Microsoft Windows InTune - Under the Hood

I recently watched a great video interview by David Tesar of Joseph Dadzie (Principal Group Program Manager) at Microsoft. I thought it would be worth putting some of the takeaways from this presentation down for those interested in the underlying architecture behind the upcoming Windows InTune cloud offering. We have been playing with the now closed beta of Windows InTune for several weeks now. We have deployed a number of agents within our internal lab environment and also at a few of our "closer" client sites in the Greater Vancouver area. So far the results are looking quite promising! Here are some of the technical / architectural gems I pulled out of the video (in case you're short of time for the 17:02 video):

Why Windows InTune

The concept behind Windows InTune is designed to give IT administrators some time back and enable administration of systems not residing in corporate office locations (e.g. out in the field). It shares a lot of the underlying components of System Center Operations Manager (SCOM), anti-malware components, etc. This is the first cloud-based management platform by Microsoft designed to manage only Windows workstation operating systems starting with XP SP3+, Vista & Windows 7.

InTune Deployment

Software can be deployed using any software distribution package, via Group Policy, or even manually. Based on what we've seen so far, the installation would be easily handled by Kaseya or other RMM tools as well as Microsoft-centric technology like SCCM. Windows InTune presently itself does not support the deployment of software out to the managed end-points, although this will be coming in a future release.

InTune Client Architecture

• Windows Update Agent: Enables client to communicate directly to the InTune back-end to securely download updates and report status back up to the centralized console.
• Policy Platform: A component that helps enforce firewall and policy settings, separate from Group Policies. It does interoperate with Group Policies and those settings will override settings applied in the policy management. Because the underlying System Center platform will allow for future enhancements around pushing policies to managed end-points. It is somewhat limited at this time to firewall, malware and update settings.
• System Center Operations Manager Agent: The R2 version of the SCOM tools is used to monitor events - e.g. disk space, critical events, etc.
• Microsoft Anti-Malware Engine: The same engine used by Forefront end-point protection and security essentials to protect against malware.
• Microsoft EasyAssist: Built on Live Meeting to provide remote access to end-points for the purpose of remote support / help desk.

Cloud Architecture

• Database: SQL Server 2008, full multi-tenant architecture.
• Redundancy: Load balancing, mirroring technology, fully scalable including geo-scalable back-end
• Security: Framework: client to cloud is a secure channel over SSL using Windows Communication Foundation (WCF). Multi-Tenant: all data is "siloed" between customers.
• Monitoring: Server-side (cloud) infrastructure monitored using System Center Operations Manager
• Azure: Not in use for the cloud infrastructure at this time, however, plans to go this road in the future.
• Silverlight: Used for the management console, lightweight and compatible with any browser with Silverlight plug-in