1 / 27

Windows Server Deployment Planning Services

Windows Server Deployment Planning Services. Implementing Unified Device Management. PARTNER ENGAGEMENT GUIDE. Contents. Engagement Overview Unified Device Management Overview Engagement Options and Structure 3 Day Engagement Details 5 Day Engagement Details

louis
Télécharger la présentation

Windows Server Deployment Planning Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server Deployment Planning Services Implementing Unified Device Management PARTNER ENGAGEMENT GUIDE

  2. Contents Engagement Overview Unified Device Management Overview Engagement Options and Structure 3 Day Engagement Details 5 Day Engagement Details Engagement Details, Phases and Resources Engagement Preparations Kick-Off Discussion and Assessment UDM Implementation Plan Pilot Activities Completion Report Outline Program Requirements Learn More Appendix Pre-Engagement Required Preparations

  3. Unified Device Management Overview Implementing Unified Device Management engagement is designed to help customers move to unified device management (UDM) with System Center 2012 Configuration Manager SP1 and Windows Intune. UDM enables an on-premise management infrastructure to be extended to manage Windows Phone 8, Windows RT, iOS and Android mobile devices. Mobile device management (MDM) can be performed directly through the Windows Intune service, or through Exchange ActiveSync (EAS), depending on the types of devices to be managed. Devices & Platforms Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded • Single admin • console Mac OS X Windows Intune Windows RT, Windows Phone 8iOS, Android IT

  4. Engagement Options Choose from 3 or 5 days ACTIVITY • Customers with legacy PC management solutions could choose to deploy a new System Center 2012 Configuration Manager environment that is initially dedicated to UDM & independent of the legacy management solution.

  5. Engagement Structure and Prerequisites Customize the engagement to meet your customer’s unique requirements Engagement Activities Understand the customer’s business objectives and assess the device and computer environment for UDM readiness Create a UDM Implementation Plan to prepare the customer to moveto UDM Run production pilots to demonstrate the value of UDM • System Center 2012 - Configuration Manager SP1 is required for this UDM solution. If this is not in place, you will need to plan with your customer to get this in place either before or during the engagement to successfully complete the implementation. • Important note: No time has been allocated during the engagement to deploy new instance of System Center 2012 Configuration Manager SP1. If this is required to complete the engagement we recommend a minimum of a 5 day engagement and the partner is expected to automate as much of the deployment in advance to ensure time to complete the required deployment tasks. • If your knowledge of your customer environment allows you to move more quickly through the engagement, and complete further steps than those suggested in the engagement, you should skip ahead and roll-out the UDM infrastructure to other production devices. The program will honor the engagement as long as the final required deliverable reflects and justifies the tasks completed.

  6. Implementing UDM – 3 Days Engagement Activities • Pre-engagement Questionnaire • Determine Customer Prerequisites/Requirements • Planning of the UDM pilot and solution implementation (planning worksheet) • Limited Production Pilot – setting up the UDM infrastructure • Deliverables • Final report including assessment results, UDM plan and Production Pilot report (required for payment) • Limited Production Pilot • Conduct a limited production pilot and set up the UDM Infrastructure, and begin to demonstrate the benefits (preferably on some production devices). This pilot requires some activities to have been completed during the pre-engagement phase • See the list of production pilot activities and supporting resources in the Production Pilot Activities section

  7. Implementing UDM – 5 Days Engagement Activities • Pre-engagement Questionnaire • Determine Customer Prerequisites/Requirements • Planning of the UDM pilot and solution implementation (planning worksheet) • Limited Production Pilot – setting up the UDM infrastructure and rolling it out to additional production devices • Deliverables • Final report including assessment results, UDM plan and Production Pilot report (required for payment) • Extensive Production Pilots • Conduct an extensive production pilot including setting-up the UDM Infrastructure, demonstrating the benefits, rolling-out to other to additional production devices and provision as many as times allowed. This pilot requires some activities to have been completed during the pre-engagement phase. See Production Pilot Activities section • If customer’s environment requires deployment of a new System Center 2012 Configuration Manager SP1 environment that is initially dedicated to UDM, you can choose to conduct limited production pilot similar to the 3 days engagement, if times does not allows extensive pilot due to required deployment of Configuration Manager

  8. Engagement Details, Phases and ResourcesEngagement PreparationsKick-Off Discussion and AssessmentUDM Implementation PlanPilot Activities Completion Report Outline

  9. Engagement Preparations Pre-Engagement Required Activities Below is a list of pre-engagement activities with supporting resources. These first steps apply to all UDM DPS engagement types. Before you start the engagement, start assessing the customer readiness, requirements and environment by asking the customer to complete thepre-engagement questionnaire. This will enable you to: Establish Engagement Scope: What business problems are the customer trying to solve? What devices does customer want to enroll during pilot? What apps does customer want to publish during pilot? Establish Type of Engagement: Establish whether to conduct a 3 day or 5 day engagement, and the extent of the pilot Engagement Pre-Requisites If the customer does not have the appropriate certificates and keys, complete the process of obtaining these for the customer before you start conducting the engagement (this might take a few weeks to process). Details on requesting certificates and keys are included in the Appendix Verify that System Center 2012 SP1 - Configuration Manager is already installed in the customer environment Note that these activities must be completed BEFORE the commencement of the engagement.

  10. Engagement Preparations Pilot Preparation Required Activities Below is a list of pre-engagement activities with supporting resources. Check: It is essential to identify any scope or deployment blockers in the engagement now, so those questions are asked BEFORE the onsite engagement. Use the pre-engagement questionnaire to determine any such issues. Environment: Verify the Configuration Manager environment • Identify a Configuration Manager site to use, and a Configuration Manager server with good Internet access. Identify another domain-joined computer to run DirSync. If customer wants to manage domain-joined PCs remotely, plan for Internet-Based Client Management (IBCM): • Overview: http://technet.microsoft.com/en-us/library/bb693755.aspx • Planning: http://technet.microsoft.com/en-us/library/gg712701.aspx • Supported Scenarios: http://technet.microsoft.com/en-us/library/bb693824.aspx • Pre-requisite tasks: • Create Windows Intune Subscription: • Obtain Windows Intune accounts through a Volume License Agreement (VLA), through the Windows Intune Add-on for System Center Configuration Manager license • If customer already uses Office 365, or other Microsoft online service, it is recommended that the same Live ID is used for Windows Intune, so that communications from Microsoft regarding Intune will be picked up in same way as for the customer’s other service(s) (see Appendix). • (Optional) Add public DNS details for enrollment redirection and link to Windows Intune: • Configure a CNAME in the customer’s DNS that redirects EnterpriseEnrollment.<company domain name>.com to EnterpriseEnrollment.manage.microsoft.com. Note that these activities must be completed BEFORE the commencement of the engagement on site.

  11. Customer Kick-Off Discussion and Preparations Day 1 of Engagement Start the engagement with a customer meeting and discuss: Pre-engagement questionnaire: • Assessment of the customer answers • Ask for any additional information to explore any gaps in customer data, and to obtain other relevant details to help conduct a successful pilot Solution cost estimate - work with your customer to define: • Setup costs and monthly subscription costs • For Partner information on licensing, see Windows Intune Purchasing and Support Guide at: https://partner.microsoft.com/download/US/40163306 Goals for the engagement and what will be achieved by the end of it:

  12. Kick-Off Discussion Outcomes Check list for customer information required for conducting the pilot Configuration Manager 2012 SP1 environment for UDM planning Make sure you have all the information about the customer’s Configuration Manager infrastructure: • Determine whether the Windows Intune connector and subscription will be setup on the single Primary site, or on the CAS (Central Admin Site) in a multi-primary site infrastructure. Refer to the following slide for example infrastructures, and note that: • Windows Intune connector site server role must be installed on a machine that belongs to the topmost site code, either standalone primary or CAS • If using a CAS, the Windows Intune subscription “site code” is the primary site you want devices to connect to Identify the teams to be involved in UDM planning AD Team – DirSync (note that ADFS 2.0 is beyond the scope of this engagement, and is a recommended post-engagement project) App Team – Mobile Device Enterprise Certificate • App team will need to be involved if customer wishes to publish custom Windows Phone 8, or Windows RT apps, as these apps must be signed Security Team – Policy definitions Record contact names and details for named people in each team Discussion and Assessment Outcome UDM implementation plan Suggested high-level plan for implementing UDM in the customer’s production environment Use the Planning Worksheets to create a plan and document the activities

  13. Configuration Manager Infrastructure A. Stand-alone Site B. Multi-site Devices Devices Enrollments Enrollments Windows Intune Windows Intune Windows Intune Connector Site Server Role Windows Intune Subscription for Site Code “DEF” will set this as the mobile devices reporting site Windows Intune Connector Site Server Role Windows Intune Subscription for Site Code “ABC” CAS • Site: ABC • Site: GHI • Site: DEF

  14. UDM Implementation Plan (1) Create a plan for your customer to implement and move production devices to UDM. Pre-implementation: Device Inventory and Infrastructure: • Perform a device, desktop/laptop inventory; use the pre-engagement questionnaire as source of this information • Obtain Directory Services/Active Directory details • Obtain Exchange Server details • Confirm the Configuration Manager 2012 SP1 site to use, and Configuration Manager server with good Internet access • Confirm the domain-joined computer to run DirSync Implementation: Information Assembly: • Define Settings and Policies: • Configuration Manager compliance settings (DCM) for mobile devices • Intune policies for “edge” desktops/laptops • Exchange EAS settings to use for specific devices • List Devices and Computers to include in the pilot • Which device platforms to enroll? • Which computer platforms to manage? • List Users to include in the pilot • Which users to DirSync? • Which users to exclude from DirSync? • Which users to include in Configuration Manager user collection? • Define Self-service • Portal settings • Company/Organization name • Privacy website URL • Website name • Color scheme • Assemble Certificates and Keys • List the certificates and keys required for the production pilot • List the Apps to publish • What apps for each supported platform? • Which web links for each supported platform? The implementation plan should include the items below as appropriate for the customer’s environment and objectives, based the pre-engagement questionnaire, and kick-off discussion. Use the provided Planning Worksheetsto help you document the planned activities and share them with the customer.

  15. UDM Implementation Plan-Continued (2) Based on your customer’s objectives, the pre-engagement questionnaire, and kick-off discussion create a plan for your customer to implement and move production devicesto UDM. Implementation: Information Assembly: • Define administration user roles and accounts: • Customer has no existing Microsoft online services. • A new Microsoft online services primary User ID/Organizational account will have been used to sign up for Intune • This account becomes initial Global Administrator for all Microsoft online services • This account becomes 1stIntunetenant administrator • Customer has existing Microsoft online service(s). • The existing Microsoft online services primary User ID/Organizational account/Global Administrator will have been used to sign up for Intune • This account becomes 1stIntunetenant administrator In either case: • Who is responsible for the password and e-mail for the primary User ID/Organizational account/Global Administrator account? Role-based management; determine the accounts to be used for the following admin roles: • Windows Intune service administration • Windows Intune and AD password administration, and DirSync account to use • Windows Intune Billing administration • Corporate desktop/laptop administration • Configuration Manager retire, wipe, publish task account(s) • Configuration Manager service account(s) • SQL service account(s) • Determine the Configuration Manager Reports to create For example: • All mobile device clients • Recently wiped mobile devices

  16. Limited Production Pilot Activities (3 Days) Below is a list of suggested production pilot activities with supporting resources. Choose a series of pilot activities that helps your customer move to UDM. 3 day engagement – days 2 & 3 (in suggested order of execution)*: Verify DNS changes Verify that <company> domain has been added to Windows Intune Run the Office 365 Deployment readiness tool Verify users have public domain UPNs, and perform AD User Discovery Deploy and configure AD Directory Synchronization Reset user password, if not using ADFS Activate users Configure Configuration Manager for Mobile Device Management: • Create Windows Intunesubscription – no devices • Configure Windows Intune Connector site system role • 3 day engagement – days 2 & 3 (continued): • Use logs to verify that Configuration Manager is successfully connecting to Windows Intune service • Configure MDM policies • Configure Windows Intunesubscription for Windows RT and Windows Phone 8 devices • Install test devices, and verify enrolments Note that performing these activities may not necessarily fit into “3 day “ or “5 day” chunks; e.g. for some customers, performing all the appropriate “3 day” activities might actually take 5 days. The questionnaire and the kick-off discussion should help you fit the engagement activities to the customer. Make sure to include your considerations in the completion report. *Refer to the following System Center Configuration Manager Team Blog post for a detailed walkthrough of the key tasks: Configuring System Center 2012 Configuration Manager SP1 to Manage Mobile Devices Using the Windows Intune Service. The Windows Intune UDM PoCEngagement Materials also provides detailed step lists. These documents are contained in Windows_Intune_Unified_PoC.zip, and can be downloaded from Microsoft Connect:; you will need a Microsoft Connect account.

  17. Extensive Production Pilot Activities (5 Days) Below is a list of suggested production pilot activities with supporting resources. Choose a series of pilot activities that helps your customer move to UDM. 5 day engagement – days 4 & 5 (in suggested order of execution)*: Configure Windows Intunesubscription for iOS devices Install test devices, and verify enrolments Configure Windows Intunesubscription for Android devices Install test devices, and verify enrolments Device management: • Test retire and wipe • Use logs to verify operations App publishing: • Testing App and web link deployment • Company Portal Setup and Test Identify internet-based client management scenarios: • Branch offices • Road warriors Reporting: Identify and setup required reports • 5 day engagement – days 4 & 5 (continued): • Prepare user communications: • Explanations • User guides • Policies in English • E-mail templates • Help the customer to deploy the service to customers devices if there is time • Test pass • Troubleshooting (details) • Working with Microsoft Support • Best practices/recommendations (details) Note that performing these activities may not necessarily fit into “3 day “ or “5 day” chunks; e.g. for some customers, performing all the appropriate “3 day” activities might actually take 5 days. The questionnaire and the kick-off discussion should help you fit the engagement activities to the customer. Make sure to include your consideration in the completion report. *The resources listed on the previous slide are also relevant to the device enrolment, app publishing, and reporting activities in a 5 day engagement.

  18. Completion Report Outline Below is the outline for the completion report you should submit to Microsoft, in order to receive payment for the engagement. Use the Completion Report Template to write your report. A similar outline can be used for creating the final report that you will provide to the customer at the end of the engagement. Assessment Result and Engagement Considerations: Current Customer Situation: UDM readiness and objectives assessment, business requirements, and solutions considered Confirmation of type of engagement and your considerations: • 3 day production pilot • 5 day production pilot Team members and contacts UDM Implementation Plan Summary Settings and policies to use Devices to manage Users to sync with Windows Intune Self-service configuration Certificates and keys used (customer’s and partner’s own) Apps/web links to publish/deploy Administration user roles Reports required Production Pilot Considerations and Results Report Details of the production pilot: • Implementation steps completed • Devices and apps rolled out • Outcomes • Implications for the customer environment • If the engagement required deployment of a new UDM dedicated System Center Configuration Manger SP1 environment, please include summary of your activities on this report and any adjustment made to extent of pilot due to the deployment effort. Next steps discussed with customer - Suggestions for additional services that you can provide the customer post-engagement (see details in the next slide).

  19. Post-Engagement Activities and Next Steps Below is a list of suggested post-engagement activities. Choose a series of activities that helps your customer to continue the move to UDM and include them in your final report as additional services you can offer the customer. Suggestions for post-engagement activities and next steps: • ADFS Deployment: If the customer is not currently using ADFS, this should be a follow up engagement. • IBCM Configuration: If the customer does not use IBCM, work with them to configure this for their PC clients. • Mobile App Development: Work with the customer to develop new LOB apps and deploy them using the UDM solution. • Asset Tracking: Use the information from the UDM solution to create an asset report for the customer that includes the mobile devices used by the organizations end-users. • Post-implementation maintenance plan; ongoing maintenance per call can be provided through the Windows Intune portal: • Per incident charge if partner linked to customer's portal • Partner will need remote access to customer's Configuration Manager portal • For larger customers, partner could run the Configuration Manager server on another site • Extend the production pilot across the customer’s environment • Training requirements

  20. Program Requirements

  21. Engagement Eligibility an Requirements Customers who are interested in the Implementing UDM Engagement should: Have an existing System Center 2012 - Configuration Manager implementation in their production environment: • SP1 must be deployed prior to the engagement: • Planning to Upgrade System Center 2012 Configuration Manager • How to upgrade System Center 2012 Configuration Manager to SP1 Have Software Assurance points available to use for Deployment Planning Services Enable the partner to access relevant data for project success Partner organizations must: Have a Gold Competency in one of the following: • Management & Virtualization • Server Platform Register as an approved provider of Private Cloud Deployment Planning Services

  22. Learn More

  23. Tools & Resources Windows Intune • What's New in Windows Intune • Windows Intune Overview • Assigning administrator roles • Documentation Library for Windows Intune System Center Configuration Manager 2012 • Supported Configurations for Configuration Manager • Planning for Sites and Hierarchies in Configuration Manager • Documentation Library for System Center 2012 Configuration Manager Unified Device Management • How to Manage Mobile Devices by Using the Windows Intune Connector in Configuration Manager • EdgeShow 47 Unified Mobile Device Management • Deploying and Configuring Mobile Device Management Infrastructure with Microsoft System Center 2012 SP1 - Configuration Manager and Windows Intune • Configuring System Center 2012 Configuration Manager SP1 to Manage Mobile Devices Using the Windows Intune Service • Unified Modern Device Management with Microsoft System Center 2012 SP1 - Configuration Manager Integrated with Windows Intune • Application Delivery with Microsoft System Center 2012 SP1 - Configuration Manager and Windows Intune • Deploying Microsoft System Center 2012 SP1 - Configuration Manager with Windows Intune at Microsoft • Configure directory synchronization • How Can I Assign a New UPN to All My Users? • Manage Windows Azure Active Directory by using Windows PowerShell • Prepare for single sign-on • Plan for and deploy AD FS for use with single sign-on • How to Add and Remove Apps • Request an Apple Push Notification service certificate

  24. Appendix

  25. Pre-Engagement Required Preparations Obtain certificates and keys, and sign up for Windows Intune The UDM engagements cannot be performed without relevant certificates and keys, and obtaining these might take a few weeks to complete. Therefore, if the customer does not have these in place you should plan for requesting and obtaining them for the customer before you start the engagement: • Refer to the pre-engagement questionnaire to determine which devices and apps to support. • Do you, as the partner, have your own certificates/keys that can be used during this engagement? • If you need to obtain necessary certs/keys, this must be done BEFORE the start of the engagement: • How to Manage Mobile Devices by Using the Windows Intune Connector in Configuration Manager | Obtain Certificates or Keys to Meet Prerequisites per Platformsection • Windows RT: Prerequisites for Enrolling Windows RT Devices section in previous link • Windows Phone 8: Prerequisites for Enrolling Windows Phone 8 Devices section in previous link • iOS: Prerequisites for Enrolling iOS Devices section in previous link • Windows 8: How to Add and Remove Apps • For WindowsPhone8 only, a trial Application Enrollment Token (AET) and signed app are available to avoid the need to obtain a full production certificate and signed app during this engagement: • Support Tool for Windows Intune Trial Management of Window Phone 8 Windows Intune sign up must also be completed before the start of the engagement to allow time for DNS changes to be made and propagated: • If customer has no existing Microsoft online services: • Sign up for Windows Intune using a new Microsoft online services primary User ID/Organizational account. • This account becomes the initial Global Administrator for all Microsoft online services • This account will also become the Windows Intune signup account, and the 1stWindows Intunetenant administrator • If customer has existing Microsoft online service(s): • Sign up for Windows Intune using the existing Microsoft online services primary User ID/Organizational account/Global Administrator account, which will become the Windows Intune signup account, and the 1st Windows Intunetenant administrator. • In either case: you need to determine who is responsible for the password and e-mail for this account?

  26. Troubleshooting How you can help your customer troubleshoot the implemented solution Typical troubleshooting issues for device enrollment: Administrator has not configured mobile device management. Administrator has not enabled enrollment for specific device types. User is trying to enroll several devices at the same time or has more than 20 mobile devices in the system. User is not provisioned by IT admin. Windows Phone 8 Only: WP8 code signing certificate not configured properly. iOS only: Apple Push Notification Service certificate is not configured or expired, or device is not running iOS 5.0 +. Other useful troubleshooting tools: Speed Testing: use the following links to test the speed between your location and the datacenters inyour region. • Amsterdam, NL: http://trippams.online.lync.com • Blue Ridge, VA: http://trippbl2.online.lync.com • Dublin, IE: http://trippdb3.online.lync.com • Hong Kong: http://tripphkn.online.lync.com • San Antonio, TX: http://trippsn2.online.lync.com • Singapore: http://trippsg1.online.lync.com MOSDAL (Microsoft Online Services Diagnostics and Logging) Support Toolkit: • http://www.microsoft.com/en-us/download/details.aspx?id=626

  27. Best Practices and Recommendations How you can help your customer to best use the implemented solution • In Configuration Manager user collection, set up Delta user discovery and fast collection; keeps in sync with AD changes (cloud user sync happens every 5 minutes, so Configuration Manager never likely to be more than 10 minutes out of date). • ADFS helps UDM rollout as users can use their regular e-mail address to login. • Windows RT: Every re-enrolment of RT devices uses up another Side loading key, so try to minimize re-enrolments. • Windows RT: User-initiated un-enrolment does not remove Company Portal, but does prevent apps from being used, so user training is crucial. • The Company Portal user experience in Windows RT is different from Windows Phone 8, and this can result in user support calls. • Expect delays in Windows RT policy refresh, due to the “once a day” maintenance window; this is slower than Windows Phone 8 (as default Windows RT refresh is designed to extend battery life). Note also that the default Windows RT maintenance window is 3am, if connected to Internet. • Make sure EAS policies and Configuration Manager DCM/Compliance policies match, so that e-mail-only users do not have different password/PIN requirements, for example, than apps users on mobile devices • Use RBAC role to limit access to Wipe and Retire function. • Create an enrolment guide for users. • Create a support guide for helpdesk.

More Related