• Illustration: System Center Essentials Console

Systems management for small and midsize businesses is the focus of System Center Essentials 2007, a software distribution and system-health monitoring product based on Operations Manager and Windows Server Update Services. Released in May 2007, System Center Essentials could be useful for partners whose customers have outgrown ad hoc software updating and monitoring but are not big enough (or willing to pay enough) to move to Microsoft's enterprise management product line. However, Essentials is still a complex product for a complex task, and customers who outgrow it could find migration to higher-end systems management products to be a chore.

Software Distribution and Monitoring for Smaller Organizations

System Center Essentials is a server product that provides the following:

• Software patching, application installation, and software inventory based on a substantially extended Windows Server Update Services (WSUS) 3.0 code base
• Health monitoring based on Operations Manager 2007 for computer and network devices, with particular support for computers running the Windows client or server OS, the Office suite, Exchange Server, or SQL Server
• A unified console that provides device discovery, software distribution, inventory, and health reports, and provides a jumping-off point for diagnostic tools and administrative help (such as relevant Microsoft Knowledge Base articles).

In general, Essentials is designed as a simpler, less costly alternative to purchasing both Operations Manager and Microsoft's Systems Management Server (SMS), soon to be renamed Configuration Manager. Essentials is aimed at organizations with 50 to 500 PCs and at least one IT administrator, and is designed for administrators who have other IT duties in addition to Windows software distribution and monitoring. Particular targets are organizations that currently rely on manual administrative processes and simple Windows systems management tools (such as the Microsoft Update Web service and the local computer's Event Viewer) to update and diagnose systems.

An Essentials server manages up to 30 Windows servers and 500 Windows clients (XP SP2 or Vista), limits which are imposed by licensing and enforced by the product itself. Each Windows Active Directory (AD) domain can have only one Essentials server. (The product will not install in domains that already have an Essentials server.) An organization can have multiple Essentials servers in an AD forest, and any Essentials server can manage any computer in the forest, but each server acts independently; servers cannot be organized into management hierarchies in the way that Configuration Manager and Operations Manager installations can be.

Software Distribution and Inventory

Essentials is built on top of the WSUS 3.0 APIs for software distribution and inventory and adds the following important features:

WSUS similarities. As with WSUS, Essentials administrators can download and triage patches from the Microsoft Update service and then distribute those patches to appropriate target computers. Essentials can also import catalogs of patches from specific Microsoft partners, such as Citrix, which support the Microsoft Update format. Essentials uses the built-in Automatic Update (AU) client of Windows to find computers that require each patch and to install patches. Administrative reports show patch deployment activity and identify systems where a patch has failed, among other tasks.

Essentials also provides inventory reporting, enabling administrators to identify computers where particular software products are installed. However, like WSUS, Essentials can detect only software that registers itself with the Windows Add or Remove Programs utility. More sophisticated products, such as Configuration Manager, can detect a wider range of software by using characteristic traces of the software's installation, such as Registry entries or file names.

Differences from WSUS. Unlike WSUS, Essentials can also install full applications, not just patches. In particular, it can deploy and run installation executables and Windows Installer packages (MSIs), and enables administrators to supply command-line arguments to an installation. Among other things, this means that Essentials can deploy Office 2007. However, Essentials lacks the repackaging tools and features that enable Configuration Manager to deal with more complicated deployment problems, such as Windows OS components, software that lacks a silent installer, and software that an organization wants to deploy with customizations such as standard user settings and custom templates that aren't handled by the software's installation tools.

Essentials lacks some features of WSUS. Most notably, Essentials does not support a multi-server hierarchy to distribute patches efficiently from a central download site to multiple branch sites. This will complicate migration from WSUS to Essentials in organizations that use the WSUS hierarchy feature. Such migrations are supported, but the organization will either have to beef up a central Essentials server to take over for its entire existing hierarchy, or set up and manage several independent Essentials servers (in different Windows domains) to cover the hierarchy.

Health Monitoring

Like Operations Manager, Essentials enables an administrator to do the following:

• Monitor the health of managed computers and view overall system health and trends
• Receive alerts when computers appear unhealthy (for example, when a computer is running low on disk space) and track actions taken on the alerts
• Quickly locate documentation suggesting ways to alleviate specific health problems that have been detected, and run diagnostic tools and repair scripts (called tasks) to alleviate problems.

Essentials ships with monitoring instrumentation, alerting rules, tasks, and documentation for its primary target software: the Windows Server and client operating systems, AD, the Office suite, Exchange Server, SQL Server, and the Internet Information Services (IIS) Web server. Organizations or partners can extend the product with Operations Manager extensions (called management packs) for monitoring other products, such as an organization's antivirus product. Many management packs written for Operations Manager 2005 and 2007 are available for free download and can be imported by Essentials.

Like Operations Manager, Essentials depends on a software agent that must be installed on every managed computer if an organization wants all of the monitoring features. However, the following two features do not require an agent:

Agentless Exception Monitoring. This feature collects and stores data about client-side OS and application crashes and other unexpected terminations. Administrators can generate reports from crash data to determine how often OS components or applications crash and how many computers and users are affected, and to identify patterns that can help resolve any underlying problems.

Network device monitoring. Essentials can use the Simple Network Management Protocol (SNMP) and "ping" (formally, the Internet Control Message Protocol or ICMP) to diagram a customer's network and monitor non-Windows network devices such as routers and switches.

Essentials has some limitations compared to Operations Manager. For example, it can retain no more than 40 days' worth of monitoring data, which could complicate analysis of overall trends and service availability levels. Also, Essentials does not support customization of permissions and user interfaces for different administrator roles, such as database administrators or client administrator.

Console and Reporting

System Center Essentials (SCE) Console provides a single console for all its software distribution, inventory, and monitoring functions. (For a view of the console, see the illustration "System Center Essentials Console".) The console is a .NET Framework application that must be installed on every client computer used to manage systems, but it can be installed separately from the other SCE components.

The console provides several reports on system health and software installation status by using SQL Server Reporting Services to summarize data and generate the reports. Of particular note, administrators can elect to receive a Daily Health Report e-mail that summarizes the health of all managed computers, listing (for example) the number of computers that have logged errors or that are low on disk space.

Remote Management for Service Providers

Complementing Essentials will be a new product for service providers called Remote Operations Manager (ROM), which is based on Operations Manager with additional management packs and customizations. A service provider will use ROM as a centralized console to remotely manage servers and computers at customer sites that are running Essentials.

Scheduled for release in Aug. 2007, ROM is specifically for providers who offer outsourced support services for small and medium businesses. It provides the following two main capabilities:

• Software distribution and monitoring for multiple Essentials sites, with consolidated reporting across the sites
• Remote-control of computers at customer sites using an on-site Essentials server as a proxy, without requiring a virtual private network connection (a feature called Remote Web Workplace).

The planned Centro midmarket application suite and the next version of Small Business Server (code-named Cougar) are to include Essentials technology, which could enable partners to remotely monitor those products as well as Essentials.

Complex Product, Complex Process

Overall, Essentials provides a significantly simpler solution for software distribution and monitoring than Microsoft's existing systems management products. In particular, the built-in monitoring rules and reports can help organizations quickly get a better handle on the most important computer problems, while the simplified software updating infrastructure should help organizations take care of a critical task: distributing security patches.

However, organizations still need some skills to set up security accounts and policies and to fine-tune Essentials monitoring rules and software updating policies to fit their organizations. After Essentials is in place, organizations will need to define reliable processes for selecting software updates and for investigating and resolving alerts. Many smaller organizations will need to turn to a systems integrator or service provider for help with both product and process.

Organizations that ougrow Essentials will face some problems moving to enterprise management products like Configuration Manager and Operations Manager. At the moment, there is no way to move configuration and monitoring data from Essentials to other management products, although management packs can be exported from Essentials to Operations Manager. Furthermore, there are no discounts for upgrading licenses from Essentials to the enterprise management products. Microsoft will probably have to provide a smoother technical and licensing upgrade path if it wants to convert Essentials customers into customers for its more capable management products.

Virtual Machines Require Licenses

In general, Essentials licensing resembles that of Operations Manager 2007, but with important differences.

Like Operations Manager, Essentials requires a server license for each management server, and a management license for every managed system. Essentials has two types of management licenses: one for client computers and another for servers. As with Operations Manager, network devices that that function at layer 4 or higher—such as load balancers, firewalls, network printers, and Network Attached Storage (NAS) devices—are treated as servers, while routers, switches, and similar lower-level network devices do not require management licenses.

However, Essentials management licenses apply to "operating system environments," not physical devices. This means that every virtual machine requires its own management license for Essentials. Operations Manager, in contrast, requires only a management license for every managed physical device, regardless of how many operating system environments it is running. The difference could be significant in organizations at the high end of Essentials target market, which are beginning to use virtual machines to consolidate applications on fewer computers and to simplify migration of applications from one computer to another.

Like Operations Manager, Essentials requires SQL Server to store configuration and monitoring data and to generate reports. The product ships with the free SQL Server Express, which Microsoft believes will work for Essentials installations with no more than 125 clients and 30 servers. For larger installations, organizations can use an existing SQL Server computer, or they can purchase a higher-priced Essentials server license "with SQL Server technology," which provides a SQL Server 2005 Standard Edition license that may be used only for Essentials. (Operations Manager, Configuration Manager, and Forefront Client Security offer similar arrangements.)

For US$2,000, customers get a basic Essentials bundle with one Essentials server license, 10 server management licenses, and 50 client management licenses. (A similar bundle with SQL Server Technology costs US$2,929.) Additional server management licenses cost about US$100, and client management licenses cost US$20. These prices compare very favorably with those of Configuration Manager and Operations Manager; licensing those products for a simple system covered by the basic Essentials bundle would cost more than US$20,000. (All prices are U.S. Open volume licensing prices. Discounts of up to 30% are available, depending on volume.)

However, some organizations have already paid for management licenses. Specifically, client management licenses for Configuration Manager come with the Core CAL Suite, and licenses for both Configuration Manager and Operations Manager come in the Enterprise CAL Suite, although the latter is not commonly purchased in small and midsized organizations). None of these licenses is valid for or transferable to Essentials; smaller organizations that bought one of the license suites for their clients, and then buy Essentials, will effectively be paying twice for client management licenses.

Because ROM is intended for partners providing outsourced support services, it will be licensed per managed computer, per month through a Service Provider License Agreement (SPLA). Prices start at US$13.86 per month, per managed server and US$0.55 per month, per managed client.

System Requirements and Resources

In addition to SQL Server, Essentials requires Windows Server 2003 SP1 (with IIS running), AD, and the .NET Framework 3.0 (which in turn requires the .NET Framework 2.0). Essentials can manage computers running Windows 2000 SP4 or higher, Windows XP SP2, Windows Vista, and Windows Server 2003 SP1, SP2, R2, or R2 with SP2. Essentials runs on 32-bit and 64-bit x64 servers and supports 32-bit and 64-bit x64 managed computers.

The Microsoft System Center Essentials site is www.microsoft.com/systemcenter/sce.

A Microsoft blog covering Essentials and ROM is at blogs.technet.com/dustinj.

Windows Server Update Services (WSUS) 3.0 is outlined in "Free Patching Solution Becoming Platform" on page 14 of the July 2007 Update.

Configuration Manager (formerly Systems Management Server) is covered in "Vista Support, Improved Asset Tracking in SMS 2003 SP3" on page 16 of the Mar. 2007 Update and "Stronger Systems Management Server Worth a New Look" on page 9 of the Nov. 2003 Update.

Operations Manager 2007 is explained in "Operations Manager 2007 Explored" on page 12 of the June 2007 Update and "Operations Manager 2007 Packaging, Licensing, Pricing" on page 22 of the June 2007 Update.

A roadmap to Microsoft systems management products appeared in "System Center Product Roadmap" on page 3 of the June 2007 Update.

Remote Operations Manager is briefly previewed at forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1853897&SiteID=17.