System Center Configuration Manager 2007 : Architecture Design Planning - Device Management Planning

8/14/2012 5:50:19 PM
The proliferation of smartphones, PDAs, and other mobile devices presents a wide range of challenges and opportunities to IT organizations. Applications on these devices, along with access to corporate email, instant messaging, and line-of-business applications, are vital to the productivity of an increasingly mobile workforce. Devices such as point-of-sale systems and RFID scanners play business critical roles in many enterprises. To effectively deploy and support mobile devices, it is essential to implement device configuration standards, efficiently install applications to those devices, and secure both data on the devices and connections into the enterprise network.

A number of point products (products providing a solution to a single problem) exist for mobile device management. Using Configuration Manager for device management has several advantages over using a separate device management solution:

  • You can leverage the same infrastructure you have deployed, licensed, and supported for computer management.

  • Device data will be integrated into your Configuration Manager database.

  • Configuration Manager enables you to use a consistent approach for managing all systems.

Configuration Manager 2007 device management extends a subset of ConfigMgr client services to a variety of mobile devices running the Windows Mobile and Windows Embedded CE operating systems.

Some point products offer a more extensive set of device management features than Configuration Manager provides, and they support a more extensive array of devices. You should consider the range of devices you need to support and your management needs, as well as cost, in deciding on a device management solution.

Using Configuration Manager for device management provides several benefits:

  • Hardware and software inventory supply data about the mobile devices you support and the applications installed on those devices:

    • Although hardware inventory on PCs relies on configuration data exposed through WMI, because mobile devices do not support WMI, this limits the information you can collect. Basic device information gathered includes CPU, device name and ID, memory, phone number, user, and OS details. This is essential data for targeting software distribution and asset management.

    • Software inventory is similar to software inventory for PC clients.

  • File collection allows you to back up files from mobile devices and acquire file-based data from mobile devices for use in enterprise systems. Typical file collection tasks include centralizing contact information and acquiring data stored in files on embedded systems.

  • Software distribution enables you to deploy Windows Mobile, Windows CE, and Pocket PC–based applications needed by mobile workers.

  • Mobile device configuration items allow you to enforce options such as device locking and password options on mobile devices in your enterprise.

Windows CE Operating Systems

In the early 1990s, Microsoft undertook two innovative but unsuccessful attempts to create Windows-based handheld devices. In 1994, Microsoft combined the development teams to form the Windows CE team. Two years later, Microsoft released the first version of Windows CE for the then nascent PDA market. The Windows CE kernel is not based on the Windows kernel, but is designed to provide Windows-like functionality with minimal computing resources.

Over the years a variety of operating systems and devices based on the CE kernel have been released under brands such as Windows CE, Palm PC, Pocket PC, Smartphone, and Windows Mobile. Today’s Windows CE core supports component-based, embedded, real-time operating systems requiring minimal storage.

Two distinct families of operating systems are now based on Windows CE technology:

  • Windows Mobile family— Designed for smartphones and PDAs

  • Windows Embedded CE— Used in a wide variety of embedded applications.

About XP Embedded Clients

In addition to Windows CE Embedded, Microsoft offers an embedded OS based on the XP kernel. Windows XP Embedded has a much larger memory and storage footprint than the CE Embedded version, and it’s designed for more capable and complex systems such as industrial robots and advanced set-top boxes. You can manage these devices with the standard ConfigMgr client. If you need to manage XP Embedded clients, consider the following specific points:

  • XP Embedded clients will appear in the All Windows XP Clients collection by default. You should create a collection based on the Windows Management Instrumentation (WMI) attribute OS_Product Suite = 64 to manage your XP Embedded clients. 

  • Many XP Embedded clients have special attributes you will want to inventory that are not included in the standard hardware inventory. You will want to add custom classes to capture this inventory data.

  • You must disable the XP Embedded Service Pack 2 Feature Pack 2007 disk protection features during software distribution and software updates. To do this securely, you should first reboot to a clean configuration to clear any malware that might be in RAM. You should also re-create the hibernation file after updates. Re-creating the hibernation file is required if the protected partition has been updated and may require manual intervention.

Communicating with Site Systems

Mobile devices communicate with site systems through the HTTP/HTTPS protocol. A Configuration Manager site must be in native security mode to manage Internet-based mobile devices. Mobile devices connected through a VPN gateway can receive services from mixed mode sites; however, this configuration requires configuring Internet Information Services (IIS) for anonymous access on the distribution point.

Three Configuration Manager site systems communicate directly with mobile devices:

  • Mobile Device Management Point (MDMP)— Mobile devices receive policy from the MDMP and send inventory, state, and status messages as well as collected files to the MDMP. Before configuring an MDMP, first configure the server as a management point and have IIS installed with BITS and WebDAV (Web-based Distributed Authoring and Versioning) enabled. To enable a management point for device support, check the Allow devices to use this management point box on the management point’s properties page, as shown in Figure 1.

    Figure 1. The device management point’s properties page

    This page is located in the Configuration Manager console under System Center Configuration Manager -> Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Site System -> <Site System>.

  • Distribution Point— Mobile devices download content from distribution points, much like standard clients. To support mobile devices, a distribution point must have the Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS option enabled. In addition, if the site is in mixed mode, you must enable the Allow clients to connect anonymously option for device support. Enable these options on the General tab of the distribution point’s properties page, displayed in Figure 2.

    Figure 2. Device management settings on the distribution point’s properties page

    To access this page, navigate to System Center Configuration Manager -> Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Site System -> <Site System> in the Configuration Manager console. Although you must enable BITS on the distribution point, devices do not actually use BITS to download content.

  • Fallback Status Point (FSP)— A mobile device can contact an FSP to report status if it is unable to contact its management point.

Installing Client Software

Just as the Configuration Manager client must be installed on managed computers, client software must be installed on mobile devices before they can receive Configuration Manager services. The options available to install the mobile device client depend on whether or not your devices synchronize with a PC through Mobile Device Center for Windows Vista or use ActiveSync for Windows XP.

Tip: About Windows Device Synchronization Technologies

Using Mobile Device Center or ActiveSync simplifies the installation process via a platform-agnostic installation folder. The client installation program (DMClientXfer.exe) on the synching PC will automatically select and install the correct version of the mobile client for the OS on the device. To distribute the mobile device client to a device that synchronizes with a PC, the following options are available:
  • You can copy the installation folder to the PC and manually run DMClientXfer.exe from the connected device.

  • If the PC is a Configuration Manager client, you can use software distribution to deploy an advertisement to the PC, which will automatically initiate setup when the device synchronizes.

For those devices that do not synchronize with a PC though Mobile Device Center or ActiveSync, you will need to create a platform-specific installation folder with the correct versions of the setup files. You then place the folder on a location that is accessible to the device, such as a memory card or network share. You can initiate the platform-specific setup program (DMInstaller <platform type>.exe) manually from the device. Regardless of the installation method used, the installation folder must contain the following items in addition to the client setup files:

  • The mobile client settings file, DMCommonInstaller.ini, for installations through a Mobile Device Center or ActiveSync-connected PC, or ClientSettings.ini for other installations. The settings file contains installation options, information needed to contact the Configuration Manager site, certificate metadata, and other information.

  • Any required certificates for native or server authentication mode.

After installing the client, you can send upgrades over the air using ConfigMgr’s software distribution functionality.

Configuring Client Agent Settings

The Mobile Device Client Agent settings control the schedule, options for policy downloads, and inventory. You can configure these settings on the properties page under System Center Configuration Manager -> Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Client Agents -> Device Client Agent in the ConfigMgr console. Figure 3 shows the default settings for the General tab of the client agent properties page, which controls the policy download schedule and retry settings.

Figure 3. Device Management agent general properties

Figure 4 shows how to enable file collection and collect all files with the .log extension. The remaining tabs are used to enable or disable hardware and software inventory and software distribution, and to set the frequency of hardware inventory.

Figure 4. Configuring the Device Management agent to collect log files

  •  System Center Configuration Manager 2007 : Architecture Design Planning - Software Update Planning
  •  Programming .NET Components : Marshaling-by-Reference Activation Modes (part 2) - Server-Activated Singleton
  •  Programming .NET Components : Marshaling-by-Reference Activation Modes (part 1) - Server-Activated Single Call
  •  Programming .NET Components : Remoting - Remote Object Types
  •  Active Directory Domain Services 2008 : Seize the RID Master Role, Seize the PDC Emulator Role, Seize the Infrastructure Master Role
  •  Active Directory Domain Services 2008 : Seize the Schema Master Role, Seize the Domain Naming Master Role
  •  Synology DS212+
  •  QNAP TS-219P II Turbo NAS
  •  Netgear Readynas Duo V2
  •  Iomega Storcenter Ix2 Network Storage Cloud Edition
  •  Freecom Silverstore 2-Drive NAS 2TB
  •  IBM WebSphere Process Server 7 : Installing WID on Windows
  •  IBM WebSphere Process Server 7 : WebSphere Integration Developer overview
  •  D-LINK Sharecenter Shadow DNS-325
  •  Choosing A... NAS Device (Part 2)
  •  Choosing A... NAS Device (Part 1)
  •  Buffalo Linkstation Pro 2TB
  •  Collaborating via Blogs and Wikis : Evaluating Wikis for Collaboration
  •  Collaborating via Blogs and Wikis : Evaluating Blogs for Collaboration
  •  Collaborating via Social Networks and Groupware : Evaluating Online Groupware
    Top 10
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 2)
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 1)
    Brother MFC-J4510DW - An Innovative All-In-One A3 Printer
    Computer Planet I7 Extreme Gaming PC
    All We Need To Know About Green Computing (Part 4)
    All We Need To Know About Green Computing (Part 3)
    All We Need To Know About Green Computing (Part 2)
    All We Need To Know About Green Computing (Part 1)
    Master Black-White Copying
    On-Scene Portrait Photography Techniques
    Most View
    Windows Server 2003 : Fundamentals of Backup
    HP Envy 3D Ivy Bridge Version
    Architecting Applications for the Enterprise : UML Diagrams (part 3) - Sequence Diagrams
    CSL Switch Dual II MI357 : Bait And Switch
    Windows Phone 7 Development : Understanding Trial and Full Modes (part 1) - Using the IsTrial Method
    How To Buy… A Gaming Case (Part 1)
    Do You Need A Virtual Firewall?
    Sony Xperia Go - Designed With Extra Durability (Part 1) - Design and waterproof ability
    The Most Wanted Products That We Cannot Wait! – November 2012
    Helping Clients Buy What They Want And Love It
    Got Yourself A Fancy New Nexus Flexus
    Microsoft Surface and Its Competitors
    Microsoft ASP.NET 3.5 : Caching Application Data (part 3) - Practical Issues
    The Effect Of IOS And Facebook On Shutterbugs (Part 1)
    Intel Core i5-2500K
    Apple, Google to meet with Schumer over privacy concerns
    Visual Studio 2010 IDE : Exporting Templates
    Exploiting SQL Injection : Out-of-Band Communication
    Adobe Flash Catalyst CS5 : Using the Drawing Tools (part 2) - Draw ellipses and circles, Drawing lines, Drawing other shapes, Adding text
    Best Photo Printers Revealed – Jan 2013 (Part 6)