SCSM cumulative updates often require all management consoles to be updated once the infrastructure servers are updated. If you have a large amount of consoles this can be tedious.

See my previous post for infrastructure upgrade steps:

http://www.nn4consultants.com/2011/12/upgrading-scsm-2010-sp1-to-cu3/

With System Center Configuration Manager 2007 (SCCM 2007) the process is simple.

· Download the CU executable

· Created a Directory called Extracted

· Use 7z to extract the msp file and associated files

· In SCCM create a package and program to install (e.g. silent command: msiexec /p SCSM2010SP1_CU_KB2588492_i386_7.0.6555.128.msp /qn)

· Create a query based collection to find all SCSM installed consoles (use Workstation operating system filter)

· Create Advertisement to deploy

· Schedule the deployment after the Infrastructure update http://www.nn4consultants.com/2011/12/upgrading-scsm-2010-sp1-to-cu3/

Detailed Steps:

Extract the CU exe to a directory using an extractor (e.g. 7zip)
In the SCCM Console |Computer Management |Software Distribution |PackagesCreate a New Package
Provide a name and optionally a comment
Specify the Source directory for the extracted update files (navigate to the SCSM Patch folder)
Next
Next
Next |Next|Next
Close
Create the Install Program
msiexec /p SCSM2010SP1_CU_KB2588492_i386_7.0.6555.128.msp /qn
Configure as required and click Next
Change to Whether or not a user is logged on to ensure silent installation is successful
Configure as required and click Next
Next
Next
Review summary and click Next
Close
Add to Distribution Point(s)
Next
Select only standard distribution points (do not select the PXE)
Close

Create a Query Based Collection (SCSM Installed Consoles)

select * from SMS_R_System inner join SMS_G_System_INSTALLED_SOFTWARE on SMS_G_System_INSTALLED_SOFTWARE.ResourceId = SMS_R_System.ResourceId where SMS_G_System_INSTALLED_SOFTWARE.ARPDisplayName like “Microsoft System Center Service Manager SP1″ and SMS_R_System.OperatingSystemNameandVersion like “Microsoft Windows NT Workstation%”

SCCM Console |Computer Management |Collections |New Collection
Provide a name and appropriate comment for the collection
Click on the database icon to invoke the query based collection Wizard
Provide a name for the query and click Edit Query Statement ¦
Select the Criteria Tab
Click on the Sunshine button to invoke the Criteria Wizard
Select as shown |Click OK | e.g Class attribute = Installed Software |Attribute = ARPDisplay Name
Using an exiting Console Installed client check the display name : Programs and Features/Add Remove Programs Display Name. Record the display name
Use the display name captured in Programs and Features
Click the Sunshine button (add the Workstation OS restriction) NB: The patch is the same for the SCSM servers so prevent accidentally deploying to the management server by restricting the query to workstation OS only
Attribute Class = System Resource | Attribute = Operating System Name and Version
Restrict to Workstation Operating Systems only to avoid updating the Servers (NB though applicable to x64 only; it is best to prevent for all scenarios)
Click OK
Click Next
Click Next
Next | Next | Close

Create Advertisement to deploy the update to the collection

SCCM Console |Computer Management | Software Distribution |Advertisements
Provide a name and comments as appropriate |Browse to the package |select the Program | Assign to a collection
Initially assign to the test collection. Change the collection to a live collection once the deployment has been validated
Schedule as necessary
Test
Configure as appropriate and click Next
Configure as appropriate and click Next
Next |Review Summary |Next
Close

An area often overlooked during deployment of infrastructure applications is, exclusions from real-time scanning engines.

Below is the list of files and directories recommended for exclusion for SCSM (based on Forefront Protection)

Service Manager 2010 Files and Folders
%ProgramFiles%\Microsoft System Center\Service Manager 2010\Health Service State\*

Service Manager 2010 Processes
————————————————————————————————-
%programfiles%\Microsoft System Center\Service Manager 2010\HealthService.exe
%programfiles%\Microsoft System Center\Service Manager 2010\Microsoft.Mom.ConfigServiceHost.exe
%programfiles%\Microsoft System Center\Service Manager 2010\MonitoringHost.exe
%programfiles%\Microsoft System Center\Service Manager 2010\Microsoft.Mom.Sdk.ServiceHost.exe

The latest addition to the System Center suite of products requires a change in mind set and approach to unleash the value and benefits to organisations who invest in it.

In this blog we will explore

The connection between frameworks and how we work

How to make frameworks like ITIL and MOF work for you

An introduction to the Administration node in SCSM Console and the business functions behind the node.

Frameworks and how we work

I received an expensive photo frame as a gift.

The colour, quality and dimensions were just right. This would be perfect for the lounge. As excited as I was, I knew I had a major challenge ; I had hundreds of digital pictures on my computer and phones that would need to be printed ;

Which would be my favourite picture

Right size of pictures

Manually swap the pictures out or use the same picture but which one?

Printing cost – photographic shop or expensive printer and photographic printer paper?

My solution

Use my new static photo frame as a guide on dimensions for a digital photo frame

Get a digital frame of the same dimension

Result

Display multiple pictures, sort by occasion and significantly reduce my cost.

SCSM – Making frameworks like ITIL and MOF work fork you

ITIL is an international framework which enables an organisation to address the challenge of providing excellent services without high costs. MOF is Microsoft’s framework for achieving the same result. ITIL does not state specific technology however, MOF is aligned with the Microsoft products that enable organisations to adopt and adapt both frameworks.

More on MOF here and ITIL here

Microsoft System Center Service Manager provides you the ability to apply ITIL and MOF frameworks in a digital photo album framework style, instead of, the traditional static photo frame style which has hidden costs and flexibility challenges.

Let me unpack this for you

Static frame type products require on-going customisation that introduces cost, e.g. cut the picture to fit the framework; modify the frame to fit the picture.

SCSM is built for customization – save your picture in multiple formats and sizes, preview before displaying and transport with ease, at a lower investment with great returns

Real work introduction to SCSM

To get the value of SCSM let us start with a foundation and build our ITIL/MOF processes on this core area of the product.

When you complete the installation of SCSM you are introduced to the SCSM console

So where do you start?

In this section we will explore the Administration node

Announcements

Used to communicate proactive messages to organisation. Messages can be configured to expire automatically, priority assigned and role based security is applied to control quality of messages.

Active announcements are the announcements that have not expired (as set by the SCSM administrative user)

Connectors

This node is used to create connectors to other systems like Active directory, SCCM , OpsMgr and other 3rd Party Systems

We can also use the CSV connector to upload data into SCSM

We will discuss connectors in detail in a future bog

Deleted Items

SCSM objects that have been deleted (first phase deletion – similar to a recycle bin).

Once an object is deleted from the Deleted Items, it is removed from the Service Manager database

Management Packs (MPs)

SCSM container or bucket for the default objects and how they are configured. Similar to OpsMgr MPs

There are 2 types , sealed and unsealed

Sealed = Read only and signed by you or the supplier of the MP to guarantee author source

Unsealed = Read /write. You can do a Save As on a sealed read only MP (i.e. export and then modify)

MPs are created and configured in a number of tools. The default for the SCSM administrator is the SCSM Authoring Tool (stand-alone and external to the console) and also within the SCSM Administrative console. Advanced developer type customisations to extend the product are typically performed in Visual Studio and similar tools.

Any customisation you make in the SCSM Administrative console needs to be stored in an MP, as most of the default MPs are sealed you need to create an MP for your customisations. The Authoring Tool has much more customisation functions and also extends the types of customisation that can be performed in the console in a controlled environment.

The MPs are the differentiator of SCSM from other products when it comes to customisation

Your customisation is stored in the portable container (MPs)

Move your customisations from development to production in a controlled manner

Share your customisations with other instances and also preserve during upgrades without the need for re-engineering costs.

Notifications

This where we configure foundation settings for notifications in other parts of SCSM Administration Console

Channels – the channel (SMTP infrastructure settings, default recipient etc.) for your notifications are configured here.

The first step in enabling email workflows (more on this in future blogs)

Subscription – who should we send notifications based on the workflow activity e.g. when a ticket is created for a queue or assigned to an individual.

Templates – preconfigured messages for your subscriptions, you are provided with default templates which you can copy and modify. You can also create your own (store it in an MP for portability).

Portal

This is where you customise the portal settings

Service Desk – Phone Number, email and Chat URL with their expected response times

What applications are published for users of the portal (has a dependency on the SCCM connector)

Automated Software Deployment workflow for users when they request published software (depends on the SCCM Connector and SCCM configured to allow the creation of deployment objects)

Security

Run As Accounts – connector and service manager controlled user accounts are configured and stored here. Examples include the installation accounts, Active Directory connector account etc. This will vary by environment (refer to the SCSM documentation for best practise guidance).

User Roles – Where we configure role based security settings; who has access to do what and what objects do they have access to do what on.

Settings

Configure general settings here like

Incident ticket Prefix (default is IRxxx where xxx = sequence of numbers incremented with each new ticket)), Change Request Prefix (default is CRxxx where xxx = sequence of numbers incremented with each new change request) , Priority calculation matrix and your custom resolution time settings for incidents are all the types of settings configured here.

OpsMgr URL (part of OpsMgr integration)

Workflows

This is where we use the guidance from our frameworks like ITIL, MOF and also how our organisation really works to automate the associated processes. Examples include

Routing tickets to a different team (SCSM term is Tier) based on the priority of a ticket or a category (e.g. Messaging category tickets get assigned to the messaging team and also moved to the messaging Queue (more on Queues in a future blog)

Configuration – Where we make configuration changes to the workflow (NB Workflows we create in the SCSM Authoring Tool will be displayed where once we have imported the relevant MP into the SCSM console).

Status – View the status of your workflows once they have been executed as specified in the specific workflow.

Bringing it all together

In this blog we explored the connection between industry standard frameworks and how we really work. We also discussed how SCSM allows you to bridge the gap between the frameworks and how we really work in our respective environment.

Finally we explored the Administration node of the SCSM console, providing a general explanation of the sub-nodes and their functions.

The detailed step by step guides for the SCSM can be found here . We will discuss other parts of the console in future blogs.

20 years after the historical event, the breakdown of the Berlin wall dividing East and West , I sit in the lounge of a hotel writing this blog.

Now you may ask what does this have to do with System Center Service Manager (SCSM)?

To answer the question I will give links to the System Center Suite of products where you get detailed information. I will then cover the divide between the products (our Berlin wall) and finally tell you a little bit about SCSM.

The suite is at the time of writing made up of the following

System Center Configuration Manager Product Information

System Center Operations Manager Product Information

System Center Data Protection Manager Product Information

System Center virtual Machine Manager Product Information

The products in the suite individually serve a number of business challenges and help to drive the integration of IT with the business. The overall goal is to turn the suite into a strategic IT asset, drive down business costs, compliment and, enable business IT maturity.

A challenge for implementers and the business who have invested in the suite is the question of integration. The products are loosely technically integrated, fully integrated by brand name and, by a number of licensing models.

Full technical and business process integration requires customization either by in-house expertise or outsourced expertise (products/people).

SCSM addresses the integration challenge of the suite and I believe would be a key enabler to businesses driving to make IT a strategic asset/business differentiator.

SCSM overview:

SCSM is a platform not a product, it provides the integration point for the rest of the suite, enables extensions from partners and drives the automation of business processes.

This is the link to the SCSM site for an extensive overview and resourceshttp://www.microsoft.com/systemcenter/en/us/service-manager.aspx.

Below are example of integrations and business value derived from the SCSM platform.

Example 1: Configuration Manager and Active Directory

Example 2: Configuration Manager, Operations Manager and Active Directory

The Future

At the beginning of this article I talked about history in order to share the vision of the future. I spent 2 great days at the TAP customer event in Berlin and saw firsthand the direction and commitment by the product team to deliver a future best in breed product to meet a very real and relevant business need. I believe SCSM will shift the paradigm of the traditional service desk tools/products in the market now and shape the future of how we view our service desk.

SCSM beta 2 is available to the public now and is scheduled to go RTM in the first half of 2010.

Try SCSM and look out for more blog articles on implementation tips and best practises from myself and Jannes Alink SCCM MVP (a great friend and colleague)

Creating a view for your Reports

The SMSDEF.MOF file update creates the following tables Software_Updates_V4_Data and Software_Updates_V4_HIST. The following SQL script can be used to create a custom SQL view for reports. I have included the computer names from V_R_System and the site code from v_RA_System_SMSInstalledSites

Make sure you change the database name to your Config Manager database name before using. Also the name of the view can be edited to suit you own naming convention.

USE [SMS_XXX]
GO
/****** Object:  View [dbo].[V_Custom_Update_Status]    Script Date: 10/20/2007 17:06:38 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE VIEW [dbo].[V_Custom_Update_Status]
AS
SELECT DISTINCT
TOP (100) PERCENT  dbo.v_R_System.ResourceID, dbo.v_R_System.Netbios_Name0 AS ClientName, dbo.v_RA_System_SMSInstalledSites.SMS_Installed_Sites0 AS Site_Code,
dbo.Software_Updates_v4_DATA.Article00 AS KB_Number, dbo.Software_Updates_v4_DATA.Bulletin00 AS Bulletin_ID,
dbo.Software_Updates_v4_DATA.ScanTime00 AS Scan_Date_Time, dbo.Software_Updates_v4_DATA.Status00 AS Update_Status,
dbo.v_R_System.Operating_System_Name_and0 AS OS, dbo.Software_Updates_v4_DATA.Title00 AS Update_Title
FROM         dbo.v_R_System INNER JOIN
dbo.Software_Updates_v4_DATA ON dbo.v_R_System.ResourceID = dbo.Software_Updates_v4_DATA.MachineID INNER JOIN
dbo.v_RA_System_SMSInstalledSites ON dbo.Software_Updates_v4_DATA.MachineID = dbo.v_RA_System_SMSInstalledSites.ResourceID
ORDER BY Bulletin_ID DESC

Granting Select Permissions on the custom View

The following roles Smsschm_users and webreport_approle need to be granted select permission on any custom views created. Without performing the permissions step, the reports will only work in SQL Server Management Studio.

Sample Report Query

The following is a sample query to create a summary report from the new view (make sure your edit the view name if you did not use the suggested name). Modify to suit your needs.

SELECT Bulletin_ID, KB_Number, OS,(100 * Installed /(Installed+Applicable)) AS ‘%Compliant’, Installed+Applicable AS Total
From (Select Bulletin_ID, OS, Update_Title AS BulletinInfo,
SUM(CASE WHEN Update_Status = ‘Installed’ THEN 1 ELSE 0 END)as ‘Installed’ ,
SUM(CASE WHEN Update_Status = ‘Missing’ THEN 1 ELSE 0 END) AS ‘Applicable’
from v_Custom_Update_Status
where Bulletin_ID like ‘MS08-%’AND OS LIKE ‘%Server%’
group by Bulletin_ID,OS,Update_title) AS ps
Order by Bulletin_ID DESC, OS

The report is filtered on all security updates for the year 2008 and by server operating systems only. Edit the filters to change the year and the operating system as needed.

The release of System Center Configuration manager has seen a vast improvement in security update management. The improvements have introduced new ways of doing familiar tasks

No Security updates compliance at the parent site without a SUP:

Prior to Config Mgr 2007 software update compliance information propagated up the SMS hierarchy following a parent child connection. No additional configuration was required once the parent child relationship was established. Each child site could manage software updates with no dependency on components at the parent site. The new version of SMS has removed this functionality. In order for a parent site to receive software updates compliance information a new component setting has to be enabled (Software Updates Point –SUP). The new SUP role forms its own hierarchy where only the highest SUP in the hierarchy synchronises directly with the internet for new software updates availability. Child site SUPs will not be updated until the parent site SUP is updated.

The ability to use a central site for consolidated reporting is no longer possible without adding this additional layer in you Config Mgr design. Another challenge is the ease of creating summary reports on security update compliance. The new state message based reports though excellent will present challenges for seasoned SMS administrators tasked with creating management summary reports.

How to get compliance information at a parent reporting site without a SUP:

This is how to get summary security update status to your parent sites without creating a SUP hierarchy. The solution uses the hardware inventory process to collect summary security update information. This is basic security update information and ideal for creating your management reports. This does not remove the requirement for a SUP at the client’s assigned site.The status of an update is either installed or missing. The information also depends on the old time lag required to receive hardware inventory information from clients.

Steps are as follows:
Edit the SMS_DEF.MOF file and append the reporting class data at the end of this article
Stop sms_executive on parent site
Change sms_def.mof file in: %ConfigMgrInstallDir%\inboxes\clifiles.scr\hinv (Append the class CCM_UpdateStatus at the end of the file.)
Start sms_executive on the parent site
Repeat steps 2-4 for child site where the SUP is installed
Make sure policy is updated on clients assigned to child site
Run scan/install updates on the clients
Run HINV cycle on client (or wait for cycle to run per schedule)
Check dataldr.log on the child site, once HINV is received; Software_Updates_V4_DATA table is created in the database with all the info as per the class below.
Same table gets created on the parent site’s database as well

NB: There is no need to compile the SMS_DEF.MOF as this is now done by the site server and clients updated through policy changes. Test this on a lab instance before applying to production sites.This has been tested on Config Mgr 2007 SP1. Append this to the SMS_DEF.MOF:
//————————————-

// SMS – Software Update Status

//————————————-

[SMS_Report(TRUE),

SMS_Group_Name("Software Updates v4"),

SMS_Class_ID("MICROSOFT|UPDATESTATUS|1.0"),

Namespace("\\\\\\\\.\\\\root\\\\ccm\\\\SoftwareUpdates\\\\UpdatesStore")]

class CCM_UpdateStatus : SMS_Class_Template
{

[SMS_Report(TRUE), Key]

string UniqueId;

[SMS_Report(TRUE)]

string Title;

[SMS_Report(TRUE)]

string Bulletin;

[SMS_Report(TRUE)]

string Article;

[SMS_Report(TRUE)]

string Language;

[SMS_Report(TRUE)]
string SourceUniqueId;

[SMS_Report(TRUE)]

DateTime ScanTime;

[SMS_Report(TRUE)]

uint32 SourceVersion;

[SMS_Report(TRUE)]

uint32 RevisionNumber;

[SMS_Report(TRUE)]

string Status;

[SMS_Report(FALSE)]
CCM_SourceStatus Sources[];

};

In my next article I will provide details of reports which can be created using data from this class, including an SQL view.