Transcript Contextual Collaboration

The IT Infrastructure
Platform for Business
Solution Enablement
Part 1 of 2
Agenda



Infrastructure Priorities
IT Challenges
Windows IT Infrastructure Platform

Core Platform Fundamentals





IT Infrastructure Solutions






Secure Foundation
Reliability & Availability
Performance & Scalability
Manageability
Server Consolidation
Identity Management
Secure Network Access
Window Server 2003 Enablement
Call to Action
Questions
IT Infrastructure Priorities
Risk
Cost
Effort
Security
Availability
Scalability
Consolidation
Automation
Integration
Management
IT Challenges
Do More With Less
Increasing Cost
Increased Complexity
 Server
sprawl
 User management
 Desktop management

Disparate infrastructures
 B2C & B2B integration
 Availability and SLA
 Large scale systems
Business Solution Enablement
Anywhere, Anytime Access
 Security
risks
 Business availability
 Secure mobile access
Value of Infrastructure



Direct impact to the business
Underutilized servers
Business support
Windows Server 2003
The IT Platform for Business Solution Enablement
IT Infrastructure
Solutions
IdentityConsolidation
Management
Server
N
e
t
w
o
r
k Availability
Reliability and
A
c
c
e
s
s
Management
Platform Fundamentals
Secure Foundation
Performance & Scale
Secure Foundation
Industry Challenges

Improving Security




90% of customers detected computer security
breaches
40% of customers detected system penetration
from the outside; up from 25% in 2000
85% of customers detected computer viruses
Management Complexity


95% of all breaches due to mis-configuration
Multiple products = multiple management
Secure Foundation
Focusing on the Future Now!
Secure Foundation
Microsoft’s Security Framework
SD3 + Communications
Secure by
Design
Secure by
Default
Secure in
Deployment










Communications


Secure architecture
Security aware features
Reduce vulnerabilities in the code
Reduce attack surface area
Unused features off by default
Only require minimum privilege
Protect, detect, defend, recover, manage
Process: How to’s, architecture guides
People: Training
Clear security commitment
Full member of the security community
Microsoft Security Response Center
Designed for Security
Secure Foundation
SD3 + Communications
Secure by
Design
Reduced Code Vulnerability
$200M security investment
Extensive code reviews
Secure by
Default
8500 developers trained
Developer accountability
Focused on Security Architecture
Secure in
Deployment
Re-architected IIS Web Server
New authentication protocols
Common Language Runtime
Communications
More Secure by Default
Secure Foundation
SD3 + Communications
Secure by
Design
Reduced attack surface
Secure by
Default
Stronger defaults settings
IIS disabled by default
20+ other services turned off or
running under lower privileges
IE Hardened
System Root ACL
Secure in
Deployment
DLL Search Order
Reduced privileged accounts
Network Service (IIS Worker Process)
Communications
Local Service (Telnet)
Secure Deployments
Secure Foundation
SD3 + Communications
Secure by
Design
Tools to enhance host security
Software Restriction Policies
Security Configuration Editor *
Secure by
Default
Secure in
Deployment
Communications
Audit Collection System *
Prescriptive Guidance
Secure Windows Server 2003
Microsoft Systems Architecture
Patch Management Solutions
* to be released after server release
Secure Foundation
Reduced Attack Surface Area
Impacting Factors:

Windows
Server 2003
Windows
Server 2003
+ IIS
Windows
2000 Server
NT 4 SP6a +
Option Pack
Smaller Attack Surface




File System ACLs
Dynamic Web pages
Services running as SYSTEM
Services running by default
Number of total services
Reliability & Availability

Reduce Total Cost of Ownership


Downtime is expensive (Maintenance)
Complexity cost time (Inefficiency)
Business
Value
Increase
Availability
Continuous
Improvement
Streamline
Operations

Reduce
Downtime
Total
Costs
Increase Business Value


Keep business running (Revenue)
Get better with time (Profitability)
Reliability/Availability
Windows 2000 Server Downtime

Windows 2000 dramatically decreased
Unplanned Downtime
100%
80%
Total
Downtime
Planned
Downtime
60%
Unplanned
Downtime
40%
20%
0%
NT
Source: Microsoft ITG
W2K
Windows Server 2003
Reliability/Availability
Reliability Technical Improvements
Unplanned Downtime
Planned Downtime
OS: Upgrade/SP/Hotfix
• QFE Chaining
• Windows Security Push
76%
24%
Application: Failure
• COM+ App Recycling
• App Verifier +
• Windows Resource Management
• SxS Install
System Component Failure
• Windows Resource Management
• IIS 6 Application Recycling
Application: Install/Maintenance
• SxS Install
• Idle Shell unloads extensions
OS: Reconfiguration
• Multiple reboots removed
OS & Driver/Adaptor: Failure
• Driver verifier +
• Windows Driver Protection
• Driver rollback
• Software Tracing
• Enhanced Pool Tagging
Hardware: Install/Config
• Hotplug PCI
• Hot add RAM
Other: Unknown reboots
• Shutdown Event Tracker
(SET)
• SET System State Data
Reliability/Availability
Windows Server 2003
Unplanned Downtime Reduced by:
 26% over Windows 2000 SP2
 49% over NT 4 SP6
Downtime reduction
Compared to Windows NT 4.0 Server
% Downtime Improvement
70%
60%
49%
50%
40%
30%
23%
20%
10%
0%
Windows 2000 Server
* Based on analysis of 5 customers, 320 servers, 97 years total runtime
Windows Server 2003
Windows Server 2003
Reliability/Availability
Availability Improvements
Fault Tolerant
Capabilities
+
Microsoft
+
Clustering Service
Business
Continuance
Benefits
 Eliminates hardware
outages
 Runs all Windows apps
Benefits
 Protects from all
outages
 Ensures data integrity
Benefits
 Keeps the business
running
 Prepares for Disasters
Improvements
 Memory Mirroring
 Hotplug PCI
 Microsoft Hardware
Compatibility Test
Improvements
 8 node clustering
 Configuration Wizard
 VB scripting to make
any application cluster
Improvements
 Geographically
Dispersed Clusters
 Disaster Recovery
Storage Configurations
Reliability/Availability
Datacenter Program
Roadmap



No Program
Windows NT

Program
introduced
Support through
OEMs

Configuration
qualification process
streamlined

Driver Program added

Service Provider choices

Services strengthened
Services optional 
Windows 2000
High Availability support
Windows Server 2003
Reliability/Availability
Datacenter High Availability
Program
Qualified
Configurations
+
Qualified
Providers
+
High Availability
Support
Base Components
 Server Hardware
 Server OS
 Kernel Touching
Software
Provider Choices
 OEMs
 SIs & Resellers
 Microsoft
Proactive Services
 Operations Assessment
 Change Management
 Configuration Audit
Qualification Process
 HCT / EQP
 Datacenter Driver
Program
 Application Certification
Support Processes
 Partner Notifications
 Escalation Triggers
 Problem Resolution
 Partner Reporting
Reactive Services
 Global 24x7x365
 Microsoft High
Availability Resolution
Queue (HARQ)
Performance & Scalability
Windows Server 2003 delivers the best value for high-performance
systems through industry-leading performance and unmatched
price-performance
Performance & Scalability
Improved
Performance
Improved
Scalability
Support for New
Scalable Hardware








2x Faster Web Server
2x Faster File Server
2x Increase in LDAP Performance
Improved SMP Scalability
Improved Database Scalability
Support for Itanium 2 64-bit Systems
Support for NUMA-based Systems
Support for Intel Xeon Hyper Threading
Performance & Scale
Over 2x Faster File Server
– Consolidate old NT 4 and Netware file servers to fewer
Windows Servers
Performance & Scalability
File Server
Improved
Performance
140%
1,200
100%
Windows Server
2003
1,000
Mbps
Improved
Scalability
1,400
800
600
85%
400
Windows 2000
Server
200
0
1P
Support for New
Scalable Hardware
4P
8P
NetBench™ Benchmark
HP ProLiant DL760, 700 MHz Pentium III Xeon, 4 GB RAM,
Windows 2000 clients with Windows 2000 Server,
Windows XP SP2 with Windows Server 2003
Performance & Scale
Over 2x Faster Web Server
– Run 1000’s of Web sites on a single server
Performance & Scalability
Web Server
Improved
Performance
20,000
Req/s
Improved
Scalability
165%
25,000
120%
Windows Server
2003
15,000
10,000
75%
5,000
Windows 2000
Server
0
1P
Support for New
Scalable Hardware
4P
8P
WebBench™ Static Benchmark
HP ProLiant DL760, 700 MHz Pentium III Xeon,
4 GB RAM, 8xGB NICs
Performance & Scale
Over 2x Faster Directory Server
– Scales to meet the needs of the most demanding
Internet applications
Performance & Scalability
Active Directory
Improved
Performance
14,000
12,000
Searches/sec
Improved
Scalability
155%
16,000
90%
Windows Server
2003
10,000
8,000
6,000
4,000
75%
Windows 2000
Server
2,000
0
1P
Support for New
Scalable Hardware
4P
8P
LDAP Base Search
HP ProLiant DL760, 700 MHz Pentium III Xeon,
4 GB RAM, 2 million user database
Performance & Scale
Over 2x Faster Terminal Server
– Host more terminal sessions on a single Windows
Server.
Performance & Scalability
Terminal Server
Improved
Scalability
Users
Improved
Performance
550
500
450
400
350
300
250
200
150
100
50
0
140%
80%
Windows 2000
Server
Information Worker Simple Task Worker
Support for New
Scalable Hardware
Windows Server
2003
Information Worker/Task Worker Mix
4P Pentium 4 Xeon 1.6 GHz, 4GB RAM
IW Mix simulates multiple Microsoft Office applications,
STW Mix simulates single light application on desktop
Performance & Scale
Improved SQL Server Scaling
– Run the most demanding transaction-based
applications on Windows Server 2003.
Performance & Scalability
TPC-C Non-Clustered Benchmark
Improved
Performance
Support for New
Scalable Hardware
tpmC
Improved
Scalability
350,000
300,000
250,000
200,000
150,000
100,000
50,000
0
Windows
2000 Server
(8-way)
8-way Dell PowerEdge
8450/900, Pentium III Xeon 900
MHz, 69,901 tpmC, $8.46/tpmC,
Avail: 11-15-01
Source: www.tpc.org. Results as of: 2-12-03
Windows
Server 2003
(32-way)
32-way NEC Express5800
Itanium 2 1GHz 342,746
tpmC $12.86/tpmC
Avail: 3-31-03
Performance & Scale
Support for the Latest Hardware
– Get the most out of your new hardware purchase with
Windows Server 2003
Performance & Scalability
Improved
Performance
• Up to 64-way SMP
• Up to 512 GB RAM
• NUMA Optimization
• Intel Hyper-Threading Technology
Improved
Scalability
Support for New
Scalable Hardware
• Native 64-bit support (Itanium)
• 64-way HP SuperDome
• 32-way NEC Express5800
• 32-way Unisys ES7000 Orion 130
• 16-way IBM eServer xSeries 440
Management
How to:

Quickly & reliably deploy & redeploy systems?

Reliably enforce IT policies?

Reliably manage IT security?

Efficiently scale management efforts?

Minimize IT related disruptions to the business?

Do all this cost-effectively?
Management
Management Capabilities
Quickly & reliably deploy & redeploy systems
• Script based
• Image based
• Deployment Solutions
• Remote Installation Services (RIS)
• Automated Deployment Services (ADS)
• Unattended Install
Security
Management
• System preparation tools
Operations
Management
• Pre-installation OS
• SysPrep
• RIPrep
• Windows Pre-Installation Environment
(WinPE)
Solutions
Policy Based
Management
• Deployment methods
Tools
Automated
Deployment
RIS
Unattended
Install
ADS
RIPrep
SysPrep
Script Based Image Based
Management
Remote Installation Services
Quickly & reliably deploy & redeploy systems
Automated
Deployment

Script-based and image-based deployment

Highly customized deployments with WinPE
Key Enhancements

Fully automated deployment

Performance improvements

Enhanced security – password encryption, etc.

Automatic HAL filtering for RIPrep

Deploys Windows 2000 & Windows Server 2003 servers
Management
Automated Deployment Services*
Quickly & reliably deploy & redeploy systems
Automated
Deployment

Framework for mass server deployments &
script-based administration

For high-bandwidth datacenter environments

Multi-cast image-based deployments

New flexible Microsoft imaging format & tools

For Windows 2000 & Windows Server 2003
servers
*Provided with Windows Server 2003 Enterprise
and Datacenter Editions via Web download
Management
Policy Based Management
Reliably enforce IT policies
Automated
Deployment

Enables enforcement of IT policies

Enables ‘one-to-many’ management
Policy Based
Management

Built on AD infrastructure and
services
Security
Management

Implemented by Group Policy
capabilities
Operations
Management
Management
Active Directory
Reliably enforce IT policies
Policy Based
Management

Flexible, reliable, scalable, high-performance
directory services

Interoperable with standards based directories
Key Manageability Enhancements

Improved usability – bulk edit, new wizards,
save searches, etc.

Replication & trust monitoring

Migration tool

Domain rename
Group Policy
Management
Conrad Cahill
Microsoft
Management
Enhanced Security Management
Reliably manage IT security
Automated
Deployment

Secure credential & certificate
management
Policy Based
Management

Restricted access & delegated
administration

Software restriction & security policies

Network quarantine of non-compliant
systems and users

Security update management
Security
Management
Operations
Management
Management
Software Update Services
Reliably manage IT security
Security
Management

Windows OS security & critical update
management

Administrator control

Automated update notification & installation

Target computers can be centrally configured

Flexible configuration options

Success / failure history, consolidated logs
Management
Scalable Operations Management
Efficiently scale management efforts
Automated
Deployment
Policy Based
Management
Security
Management
Operations
Management

Monitoring, troubleshooting, recovery

Resource, cluster & network management

Application server management

Remote system management

Console based script & command line
management

Managing mixed Windows / UNIX
environments
Management
Terminal Server (TS)
Remote Desktop for Administration

Remotely manage desktops & servers

Provide remote access to applications
Key Manageability Enhancements
Operations
Management

MMC GUI to manage multiple Terminal Servers

Pre-defined ‘Remote Desktop Users’ group

GP based configuration

New WMI provider
Management
Progress Since Windows NT
Area
Windows
NT 4.0
Windows
2000 Server
Windows
Server 2003



Automated deployment


Distributed policy based management


Update / patch management
*

Script based management


Command line based management


Security Management
Administrator GUI



Storage & data management




Cluster management
Network management


Managed application installation


*

Unix interoperability & scripting support†
*Delivered after initial release of Windows 2000
†Available via Services for Unix product
Management
Customer Examples

GE IT Solutions Europe




GE Medical Systems






Use AD, GP, Terminal Services, WMI scripting & WMIC, Volume
Shadow Copy Services, SUS
Implement standard operating environment
Reduce # of domain controller by 64%, reduce # of server by 20%,
improved manageability, security
Use AD, GP / GPMC
900 servers in 70 NT domains
Goal to consolidate to one directory
Implement standard operating environment
> 20% reduction in servers
Avanade





Use Terminal Services to provide access to corporate applications
Eliminated need for costly 3rd party add-on
Reduced hardware 25% while increasing users 300%
Avoided $100,000 per year in license fees
Reduced support calls 75%, savings of $117,000 per year
© 2003 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.