-level challenges that is driving change in the way that you’re being asked to manage the client in your enterprise. You know, first of all, we see the boundaries of the work space continuing to expand. This line between home and work is blurring. You know, we have these digital natives entering in the work force and becoming a larger and a larger portion of the work force.
These individuals have been raised with the Internet. They’ve been raised with PCs since they were children in their homes. They want to be a partner in how they interact with IT, and they want to have the ability to work in the way that fits their work style. You know, historically, we built these products we call desktop management, we’ve actually measured our success that the user didn’t know that we were there, then we were successful.
In this new world, these users want to be partners with IT, they want to be partners with the technology and help guide how they get their work done. This is all driving pressure on you to change the way that you’re delivering these capabilities and enabling your users, and at the same time, especially given the economy, your budgets are decreasing, the demand sort of being placed on you from a regulatory compliance are increasing, so there’s this constant tension.
If we look at what happened in the last year since we last got together here at MMS, you know, the headline is obviously the world economy. Indices like the Dow Jones is down 40 percent. You have this continual shift that’s happening to these digital natives. You know, in the U.S. alone, we graduated more than three-quarters of a million students from college who are entering that work force and bringing with them this different way that they want to work.
We saw things like social networking and Facebook in the last 12 months doubled. 100 million new users were added to Facebook. And so the concept of social networking truly has gone mainstream. And then this constant demand for enterprise-ready smart phones. There were more than 100 million smart phones sold last year, over 1 billion phones sold worldwide, and how do you enable users to be productive in the way that they want to use those devices. So a lot of things happening as far as long-term trends and some specific things that are accelerating in the last 12 months.
So what does this mean to all of you? First and foremost, you have users who are asking you to enable them to work in different ways and asking you to give them a more flexible environment in which they can do their jobs. You’re also getting demands from the business. The business is asking you to do more with less. The business is asking you to deliver on these end-user needs. You’ve got this balance of you’ve got the existing work force who haven’t had PCs and the Internet since they were children. You’ve got how you want to work with them, and you’ve got these digital natives who want to be a little bit more aggressive, a little bit more involved, and how do you manage and deliver a desktop and deliver a client, deliver the applications and the data that your users need to be productive when you’re trying to balance these diverse needs?
What this ultimately is doing is this – it’s driving you to have to change the way you think about your infrastructure and how that infrastructure is flexible and how that infrastructure enables these users to be productive in the way that they want to be.
Let me give you a couple of examples. Historically, when we’ve talked about desktop management, one of the ways that we have measured our success is by looking at reports that say things like, you know, 98 percent of my PCs in my company were updated with this software update or received this application in the last two days. We really measured our success based upon our ability to deploy bits out or get inventory and get compliance back in a period of time. That’s going to change.
Our measurement of success as we move forward in working with these digital natives and these diverse work styles is going to be measured on how easily and how efficiently we enabled our user to get access to everything they needed to do their job, independent of where they were. Independent of the device they were on. We’re going to face challenges. In the past, we had a finite number of PCs that we had to manage. You know, the pieces that were corporate owned that were managed.
Now, really, we’re going to be facing a world where our users could be working on any PC in the world, any hand-held device in the world, and you’re going to have to deliver to them a coherent and a consistent and an easy-to-use experience.
You know, I would submit that the desktop has fundamentally changed while the core pieces being the applications and the data and the settings all managed with a central identity are core, those pieces are no longer tied and tethered in a line to a single device. And we need to figure out how we enable users to get access to those anytime, anywhere across all their devices.
OK, so let’s talk about how we’re going to do this now. We talked last year about these different work styles. We went through how a task worker wants to accomplish their job or the traditional office worker or a mobile worker, a contractor. As we think about how we need to deliver on this promise of user-centric computing, there are three big areas of investment and three big areas of infrastructure you need to be thinking about: One is on a modern client, a client that’s been designed from the ground up from its inception to enable users to be productive anywhere.
You have to think about how you’re going to give access to applications and data. And I’m not just talking about access in terms of, you know, VPN and those types of things. How are you going to use the different kinds of virtualization to provide access to the applications to your user base? And then how are you going to present that to the end-user community in a consistent and cohesive way? How are you going to manage that in a cohesive and a consistent way?
Finally, you have to have a solution that allows you to orchestrate and automate all the things that need to be done. So we’re going to use this as basically the outline for the rest of the conversation this morning. We’re going to talk about the modern client. We’re going to talk about investments we’re making in Windows 7. We’re going to talk about Access and the investments we’re making in virtualization. We’re going to talk about automation and some of the things we’re doing all-up in things like Configuration Manager to give you that orchestration and automation across your enterprise.
At the very end of the conversation, the end of the day, we’re going to give you some sneak previews into what the next version of Configuration Manager looks like. Now, those of you who attended the state of the union address yesterday for Configuration Manager saw some aspects of this. We’re going to show you some additional pieces today both from the end user and from the administrator that you did not see yesterday. So I guess that’s my kind of tease out there to make sure that if I do happen to go a little bit long, you stay seated for the entire presentation.
So let’s talk for a minute about a modern client. So Windows 7 is on the cusp of being released. The RC is ready to go. You know, right now there are actually 2.5 million users around the world who are using the beta and are synchronizing with Windows Update. It’s a phenomenal operating system. You know, I’ve been using Windows 7 on both my desktop and my laptop now for well more than six months. These guidelines, these fundamentals at the bottom of this slide were we talk about performance and reliability and compatibility have just been core fundamental concepts across the entire company as we’ve worked on Windows.
I can tell you from my own personal experience, every one of my applications has just worked. I’ve not had an application that’s not working on Windows 7. The performance, I love the fact when I open up my laptop, I’m working in just a matter of seconds. To me, I take a look at this and I’m fairly critical as I look at the work that we do. And I’ve got to tell you, I love what we’ve done with Windows 7.
Now, there are three pillars that I thought would be of interest to you across the entire company, the company aligned around a set of development pillars as we built Windows 7. And the three that I thought would be most interesting to dive into and even talk about with all of you in the context of management are these three.
So first of all, make users productive anywhere. Some of the most innovative things that I think we’ve done in Windows for a long time have to do with things like Direct Access and branch cache.
Direct Access is something we’ve actually been using inside of Microsoft for several years. And what that gives us the ability to do is when your users are outside and they’re mobile, they’re outside the confines of your corporation, they can securely access all the resources behind the firewall without having to bring a VPN up. I’ll tell you, this is incredibly liberating. The fact that I can be at home, on the road, I bring up my laptop, and within seconds, without having to bring up any additional pieces, I have access to everything I need to get my job done. I’ll tell you, that is innovation, it’s secure, and your users don’t have to change the way they work whether they’re inside the firewall or outside the firewall.
Things like branch cache, which is the ability – say you’ve got a remote office that doesn’t have a server in it. When a work station goes to access some content or a software update or an application, we’ll actually check all the devices that are in that branch office because the content is already there, we’ll bring it down rather than going across the network. It’s faster, it’s less utilization on your network, and that’s a core part of what we’ve done in Windows 7 along with Windows Server 2008 R2.
The second pillar of major investment in Windows 7 is all about improving the security and control. Two things I’ll point out there: BitLocker and the ability to encrypt your hard drive, now with the concept of BitLocker To Go, you can actually encrypt things like your USB drive. So even that data on your thumb drive, all types of pieces that leave the office can be encrypted.
You know, there’s some fascinating research out there about the percentage of thumb drives that get lost during their lifetime. How many of you have ever lost a thumb drive? OK. Well, the research says that well over 85 percent of the thumb drives sometime in their lives get lost, right near the end of their life. And how much content is on there that’s going to be exposed? And with things like BitLocker To Go, they really do address that.
The other thing is AppLocker. With AppLocker, you have the ability to define a list of applications that are authorized and are not authorized to run on your PC, again, giving you that command and control that you need while you enable your users to be productive anywhere and give them some of the flexibility that they’re asking for.
Finally, we made a series of investments to streamline the PC and make it more manageable. These things like the investments we made in my organization in Power Shell. We’re actually going to cover some of the things we’ve done from a deployment standpoint to significantly decrease the cost of deploying Windows.
Right now, we are on the cusp of the largest upgrade from one version of an operating system to another in corporate history. The world is waiting for Windows 7, many organizations are going to make the choice. They’re going to skip Vista and go right to Windows 7. Some of the independent industry research that’s just come out is saying that well over 50 percent of the IT decision makers are going to start deploying Windows 7 the moment it’s released, not waiting for SP-1, they’re starting to take advantage of this as soon as they can.
Historically, when we’ve asked our customers to upgrade from one version of Windows to another, it has been one of the most expensive and complex tasks we’ve asked you to do. We really have spent a lot of time doing this. And inside of Microsoft, the team that is responsible for making sure that the best experience possible is built on a release for organizations like yourself to upgrade from one version of Windows to another, is my organization.
So if there’s one person inside of Microsoft, in all honesty, that you could direct feedback to, are we doing our job or if we’re not doing our job with respect to OS deployments and upgrades, it’s me. BrandAnd@Microsoft.com. So as you start to use these tools that are in Configuration Manager, that are in Windows 7, please let me know how we’re doing. We really have focused a lot on this.
What I wanted to walk through is historically some of the challenges that we have had as our customers have upgraded, and then we’re actually going to do a demonstration and actually upgrade a series of laptops here in the audience from one version of Windows to another showing you some of these new tools.
Let me kind of walk through the big buckets of work that have to happen as a customer upgrades from one version to another. I think about it in terms of four big areas of work. One, you have to identify and discover the hardware and the applications that exist inside your corporation. You know, it always surprises me when I’m in a meeting and we’re talking with a customer about how we upgrade from one version to another one, and one of the first questions I’ll ask is, you know, do you understand how many applications you have in your company? And I’ll see an individual, oh, we’ve got about 500 or 600. I’ll see the Config Manager and administrator on the side kind of going, no, it’s more, more, more.
You know, it’s not uncommon that I’ll talk with an organization and they’ll say, “Well, we think we’ve got about 1,000 applications.” And the Config Manager and administrator will say, “We’ve got about 5,000.” So there’s just a big bucket of work to identify what you have from a hardware and from an application perspective. Obviously, if you’ve got Config Manager or SMS built right in.
Two, you have to understand the compatibility. And historically, this has been the single largest line item as far as cost when a customer upgrades from one version of Windows to another. So once I have that list of hardware and applications, you know, then you set up on the task of going and trying to do the forensics to understand is this version going to work with Windows 7? You know, do I have to go and get a patch, an update, a new version? For your internally developed applications, you know, you’re hoping you can find the individual on the team that wrote the application, does the source code still exist?
You’ve been through this before. This is a very, very challenging set of things that we do. I’m going to give you some views in a few minutes about some of the things that we’ve done to help automate and give you a full view of the applications in your environment and their compatibility.
Third is deployment. You actually have to take these bits, create your images, replicate those gigabytes around your enterprise, deploy them down to the laptop or to the PC. One of the biggest challenges historically with deployment is how do you manage the user’s data and their state so that after the operating system upgrade, the users are able to get their work done?
And if you think about a scenario, we’ve got say 4 or 5 gigabytes of user data on a desktop or a laptop. Historically, we’ve said, OK, what you’re going to do is you’re going to take that, you’re going to copy it up to the server, you’re going to upgrade to the new version of Windows, and you’re going to copy it back down. That takes time. There’s been a concern that you’ve expressed about is it secure on the wire, is it secure when it’s on the server? We’re going to show you some things that we’ve done to keep that data local and significantly streamline that operating system deployment.
And finally, when that user comes in, let’s say you’ve done the upgrade over a weekend or over a night and they come in that morning and they log in, they’re going to expect that their wallpaper exists, that their applications exists, that their data exists. So this really is this comprehensive set of things that has to happen in order to really officially and effectively upgrade.
We think we’ve made great strides. We think working across System Center with the MDOP with Windows we can streamline your operating system deployment. And we wanted to give you a V1 of that. So with that, I’m going to ask Jeff Wetlauffer from the Product Management System Center team to come out and show us how we can do that. Let’s give Jeff a hand. (Applause.)
JEFF WETLAUFFER: Good morning, Brad.
BRAD ANDERSON: Good morning, Jeff.
JEFF WETLAUFFER: Good to see you.
BRAD ANDERSON: I always feel like I need a stool when I stand next to you.
JEFF WETLAUFFER: Good morning everybody, thank you. Well, we all know Windows 7 is coming and we wanted to demonstrate for you today how System Center has been working with the Windows Division and key partners like Intel and their vPro Technology to deliver you a quick and easy deployment solution for your Windows 7 migration project.
So we have a scenario here. The tax season is over, and the Wood Grove Accounting Department is ready to migrate from Windows XP to Windows 7. So we’ve been working with these guys and we’ve got their business requirements established, and we’re ready to go.
So the account department was so excited, they actually wanted to be here today to be a part of the deployment. So if I could ask our accounting department to stand up, we’ll get this demo started. (Applause.)
BRAD ANDERSON: I don’t know if everybody in the audience can see this, this is a pretty motley crew, and I’ve got to tell you, this is not an accounting department I think I’d be interested in hiring. (Laughter.)
JEFF WETLAUFFER: OK. So what we have, Brad, here is a collection of Dell laptops. These are running Intel vPro Technology. They have Windows XP and they’re running Intel hard drives. They’re running Windows XP SP3, Office 2003, and they have some user data sitting on there.
Now, you may notice right now they’re turned off. Gentlemen, if you could please have a seat, that would be great, thank you – ladies and gentlemen.
Now, one of the key challenges in any organization doing their deployments is that sometimes those machines that are turned off, they actually get missed in the project. So that could be a real challenge. Now, working in addition to adding platform support for Windows 7, System Center, Configuration Manager Service Pack 2 enables us to extend our vPro Technology integration with Intel to support power scenarios over wireless.
So let’s take a look at how that works, and we’ll get this deployment started.
So, you can see here, I’m sitting in front of my console. I’m running on an HP server, I’m looking at Configuration Manager 2007 R2 and I’m going to go browse through my accounting department collection. You can see here, I’ve got my collection of machines here.
And simply by right-clicking on the collection and going to the out-of-band management extension and selecting the power control feature, I can initiate a power wake-up to those machines using Intel’s vPro Technology.
BRAD ANDERSON: I want to make sure I understand what you’re going to do. You’ve got a number of laptops here, wireless, you’re going to remotely wake them up across the wires and then you’re going to upgrade them to Windows 7 wirelessly?
JEFF WETLAUFFER: Live, right now.
BRAD ANDERSON: Good.
JEFF WETLAUFFER: That’s right. OK. So you see a machine coming on. That’s right, live, we did say that. So while those machines are turning on, let’s do a quick scenario understanding here of how we got to that point. You mentioned, Brad, things like planning and compatibility. Let’s take a look at some of that.
First, you see here the understanding that we have to get around hardware readiness. One of the key challenges as Brad mentioned, is the hardware ready to run on Windows 7? Like we’ve done in previous versions of Windows, Configuration Manager provides us the ability to understand hardware readiness against the machines we’re actually running in our environment.
BRAD ANDERSON: This is fantastic. One report, you get an accounting of all the PCs in your environment that are ready to upgrade to the new version of Windows, okay?
JEFF WETLAUFFER: So like you’ve seen in the past like we did with Windows Vista, we now have that support for Windows 7.
What you’re looking at here is a hardware assessment report for my Wood Grove Accounting Department collection, and you can see here, my accounting department’s machines are all there, and they’ve all met the minimum system requirements for Windows 7.
Now, we know those machines are a fairly new kind of Dell laptop, running the Intel vPro Technology with all the current kind of effects in there, so we’re good to go on the hardware side.
BRAD ANDERSON: OK, now one of the biggest problems we talked about was application and understanding application compatibility. How do we help automate that?
JEFF WETLAUFFER: Exactly right. So the second part of that readiness testing is around your application and compatibility of that application. Here you’re looking at the application compatibility tool kit.
The application compatibility tool kit with a connector is a free add-on to Configuration Manager that allows you in one view to look at your application inventory, and in one view, we can pan across and see things like our own assessment testing, and we can compare that to the vendor or the ISV, the community, people like yourself, and even people like Microsoft.
BRAD ANDERSON: Now, this is one of my favorite innovations we’ve done in Windows for quite a while. You know, we talk about this thing, this is the largest single line item. With this solution right here, what you can see is the community can add on and talk about, you know, this is what we have found with these applications, the ISV can do it, you can do your own. We actually synchronize this data from the Web down into the compatibility tool kit, all integrated with Configuration Manager.
As far as understanding your application compatibility, this is actually one of the most phenomenal tools that you can use. If you have not used that, you should look at it soon.
Now, I see you’re on a Windows Vista tab here, but what about Windows 7?
JEFF WETLAUFFER: That’s right. So you can see here on the top we have an additional supporting list right now for the Windows 7 RC category of products. So as we go through Windows 7 RTM, this will show the current Windows 7 category.
BRAD ANDERSON: So this environment looks like you’ve got a couple of applications that we’ve found compatibility issues with. How are you going to handle those?
JEFF WETLAUFFER: That’s right. So we’ve already started our own testing. You can see the self-assessment that we filled out here. We did encounter one application, a database application that the Wood Grove Accounting Department is still migrating. So when I come back in the second part of the demo, I’ll show you how virtualization actually helps us solve that challenge.
BRAD ANDERSON: We understand the hardware, app compatibility, we’re ready to go, right?
JEFF WETLAUFFER: Yeah. OK. So our machine is now turned on over here, you can see I’m running my Windows XP computer. And just to show you I’ve got some user data, it’s about 4 gig of data. I’ve got my “my documents” open, my profile is all here, we’re good to go there. And we’re going to pull all that across to the new version of Windows 7 in an automated fashion with the new version that you’ll show you in a second.
Now, I think it’s probably about time to start this.
BRAD ANDERSON: Do it.
JEFF WETLAUFFER: OK. If I could ask our accounting department to also come with me here, we’re going to start this migration. Now, you noticed a program prompt was sitting in front of me here. That’s not typically how an organization would do this, especially overnight or over the weekend. But for the purposes of our demo here, we left it as an option.
BRAD ANDERSON: All right. So now we’ve got it going, but can you walk us through exactly what’s happening on these laptops now and how it’s being orchestrated through Configuration Manager?
JEFF WETLAUFFER: Exactly. OK. So let’s go back to our server and we’ll take a look at Configuration Manager and do a couple of checks here on how we set that up. Now, I just showed you the user data. And as we know, the OS image itself, the Windows 7 image.
One of the biggest challenges is migrating that user data. Now, everybody in the room here knows that those kind of processes are very complicated. They go through different hardware platforms, different security models. Configuration Manager using our task sequencer technology simplifies that into one pane. This is my task sequencer. This is an end-to-end process view of how a deployment will go through. And you’re looking at the one we’re using here.
If I look at my second step here, you can see here my hard link load parameters, and on the right side the values of flash hard link. I am setting up a new technology here, a new capability of user state migration tool of version four shipping with Windows 7 that allows us to actually leave the user data down on the machine.
So what we’re doing is we’re scanning the data on the machine, as you can see in front of you. We’re recording the location of that data on the physical disk and we’re leaving it there. We don’t move it.
BRAD ANDERSON: So we protect it, we wipe out the old operating system, bringing the new one down.
JEFF WETLAUFFER: That’s right. That’s right. We don’t move the data. We achieve speed because we take the locations, we scan that, and we leave it there. We never take the data anywhere else.
So let’s put that a different way for you. If I had 5,000 machines and I had about 4 gigs of data per machine, that’s about 20,000 gigs of data that I would move up the network to a location, store it somewhere temporarily, and bring it back down again. We take scan times from hours to minutes, scan and copy times from hours to minutes. We remove the network storage requirement completely for that process and we optimize our network bandwidth during that process. Quick and easy.
BRAD ANDERSON: You know, one of the things I love about some of the innovation the Configuration Manager team here has done is they allow you to build a task sequence to operate Windows in the way that you want to do it. As you look at this task sequence up here, each one of these little green circles, we get a corresponding status sent back to the Configuration Manager server, so you can get this holistic view of the upgrade across your enterprise. And when a problem does occur, you can look for categories of problems, and you can also drill down to each individual PC and see exactly where in the process the upgrade failed.
JEFF WETLAUFFER: Absolutely. This is a step process. We’re managing that, reporting back to our site database. If we had to get into troubleshooting, we can get root cause very quickly through our reporting.
BRAD ANDERSON: Great.
JEFF WETLAUFFER: As you can see, we’re doing a few other things in the process. We’re setting up our OS deployment. We’re choosing an image here, an operating system image. We’re attaching device drivers to that process, you know, truly separating the Windows image from the device drivers and the application.
We’re installing some applications like maybe the app V client, the Office 2007 product, and maybe even the Forefront client and some other Wood Grove configuration settings as well.
BRAD ANDERSON: Fantastic. So what’s next?
JEFF WETLAUFFER: Well, what’s next? We have a machine that’s actually going through a reboot right now, so we’re well on the way to a deployment. I have shown you here how System Center works with the Windows division and key partners like Intel and their vPro Technology to enable a quick and easy Windows 7 deployment solution.
So we’re going to get these accounting guys up to Windows 7 from XP in this session. So I’m going to come back later on when this is finished, and we’ll show you the results.
BRAD ANDERSON: All right. Thanks, Jeff.
JEFF WETLAUFFER: Thanks, Brad.
BRAD ANDERSON: All right. We’ll see you back in a few minutes. (Applause.)
Now, one of the things that Jeff mentioned there is System Center Configuration Manager Service Pack 2. We’re announcing that this service pack will be available within 90 days of Windows 7 shipping. And this is where we’ll have the compatibility for Windows 7 and Windows Server 2008 R2. The USNT integration with the new USNT migration tools, integration with things like Direct Access, things like Bit Locker and the branch cache capabilities. So look for this. It will be available within 90 days after their release of Windows 7.
Now, we talked about the modern PC and we talked about some of the innovations that we’re doing inside of Windows, inside of System Center, and how we can help that upgrade and get the operating system deployed and make sure that users are productive when it’s done. I want to talk about the next layer in this stack as we talk about the innovations and the work we’re doing to enable user-centric client computing. It’s what I call Access.
Access is all about the different ways that you can provide and enable your users to get their applications. And this is where virtualization is just an absolutely core, fundamental part of this. And there are different kinds of virtualization. And often I get asked, you know, what should I use where and when should I use application versus hardware versus presentation versus VDI? You know, I think it’s an amazing innovation that we’ve done as an industry, and there’s been a lot of innovation. If you think about some of these areas of innovation, they’ve really only come to life in the last couple of years.
What I want to do is just spend a couple of minutes talking about how I think about these different kinds of virtualization and how we think about how they’re used and the specifically problems that they address on the PC. So let’s start going left to right.
So hardware virtualization. I think about virtual PCs. Historically, as the industry has talked about in virtualization, this is the kind of virtualization we talked about. How we use it on the server is actually much different than how we use it on the desktop.
On the desktop, I think the primary use that we’re going to see on this for the next couple of years is as a tool to help us with application compatibility. Despite our best efforts – and believe me, we tried hard as we release new versions of Windows like Windows 7, they’re going to be some set of applications that you have, whether they’re from an ISV or from your own internally developed applications that are going to be incompatible with Windows 7.
Historically, there’s been a big problem because you had to figure out a way to update that or you had to run it on a terminal server. There were workarounds, but the workarounds really required you to do things in a way that wasn’t integrated. So what we’ve done now is with the Med-V capability, which really rides on top of Virtual PC, we can address the application to OS compatibility problem. And when you do have those applications that have a compatibility issue with Windows 7, you can seamlessly manage that with MDOP and with Configuration Manager. And when your user clicks on that icon, it’ll spin up an XP image, for example, in the background, but all the user sees is the application. They don’t know that there’s another operating system running there.
So by doing that, we help you address that compatibility issue. I think as we continue to progress as an industry on this, you’re going to see us start to use harbor virtualization for some more flexible working files as well, like the ability to take your desktop home on a thumb drive and be able to plug that into a PC and have a secure and managed environment for your corporate desktop.
I think about uses of this where you might have individuals – you might allow them to bring their own PC to work, but you want to deliver them down the desktop in the form of a virtual hard drive. So I think I see a lot of future in how we’re going to use that.
Application virtualization, to me, is one of the most incredible innovations, one of the most incredible new things onto the market in the last several years. We’ve historically had this issue where you deploy an application and sometimes it’ll damage or adversely impact another application. With application virtualization, those problems are in the past. You package up your application and because everything runs in an isolated fashion, you can deploy those applications with a great deal of confidence that it’s no longer going to damage anything else on the system.
Let me give you an interesting data point. We spent a lot of time benchmarking customers that we think have deployed best practices. And as you look at organizations that are kind of basic in their process it’s about a four-week average from the time that an IT organization is asked to deploy a new application, for them to package it, test it, get it deployed. If you’re using application virtualization, the average we see there is two to three days. So significant agility and significant decreases your cost.
Presentation virtualization, so the work that we’ve done with Windows terminal or remote desktop services and our longstanding partnership with Citrix, you know, historically we’ve used this for things like remote access, anywhere access. If you’ve got a problem application that’s misbehaving, you can isolate that and run that from a terminal server. You know, I actually think we need to make more use of presentation virtualization. And one of the ways that we’re going to do that is we’re going to deeply integrate presentation virtualization into the same tool configuration manager so you have this in a consistent way both for the administrator and for the end user to access these applications.
Then you have VDI. If you think about VDI, it’s really a combination of the first three that I mentioned. The desktop is running in the data center, using harbor virtualization in a well-managed VDI environment, you’re going to use application virtualization if you still want those same benefits of isolating the applications. And then you’re using presentation virtualization to bring the experience back to the user.
Now, a lot of innovation, but there are some challenges in that today there is not a consistent way to manage this, there’s not a consistent way for the end user to use it. And I’m going to talk about that in a few minutes, but I wanted to give you some insight into some customers that are using this today and the benefits and the agility that they’re seeing with things like application virtualization.
So we’re going to look at Cox Communications, one of the world’s largest cable providers, and see the benefits that they’re getting from this.
BRAD ANDERSON: As you can see there, as we talk about technology like application virtualization, the tension I think many of you feel in terms of how do I decrease my costs and at the same time increase my agility, you know, some of the technology that we’re working on like application virtualization allow you to do both of those. And you hear numbers like a 25 percent decrease in cost at the same time increasing the agility from an organization that’s diverse and as broad as Cox. These are the types of benefits that you should expect and you should demand from these solutions.
So as I kind of think about this again, I think about these different ways to access applications. And you think about the different kind of users you have. You’ve got your Office user who’s going to have a series of rich applications that are running on that desktop. Certainly application virtualization is going to be core there for you to decrease your costs and increase your agility.
Mobile users, again, you’re going to want to use application virtualization, presentation virtualization I think will be a core part of that. You think about contractors. You know, many of you may have policies that they use your corporate devices, maybe they don’t. So you can use VDI, you can us things like presentation virtualization. Really, I think the key message here is one size does not fit all. There’s an incredible amount of innovation about how you can get access and give access to your users to applications.
And one of the key things that you should be looking at is who has the broad portfolio of virtualization capabilities and who is bringing those capabilities together in a way that gives you a consistent administrative experience and a consistent end user experience integrated with a broader management solution.
And that’s what I wanted to spend a couple of minutes talking about because there are those in the industry that would tell you that virtualization equates to a management solution. I’m here to tell you that it’s just not true. Virtualization is a core and a foundational component of any management solution, especially on the client, but it is not a complete management solution.
You’re going to have this combination of distributed and centralized desktop. You’re going to be using virtualization in both of those, but you need to surround that with a comprehensive management tool that allows you to set what your desired state is and get back status from a compliance and from an inventory of those types of pieces and constantly give you that ability to look broadly and completely, comprehensively at your desktops, at your handhelds, at your laptops, set that policy, get a status back.
Again, application virtualization, hardware virtualization, presentation virtualization, VDI. Core, fundamental building blocks for your future integrated with a more comprehensive management solution.
That’s what I want to transition to next. If you think about what you really need to have to effectively move IT from being a cost center and really something that’s not a business enabler to truly being a business enabler and a strategic asset, you have to have comprehensive tools that help you from a technology perspective, from a process perspective, from a people perspective. And so I’m transitioning now from access to orchestration.
Having this comprehensive orchestration solution allows you to increase the maturity from a technology, from a people, and from a process perspective is the only way that you’re going to help your organization, your IT really become that strategic asset and business enabler for your company.
We’ve been talking with you for a number of years about this concept of helping you identify the steps you can take to move from a cost center to a standard organization that is efficient and really become an enabler for the business. What I want to talk to you now about is some expansions and some additions that we’re making to the System Center portfolio to help you manage the people and the process side.
It all comes with the power of integration. So, I’m going to give you an update of where we’re at with System Center Service Manager, and then we’re going to give you a demonstration of how this integrates with the rest of the System Center portfolio to manage and enable your client.
Before we do that, let me give you an idea of how we think about and how we architecturally think about the Service Manager product. First and foremost, there’s just a core set of capabilities that any Service Manager product must deliver. Incidents, problems, change, asset management. Core foundational pieces that need to be there and need to be integrated with the rest of your business. These capabilities inside of Service Manager are built on a Service Manager portfolio and we do think about Service Manager truly as a platform.
In that platform, you’ve got a data warehouse, you’ve got a configuration management database, and you’ve got a set of work flow capabilities based upon the Windows work flow assets. This foundation then is able to communicate with the other components of your business and of your infrastructure. So communication with Ops Manager, Configuration Manager, the assets from System Center, Active Directory, as well as the ability to have this be integrated and communicate with the other components of your infrastructure.
If you think about this in terms of a platform, we’re going to have a rich partner ecosystem that is going to continue to extend this, and we’ll have partnerships for example that not only will extend on top of this, but in the case of Service Manager V1, one of our partners, Provence, is actually going to be delivering the asset management component of the overall solution.
So this is how we think about Service Manager. And we think about this really not only as just a solution that allows you to manage that process and your people, but in many ways, this is a unifying component that brings all the different aspects of System Center and the desktop optimization pack and Windows together and allows you to get that end-to-end management perspective.
Let me give you a common scenario here. Let’s say that you’ve set up a desired configuration management policy. You’ve gone out and you’ve scanned your system. There’s a scan chart that comes back, and you start to identify where there’s been deviation or drift in your PCs, in your server, in your laptop across your infrastructure.
What service manager should do is that should automatically generate an incidence that’s populated with the information that’s come back from Configuration Manager or from Operations Manager, and then allow you to orchestrate whatever change and however you want to make that change across people, across process, and across your technologies. That’s what we want to show you this morning.
To do that, we’re going to invite Clare Henry who is actually the product planner of System Center Service Manager to come out and walk through that exact demo. Let’s give her a welcome. (Applause.)
Good morning, Claire.
CLARE HENRY: Hi.
BRAD ANDERSON: Thanks for being here.
CLARE HENRY: Thank you. It’s an honor to be here today and present System Center Service Manager 2010.
Service Manager orchestrates people, process and technology, making it easier for me to do my job, and making it easier for my organization to manage compliance.
So today I’m going to demonstrate how Service Manager, through the integration of work flows across Service Manager, the integration of information and knowledge and the integration of IT processes delivers a compliance solution. From the detection of a noncompliance scenario, through full remediation.
So as I look at our System Center console, you can immediately see it has a familiar System Center look and feel. My primary focus as an IT analyst is here in the work items space. It’s here within a single, integrated view that I can manage my activities, my change requests, and incidents.
(Break for direction.)
CLARE HENRY: So when we look at this incident, this is actually a compliance incident. Now, the source of this incident is Configuration Manager. As Brad indicated, we can collect a DCM drift, and then Service Manager automatically created this incident.
When I open the incident, you’ll see that when I open it for the first time, it’s already pre-populated with a lot of rich information. So in looking at this, not only did Service Manager automatically generate the incident, it collected the relevant information. So I see that we have an end user here, Lyle, who has actually installed some unauthorized software on his desktop. In this case, it looks like Flight Simulator.
BRAD ANDERSON: That’s a nasty one.
CLARE HENRY: It doesn’t stop there. One of the things I absolutely love about Service Manager is that it’s easy to implement and it’s easy to adapt to my organization’s requirements. Throughout Service Manager, we’ve implemented the best practices from frameworks like MOS, ISO, and (inaudible) Then through Service Manager’s flexibility and its easy authoring, I can embed my organization’s decisions.
So when I look at this, I see that this incident’s been assigned to me and that is has a category already of noncompliance and it’s a medium impact. So now that I have this rich information, I can easily move on to resolution.
I’m going to take a look at related items. And in looking at related items, I see that there’s an article here under knowledge base. In opening it, I get a lot more information about this specific policy and I can see, yes, our finance department does not want their users to use Flight Simulator or this Easy Investment tool.
BRAD ANDERSON: Sounds good to me.
CLARE HENRY: And when we think about this, we should have in this policy what we should do next. So this is actually a well-written policy. Not only does it describe the policy, it identifies the next steps for remediation. In this case, our organization has decided that — if this situation occurs, we should apply App Locker. App Locker is a new Windows 7 feature that prevents unauthorized applications from running.
BRAD ANDERSON: Great, so how do we actually then orchestrate that?
CLARE HENRY: So the best thing about this is now that you’ve seen Service Manager automatically detected the drift, created the incident, now through the power of its process integration, I can actually create the change request right here from within the incident. Presented with a number of change requests. Brad, this one looks like it might work. It says, “Apply App Locker policy.” Try that one.
And by using a pre-defined changed request, I’m confident I’ve got the right process steps and the right path for approval.
Process integration isn’t just about being able to manage incidents and change requests within the same tool. Process integration is about integrating work flows and information. So when I look through related items, I can see that our incidence has been linked directly to our change request.
BRAD ANDERSON: That’s great.
CLARE HENRY: This does a couple things for us. The approver, in this case, has immediate context and associated reasons, and for our IT auditors, we can demonstrate to them not only do we have the policies, it’s actually in place and it’s working.
So let’s take a look at what actual process activities are associated with this change request. The first is an approval. Brad, I’ve got you indicated as the approver today.
BRAD ANDERSON: Great.
CLARE HENRY: But that really doesn’t do enough. If you approve it, we’re not sure that App Locker has actually been applied. So I think we need to add an activity ensuring App Locker’s applied.
Service Manager is highly extensible. Through its authoring tool and the Windows work flow foundation, I can create automated activities that execute code, work flow, and scripts like power shell. I like the name of this one, it says automatically add. By clicking on it, I’m tempted to type in Lyle’s work station and a group policy name.
What I’ve done here, Brad, now we have two process activities. The first is your approval, and once you approve it, that automated activity will actually kick off and it will add Lyle’s work station.
BRAD ANDERSON: So in this case, that activity is actually going to then communicate out with Active Directory, add that work station or that approve, and then that App Locker policy will now be set?
CLARE HENRY: Correct.
BRAD ANDERSON: And if Lyle tries to execute Flight Simulator, it actually won’t execute.
CLARE HENRY: Absolutely right. Absolutely right.
BRAD ANDERSON: Great.
CLARE HENRY: And so in this case with the deep integration, I’ve been able to easily move through the process and have confidence I’ve done it correctly.
So, Brad, what I’d like you to do now for us is actually go over and approve that so we can ensure it’s done. Your lovely family there, Brad.
Notice I’m giving Brad a more limited view because the only thing we want Brad to do is approve things. So we’ve given him a more limited view. And we see that you have this process activity here. Do you mind if I approve it for you?
BRAD ANDERSON: Go ahead.
CLARE HENRY: Thank you. And he could look at it and he could get more information. In this case, we’re just going to have him approve it. And you could type in a message here. Maybe you want to say something like service manager rocks, or —
BRAD ANDERSON: I’ll just click OK in this case.
CLARE HENRY: OK.
BRAD ANDERSON: But that is a true statement, for the record.
CLARE HENRY: Now going back to our scenario, we can actually take a look and now Service Manager would actually add that to Lyle’s machine, to the App Locker group policy.
BRAD ANDERSON: So we start with this concept of Configuration Manager identifies that there’s been a deviation or drift, in this case, an unauthorized application. Incident gets created, we automatically then have the change in the approval on this, the policy is set, and remediated.
CLARE HENRY: Yeah. So through the deep integration, I’ve been able to easily do my job, and have confidence that Lyle cannot run all those applications such as Flight Simulator.
BRAD ANDERSON: That’s fantastic, Clare.
CLARE HENRY: Thank you.
BRAD ANDERSON: Thank you. Let’s give her a hand. (Applause.)
You know, we’ve been investing in this Service Manager product for a number of years now. Where we’re at right now is beta 1.0 is available. In fact, all of you attending have access now to a community technology preview. Beta two of this will be released in the second half of calendar year 2009 with the release in the first half of 2010.
Now, it’s really interesting. One of the most common questions that I get on this is, okay, so Brad, how are you going to bring this to market? How do I get access to it? I’m going to walk you through that, but first I want to talk about this idea of a comprehensive management solution. If you think about the evolution of System Center, it started out as a desktop management tool, software distribution, inventory, remote assistance. You know, we started to expand on the portfolio, monitoring, OS deployment, these different aspects of the pinwheel.
Well, the portfolio continues to expand. And one of our key things as we think about this expansion of the portfolio is how do we bring this to market in a way that’s incredibly easy for you to consume and incredibly easy for you to get access?
First of all, if I take a look at the client side and the assets that are available on the client from the System Center perspective, you’ve got Configuration Manager, Operations Manager. You know, we started to talk about – we released an update to Data Protection Manager in January that added client functionality capability, and now Service Manager.
So the first thing that we’re announcing today is that we are creating what we call a System Center client management suite. So in the same way that on the server you have a server suite where it’s one SKU, you can purchase that one SKU and you get everything you need to manage your servers and your data centers, we’re doing the same with the client.
The other thing that we’re announcing is we’re going to take this client management suite and we’re going to add substantial incremental value to the customers who have purchased the enterprise CAL from Microsoft. Many of you in the audience are already owners of the enterprise CAL. What we’re announcing our intent here is that this client management suite with Ops Manager, Data Protection Manager, Service Manager will be a component of E-CAL. So if you’re licensed for that, I would highly encourage you to go to the Service Manager session and start to look how you can take advantage of this as quickly as you can. OK, is that exciting? I think it is. (Applause.)
Again, we’re trying to simplify, simplify, simplify. I take a look at the architecture of what we’ve built with Service Manager and I compare that to what’s available on the market with Service Manager and Service Desk, this is incredibly integrated. It’s integrated with what you’re already using to manage your desktops with Configuration Manager and MDOP. It’s highly integrated across the entire portfolio, and from an acquisition and deployment cost, it will be the low cost return on investment solution on the market bar none. We’re setting a high bar on this one.
Now, let’s bring Jeff back online and it looks like these laptops have finished. Let’s bring Jeff back and take a look at what’s happened. Jeff. Welcome back.
JEFF WETLAUFFER: Thank you. OK, folks. Well, we’ve had a bit of time here to finish the deployment. And let’s take a look. I think we’re finished. Looks like everybody’s sitting in front of the laptops and there’s lights on. I’ve got my machine up in front of me that’s also been migrated.
So there are a couple of ways we can double check our settings here and just double check on our reporting. The first thing we can do is we can actually go in and look at the actual advertisement status report within Configuration Manager. So what you’re looking at here is the report status of that OS deployment. So we had an acceptance of 20 machines. We had them all go through the different stages, and they’ve now registered back that they’ve succeeded and we’ve got 100 percent completing. So I’m feeling pretty good right now.
BRAD ANDERSON: Yeah, and if there was a problem, I could drill into here and actually see where the process had failed and get to that root cause quickly.
JEFF WETLAUFFER: That’s right. If we had any kind of challenges down the left side, we can drill down in and get down to those green check marks from the past sequence and see what step we encountered problems on.
BRAD ANDERSON: Great.
JEFF WETLAUFFER: Let’s take a look at our laptops and see what we have here. So here in front of me I have my Windows 7 machine that I’ve migrated to. I have a new Wood Grove Accounting Department standard. We have Windows 7 as the OS, Office 2007 running as the standard Office product.
I can show you that by going into the programs, going into Office, selecting Office 2007 version of Access, and that is running locally.
BRAD ANDERSON: Now, one of the things we talked about was there is an application that had a compatibility issue. How are you going to use virtualization to address that here in Windows 7?
JEFF WETLAUFFER: Exactly. So as Brad mentioned, in the past testing there we encountered the Wood Grove Accounting Department running a database that had a small challenge running on Windows 7. So we used a technology in the MDOP licensing package called MEDV, or Microsoft Enterprise Desktop Virtualization. What this allows us to do, it presents that old legacy application to the user in a seamless experience on their desktop.
Now, what’s happening behind the scenes here is this application that I’m just showing you now is running on a — we’re spinning up a version of Windows XP in a virtual machine on the actual target machine, and we’re exposing the application out to the user in their start menu or on their desktop, however they’re used to seeing them. And within here, I can just launch the application, open the database, and that is sitting there in front of me now.
BRAD ANDERSON: One thing I think is incredibly nice about this is the user just sees the application. It’s integrated into their desktop, we’ve mapped things like the printer so it is a seamless experience for that user, but addresses that critical need of you’ve got an application that has a compatibility issue.
JEFF WETLAUFFER: Yeah, so what we’ve done here is we’ve deployed a new corporate standard for the accounting group. They have Office 2007 and we have deployed that old application that had a challenge at the compatibility level through MEDV and the virtual desktop technology that we present there. Seamless experience running two versions of Office side by side, one virtual, one physical.
So I have shown you how System Center has been working with the Windows division and key partners like Intel and their vPro Technology to deliver you a quick and easy Windows deployment solution.
BRAD ANDERSON: Thank you very much. Give him a hand.
JEFF WETLAUFFER: Thank you.
BRAD ANDERSON: Thank you. (Applause.) You can tell Jeff was fighting through a cold this morning, and I think we got him off the stage just before his voice left.
OK. So let’s talk now a little bit about online. Last year, we talked with you about our intent as a company is to build all of our technology in a way that you can chose to consume it on premise in your data centers with the command and the control and all those things that you’re accustomed to there, or if you choose to use it as an online service in a software as a service method, we want to give you that flexibility as well with the ability to federate those two, an on premise and an online, and actually have the ability to have some run on some of your desktops or PC be managed in an online fashion, some in a traditional on-premise fashion, but have that federated through things like a common directory as we federate Active Directory between the cloud and your on-premise technologies as well.
Now, we’ve been doing a lot of work in the online world. OK? Microsoft has got a rich history and a rich set of experiences in running online services. Last month, Windows Update updated more than 650 million PCs around the world. 650 million PCs. You know, we go through more than a petabyte of data on that every day. We know how to run these, we know how to build these.
We have other assets like Hotmail. 450 million users, we send over 50 billion pieces of mail every month on that. We understand the concept here.
So what we’ve done form a System Center perspective is we’ve asked the Windows Update team to extend Windows Update to do things like inventory, monitoring, remote assistant, host protection. What I’m announcing today is that we are working on a product we call System Center Online Desktop Manager. Not only are we working on this, it’s about to enter into a beta with a select number of customers with the general availability from a beta perspective happening later in 2009 and the release in 2010.
Now, from a System Center Online perspective, a couple of questions you’re going to ask. One, what capabilities are in it? In the version 1.0 of System Center Online, you’re going to have host protection. Okay? All the assets from the Forefront brand, anti-spy, antivirus, anti-malware, that security will be deeply integrated with asset intelligence inventory, remote assistant, monitoring, group policy and configuration management effectively from the cloud.
So you’ll have a very basic solution that scales and is highly secure in this V1. This V1 will release in 2010. Then our intent is that we will release updates to System Center Online every six months. As a service, we’ll start updating this and adding new functionality, software distribution, federation with Active Directory, delegation of authority, all the other pieces that you’ll be looking for to be added into this as we continue to enhance and to enrich the solution.
Now, form a customer value perspective, as you think about System Center Online, there are a couple of things I want you to keep in mind. One, simplicity. It’s incredibly easy – literally, it’s minutes from the time that you subscribe and you purchase the license to where you’re actually managing your desktops because you have no infrastructure to deploy in your environment.
It’s entirely run out of our data centers based on that Windows Update infrastructure. We’ve integrated security and management in a very, very deep way. It’s highly reliable, it’s highly secure, it’s built on that same infrastructure that Windows Update is built on.
Now, question for you: Would you actually like to see what System Center Online looks like? (Applause.) OK. Let’s have one of the lead program managers from System Center Online in Craig Marl come out and show you System Center Online. Craig. Let’s give him a hand. (Applause.) Welcome.
CRAIG MARL: Thanks, Brad. Thanks, all, it’s really exciting for me to be here to be able to introduce you to System Center Online for the first time. As you heard from Brad, System Center Online is really a very tightly integrated, easy to use, security and management product without the traditional overhead that you’d normally associate with on-premise infrastructure.
When we were building and designing System Center Online, we really had kind of three pillars to guide us in our decisions. First, we wanted to make sure that it was easy to use and acquire. So from purchase to managing your first machine takes less than an hour.
Secondly, we really wanted to make sure we streamlined those management tasks. We have a single console to manage your machines no matter where they are, whether they’re inside or outside of the corporate network. Thirdly, we wanted to really tightly integrate security and management together. So that means host protection, policy-based settings, management for your security settings, and of course world-class patching and updating.
So with all that said, let’s take a look at System Center Online. You can see as I start my console here on the left-hand side, I have all the functionality that Brad talked about. I have my updates, host protection, malware protection, software for my assets, and of course reports on all these things. And on the right, I can see this high-level overview that really gives me a quick and easy way of homing in on exactly where the problems are in my environment.
So I can see straight away here I have some pieces of malware that have recently been resolved. I have a few update failures. I have some updates that I really should go and approve. Policy is looking great. And I have some alerts that I should go and pay attention to.
Now, you’ll see this general pattern repeated throughout the console application. And we want to make sure that we give you the right information and the right context to map to the tasks that you’re actually doing. So for example, let’s say it’s patch Tuesday and you want to manage your updates.
So you’re managing and reviewing updates and you can go drill down and see just the update-related information. If I’m particularly concerned about a malware update, I’ll move over to my malware work load, and I can see everything scoped down just to malware.
And the same if I’m troubleshooting computing groups, I’ll go to my computing groups space and I’ll be able to drill down and see exactly what’s going on with my computer.
Let me walk you through a scenario that I think really shows the strength of the integration between the security and management pieces.
Let me select, for example, in my Las Vegas group and I can see straight away we’ve bubbled up the key information. I can see I’ve got a computer that needs updates, and I’ve got a computer that’s recently got some malware.
I’m going to dig in on the malware because that’s the one that concerns me the most right now. And I’ll go straight down, and you’ll notice that one of the key things we try and do with System Center Online is give you just right information when you need it without making you sift through a whole bunch of lists of objects. So you can see my view immediately has been filtered just for those machines that have malware.
I can see Chris03 here recently had a piece resolved, everything else looks good. Let me go find out exactly what that’s about. I’ll go drill straight down. I see the malware engine blocked and cleaned a virus. Has anybody heard of this one? That’s OK, if I don’t know exactly what it’s about, the great thing about System Center Online is it pulls together expert information for me. So I can simply click on this “view more information” button and this will take me straight to the Microsoft malware portal where I can read everything I want to know about this particular virus. I can even get direct access and see exactly what patches are available to go and fix these issues.
I can see here 958644 is a patch that’s available to resolve this virus. Because there’s nice integration between security and management, I can simply switch over to the update tab and I can see that, in fact, yes, 958644 is the update he’s missing, so let me go check in and find out if that’s actually approved for this machine.
Now, you can select that and I’m taking straight to the update. My context changes from computer to update because I’m now dealing with the update, and I’ll go look at the approval for this update. And straight away I can see what my problem is. It’s only approved for my headquarters machine, but none of my branch offices. I’ll go ahead and fix that, nice and easy.
And now really I probably want to let my colleague know. I share my administration duties with my peer, Joe, and I really want to let him know exactly what I’ve done and that we dropped the ball here on this one. Now, normally if I want to send an e-mail to Joe, I’m going to have to get a post-it note, I’m going to have to scribble down the name of the update and type it up, but one of the great things about System Center Online is that every single object that you manage in is actually linkable.
So what I can easily do is I can just send Joe a link to this information and Joe will be looking at exactly the same stuff that I’m looking at.
BRAD ANDERSON: That’s really an amazing innovation that every single object is linkable. Just let that sink in for a minute. But I’m curious, Craig, what’s the interface, how does that linkable actually expose itself inside of System Center Online?
CRAIG MARL: OK. I’ll show you, very easy. I’ll just hit F-11 here to show you the browser, and of course everything is browser-based. We built the whole console inside of Microsoft Silverlight. So I can take this link and I can simply copy it and past it in the e-mail and send it to my colleague.
BRAD ANDERSON: So the beauty of Silverlight is anywhere I have access to any type of a browser, I have access to the administrative console.
CRAIG MARL: Absolutely. So it doesn’t matter where your machines are, they can be managed. It doesn’t matter where you are, you can manage your machines. And if you’re like Joe and you want to use a different kind of browser, let’s for example say Joe wants to use Firefox, that’s OK because everything runs exactly the same. And I paste that in and Joe’s taken to exactly the same information that I saw right there inside of Internet Explorer and his experience is exactly the same as mine is.
Now, I know that’s just a quick look through a few key features of System Center Online, but hopefully you can see how it really delivers on that powerful promise of tightly integrated management and security without that cost of on-premise infrastructure.
BRAD ANDERSON: Fantastic. Thank you.
CRAIG MARL: Thanks a lot. Thank you, Brad. (Applause.)
BRAD ANDERSON: Did it hit you what you just saw? I don’t know that it quite did because I didn’t hear some of the applause and stuff. I mean, really think about this. Based upon that Windows Update infrastructure, I come up with the same online portal that I use to provision all those Microsoft Online assets whether it be SharePoint, Exchange, whatever the solution is, I provisioned, within minutes I’m managing my devices. It’s all done from a browser using a rich Silverlight application that I can access anywhere in the world that I have a browser. That’s actually showing how the paradigm has changed and how things are moving to online, moving to delivering from a software as a service perspective is incredibly powerful.
As we think about some of the work that we need to do obviously — now get this integrated and federated with Configuration Manager and we’ll do that work and it’ll all be keyed off of having a common identity being Active Directory. The company as whole is working on how we’re going to federate Active Directory. So the same directory, the same identity that you use to manage and secure your enterprises today will be used from an online perspective. I think it’s incredibly powerful.
Let’s go to the most common requested slide that we have at MMS, and that’s the roadmap. So as you look at the roadmap here, you can take a look at what our release schedules are. These are all bottoms-up schedules form the engineering team. And you can take a look at the entire portfolio of System Center, of the desktop optimization pack online. Three things I want you to notice in the roadmap. Number one, every one of the core assets of the product line is being updated and being refreshed. A lot of that is happening in conjunction with Windows 7 and Server 2007 R2 coming out. But in those core assets and those anchors of the portfolio, you can see that we are on this schedule that we committed to you that every other year we would be releasing new values, new updates to the product. Nol. 1.
No. 2, the second point I would make is you see us extending the portfolio going into new places and looking at how we can take advantage of these paradigm changes that are happening with things like online.
Finally, I think you’ll notice that there are a couple of lines – take a look at the desktop optimization pack and the online, you can see us being incredibly agile I how often we’re updating these products. You can take a look, each year, we are updating the desktop optimization pack twice. Each year as we come out with System Center Online, we will update that with new capabilities twice a year.
OK? I think the thing that I am most proud of being an engineering lead inside of Microsoft is the execution of the team inside of the Management and Services Division. We know that you’ve placed bets and you have a great deal of how you run your business based upon the technology that we build and we deliver, and we do take that very seriously.
So we take these roadmaps and these commitments very seriously. Next year we’ll come back and we’ll give you an accounting of what we’ve done, how we’re delivering it, and give you that next set of commitments as far as what the roadmap will look like.
Now let’s go spend some time and let’s go dive into what the next version of Configuration Manager is going to look like, and specifically how that really becomes the anchor of how user-centric client computing is delivered.
Now, when we started on this mission, we started with what we thought was pretty simple, this function user X should have access to application Y. Seems pretty simple, right? And many of you are probably thinking, you know what, Brad, I can do that today because I can target my applications to users. This is much more fundamental that user targeting. It’s much more challenging than what the industry has thought of with respect to really thinking about the user and being user centric, where today we kind of thought about user targeting as a proxy.
So let’s talk about this in a little bit more detail. I’m going to kind of take a little bit of a walk down memory lane for a minute. If you think about the technologies that are in market right now, for managing the desktops, they all have their inception in the early and mid ’90s, desktop management is what the industry would term when it first started. The desktop was a very, very strong proxy for the user, pretty much a one-to-one mapping. The desktops were tethered. You know, they were wired into the wall, not mobile. But even in that environment, you could target the user, but the user was only a proxy for the device because at the end of the day, if the application required more RAM, it required more disk than what their device had, the user X did not get application Y. Does that make sense?
Now, the industry progress. Laptops came out, we started to add capabilities like checkpoint restart, update, but still grounded in the fundamental solution that was made for desktops. Handheld devices explode, and we’re still working on the infrastructures that really were designed to manage a desktop. You know, this is where we’re going to change the paradigm and put that user front and center.
On the right-hand side of this, what we’re talking about is now everything that we do should focus on that user. We should think about that user, and that user should be the center of our gravity. We should be able to assign a policy, any type of a policy to that user and the system should be able to sift through all the mass of data, identify the affinity between the user and the work station, and conditionally deliver down what the user needs.
It sounds simple, but let me give you a couple of examples of what we try to do today and fall short compared to what we want to enable with this user-centric client computing. Let’s think about something about wake on LAN. Many of you want to do your OS upgrades or your significant upgrades to applications at a time when the users are not presence, so you want to take advantage of things like wake on LAN. In a world where you’re doing user targeting, the user has to be authenticated on the device or you have to have some type of a system that tries to identify what the relationship of a user to a device is, and it just doesn’t work.
And so today you have a policy and all your PCs go off. You want to go deploy a new version of Office or update your PC, you say go wake these PCs up, but you really don’t have any idea of what this mapping of users to PCs are.
In the world of user targeting, you know, sure, I could roam from one PC to another. But when I leave my primary PC and I go to a PC that I’m just going to be a transient visitor on and I log in, do I want to have all my 20 applications come down and be installed? No, it’s going to take more time than I want. What about the licensing ramification of that? Do you really have licenses for your applications to be installed on every PC that enables any user to be productive on any PC?
And then think about that as you expand that past the borders of your corporate IT and your corporate devices, you never want to deploy an application on a non-corporate device because that’s now a license that you have to track and you’re responsible for.
So as an industry, we’ve done things like we use a combination of things like presentation virtualization and different ways to address these problems, but it’s not in a cohesive solution that gives you that consistent way to administer it and a consistent end-user experience.
So as we think about this concept of user-centered client computing, fundamentally, there are four things that you have to deliver to the user for them to be productive: their data, their apps, their settings, all managed by a central identity. Now, to do this, a lot of the innovation that we’ve been doing in this next version of Configuration Manager and really across the entire portfolio winds up in these two big buckets of investment, one called user affinity and one called conditional delivery.
In the concept of user affinity, this is all about being able to understand the relationship of users to devices. If we’re thinking users first, we have to have a solution that allows us to identify things like what is the user’s primary PC? When a user logs on a PC that the user’s not been before, is that a new PC for that user or are these a transient visitor and how should I react to that? So user is going to be a kind of part of this.
You know, I mentioned before that historically as you build these solutions, one of our kind of guiding mantras has been the user should never know we’re here. With these digital natives entering the work force, we want to partner with you. You’re going to want to have the ability to interact with them and maybe even ask questions like is this your primary PC, are you a visitor on this PC? And then give that user some ability to interact with the system as the system is adjusting and delivering the application and the services in the appropriate manner. And that’s where we talked about the conditional delivery.
You want to have an intent-based system where you as the IT professional as IT can define how you want an application to be delivered to a user based upon their working environment. You understand and you have a policy about when you want to use presentation virtualization, when you want to use application virtualization, MSI — you have all these different access methods.
What we’re going to do with this conditional delivery concept is give you that ability to define that intent and then real time on the system when the user goes and logs into a system, the system will intelligently adapt and conditionally deliver down that application to the user in the most appropriate manner based upon the policy and the intent that you have defined. Does it make sense?
Now, at the core of this and at the core of everything that we’ve been doing with Dynamic IT is the concept of a model. To the extent that we can work with you to define models, those models are repeatable, they give you the ability to define one thing and then have that applied and automated across all of your organizations. At the core of this is this concept of an application model that contains that meta data about how you want the users to work given their working environment.
So now with this right here, we think about a consistent administrative experience that integrates every different kind of access methodology that you want to use in your organization to deliver your users the things they need to get done. You also are thinking about it in terms of a consistent end user experience so that the end user does not have to be trained to adjust their work style based upon the device they’re on, the location that they’re at. You’ll be able to interact with them, but ultimately the system, based upon this model, will automatically, dynamically, and intelligently adjust.
Now, is this something you’d like to see the work that we’ve done the work in the next version of Configuration Manager? OK. (Applause.)
All right, so, no MMS would be complete without a demo from Bill Anderson. So with that, we’re going to bring Bill out who actually has been the center of gravity of what we’re doing around user-centric client computing to show you how these things come alive both for the administrator and for the end user in the next version of configuration manager. Bill.
BILL ANDERSON: Thanks, Brad. (Applause.) Nice seeing you again.
BRAD ANDERSON: Yeah, you too.
BILL ANDERSON: OK, I have a public service announcement —
(Break for direction.)
BILL ANDERSON: My job got a little easier because Brad actually set up everything that I’m going to do for you, so all I get to do is spend some time in the console and show you exactly what Brad was talking about. The fact that we spent the past 18 months really reinvesting in user X gets app Y and how we can do that effectively so you guys can really think users first.
So I’m going to start this off on the console and show you a simple scenario with a complex app to make this real. Now, the first thing you take a look when you see the console, as Claire indicated, we’re also moving to the System Center user experience. So, again, you’ll get that consistent set of experience as you go between Service Manager, Operations Manager, Configuration Manager moving forward.
Now, Brad teed up this concept of an application. My scenario today is one you probably face pretty frequently. You’ve got a line-of-business application that you want to deploy out to your users. In my case, we’re going to use Microsoft Dynamics CRM. It’s designed for our sales and marketing staff. They’ve got dynamic, mobile needs, they need to get to this data everywhere they go.
So one of the key things for us is to create that model that represents all these technical variations that Brad walked through earlier. In fact, if I go down here at the bottom of my screen, select deployment type. This is the way that we’re going to go define these characteristics of the application. Brad even walked through a few of these earlier.
I’ve got a deployment type for MSI, traditional installation. It could also be update if I was doing application virtualization. I’ve created a definition for a terminal services delivery using that virtualization at the presentation layer to be able to deliver that app remotely to that user.
Jeff mentioned earlier this feature in MDOP called MEDV, enterprise desktop virtualization. I might have users that are roaming into a Windows 7 environment, but I still want to be able to give them this app for backwards compatibility using system virtualization.
And then finally, these are my sales force. They’re used to using smart phones and it’s important for us to be able to define the application for that as well. I can define all these permutations in a single application. I can put my intent in place, and just go target that at user X getting app Y.
Now, Brad walked you through this thing called conditional delivery rules. These delivery rules can be things like hardware requirements, application prerequisites that will automatically install on the system. But there are some unique ones that are a little more business and technical focused I want to walk you through. So I’m going to go over to the right-hand side and select delivery rules.
Now, in this case, I’ve got three rules that I’m going to use. First of all, anywhere that our end user logs on that they’re a primary user on the PC, I’m going to default to the MSI. Probably their normal PC they work at, I want it readily available to them. If they just so happen to roam to a system that they’re not a primary user, I don’t want to leave a bunch of remnants of software around. I want them to get terminal services remote apps to get their apps quickly but not actually destabilize the system.
And then finally, it’s oftentimes more important where the app doesn’t go than where it does go. And so I’ve got a rule in place so that if a user ever logs on in any one of my restricted systems, it could be a validated system in healthcare, could be a point-of-sales device, in our scenario it’s actually going to be our robotic arm in our line-of-business manufacturing process, we’d really prefer them not to put anything on that device.
As you can see, using these conditional delivery rules, I can put my intent in place. I can use that user affinity that Brad talked about to bind a user to a device, make decisions around that. So what he covered as well, I can also now send software to a device where there’s no user present. You guys told us in all of our research, you want to send software to user X. It’s hard to do wake on LAN to user X. It’s hard to send software to user X on a work group machine, and it’s hard to send software to user X in off hours when no user is present. So by using this user affinity, we can create the relationship and translate it for you so you can still think user first.
Speaking of user, enough of the admin console, let’s go show the end user side off. I’m going to walk through that scenario that I just laid out. I’m going to log onto three different systems – primary, non-primary, and restricted — to show you what the experience looks like.
So the first thing you see here is this is our Web service. We actually have our software catalog now available as a Web service. So all the applications that are targeted at that user are going to be visible here for me to be able to choose and install from.
BRAD ANDERSON: I think this is one of the amazing innovations that we’re doing here. You know, this concept of not only a consistent administrative experience, but a consistent end-user experience. What we’re talking about here now is the next version of Configuration Manager is going to have a GUI and a graphical interface and a software catalog.
BILL ANDERSON: Absolutely. And the software catalog is a great interaction model for the end user, but it’s also a great partner play for us. It provides the extensibility that our key third-party partners in the market as well as service managers really need to be able to integrate with that all-up service management kind of portal experience.
So typical characteristics you would expect in a browser. I can browse by category, I can do a search. My end users really don’t know that this thing is called Dynamic, they do know that it’s a CRM app.
So I’m just going to go ahead and do a search for CRM. I’m going to click on it and it’s going to come back to me. There it is, a rich assortment of meta data around the application categories, et cetera, for our end user, Melissa, to be able to see.
Now, I’m still not sure I want to install it yet. I’m going to select it and look at some details for it. Again, making sure that we help the end user know if this is the right app is really a big investment for us. The data we’ve put in the app model is not just for the administrator.
So we’ve got a pretty good assortment of meta data around here to help Melissa out with this. A couple of things, Craig even showed some things like this. Because of the fact that this is a Web interface, we can actually go do things like send direct linking. This is also in Silverlight. In fact, as you see me gloss over things, you’ll see that things kind of highlight. So we chose Silverlight as our platform as well. It gives it this kind of easy characteristic for linking and availability, also provides some great experience for things like integrated video.
Right here, I actually have a training video integrated straight into the portal experience so the user can see how to use the software before they actually install it.
The last thing that’s kind of unique that we’ve done here, it’s important for us to create a relationship between the end user and the application. So we’ve created this concept of a subscription app. So this app, as I see down below, is actually available automatically installed and subscribed for me. It’s going to follow my end user as they roam around. So it’s not “fire and forget” installation, they’ve now got a relationship to this app, all of them.
Let’s kick off the install. Select install, guess what it’s going to do. It actually installs. So for those of you who are using Configuration Manager today, you know that we round-trip the policies. There’s oftentimes latency. Sticking the policy directly in the client, getting the install kicked off right away. Instant gratification is important for today’s end users. (Applause.)
Of course you guys would have done a silent install for this, but me demo’ing nothing, kind of boring. So I actually let the full install kick up to take a look. That’s my primary PC experience. Now I’m actually going to go log onto someone else’s PC. So Melissa’s actually cruised into Brad’s office and is going to use Brad’s PC.
By the way, I notice that I’ve been traded in for a dog in the new family photo.
BRAD ANDERSON: I don’t know if that’s an upgrade or not.
BILL ANDERSON: I’m sure I eat and drink more. So Melissa’s never actually logged in here, so I’m going to go ahead and do a simple switch user. Log in as Melissa. The incredibly secure password of “password.” What it’s going to do is it’s going to assess that this is not my primary PC. Notice, it says the software is installed and all of a sudden I see an icon pop on my desktop for my Outlook CRM integration, but that was kind of quick, don’t you think?
BRAD ANDERSON: Yeah, so are you saying that the application is installed? That was like a second.
BILL ANDERSON: It was a second because of the fact that the conditional delivery rules realize that this is not my primary place of business and it said, nope, no local MSI, I’m actually going to give you the link to a remote application using terminal services. So really all it did was popped a link on my desktop so that I can quickly and easily assess this. This is now connecting up to a terminal server, negotiating all the session stuff, launching Outlook, taking a little time because it’s a Web service and it’s slow today, but what it will eventually do is give me that full, integrated Outlook experience that I would normally get on my desktop, all remotely on somebody else’s PC without destabilizing the system.
BRAD ANDERSON: From an end-user perspective, I just click on the icon. That model we talked about, interrogate my working environment and make those decisions for me. It is so simple and it integrates all these different access technologies.
BILL ANDERSON: Exactly. And that’s what we wanted to do. Again, Brad’s point earlier, we don’t want this to be a one-size fits all. We know you get some diverse environments with lots of different types of applications you need. We don’t want to force you down a single path. We want to be able to tie it all together for you.
Now, the last one. Now, our user is getting really, really used to roaming all over the company, right? Empowered, wacky end users roam out of control. So we’ve tried some subtle suggestions over the years to try and let them know that this is a system they probably shouldn’t be logging onto. It’s actually a hydraulic arm in our bicycle manufacturing process. That wacky Melissa, our end user, is just so used to being able to get access to stuff everywhere, she just roams right up to the device, she says, hey, I know how to do this, I’m going to log on. Oh, no, catastrophe. The hydraulic arm is going to be roaming out of control, everything is going to go awry.
So what we’re going to do, again, is use those conditional delivery rules and assess that this is a machine that no software should be available on. And Melissa is given a notification, subscribed software not available here. She can follow up and contact her network administrator for more details if she chose to. But, again, thinking user first is not just user targeting. And so we’re spending a ton of time and effort in the next version of Configuration Manager to allow you to think user first, but make sure you deliver the right apps to the right user in the right way for them to do their business.
BRAD ANDERSON: That’s fantastic, thanks, Bill.
BILL ANDERSON: Thanks, Brad.
BRAD ANDERSON: Good to see you. (Applause.)
So when you see some of the challenges of this simple concept, user X gets app Y, you know, some of the innovation that we have to deliver to you so you can really do this in a consistent and simple manner, using a modern client, using the different access methodologies and having a series of automation capabilities, which is where we’ll land on Configuration Manager, there’s a lot of innovation that we’re doing.
So to wrap this up, how do I get on the path to this? I would tell you if you’re using Windows, if you’re using the desktop optimization pack and you’re using System Center, we’re going to help you get there. These are the core building blocks. One of our biggest responsibilities is going to help you to transition from this world where it really is device centric to user centric.
Now, to be crystal clear here, we’re not saying that you have to move away from device-centric. So we’re still going to have those capabilities inside of our tools, but we’re going to provide ways and coaching and guidance inside of the tool, outside of the tool to help you get there, you can truly deliver on these requests and different working experiences that these digital nomads that are becoming a large portion of your organization are requiring.
Final thing, thank you. Thank you for allowing us to partner with you. Thank you for allowing us to be a part of your business. Thank you for being at MMS. Thank you for taking the time to really help us understand where we’re doing our job, where we can do a little improvement. We really do appreciate that. I you have some direct feedback for me personally, my e-mail address is BradAnd@Microsoft.com and I would love to hear from you.
Have a great rest of the day and tomorrow, thank you for coming to MMS. (Applause.)