Garry Corcoran IO Lead Microsoft UK Session Code: SM01 Implementing Core Infrastructure Optimization: The Implementer Resource Guides Original Presenter: Eduardo Kassner Enterprise Technology Strategist
Feb 25, 2016
Garry CorcoranIO LeadMicrosoft UK
Session Code: SM01
Implementing Core Infrastructure Optimization: The Implementer Resource Guides
Original Presenter: Eduardo KassnerEnterprise Technology Strategist
Session Objectives
Why IO ?
Learn how to discuss implementation of Core IO concepts and best practices.Find out how to navigate and leverage existing best practice implementation content and where to find itLearn how to create project execution plans using products, WSSRA, MOF, TechNet and Solution Accelerator guidance.
Infrastructure Optimization Model
Desktop, Server and Device Management
Security and Networking
Identity and Access Management
Data Protection and Recovery
IT and Security Process
Identity and Access Management
Desktop Server & Device management
Security and Networking
Provide home & mobile workers operational access to CRMLink HR and all IT Identity systems
Best Practices Across Lifecycle Yield Optimization
PCs/ IT FTE
100
200
300
400
0
500
76$1,320/PC
172$580/PC
442$230/PC
600
Improve IT efficiencyIncrease agilityShift investment mix
Note: $/PC represent annual IT labor per PCSource: IDC, 2006; Microsoft studies, 2005-06
Plan /Optimize
Change
OperateSupport
Plan/Optimize
Change
Operate
Support
Plan/Optimize
Change
OperateSupport
Plan/Optimize Change
OperateSupport
Basic Standardized Rationalized
Limited PC Security• PC firewall• Auto patching
PC Security $130/PC Savings
Multiple Directories• Many auth. directories• No dir synchronization• Manual user provisioning
Single directory for Auth• One authentication dir.
Automated provisioning• Single Sign-on• Auto password reset• Auto user provisioning
Comprehensive PC Security• Anti Spyware• Enforced security compliance
with Network Access Control
Limited sys mgmt• Single sys mgt tool• Software packaging• Software distribution
No system-wide mgmt• Poor sys mgt tool coverage• Duplicate mgmt tools• Manual sw, patch deploymt
Standardization• Defined PC lifecycle• Limited policy based PC mgt• Many software configs
Stds Compliance• Defined PC Lifecycle, stds enforcement• Full policy based PC mgt• Minimal hw, sw configs
None• No PC life cycle strategy• No policy based PC mgt• Many hw, sw config
Minimal PC Security• Anti-virus• Manual patching• No enforced sec. compliance
Comprehensive sys mgt• Hw, sw inventories• Hw, sw reporting• Auto/targeted sw dist.
Source: IDC, 2006
Standardized desktops $110/PC Centrally managed PC config $190/PC
Comprehensive directory solution $120/PC
Single system management tool $110/PC Automated software distribution $120/PC
$1,320/PC $580/PC $230/PC
Automated user provisioning $50/PC
Best Practices for Infrastructure OptimizationPapers Located //www.microsoft.com/io (Desktop, AD, & SMS)
Infrastructure Optimization
You might have experienced:
IO AssessmentIO Model PresentationIT Plan Alignment NOW HOW DO YOU
EXECUTE THIS ???
Identity & Access Management
Desktop, Devices & Server ManagementSecurity & NetworkingData Protection and RecoverySecurity Process
ITIL/COBIT – based Management ProcessGovernance
Automated Patch management SoftwareImage based deployment
MOF Optimizing QuadrantMOF Team ModelSLM & SLA Reviews
Implement ITIL + MOF
Data Protection ManagerNAS/SAN Solutions
Develop Security Policies
Implement Group Policythrough AD
Implement XPSP2 as default OSMOM 2005 for managing serversDeploy a VPN solution
CORE IOCustomer Progression Roadmap
REAL WORLD EXAMPLE
Current IO Tools
You probably have seen IO over the last year, and maybe even planned your projects with this model
InfrastructureOptimization
Core IOModel
IO PlansMOF BDD
Continuous Improvement
Roadmap
The Microsoft Operations Framework (MOF) provides operational guidance that enables organizations to achieve mission-critical system reliability, availability, supportability, and manageability of Microsoft products and technologies.
MOF Process Model
Self Assessment Tool
SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators
Microsoft Operations Framework
Architecture Blueprints
WSSRA contains detailed IT infrastructure planning and design guidance, tested and proven in labs. This guidance enables organizations to build highly available, secure, manageable, and reliable enterprise IT infrastructure.
SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators
Logical Architecture Diagram
Implementation Guides
Windows Server System Reference Architecture (WSSRA)
Detailed Project Guidance and Job
Aids
BDD 2007 simplifies Windows Vista and the 2007 Office system deployment, including comprehensive process guidance, job aids and tools to correspond with every stakeholder and phase of a large-scale desktop deployment project.
Deployment Workbench MMC
TechNet Desktop Deployment Center
SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators
Business Desktop Deployment (BDD) 2007Released: January 2007
announcing…
Released: Spring 2007
Basic to Standardized Guide
IO provides a logical roadmap to progress the maturity of an IT organization. These guides describe the core concepts for implementing and managing IO-defined capabilities, linking to more detailed and actionable content for implementation.
SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators
Core IO Capability Model
Standardized to Rationalized Guide
Rationalized to Dynamic Guide
Core Infrastructure Optimization (IO)
Implementer Resource Guides
Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized
Identity and Access Management Content Guide
Planning and Architecting the AD Infrastructure
Defining the Service
Designing the AD Logical Structure
Logical Structure Design Reqs
Forest Design
Domain Design
Forest Root Design
AD Namespacing design
DNS Infrastructure to support AD
Creating Organizational units
Rendering the AD Logical Design
Deploying the AD Infrastructure
Configure Domain
Configure DNS on Domain Controllers
IDA
DD&SM
S&N
S
DP&R
Operating Active Directory
Based on :• WSSRA Directory Services• MOF Directory Administration• Identity and Access Management Series
Solution Accelerators• Active Directory Guidance in Windows
Server 2003 TechNet
Basic Standardized
Desktop, Device and Server Management Moving from Basic to Standardized
• Lacking automated patch management for most desktops
• Lacking standard images for most desktops, no desktop image strategy
• Inconsistent plan to manage multiple operating systems
• Not monitoring most servers• No provisioning for mobile
devices
• Automated patch management• Defined set of standard images• Desktop image strategy in place
that includes anti-virus, management tools, line of business applications
• Consistent plan to manage operating systems
• Monitoring present for most critical servers
• Mobile device provisioning • Security policy provisioning for
mobile devices• Remote wipe and policy
enforcement for mobile devices
Desktop, Server & Device Management Content Guide
Automated Patch Management
Assess Phase
Identify Phase
Discover new SW Updates
Obtain SW Updates in a reliable manner
Develop SW Updates screening methods
Identify process owners
Develop and review process documentation
Inventory/Discover computing assets
Sources for SW Updates
Assess existing infrastructure for updates
Assess operational effectiveness
Plan release
Conduct acceptance testing
Determine inventory set to be patch
Determine go/ no go
Evaluate and Plan Phase
Deploy Phase
Automated Patch Management … cont
Deployment
Review
Preparation Stage updates on distribution point
Vulnerability update
Validate plan vs deployed
Communicate rollout schedule
Advertise SW
Monitor deployment
Handle failed deployments
Update build images
Validate risk mitigation
IDA
DD&SM S
S&N
DP&R
Based on :• Patch Management Solution Accelerators
Desktop, Server & Device Management Content GuideStandardized Computer Images
Plan
Development
Define type of image to use (thick or thin)
Create build
Create deployment point
Install a build
Update the deployment points
Stabilization
Maintenance
Test build
Test deployment process
Update build and log changes
Consolidation of Desktop Images to 2 OS versions
Multiple Standard Images
Exceptions
Patches and Updates
Maintenance Contracts
User Productivity
Application Compatibility
IDA
DD&SM S
S&N
DP&R
Based on :• Business Desktop Deployment 2007
Desktop, Server & Device Management Content Guide
Centralized Management of Mobile Devices
SMS 2003 Device Management Feature Pack
Device Management Capabilities
Exchange Server 2003 and Exchange Server 2007
Active Directory
Managing Exchange ActiveSync
Managing Exchange ActiveSync Users
Remotely Enforced Device Security Policies
Certificate-Based Authentication
S/MIME-Encrypted Messaging
Identity Validation, Data Protection, and Data Backup of Mobile Devices
User Access, Passwords
Device Lockout, Certificates
Data Access, Data Encryption
Remote Device Wipe
IDA
DD&SM S
S&N
DP&R
Based on :• Step-by-Step Guide to Deploying Windows
Mobile-based Devices with Exchange Server 2003 SP2
• Product Guides: Exchange Server, SMS 2003
Standardized Rationalized
Desktop, Device and Server Management Moving from Standardized to Rationalized
• Automated patch management• Defined set of standard images• Desktop image strategy in place that
includes antivirus, management tools, line of business applications
• Consistent plan to manage operating systems
• Monitoring present for most critical servers
• Mobile device provisioning • Security policy provisioning for
mobile devices• Remote wipe and policy
enforcement for mobile devices
• Primary desktop operating system is Vista or XP SP2
• Automated software distribution and automated asset management and tracking
• Patch management solution for servers
• Layered image strategy• Consistent plan to manage
operating system• SLA monitoring of mission-critical
servers
Desktop, Server & Device Management Content GuideAutomated
Operating System Distribution
App Inventory and Compatibility
Building Images
Based on :• Business Desktop Deployment 2007• Product Guides:
• SMS 2003• Windows Vista• Windows XP
Infrastructure Remediation
Packaging Applications
User State Migration
Desktop Hardening
Automated Tracking of Hardware and Software for Desktops
Asset Inventory
System Status
Application Deployment and Usage
Security Patch Management
OS Deployment
Latest Two OS Versions and Service Packs on Desktops
Reasons to Move to two latest versions of the OS
Web Security
Wired and Wireless Network Support
Data Protection and Recovery
Integrated Firewall
HAL-Independence
IDA
DD&SM R
Automated Deployment
Drive Encryption
DOWNLOAD THE GUIDES AND PLEASE GIVE US FEEDBACK !!!
GUIDE 3 IS COMING SOON!!!
You can find the first guide at:http://www.microsoft.com/io
Links & Resources
Web sitehttp://www.microsoft.com/io
Bloghttp://blogs.technet.com/io/
Other Sessions at MMS 2007:SM20 Implementing Core Infrastructure Optimization: The Implementer Resource Guides
Thank you for attending this TechNet Event
Find these slides at:http://www.microsoft.com/uk/technetslides