Feeds

Windows System Center 2012: The review

Enterprise automation software for the masses

Designing a Defense for Mobile Applications

System Center Endpoint Protection

System Center Endpoint Protection (SCEP, formerly Forefront Endpoint Protection) is Microsoft's anti-malware offering. Forefront is a good enterprise product. It is easy to deploy, easy to monitor, has a great centralized system for doing things and generally does exactly what you'd expect from a fully mature enterprise-class anti-malware system.

It's hard to get excited about such a thing; harder still to review any anti-malware product without overcoming my cynicism regarding the entire anti-malware industry. Banging on about detection rates or holding up one company's PR spin about approach to security as somehow less full of crap than the other is pointless.

Forefront won't catch everything … but neither will anyone else's offering. Forefront is about as good as the competition. If Hyper-V is your hypervisor, SCEP's integration with Microsoft's products will be a big asset. If VMware is your hypervisor, take the time to talk to VMware about which endpoint protection integrates best with VMware's offerings for your workloads.

Although anti-malware bores me in general, I am impressed by the feature upgrades that SP1 brings to SCEP 2012. There are finally anti-malware agents for Linux and OS X. Linux support is news well-received: many of my clients run Linux file and web servers. An infected Linux machine in the wild is rare, but it's wonderful to have properly managed enterprise anti-malware able to scan the file system for malware which could affect more frequently compromised operating systems.

SCEP is a nice-to-have. If you are already paying for System Center, use it. If you are thinking of getting System Center just for SCEP, it's worth your time to consider other options; the competition is just as good and a lot cheaper.

System Center Virtual Machine Manager

System Center Virtual Machine Manager (SCVMM) is the heavy hitter of the System Center suite. Many shops will buy System Center just to get at SCCM or SCOM, but it is SCVMM that rightly grabs the spotlight.

SCVMM is the very core of Microsoft's private cloud offering, something I've previously reviewed. (Part 1, Part 2, Part 3.)

A lot of what's new and sexy with Microsoft virtualization is thanks to improvements in Hyper-V. These improvements are free: you can go download Hyper-V free from Microsoft and set yourself up a 64 node cluster if you want. Microsoft is betting that you'll choose to pay for the management tools, and I'd say that's a safe bet.

Attempting to configure a Hyper-V "free" cluster has been known to cause binge drinking. I don't even want to contemplate what the long-term impacts of maintaining a Hyper-V data center without SCVMM would be.

SCVMM takes the pain away. With the 2012 virtualization stack, Microsoft finally goes toe-to-toe with VMware. Where SCVMM may lack something, the rest of the System Center suite – which you get when you pay for SCVMM – fill in the gaps. Microsoft is so confident in the power and capability of its management tools that it has put a great deal of effort into making them capable of running heterogeneous virtualized environments.

If you haven't used SCVMM 2012 and do anything involving virtualization then it is time to knock together a test lab.

Licensing

If you print all 178 pages of Microsoft's product use rights document, according to internet legend, your printer will chant "ph'nglui mglw'nafh Cthulhu Redmond wgah'nagl fhtagn." The incomprehensibility! the cosmic horror!

Cthulu springs from HP desktop printer - cartoon by Andy Davies

Loathing for Microsoft's licensing department is hard fought and well earned. Curiously, at least one of that department's damned souls appears not to have gotten the memo. Microsoft has published both a System Center licensing Datasheet and an FAQ. The licensing is still unnecessarily byzantine, but at least someone is trying to make it comprehensible.

In the brave new world of 2012 we have Operating System Environments (OSEs) and Machine Licenses (MLs). OSEs are exactly what they sound like; an instance of an operating system, virtual or otherwise. MLs can be client, or server. Client MLs can be thought of as "per device CALs," though Microsoft doesn't use that terminology.

Server MLs are "per processor socket licenses", except that Microsoft now licenses in packs of two. This makes sense; the overwhelming majority of servers deployed are 2P systems. You can combine server MLs on a single system; two server MLs gives licenses for four processors allowing you to properly licenses a 4P system when a specific 4P ML doesn't exist. You cannot split a server ML; no licensing two 1P systems with a single server ML.

Datacenter ($3607) allows you to run unlimited OSEs, provided you have enough MLs to cover your socket count. Standard ($1323) allows you 2 OSEs; Microsoft claims the break-even point for getting Datacenter instead of Standard is at 7VMs on a given host.

System Center 2012 has three different client ML packs. Endpoint Protection (SCEP, $22), Configuration Manager (SCCM and SCVMM, $62) and the Client Management Suite Client ML (SCCM, SCOM, SCDPM, SCO, $121). The Core CAL Suite includes the Configuration Manager Endpoint Protection Client MLs. The Enterprise CAL Suite. Includes all three System Center 2012 Client MLs.

When you put the cost of Windows Server Datacenter licensing together with System Center, Microsoft is asking a significant chunk of change for each server in your data center before applications are even installed. Between CALs and client MLs, Microsoft also requires a tax on each user and device that accesses infrastructure managed by its software.

Summary

In exchange, Microsoft has a solid and credible enterprise offering filled with mature, tested products. The old stereotypes of Windows being unfit and insecure are no longer based in reality, and that's been the case for a while. System Center 2012 marks the first time that Microsoft can provide management and automation software capable of challenging any rival.

This is not the release cycle that will storm the enterprise infrastructure automation world by force, gutting the businesses of established players. The next one, however, probably will. ®

Trevor Pott is a systems administrator based in Edmonton, Canada.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.