Introducing Microsoft System Center

David Chappell, Chappell & Associates

January 2007

Copyright Microsoft Corporation 2007. All rights reserved.

Contents
MANAGING A MODERN COMPUTING ENVIRONMENT........................................................................................3
SYSTEMS MANAGEMENT: THE CHALLENGES ...................................................................................................................3
ADDRESSING THE CHALLENGES: WHAT SYSTEM CENTER PROVIDES.................................................................................4
The System Center Family.........................................................................................................................................4
Capturing Knowledge: Model-Based Management.....................................................................................................5
A CLOSER LOOK: THE SYSTEM CENTER TECHNOLOGIES................................................................................5
SYSTEM CENTER OPERATIONS MANAGER 2007...............................................................................................................5
Servers and Agents....................................................................................................................................................6
User Interfaces......................................................................................................................................................... 8
Management Packs...................................................................................................................................................9
Service Monitoring..................................................................................................................................................10
Reporting Services..................................................................................................................................................10
SYSTEM CENTER CONFIGURATION MANAGER 2007........................................................................................................11
Servers and Agents..................................................................................................................................................12
Software Deployment and Update............................................................................................................................12
Desired Configuration Monitoring...........................................................................................................................13
Asset Intelligence....................................................................................................................................................14
Reporting Services..................................................................................................................................................14
An Aside: The Role of Windows Server Update Services.............................................................................................15
SYSTEM CENTER SERVICE DESK................................................................................................................................15
Service Desk Workflows.......................................................................................................................................16
The Configuration Management Database................................................................................................................18
SYSTEM CENTER DATA PROTECTION MANAGER 2006....................................................................................................19
SYSTEM CENTER ESSENTIALS 2007...............................................................................................................................20
SYSTEM CENTER VIRTUAL MACHINE MANAGER............................................................................................................23
SYSTEM CENTER CAPACITY PLANNER 2006...................................................................................................................24
PUTTING THE PIECES TOGETHER: A SYSTEM CENTER SCENARIO...............................................................24
CONCLUSION.............................................................................................................................................................. 27
FOR FURTHER READING..........................................................................................................................................27
ABOUT THE AUTHOR................................................................................................................................................28

Managing a Modern Computing Environment

Software and the hardware it depends on are critical to nearly every business today. The only way
to make sure that these essential resources are available when theyre needed is to manage them
well. These two facts imply an inescapable truth: effective management of computer systems is
fundamentally important to virtually every modern organization.
Yet effective management isnt the entire goal. Managing a multi-vendor distributed environment is
inherently complex, which means that it can be expensive. The real goal of systems management
is to provide the required availability at the lowest possible cost.
Doing this requires effective management software. The biggest expense in systems management
is typically the salaries of the people who do it, and so automating as much of the work as possible
makes good sense. Using the right tools lets these people use their time most efficiently.
Microsofts System Center, a family of management products, aims at providing these tools.
System Center includes technologies that help automate the most common management tasks,
and it also provides tools to help IT professionals detect, diagnose, and correct problems in their
computing environment. With support for managing both Windows-based systems and others,
System Center targets a variety of problems and a range of organizations.

Systems Management: The Challenges

Theres no way around it: systems management is hard. Keeping a complex assemblage of
hardware and software working well every minute of every day is a tall order. And when this
hardware and software are produced by various vendors and interact in a myriad of ways, the
management challenge gets even harder.
The usual way to solve a complex problem is to break it down into a group of simpler problems.
For systems management, those problems include the following:

Monitoring the hardware and software in a distributed environment to detect issues, then
providing tools to fix those issues. Doing this well means more than just responding to outages
and other incidents. It also requires monitoring the health of systems to prevent problems
before they occur.

Automating the time-consuming process of installing, updating, and patching software. Other
aspects of system configuration might also be automated, such as maintaining up-to-date
descriptions of the hardware and software in the environment.

Providing implementations of standard processes for systems management. Rather than

taking a purely technical view, IT organizations increasingly view systems management in
terms of what IT provides to the business as a whole. Commonly known as IT Service
Management, this perspective relies on a process-oriented approach. Offering automated
support for common management processes, such as those defined by the IT Infrastructure
Library (ITIL), can improve the quality of systems management.

Handling backup and restore of Windows file server data. Given how cheap disk space has
become, an attractive way to do this is with regular copies to a backup servers disk.
3

Addressing the monitoring and configuration requirements of smaller organizations. The

specialized tools used by large organizations can be too complex for firms without full-time
management staff. For situations like this, a simpler, more unified approach is better.

Managing virtual machines. As faster hardware lets more applications run on each machine,
organizations are increasingly using virtualization to isolate those applications. Tools for
creating and managing virtual machines can make this process faster and easier.

Sizing installations properly by providing tools for estimating the required resources. This is
especially important for mission-critical applications such as electronic messaging, but its also
useful in other areas.

No one product can reasonably address all of these challenges. Instead, Microsoft has chosen to
group its systems management technologies into a single family, exploiting wherever possible the
commonality that exists across these diverse problems. That family is System Center.

Addressing the Challenges: What System Center Provides

To introduce System Center, its useful to take a quick tour through the products this family
contains. Its also important to know a bit about the idea of model-based management, a concept
used by several System Center products. This section looks at both of these areas.
The System Center Family
The products included under the System Center umbrella address the challenges described
earlier. Those products are:

System Center Operations Manager 2007. The successor to Microsoft Operations Manager
(MOM) 2005, this product allows IT staff to monitor and manage the hardware and software in
a modern distributed environment. Its expected to be released in early 2007.

System Center Configuration Manager 2007. The successor to Systems Management Server
(SMS) 2003, Configuration Manager provides tools for automating software installation and
managing system configurations. Its targeted for release in the summer of 2007.

System Center code name Service Desk. An entirely new product, Service Desk will
provide implementations of fundamental IT Service Management processes, including incident
management, problem management, and change management. The expected release date
for this product is sometime in the first half of 2008.

System Center Data Protection Manager 2006. As its name suggests, Data Protection
Manager provides data backup and restore for Windows file servers.

System Center Essentials 2007. To let less-specialized IT staff in smaller organizations

manage their environments more effectively, Essentials provides a tool that unifies two of the
most important management functions: monitoring distributed systems and automating
software installation. Essentials is scheduled for release in the first half of 2007.

System Center Virtual Machine Manager. A new kind of management tool for the new age of
virtualization, this product helps management staff with the process of consolidating
applications onto virtualized servers. Its expected release date is sometime in the second half
of 2007.

System Center Capacity Planner 2006. Capacity Planner is a tool for determining what
hardware resources will be required to run an application, such as Exchange Server 2003, to
meet specific performance and availability goals.

The services provided by the System Center products are a concrete expression of the goals
Microsoft laid out in its Dynamic Systems Initiative (DSI). DSI is a broad effort aimed at improving
ITs ability to meet an organizations business demands while still lowering the costs of managing
its computing resources. Reaching these goals requires some new approaches, a reality that DSIs
creators recognized. Perhaps the most important of these, an idea called model-based
management, is described next.
Capturing Knowledge: Model-Based Management
While management tools are certainly useful, its people who really know how to manage systems.
People are expensive, however, and so one way to lower the cost of management is to capture
more human knowledge in software. Creating models of the systems being managed can be an
effective approach to doing this.
Toward this end, Microsoft defined the System Definition Model (SDM). An XML-based language,
SDM allows creating a formal definition of a machine, an application, and other components of a
managed environment, along with descriptions of the relationships among these components.
Using this model, a management technology can make more intelligent decisions about what to do
and when to do it.
Microsoft created SDM to provide a common language for describing systems. In mid-2006, a
group of vendors including Microsoft, BEA, BMC, CA, Cisco, Dell, HP, IBM, and Sun published an
initial draft of the Service Modeling Language (SML). Based largely on SDM version 3, the
language used in System Center, SML is intended to provide an industry-wide standard for
modeling complex IT services and systems. Once this standard is complete, both management
software vendors and third parties will have a common language for describing the elements of a
managed environment.
The move to model-based management is visible in several parts of System Center. While not
every member of the family currently takes this approach, SDM is used in some of System
Centers most important products, including Operations Manager, Configuration Manager, and
Service Desk. SDM is also used in other Microsoft products, such as the Distributed System
Designers provided with Visual Studio Team System. Going forward, expect to see modeling
become an even more fundamental part of how Microsoft and other vendors address the problems
of systems management.

A Closer Look: The System Center Technologies

Getting a grip on what System Center provides requires understanding the basics of each of its
members. This section provides a short tutorial on each of the System Center products.

System Center Operations Manager 2007

A fundamental aspect of systems management, perhaps the fundamental aspect, is monitoring an
organizations computing environment. Monitoring alone isnt enough, however. Once a problem or
potential problem is detected, there must also be a mechanism for fixing or, better yet, avoiding that
problem. The goal of System Center Operations Manager 2007 is to provide these monitoring and
management services.

The figure above shows the products major components. Administrators and operators can
interact with Operations Manager via the Operations Manager console, as shown in the figure.
From the console, the user can access both the Operations Manager management server and
(indirectly) the Operations Manager reporting server. Each of these servers has its own database,
known as the operational database and the data warehouse, respectively. The systems being
managed, which can include both client and server machines, each run the Operations Manager
agent. This agent can communicate with the management server and the reporting server, sending
information about events on the managed system, the systems performance, services running on
that system, and more. Exactly what kind of events can be sent, what performance data is
monitored, and much more is defined by the specific management packs that are installed. Each
management pack defines rules and more that are downloaded to each managed system. True to
Microsofts goal of model-based management, these management packs are defined using SDM.
Given this brief overview, its useful to take a closer look at the most important aspects of
Operations Manager: management servers and agents, user interfaces, management packs,
service monitoring, and reporting services. The next sections provide short descriptions of each of
these topics.
Servers and Agents
6

The most fundamental parts of Operations Manager are management servers and the agents they
rely on. One or more management servers can be used, although the first management server
installed always acts in the role of root management server. Each agent is then installed and
configured to communicate with a particular management server, allowing the server/agent
communication to be balanced as needed.
A management server can run on Windows Server 2003 or on the forthcoming version of Windows
Server codenamed Longhorn. Agents can also run on either of these systems, as well as on
Windows 2000 Server. Unlike its predecessor MOM 2005, Operations Manager provides agents
for client systems as well as servers, including Windows 2000, Windows XP, and Windows Vista.
Whatever systems they run on, communication between agents and the Operations Manager
servers relies on queues. Doing this allows prioritizing some messages over others, and it also
means that agents and the servers they communicate with dont need to be continuously
connected. To reduce the likelihood of imposters or eavesdroppers, all communication between
managers and agents uses Kerberos to provide mutual authentication and data encryption.
In general, agents send three types of information to management servers:

Events: An event indicates that something interesting has happened, such as a failed login
attempt or the death of a Windows service. To learn about these things, the agent relies on
Windows Management Instrumentation (WMI), the local event log, and other sources.

Alerts: Some of the interesting things that happen on managed systems should be brought to
the attention of the people who are managing this environment. To do this, an agent can send
an alert. Unlike an event, which might just be logged in the Operations Manager databases, an
alert is typically displayed immediately in the user interface. For example, every failed login
attempt on a particular system might generate an event, but four failed login attempts to the
same account within three minutes might also generate an alert.

Performance data: Keeping track of performance counters is a fundamental part of detecting

problems before they occur. For example, an agent might regularly send performance data
that reflects the processor usage on a managed system.

All of the events, alerts, and performance data sent by every agent are copied into both the
operational database and the data warehouse. The operational database is groomed regularly, i.e.,
data more than a few days old is removed. The data warehouse, however, acts as its name
suggests: its a warehouse for management information, able to store data for a much longer
period.
A management server also sends data to the agents it owns. Most important, the management
server downloads information from management packs to those agents. As described in more
detail later, a management pack defines the events, alerts, and performance data that an agent
sends, along with a great deal more. The management server can also modify an agents behavior,
such as by telling it to stop sending a specific alert, or ask the agent to run a task.
Finally, its worth pointing out that direct interaction between managers and agents isnt the only
choice in Operations Manager. Although its not shown in the diagram above, agents (and even
management servers) can interact with devices such as routers and switches using either SNMP
or the newer WS-Management protocol. This allows Operations Manager to manage more than
just Windows clients and servers, spreading its potential reach to a range of systems and devices.
Operations Manager also provides an option called agentless exception monitoring (AEM) that

allows a management server to be informed of critical problems, such as application and system
crashes, even on machines that dont have Operations Manager agents installed.
User Interfaces
Most often, administrators and operators will interact with Operations Manager via the console.
Based on what shes interested in, an Operations Manager administrator can access specific
views provided by the console. The Event View shows received events, for instance, while the Alert
View shows current alerts. The console also provides a Performance View that displays
performance data (an example of which is shown below), a Diagram View showing the systems in
this managed environment, and more.

The Operations Manager console is a standalone Windows application that communicates with a
root management server. Yet there are situations where a web browser interface is a better choice,
and so Operations Manager also provides a Web console. While not everything thats possible with
the console can be done via this Web interface, a large part of the products functionality is
available via a browser.
Graphical user interfaces, such as those provided by the Operations Manager console and the
Web console, are most peoples preferred choice. Still, there are cases where a command line is a
better option. Some people just prefer this style, but for doing repetitive or automated tasks,
creating a script can be much more efficient that using a GUI. To allow this, Operations Manager
provides a command line interface that uses Microsofts new Windows PowerShell scripting
technology. The product also provides a software development kit (SDK) interface that allows ISVs
and others to expose the functionality of the Operations Manager user interface in any way they
desire.
8

Management Packs
The goal of Operations Manager is to help manage machines, applications, and pretty much
anything else in a modern computing environment. Yet effectively managing such different things
requires a great deal of diverse knowledge. How can a single product embody all of this
knowledge? In fact, how can a single company, even one as large as Microsoft, possibly have all of
this knowledge?
The answer is simple: it cant. Instead, the creators of Operations Manager chose to build a
platform capable of using management knowledge created by anybody. The information required
to manage a particular machine, application, or device is expressed in a management pack (MP).
Hundreds of MPs are available, including MPs for operating systems such as Windows Server
2003, Windows XP, and Windows Vista, for applications such as Exchange Server and SQL
Server, and for third-party systems such as Cisco routers. Its also possible to create MPs for
managing custom applications created and used within a particular organization, as described
later.
Each MP embodies specialized knowledge about the technology it describes. Microsoft, for
example, clearly has the most detailed understanding of its products, and so it creates MPs that
make this knowledge available to customers. Other organizations have deep knowledge in other
areas, knowledge that can also be embedded in an MP.
Whatever it targets, every MP includes an SDM-defined model of the thing being managed. Each
of those models can include the following elements:

Rules: define an agents behavior. The events, alerts, and performance data an agent sends
are determined largely by the rules contained in the MPs installed on that agents system. A
rule can also cause the agent to perform some action, such as running a script.

Monitors: describe the state of some part of the thing being managed. For example, a monitor
might set its state to red when a disk is more than 90% full, to yellow when the disk is between
80% and 90% full, and green otherwise. A monitor can also send an alert when it changes
state.

Tasks: allow running a PowerShell task, an executable, or a script. Tasks can run either on the
console or on the agent, and they can perform functions such as restarting a failed application.

Knowledge: describes in English or another language how a particular problem might be

addressed. Since the people who create each MP are experts in the thing this MP manages,
they can provide detailed, real-world knowledge about the probable causes and likely fixes for
problems. This knowledge is displayed in the user interface when appropriate, making it easier
for the administrator to do his job effectively.

Discovery rules: specialized rules used to locate automatically the things that can be managed
using this MP.

Views: describe custom aspects of the Operations Manager user interface that are relevant to
the component this MP targets.

Reports: define reports that are specific to this MP.

To get a sense of how the various components of an MP might work together, its useful to think
about a concrete scenario. Suppose an application running on some managed system notices that
it lacks sufficient disk space to function. This application writes an event into that systems event log
9

indicating this, then shuts itself down. The Operations Manager agent on this system continually
monitors the event log, and so it quickly notices this event. The MP for this application contains a
rule that causes a specific alert to be sent to the management server when this event occurs. The
operator sees the alert in the Operations Manager console, and he also sees the MP-provided
knowledge associated with this alert. Reading this knowledge, he learns that he should direct the
agent to run a task that deletes the tmp directory on the applications machine, then restarts the
application. This entire process, from detection of the problem to its ultimate resolution, depends on
the information contained in the MP.
In effect, the rules and monitors in an MP define a health model for the component this MP targets.
MPs can have relationships with other MPs, allowing the overall health of a Windows server, for
example, to depend on the health of various things on that server, such as key Windows services,
the machines disks, its network card, and more. Similarly, the health of a distributed application
might depend on the state of each of its components. The health of these components, in turn,
might depend on the state of still other components. Problems anywhere in this hierarchy can
bubble up to the top, allowing a single unified view of a systems overall health.
Service Monitoring
One of the most interesting aspects of Operations Manager is its ability to manage complete
distributed applications as well as the systems they run on. Referred to as service monitoring, this
allows an administrator to monitor, say, the various software that provides an organizations email
service, or perhaps a custom distributed application. Since applications are what users really care
about, it makes sense to provide the ability to monitor and manage them directly.
Each service thats monitored (i.e., each distributed application) must first be defined. To do this, an
administrator uses the Distributed Application Designer. This tool is accessed through an Authoring
view in the Operations Manager console, and it allows an administrator to specify the various
components that make up the complete application. These components might include the
database server it uses, the application logic, a web server, and more. This tool then generates an
MP for the distributed application as a whole, which can be used like any other MP. To make it
easier to describe an application, even for someone whos not a management specialist, the tool
includes templates for typical applications. The goal is to allow end-to-end monitoring of both the
distributed application and the systems it depends on.
Reporting Services
Effective management requires understanding the managed environment. Regular reports are a
useful way to give people this understanding. Accordingly, an Operations Manager user can
access the products reporting server to define and generate a variety of reports.
The Operations Manager reporting server is based on SQL Server Reporting Services, a standard
component of SQL Server 2005, and it allows generating reports based on data in the data
warehouse. A number of standard reports are defined, tracking events, alerts, performance, and
more, that can be run against specific sets of data. MPs can define reports, too, as can the people
who use Operations Manager.
System Center Operations Manager 2007 is a cornerstone of the System Center family. While it
doesnt solve the entire problem of managementno single product could reasonably do thisthe
services Operations Manager provides are central to managing a distributed environment.
Organizations that choose the System Center path should prepare to invest some time in
understanding this fundamental technology.

10

System Center Configuration Manager 2007

Monitoring and managing the hardware and software in a distributed computing environment is an
essential part of systems management. But how does that software get onto the managed
systems? Once its installed, how is the correct configuration maintained on each machine,
including any necessary updates or patches? And how can an administrator keep track of whats
installed on each system or even know what hardware and software assets are in the
environment? Addressing problems like these is the goal of System Center Configuration Manager
2007. The successor to Systems Management Server (SMS) 2003, the figure below shows the
products main components.

Much like Operations Manager, a Configuration Manager server communicates with Configuration
Manager agents that run in each managed machine. The server relies on a database containing
policies and more. These policies are downloaded to the Configuration Manager agents, where
theyre used to control the configuration-related behavior of each managed system. To better
organize their interactions with agents and people, Configuration Manager servers implement
several different logical roles, including those of management point, distribution point, reporting
point, and others. Multiple roles can be provided by a single server, as shown above, or different
Configuration Manager servers can implement different roles. Administrators interact with all of this
via the Configuration Manager console.
Servers and Agents
Configuration Manager servers can run on Windows Server 2003 or Windows Server codename
Longhorn, while Configuration Manager agents are available for all client and server versions of
Windows from Windows 2000 SP4 on. To spread the load of interacting with agents in larger
11

environments, Configuration Manager allows creating hierarchies, with a primary server and one or
more secondary servers. Secondary servers need not have their own database, which reduces
both administrative overhead and cost. This option might make sense, for example, when a branch
office needs to have its own Configuration Manager server but doesnt have dedicated
management staff. An administrator can also take control of a client or server machine using
Configuration Managers Remote Tools, making it easier to diagnose and fix configuration
problems.
Software Deployment and Update
Deploying and updating software on managed systems is perhaps Configuration Managers most
fundamental responsibility. It can remotely install both applications and operating systems,
including the initial installation of an operating system on a bare metal machine. Once software is
installed, Configuration Manager can apply patches and other kinds of updates to it. The software
thats installed and updated can be licensed from Microsoft, provided by another software vendor,
or created internally within an organization.
The basic process of deploying and updating software relies on a management point (MP), a
distribution point (DP), and policies. A Configuration Manager agent gets one or more policies from
an MP, then interacts with that MP based on those policies. For example, a policy might instruct the
agent to install Office 2007 at 11 pm tonight, reporting the installations progress to the MP. To
perform this installation, the agent communicates with a DP to get the Office 2007 binary. This
binary is transferred to the agent from the DP using the Background Intelligent Transfer Service
(BITS). This mechanism attempts to avoid disrupting the person using the target system by
pausing when the managed systems CPU is busy, then going full speed when its not.
Configuration Manager also includes an option called Wake on LAN, allowing a system thats
hibernating or even shut off to be powered on, updated, then returned to its previous state. Doing
this can help organizations save money by turning off machines at night while still allowing them to
have new software applied. And to support branch offices without requiring them to run their own
Configuration Manager server, a branch office distribution point can be installed on a desktop
machine. This specialized DP can contact a Configuration Manager server elsewhere in the
organization when required to download software thats needed by systems in this branch office.
The ability to install both client and server operating systems is an important aspect of the service
that Configuration Manager provides. (Operating system installation is also possible with SMS
2003 using a feature pack, which is a packaged set of extensions to the product.) To install an
operating system on a bare metal machine, a Configuration Manager server implements a preexecution environment (PXE) point. To install a new operating system on a currently functioning
system, a Configuration Manager server provides a state migration (SM) point that can store the
target machines settings remotely while that machine is updated to a new operating system.
Configuration Manager supports image-based deployment of operating systems, building on the
improved support for this style of deployment in Windows Vista. On desktop machines,
Configuration Manager can deploy Windows Vista, Windows XP, or Windows 2000 SP4. On server
machines, the product can be used to deploy Windows Server 2003 or Windows Server codename
Longhorn. All of these operating systems are deployed using a common administrative interface,
making the process simpler for the people doing it.
Another problem addressed by Configuration Manager is supporting mobile devices. To help
address this, updates can be applied via wireless communication or over the Internet. Just as
important is the challenge of ensuring that devices attached to a network, such as laptop
computers, have the correct updates installed. Without this, a newly attached laptop might
introduce problems into an otherwise tightly controlled environment. Network Access Protection
(NAP), a new capability in Windows Server codename Longhorn, addresses this problem. When
12

a laptop accesses the network, the system can determine whether key updates as defined by a
Configuration Manager administrator have been made to this machine. If not, the machine is
quarantined until Configuration Manager applies those updates.
Desired Configuration Monitoring
Policies are fundamental to how Configuration Manager performs its tasks. By defining the right
policies for the right machines, an administrator can ensure that those machines have the
applications, updates, and patches that she wants them to have. Another option, known as
Desired Configuration Monitoring, allows using policies to define a model of what the configuration
should be on each managed system. This model is expressed in SDM, and its defined as a group
of configuration items (CIs). Configuration models can be defined by the creator of an application,
by a local administrator, or in some other way. However its defined, the administrator can
customize the model using an editor thats similar to the Outlook rules editor. Among other things,
the CIs in a configuration model can define specific settings in a machines registry, in the Internet
Information Services (IIS) metabase, in a SQL Server configuration, and more. This allows an
administrator to express requirements such as Office XP SP2 should be installed or IIS should
use Integrated Windows Authentication.
Once a configuration model is defined, its downloaded to managed systems as a policy like any
other. The Configuration Manager agent can now monitor the system its running on based on this
model. When something goes out of compliance, the agent informs a Configuration Manager
server, who can in turn inform an administrator that something is wrong. As the pre-release
example screen below shows, its also possible to display a summary of configuration compliance
across multiple machines. The idea is similar to the health model concept used in Operations
Manager, and the underlying approach is the same: model-based management.

13

Asset Intelligence
Installing and updating software is an important part of configuration management, but its not the
whole story. Another useful service is the ability to acquire current information about what hardware
and software is installed. Microsoft calls this asset intelligence, and providing this service is another
of Configuration Managers responsibilities. Using this capability, an administrator can generate
reports showing what operating systems, applications, and updates are installed on all machines,
reconcile purchased licenses with installed copies of licensed software, and more.
Like software installation and updating, asset intelligence relies on policies. A policy might, for
example, instruct a Configuration Manager agent to send the MP a complete inventory of its
installed software and hardware once a day. Policies can also be defined that cause an agent to
inform an MP of exactly which applications are running on the managed system at a particular
time, something that can be useful for tracking software licenses.
Reporting Services
Like Operations Manager, Configuration Manager allows its users to create and run reports. Doing
this relies on a server acting in the reporting point (RP) role. The product provides standard reports
that can be run against the information maintained in the Configuration Manager database, and it
also allows creating custom reports. Unlike Operations Manager, however, this reporting is not built

14

on SQL Server Reporting Services. Instead, Configuration Manager provides its own technology
for creating and running reports.
An Aside: The Role of Windows Server Update Services
Through Microsoft Update, any Windows user with an Internet connection can get updates to
Microsoft software such as Windows XP and Microsoft Office. While directly contacting the
Microsoft Update service makes sense for the typical home user, its less attractive for enterprises.
In a managed environment, administrators commonly want to knowand controlexactly which
updates are installed on every machine. Yet relying on Microsoft Update to provide these is still
attractive. Whats the solution?
One option is to use Windows Server Update Services (WSUS). A WSUS server, which is included
with Windows Server 2003, can access Microsoft Update, then install any updates it finds via the
WSUS clients on affected machines. Doing this lets administrators control how, when, and even
whether those changes are applied. It also eliminates the need for each individual Windows
system to communicate directly with Microsoft Update.
To provide a unified approach, Configuration Manager 2007 relies on WSUS 3.0 for detecting
patches made available through Microsoft Update. Administrators dont need to interact directly
with a WSUS server to do this, however. Instead, Configuration Manager provides these services
through its own user interface.

System Center Service Desk

Given that the goal of virtually every IT organization is to provide business value, taking an IT
Service Management (ITSM) approachviewing systems management through the lens of the
service it provides to the businessis an attractive idea. Rather than focusing on management of
the individual IT components, such as applications, servers, and networking hardware, ITSM aims
at managing the overall service IT provides as seen by business users.
In ITIL, important aspects of ITSM are described under the heading of Service Support. These
include a number of standard management processes, a service desk function that acts as a
central point of contact for end users, and more. Its hard to overstate the importance of whats
defined here; if the people managing an environment dont follow effective and consistent
processes, all the technology in the world wont make that environment reliable. Processes matter.
The goal of System Center Service Desk is to support ITSM. As the products code name
suggests, this includes implementing the service desk function. More important, Service Desk
also provides automated implementations of fundamental ITSM processes. The figure below
shows the main components of this forthcoming product.

15

The Service Desk server, shown in the center of the figure, can execute workflows implementing
management processes. Exactly which workflows are available (and more) is determined by the
solution packs installed for this server. To interact with these workflows and to perform other tasks,
end users can access Service Desk via a web-based self-service portal. IT professionals
primarily use the Service Desk console, although they can also use a web-based IT portal for
some tasks. As the figure shows, workflows can interact with other software, such as Operations
Manager and Configuration Manager, to carry out their functions. Because all of these processes
depend on information about the IT environment, Service Desk also includes a Configuration
Management Database (CMDB) that stores information about the IT assets in the environment and
the relationships among them. Finally, to allow reporting and analysis, historical information about
the tasks performed by Service Desk is stored in a separate database known as the data
warehouse.
Service Desk Workflows
Best practices for ITSM arent difficult to find. Both ITIL and the more Windows-oriented Microsoft
Operations Framework (MOF) describe processes for incident management, change
management, and other areas. The hard part is actually putting those processes in place, then
making sure that theyre followed. The automated workflows included with Service Desk are
meant to make it easier to achieve this goal. Those workflows include:

Incident Management: defines a process for restoring normal service as quickly as possible
after an interruption. A crashed server might need to be rebooted, for example, or an
application restarted after an unexpected failure. Incident Management doesnt attempt to
diagnose the underlying problem, but instead focuses solely on getting things back to normal.

Problem Management: provides a process for finding and fixing the fundamental problem
thats causing one or more incidents. Incident Management takes a short-term viewget
things running again without worrying about the root causewhile Problem Management
16

attempts to get to the bottom of the problem. Separating these two activities reflects the enduser focus of ITSM, since restoring normal service after an incident isnt delayed while a
potentially time-consuming hunt for the root problem is carried out.

Change Management: defines a process for managing changes to IT configurations. This

process typically includes things such as opening a request for the change, getting necessary
approvals, and defining a plan for backing out the change if something goes wrong.

Asset Lifecycle Management: defines a process for managing an IT asset from its initial
disposition into an organization to its ultimate removal from that organization. For a PC, for
example, this might include things such as keeping track of the systems owner, its contracts
(e.g., leases, warranties, and maintenance agreements), its memory upgrades, what software
is installed on it, and what licenses that software requires.

Self-Service Provisioning: provides a process that lets an end user make a request, such as
having new software installed, then get that request approved (perhaps through pre-defined
approval policies) and actually have the new bits copied to the users system.

Workflows can be started either by an end user or by service desk staff. A user might start an
Incident Management workflow when she reports a problem via the Service Desk self-service
portal, for instance, or kick off the Self-Service Provisioning workflow if she requires new software
installed on her machine. If the user chooses to call the service desk instead, the service desk staff
might initiate the same workflows based on information the user supplies.
Workflows can also be started by other software. Operations Manager might automatically initiate
an Incident Management workflow in response to an alert, for instance, or the Self-Service
Provisioning workflow might instruct Configuration Manager to install a patch on a particular
system. Service Desk also exposes a web services interface that allows third-party software to
start and communicate with workflows.
Exactly which Service Desk workflows are available depends on which solution packs are
installed. Service Desk will ship with standard solution packs that implement the processes just
described, and third parties can create solution packs that address particular areas. Broadly
analogous to Operations Managers management packs, each solution pack groups together the
things required to support a particular aspect of ITSM, such as a workflow and a group of forms
that allow users to interact with that workflow. (The workflows are built on Windows Workflow
Foundation, while forms are defined using InfoPath.) Solution packs can also include other things,
such as reports, Web Parts for the Windows SharePoint Services-based self-service portal, and
more.
The screen shot below shows an early version of the Service Desk console. The panel on the left
illustrates standard solution packs, including Incident Management, Change Management, and all
of the others described earlier. Any other solution packs that are installed would show up here as
well. Service desk staff can also track the status of in-progress workflows through this console,
giving them a current picture of where each one stands.

17

The Configuration Management Database

Effectively managing an IT infrastructure requires knowing as much as possible about that
infrastructure and the management operations performed on it. This information, modeled as SDMdefined configuration items (CIs), is stored in the Configuration Management Database provided
by Service Desk. Typical CIs include:

Work items identifying incidents, change orders, and other management tasks.

Descriptions of the computers, software, and other elements of a managed environment.

Relationships among these items. For example, an email service consists of a group of
applications, servers, databases, and more. The CMDB can maintain information about how
all of these components are related. Using Active Directory, it can also associate individual
users with the services they rely on.

Having a single place to store this information allows taking a centralized approach to ITSM. Some
of this information, such as work items, is generated within Service Desk itself, while other parts
are created elsewhere. As described earlier, for instance, configuration items are an important part
of the data maintained by Configuration Manager. This means that the Service Desk CMDB must
connect to other databases in the managed environment to get all of the information it needs.
Along with the CMDB, Service Desk provides the data warehouse shown earlier. Service Desk
builds on SQL Server Reporting Services to allow its users to create and view reports on the
information in this warehouse. Along with more traditional reports, Service Desk reporting
supports analytical views based on cubes and other kinds of data aggregation.

18

An ITSM-based approach has become fundamental to modern management solutions. Without it,
theres often no consistent set of policies and procedures for IT professionals to follow when
managing the IT infrastructure, nor is there typically a clear focus on the end user. The goal of
Service Desk is to help make ITSM a reality in the System Center environment.

System Center Data Protection Manager 2006

One of the inescapable functions of systems management is data backup and recovery. While
backups have traditionally been saved on tape, disk space is now cheap enough to use for backup
data as well as master data. Storing backup data on disk makes restoring lost or corrupted files
significantly faster, since theres no need to locate and load the right backup tape. This approach
also allows changes to files to be backed up as those changes are made, eliminating the need to
take servers offline for backup. And because its simple and automatic, disk backup can be done
frequently, rather than relying on once-a-day tape backups.
To back up files on Windows servers, the System Center family includes Data Protection Manager
2006. As the figure below shows, the products architecture is straightforward. A Data Protection
Manager agent runs on each file server, communicating with a Data Protection Manager server
running on the backup system. The connection between the two can be local or remote, allowing a
Data Protection Manager server to handle backups for files servers in other locations, such as
branch offices. The Data Protection Manager server runs on Windows Server 2003, while Data
Protection Manager agents are available for machines running Windows Server 2003 or Windows
2000 Server SP4. An administrator interacts with the Data Protection Manager server via the Data
Protection Manager administrator console. Among other things, this console provides wizards for
defining backup polices and other aspects of the products behavior.

19

Unlike tape backup, Data Protection Manager captures every change made to a file when that
change occurs. These changes are stored locally on the file server, then sent by the Data
Protection Manager agent to the Data Protection Manager server according to an administratordefined schedule, such as once an hour. Sometimes referred to as near-continuous data
protection, this approach is significantly better than traditional once-a-day backups (and its infinitely
better than having no backup policy at all). For data with less stringent backup requirements, Data
Protection Manager can also be configured to back up files at other intervals, such as once a day.
And for long-term or offsite storage of backup data, Data Protection Manager itself can be
connected to a tape backup system.
Once data has been backed up, it can be restored on demand. If an end user requests recovery of
a lost file from an organizations service desk, for example, the Data Protection Manager
administrator console can be used to locate and restore the file. Data Protection Manager also
allows end users to do file recovery themselves, providing an option that integrates recovery
directly into Microsoft Office applications. This lets users recover previous versions of a backed-up
document without intervention by IT staff.
To help administrators understand whats happening with backups, Data Protection Manager
provides a set of reports. A MOM 2005 management pack is also available, allowing Data
Protection Manager to send events, alerts, and more to the MOM console. And for organizations
looking for a packaged solution, Microsoft partners such as Fujitsu Siemens, HP, and Quantum
provide products that include both Data Protection Manager and the hardware required to run it.
Because it targets file servers, Data Protection Manager 2006 backs up files rather than
databases. Accordingly, it cant be used to back up SQL Server data or information in applications
that rely on SQL Server, such as Exchange Server and Windows SharePoint Services. The next
version of Data Protection Manager, scheduled to be released in the second half of 2007,
addresses these limitations. This version of the product also adds stronger support for moving
backup data stored on a Data Protection Manager server to tape.
Near-continuous data protection of Windows file servers addresses an important problem, one
thats faced by many organizations. Data Protection Manager, part of the larger System Center
family, is Microsofts solution to this problem.

System Center Essentials 2007

System Center Operations Manager 2007 and System Center Configuration Manager 2007 each
have a distinct role to play in systems management. For larger organizations that can field a team
of systems management people, using these two separate tools is the right choice. If one person
on this team specializes in, say, monitoring and managing systems while another is focused on
managing patches, each of them will benefit from using a tool dedicated to their job.
But what about organizations that arent so large? A firm with a few hundred desktops and a dozen
servers is unlikely to have enough management staff to allow this kind of specialization. Instead,
the people responsible for management must be IT generalists, capable of addressing both
operations management and configuration management. In cases like this, using two distinct tools
is unnecessarily complicated. Whats needed is a simpler tool that provides both operations
management and basic configuration management.
The goal of System Center Essentials 2007 is to be this tool. Rather than create an entirely new
product to meet this need, however, Microsoft chose to build on what already exists. Accordingly, a
large part of the functionality that Essentials provides is based on the technology of Operations
Manager 2007 and WSUS 3.0.
20

The figure above shows the products major components. The System Center Essentials server
communicates with System Center Essentials agents for monitoring and update. Essentials relies
on management packs, as in Operations Manager, and it uses both an operational database and
the WSUS database. All of this is accessed via the System Center Essentials console.
Midsize organizations that today use both MOM 2005 and SMS 2003 might choose instead to
move to Essentials once its available. It will also be possible in the future to remotely manage an
organizations computing environment by accessing an Essentials server from the Operations
Manager console across the Internet. The goal of this option is to let smaller firms more easily
outsource management of their systems.
Using Essentials, an administrator can perform most of the tasks that are possible with Operations
Manager, including the following:

View events, alerts, and performance data from managed clients, servers, and hardware
devices such as routers. Any Operations Manager management pack can be used with
Essentials, and Essentials also includes a group of management packs tailored for midsize
businesses.

Use the knowledge and tasks in management packs to diagnose and repair problems.

Generate reports on availability trends, billing, and more. Like Operations Manager, Essentials
reporting is based on SQL Server Reporting Services, and it includes both pre-defined reports
and the ability to create custom reports.
21

Essentials also provides a significant superset of the functionality available in WSUS 3.0. Using
Essentials, an administrator can:

Install and uninstall applications on managed clients and servers. An organization might use
Essentials to deploy Microsoft Office, for example, or to distribute EXEs or MSI files containing
custom applications.

Distribute software updates and patches, whether received from Microsoft Update or supplied
locally.

Maintain an inventory of software and hardware assets. An administrator can create and view
reports on this information through the Essentials console, obviating the common practice in
smaller organizations of maintaining asset inventory in spreadsheets.

To be more approachable for the IT generalists it targets, the Essentials console provides an
uncomplicated user interface. As the screen shot below illustrates, for example, this interface can
provide an overview of a managed environment that includes monitoring status, software
deployment status, available reports, and more. The goal is to help its users do their jobs as
effectively as possible.

Likes the Operations Manager management server, the Essentials server runs only on Windows
2003 Server and Windows Server codename Longhorn. Similarly, Essentials is able to manage
the same set of clients, servers, and other devices that Operations Manager supports. And while
Essentials can perform the lions share of whats possible with Operations Manager and

22

Configuration Manager, its focus on smaller environments means that the product is also restricted
in some ways. Among the most important of these restrictions are the following:

The licensing model limits the environment Essentials can manage to no more than 500
desktops.

Although it does significantly more than WSUS 3.0, the configuration capabilities of Essentials
are more limited in some ways than whats provided by Configuration Manager. Essentials
cant install an operating system on a machine that doesnt already have one, for example, nor
can it use the SDM-based Desired Configuration Monitoring.

The reporting capabilities supplied with Essentials are more limited than those in Operations
Manager. Essentials has no separate data warehouse, for example, and so historical data
cant be maintained for long periods.

Unlike Operations Manager and Configuration Manager, Essentials cant automatically interact
with System Center Service Desk.

Despite these limitations, organizations that rely on IT generalists for system management tasks
might find Essentials an attractive choice. While bigger firms will be better off using the combination
of Operations Manager and Configuration Manager, many small and midsize businesses will likely
be happier with Essentials.

System Center Virtual Machine Manager

As hardware gets cheaper and more powerful, it often makes sense to run multiple applications on
a single server system. Consolidating applications onto fewer physical servers reduces the
complexity and the cost of managing those machines. Yet for a variety of reasons, applications
might need to run in isolation from one another. Virtualization, which provides the ability to run
multiple operating systems on a single machine, can make this possible.
To provide virtualization today for Windows servers, Microsoft provides Virtual Server 2005 R2.
Going forward, Windows Server codename Longhorn will include built-in virtualization
capabilities. Given these capabilities, more and more organizations will find themselves using
virtualization to run multiple applications on a single machine. Yet while reducing the total number
of physical machines surely reduces management costs, it also brings its own set of challenges.
The goal of System Center Virtual Machine Manager is to address those challenges. Scheduled to
be released in the second half of 2007, it allows managing both Virtual Server 2005 R2 and the
virtualization services in Windows Server codename Longhorn. Because the process of
consolidating applications has a number of steps, Virtual Machine Manager provides several
different services. To begin, it can help find good candidate applications for consolidation by
analyzing the historical performance data maintained in System Center Operations Managers
warehouse database. Once a candidate has been identified, Virtual Machine Manager provides
tools to help determine which physical server is best suited to run this application. It also provides a
central point for creating a virtual copy of a physical machine on this server, then assists in
transferring the application to its new home. Finally, Virtual Machine Manager provides a central
console for managing the potentially large number of virtual machines that might exist within an
organization.
Virtualization is a hot idea today, both in the Windows world and beyond. Its hot for good reasons
virtualization truly does offer the potential for reduced management costs. With Virtual Machine
Manager, Microsoft intends to make life in this new world as efficient and painless as possible.
23

System Center Capacity Planner 2006

Accurately sizing deployments is an ongoing challenge for the people who run computing
environments. Imagine, for example, an organization that wishes to install an Exchange Serverbased messaging infrastructure. This firm might have thousands of employees spread across
multiple locations. How can the people planning this deployment figure out how many Exchange
servers are required and where they should be located? Or think about an organization thats just
acquired another company: How should their Exchange deployment change to accommodate this
new addition?
Addressing challenges like these is the job of System Center Capacity Planner. Based on work
done by Microsoft Research, this tool provides a general framework for determining deployment
requirements. The goal is to help organizations better plan their deployments, more easily achieve
their performance goals, and more effectively justify their investments in infrastructure.
The product currently allows capacity planning for Exchange Server 2003 and MOM 2005. Its
general structure will allow adding other Microsoft products in the future, however, and Microsoft
has announced plans to let third parties create their own models for use with the tool. Capacity
Planner also has one more especially attractive attribute: Its available at no extra charge to MSDN
Premium or TechNet Plus subscribers.

Putting the Pieces Together: A System Center Scenario

One way to understand how a group of technologies work together is to look at an example of how
they can be used in concert. Think, for example, about how Operations Manager, Configuration
Manager, and Service Desk might work together to handle a failed Exchange server.

24

As the figure above shows, the process begins when the Operations Manager agent running on
the Exchange servers machine detects that this server process has shut down unexpectedly.
Based on a rule defined in the Exchange Server management pack, this agent immediately sends
an alert to the Operations Manager server (step 1). The Operations Manager server displays this
alert on the Operations Manager console, but as described earlier, the server can also
automatically ask Service Desk to start an Incident Management (IM) workflow to address this
problem (step 2). Like other Service Desk workflows, this one interacts with the service desk staff,
who determine that this Exchange server requires a patch (step 3).
To install this patch, the service desk employee whos handling this incident starts a Change
Management (ChM) workflow (step 4). This workflow contacts the Configuration Manager server,
requesting it to install the correct patch for this Exchange server (step 5). The Configuration
Manager server then causes the Configuration Manager agent on the Exchange servers system to
download and install that patch (step 6).

25

The figure above shows the rest of the process. Once the patch is installed, the Configuration
Manager agent informs the Configuration Manager server of the successful installation (step 7),
which in turn informs the Change Management workflow (step 8). The Change Management
workflow informs the Incident Management workflow that the problem has been resolved, then
shuts itself down (step 9). The Incident Management workflow next informs the Operations
Manager server of the resolution, allowing this server to close the alert (step 10), then shuts itself
down. Finally, the Operations Manager server tells the Operations Manager agent on the
Exchange servers system to run a task (defined by the Exchange Server management pack) that
restarts the patched Exchange server (step 11). Everything that happensthe initial alert, the two
workflows, and the patchis captured in various databases throughout these products, adding to
the historical store of knowledge maintained about the systems in this organization. This
knowledge can be used to improve the SDM models maintained by each of these three System
Center products.
This scenario doesnt involve every product in the System Center family. System Center Essentials
isnt used, for instance, since its intended to provide a unified solution for smaller organizations. Yet
its entirely possible that other System Center products are used in this environment. Data
Protection Manager might be used to back up the data on this organizations Windows file servers,
for example, and any virtual machine-based server consolidation might rely on Virtual Machine
Manager. Similarly, Capacity Planner may well have been used to size the Exchange installation
shown here. The diverse problems of system management require diverse solutions, and so the
System Center family contains a varied set of tools.

26

Conclusion
Even with the best tools, managing a complex distributed environment isnt easy. Yet the quality of
an organizations management softwareand how well it works togethercan make a significant
difference in system availability and management cost. Keeping an organization running means
keeping that organizations systems running, and so using the right tools to do this makes obvious
business sense.
The System Center family encompasses a group of technologies focused largely (although not
entirely) on managing Windows systems. Wherever possible, the members of this family use a
standard, model-based approach, allowing a common description of the systems being managed.
Especially for organizations with a significant investment in Windows, System Center can provide
the right foundation for managing their computing world.

For Further Reading

System Center:
http://www.microsoft.com/systemcenter

System Center Operations Manager 2007:

http://www.microsoft.com/mom/evaluation/beta/opsmgroverview.mspx

System Center Configuration Manager 2007:

http://www.microsoft.com/smserver/default.mspx

System Center Service Desk:

http://www.microsoft.com/systemcenter/sd/default.mspx

System Center Data Protection Manager 2006:

http://www.microsoft.com/systemcenter/dpm/default.mspx

System Center Essentials 2007:

http://www.microsoft.com/systemcenter/sce/default.mspx

System Center Virtual Machine Manager:

http://www.microsoft.com/systemcenter/scvmm/default.mspx

System Center Capacity Planner 2006:

http://www.microsoft.com/systemcenter/sccp/default.mspx

27

About the Author

David Chappell is Principal of Chappell & Associates (www.davidchappell.com) in San Francisco,
California. Through his speaking, writing, and consulting, he helps information technology
professionals understand, use, and make better decisions about enterprise software.

28