Original URL: https://www.theregister.com/2012/10/01/windows_system_center_2012_overview/

Windows System Center 2012: The review

Enterprise automation software for the masses

By Trevor Pott

Posted in Servers, 1st October 2012 12:01 GMT

Deep dive Microsoft's System Center suite of products is not easy to categorize as a group. The breadth of the offerings falling under the System Center moniker makes being asked to review all of System Center in a single article somewhat intimidating.

Microsoft System Center logo

System Center 2012 has already seen production deployments – and SP1 is not far away. Microsoft's ragtag collection of mismatched "System Center" servers is slowly coming together to form an unassailable enterprise offering.

Combined, the System Center suite offers a software stack that should be keeping everyone from Solar Winds and PuppetLabs to VMware up at night.

HP, IBM and other players in high-end enterprise software will also take notice. System Center 2012 is the first release where no member of the suite has some glaringly obvious flaw. Microsoft has also greatly simplified licensing and priced the package to eat the bulk of the high-margin market.

System Center 2012 isn't priced well for organizations below a certain size, but that is how Microsoft prefers it. The company has a completely different strategy for the SME market, which includes a lot less local IT and a lot more cloud subscriptions.

What's in System Center 2012

System Center Advisor

System Center Advisor (SCA) is perhaps the least known System Center offering. Making the case for SCA takes some doing. SCA is a cloud service that analyses your deployed infrastructure and looks for problems. At the moment, it isn't all that complex; it's like a cloudy version of the various Microsoft Best Practices Analyzers, but with historical tracking across your entire data center.

Getting people to use SCA is a huge benefit to Microsoft. It gives the vendor wonderful visibility into how its products are actually deployed, turning the aggregation of anecdotal data from sales engineers into a Big Data problem.

If everyone ran SCA, Microsoft could figure out who uses what in their products by running reports against information polled in real time. Think of it as a voluntary expansion of the Microsoft Customer Experience Improvement Program to data center-scale. The carrot is a helpful email if someone configures something in a fashion not covered by a Microsoft whitepaper.

If you are a shop large enough to use System Center's full suite, then you are probably managing by whitepaper already. This tool can help, and the feedback will help MS tailor products to your needs.

System Center Unified Installer

16 clicks

System Center Unified Installer (SCUI) does exactly what it says on the tin; it simplifies the installation of the System Center suite into 16 clicks. Unfortunately, it is not recommended to install System Center Suite on a single server except for evaluation purposes. This makes the unified installer great for tech-thusiasts and journos doing reviews, but it should not be used by anyone deploying System Center into production.

A proper installation of the System Center suite takes at least nine separate servers / virtual machines (VMs) and realistic minimum of a cumulative 32GB of RAM. Licensing costs of the System Center suite are such that it only makes sense to be in use by companies employing Windows Server Datacenter Edition. For these organizations "8 extra Windows Server instances" comes "free" and the cost of server resources required to run the entire System Center suite is just a rounding error.

This makes SCUI a nice-to-have for some, but thi is the one System Center product that most sysadmins can safely ignore.

System Center App Controller

System Center App Controller (SCAC) is Microsoft's end user "cloud" portal. Here, administrators can allow end users to spin up and control their own applications stacks and associated virtual machines. Reporting and other standard features are included. It can deploy applications with elements located on the corporate private cloud or on Azure.

SCAC is a niche product, but important within that niche. If you have a requirement for end-user control over application instances, this is a worthy widget.

System Center Configuration Manager

System Center Configuration Manager (SCCM) is a strong contender for the title of "flagship product" within the System Center suite. 2012 saw SCCM take a huge leap over its predecessor. System Center Mobile Device Manager was folded into SCCM and the upcoming SP1 delivers even more critical functionality than the initial release.

With Service Pack 1, SCCM boasts device configuration and management for Windows, OS X, Linux and Unix. It isn't Puppet, but when combined with other System Center products, it is getting dangerously close. SCCM also offers support for Windows Phone, Symbian, iOS and Android - the upshot is that Microsoft now fields something resembling enterprise-class mobile device management software.

With the 2012 release, the interface is reworked to be user-centric (as opposed to device-centric.) SCCM offers patch management, remote control, OS and app deployment, firewall configuration as well as hardware and software inventory - all with varying levels of support and success across the different supported platforms.

I have traditionally had little use for SCCM; it was too complicated for the limited functionality it offered. It crashed too often and the agents did bizarre things. With SCCM 2012, Microsoft has at last reached the point where here the aggravation is worth it, even when managing as few as 100 devices.

For most Microsoft shops, SCCM alone is likely to be worth the price of System Center. Competitors have until the next System Center release to wow the world. Microsoft has worked on SCCM for a long time. Assuming it stays true to form, the next version is will wreck everyone else in this space.

System Center Data Protection Manager

System Center Data Protection Manager (SCDPM) is Microsoft's enterprise backup product. For years, administrators employing SCDPM in production received expressions of alarm, sympathy or dismay when they related this fact. Competing products were superior – and SCDPM lacked the track record to be fully trusted.

With the release of the 2012 suite, it's finally safe to openly say that SCDPM doesn't suck. If that wasn't enough, SP1 brings a raft of new features - and the really neat stuff starts happening. SP1 sees Cluster Shared Volumes get backup support at usable speeds and deduplicated volumes see support. All the new Hyper-V features are supported, including uninterrupted protection for VMs undergoing live migration.

If Hyper-V is your virtualization stack, SCDPM 2012 is a nice to have. SP1 will be essential.

System Center Operations Manager

System Center Operations Manager (SCOM) is Microsoft's systems and software monitoring package. Like any good monitoring package, it can monitor a plethora of operating systems and applications. This includes Java Enterprise Edition (JEE). The JEE monitoring is not to be overlooked; many critical enterprise applications are implemented in Java, making this is a "stop and consider" feature.

With 2012, SCOM has high availability baked right in, so your monitoring system won't go down if your servers do. SP1 brings expanded Linux, Azure, .NET, MVC and WFC support. My favorite feature is the ability to peer into Hyper-V switches via SCVMM.

As with any good monitoring solution, the list of devices and applications that are compatible with SCOM is exhaustive. The compatibility list is large enough – and growing at such a rapid pace – that the quickest way to figure out if your device is supported is not to Google it. Call your vendor and / or Microsoft instead.

Monitoring applications rarely see revolutions in functionality. The usual model is a steady evolution of support for various frameworks, APIs, products and so forth. Year-on-year, SCOM has not disappointed: it is the best product on the market to monitor a Microsoft environment.

Results are more mixed when we start talking about heterogeneous environments. Competing products can and often do offer more support and functionality outside the Microsoft ecosystem. This is often at the cost of poorer monitoring of Microsoft's offerings.

SCOM is a fantastic product, but try before you buy. Whether or not SCOM will meet your needs better than a competing product depends entirely on the fiddly little details of the environment you support.

System Center Orchestrator

System Center Orchestrator (SCO) is the still-under-contraction nervous system of the System Center suite. Microsoft borged Opalis at the end of 2009, and Orchestrator, a workflow automation product, is based on software it gained through the acquisition.

It still feels like a product that is not quite integrated properly into the rest of the collective. Given Microsoft's history, the next version should be pretty amazing. For now, Microsoft's massive ecosystem needs time to digest SCO before we start seeing the full potential of this application.

Dubbed "automation software," SCO boils down to a WYSIWYG cron job generator. If you've used SQL's management suite to create Server Agent jobs, you know what I'm talking about. For those who haven't, picture making "scheduled tasks" with Visio, except that these tasks can control everything on your network.

Along with its hooks into Microsoft's various applications, SCO takes advantage of "integration packs" provided by vendors. Deploy hundreds of apps in a click, sling VMs to and fro, even play the Tetris theme by power cycling blades.

SCO is worth the time to learn, but I'm nervous about giving this robot root access to every widget in my data center. I want a lot of someones to walk through that particular minefield ahead of me.

System Center Service Manager

System Center Service Manager (SCSM, formerly System Center Reporting Manager) is a help desk/ticket system. I've had little use for SCSM in the past. I'm a Spiceworks fan and, for the SMEs I work with, Spiceworks is a big hit.

I found the language used throughout the app a bit off-putting. Consider that the SP1 features list for SCSM proudly proclaims the ability to pivot by cost center. If you can stomach that, you in a completely different market from me.

From the standpoint of raw functionality, SCSM does what you'd want a ticketing system to do. SCSM 2012 also includes some neat data warehousing features. It collects information on everything it can find; system configuration, system events, who moved which VM or responded to what ticket. SCSM can see everything you do (for which System Center has hooks to provide visibility,) and keep a record of it.

Throw some reporting on this and you can (in theory) see exactly what changes happened when and how they might have caused a given problem. I have my doubts about the uptake of this; if all the switches are flipped, this becomes a Big Data problem in a real hurry.

Organizations big enough to create data at a rate to challenge SCSM (and the underlying SQL server) are also those who are most likely to be eager to obtain the level of accountability SCSM promises.

Adam Fowler, a fellow systems administrator based in Adelaide, Australia, sums up SCSM best: assuming you already pay for System Center, it is a functionally free helpdesk ticketing system that is "better than just an Inbox." He has used SCSM for some time now and swears by it. It is worth taking the time to check it out for yourself.

System Center Endpoint Protection

System Center Endpoint Protection (SCEP, formerly Forefront Endpoint Protection) is Microsoft's anti-malware offering. Forefront is a good enterprise product. It is easy to deploy, easy to monitor, has a great centralized system for doing things and generally does exactly what you'd expect from a fully mature enterprise-class anti-malware system.

It's hard to get excited about such a thing; harder still to review any anti-malware product without overcoming my cynicism regarding the entire anti-malware industry. Banging on about detection rates or holding up one company's PR spin about approach to security as somehow less full of crap than the other is pointless.

Forefront won't catch everything … but neither will anyone else's offering. Forefront is about as good as the competition. If Hyper-V is your hypervisor, SCEP's integration with Microsoft's products will be a big asset. If VMware is your hypervisor, take the time to talk to VMware about which endpoint protection integrates best with VMware's offerings for your workloads.

Although anti-malware bores me in general, I am impressed by the feature upgrades that SP1 brings to SCEP 2012. There are finally anti-malware agents for Linux and OS X. Linux support is news well-received: many of my clients run Linux file and web servers. An infected Linux machine in the wild is rare, but it's wonderful to have properly managed enterprise anti-malware able to scan the file system for malware which could affect more frequently compromised operating systems.

SCEP is a nice-to-have. If you are already paying for System Center, use it. If you are thinking of getting System Center just for SCEP, it's worth your time to consider other options; the competition is just as good and a lot cheaper.

System Center Virtual Machine Manager

System Center Virtual Machine Manager (SCVMM) is the heavy hitter of the System Center suite. Many shops will buy System Center just to get at SCCM or SCOM, but it is SCVMM that rightly grabs the spotlight.

SCVMM is the very core of Microsoft's private cloud offering, something I've previously reviewed. (Part 1, Part 2, Part 3.)

A lot of what's new and sexy with Microsoft virtualization is thanks to improvements in Hyper-V. These improvements are free: you can go download Hyper-V free from Microsoft and set yourself up a 64 node cluster if you want. Microsoft is betting that you'll choose to pay for the management tools, and I'd say that's a safe bet.

Attempting to configure a Hyper-V "free" cluster has been known to cause binge drinking. I don't even want to contemplate what the long-term impacts of maintaining a Hyper-V data center without SCVMM would be.

SCVMM takes the pain away. With the 2012 virtualization stack, Microsoft finally goes toe-to-toe with VMware. Where SCVMM may lack something, the rest of the System Center suite – which you get when you pay for SCVMM – fill in the gaps. Microsoft is so confident in the power and capability of its management tools that it has put a great deal of effort into making them capable of running heterogeneous virtualized environments.

If you haven't used SCVMM 2012 and do anything involving virtualization then it is time to knock together a test lab.


If you print all 178 pages of Microsoft's product use rights document, according to internet legend, your printer will chant "ph'nglui mglw'nafh Cthulhu Redmond wgah'nagl fhtagn." The incomprehensibility! the cosmic horror!

Cthulu springs from HP desktop printer - cartoon by Andy Davies

Loathing for Microsoft's licensing department is hard fought and well earned. Curiously, at least one of that department's damned souls appears not to have gotten the memo. Microsoft has published both a System Center licensing Datasheet and an FAQ. The licensing is still unnecessarily byzantine, but at least someone is trying to make it comprehensible.

In the brave new world of 2012 we have Operating System Environments (OSEs) and Machine Licenses (MLs). OSEs are exactly what they sound like; an instance of an operating system, virtual or otherwise. MLs can be client, or server. Client MLs can be thought of as "per device CALs," though Microsoft doesn't use that terminology.

Server MLs are "per processor socket licenses", except that Microsoft now licenses in packs of two. This makes sense; the overwhelming majority of servers deployed are 2P systems. You can combine server MLs on a single system; two server MLs gives licenses for four processors allowing you to properly licenses a 4P system when a specific 4P ML doesn't exist. You cannot split a server ML; no licensing two 1P systems with a single server ML.

Datacenter ($3607) allows you to run unlimited OSEs, provided you have enough MLs to cover your socket count. Standard ($1323) allows you 2 OSEs; Microsoft claims the break-even point for getting Datacenter instead of Standard is at 7VMs on a given host.

System Center 2012 has three different client ML packs. Endpoint Protection (SCEP, $22), Configuration Manager (SCCM and SCVMM, $62) and the Client Management Suite Client ML (SCCM, SCOM, SCDPM, SCO, $121). The Core CAL Suite includes the Configuration Manager Endpoint Protection Client MLs. The Enterprise CAL Suite. Includes all three System Center 2012 Client MLs.

When you put the cost of Windows Server Datacenter licensing together with System Center, Microsoft is asking a significant chunk of change for each server in your data center before applications are even installed. Between CALs and client MLs, Microsoft also requires a tax on each user and device that accesses infrastructure managed by its software.


In exchange, Microsoft has a solid and credible enterprise offering filled with mature, tested products. The old stereotypes of Windows being unfit and insecure are no longer based in reality, and that's been the case for a while. System Center 2012 marks the first time that Microsoft can provide management and automation software capable of challenging any rival.

This is not the release cycle that will storm the enterprise infrastructure automation world by force, gutting the businesses of established players. The next one, however, probably will. ®

Trevor Pott is a systems administrator based in Edmonton, Canada.