Based on - Center
Download
Report
Transcript Based on - Center
Session Code: SM01
Implementing Core
Infrastructure
Optimization:
The Implementer Resource Guides
Garry Corcoran
IO Lead
Microsoft UK
Original Presenter: Eduardo Kassner
Enterprise Technology Strategist
Session Objectives
Why IO ?
Learn how to discuss implementation of
Core IO concepts and best practices.
Find out how to navigate and leverage
existing best practice implementation
content and where to find it
Learn how to create project execution plans
using products, WSSRA, MOF, TechNet and
Solution Accelerator guidance.
Infrastructure Optimization Model
IT and Security Process
Identity and Access Management
Desktop, Server and Device Management
Security and Networking
Data Protection and Recovery
Provide home & mobile workers operational access to CRM
Link HR and all IT Identity systems
Best Practices Across Lifecycle Yield Optimization
PCs/ IT FTE
76
$1,320/PC
172
$580/PC
442
$230/PC
600
500
Plan/
Optimize Change
400
Support
300
Operate
Plan /
Optimize
Support
Change
Operate
Plan/
Optimize
Change
200
Plan/
Optimize
Change
100
Operate
Support
0
Note: $/PC represent annual IT labor per PC
Source: IDC, 2006; Microsoft studies, 2005-06
Operate
Support
Improve IT efficiency
Increase agility
Shift investment mix
Papers Located //www.microsoft.com/io (Desktop, AD, & SMS)
Basic
Standardized
$1,320/PC
$580/PC
$230/PC
Standardized desktops $110/PC
None
• No PC life cycle strategy
• No policy based PC mgt
• Many hw, sw config
Centrally managed PC config $190/PC
Standardization
• Defined PC lifecycle
• Limited policy based PC mgt
• Many software configs
Comprehensive directory solution $120/PC
Multiple Directories
• Many auth. directories
• No dir synchronization
• Manual user provisioning
Rationalized
Stds Compliance
• Defined PC Lifecycle,
stds enforcement
• Full policy based PC mgt
• Minimal hw, sw configs
Automated user provisioning $50/PC
Single directory for Auth
• One authentication dir.
Automated provisioning
• Single Sign-on
• Auto password reset
• Auto user provisioning
PC Security $130/PC Savings
Minimal PC Security
• Anti-virus
• Manual patching
• No enforced sec. compliance
Limited PC Security
• PC firewall
• Auto patching
Single system management tool $110/PC
No system-wide mgmt
• Poor sys mgt tool coverage
• Duplicate mgmt tools
• Manual sw, patch deploymt
Source: IDC, 2006
Comprehensive PC Security
• Anti Spyware
• Enforced security compliance
with Network Access Control
Automated software distribution $120/PC
Limited sys mgmt
• Single sys mgt tool
• Software packaging
• Software distribution
Comprehensive sys mgt
• Hw, sw inventories
• Hw, sw reporting
• Auto/targeted sw dist.
Infrastructure Optimization
You might have
experienced:
IO Assessment
IO Model
Presentation
IT Plan Alignment
CORE IO
Customer Progression Roadmap
Identity & Access
Management
Desktop, Devices &
Server Management
Implement Group Policy
through AD
Automated Patch management Software
Image based deployment
Security & Networking
Implement XPSP2 as default OS
MOM 2005 for managing servers
Deploy a VPN solution
Data Protection and
Recovery
Data Protection Manager
NAS/SAN Solutions
Security Process
Develop Security Policies
ITIL/COBIT – based
Management Process
Governance
REAL WORLD EXAMPLE
Implement ITIL + MOF
MOF
Optimizing
Quadrant
MOF Team
Model
SLM & SLA
Reviews
Current IO Tools
You probably have seen IO over the last year,
and maybe even planned your projects with
this model
MOF
Infrastructure Core IO
Optimization Model
IO Plans
BDD
Microsoft Operations Framework
Continuous
Improvement
Roadmap
Self Assessment Tool
MOF Process Model
The Microsoft Operations Framework (MOF) provides
operational guidance that enables organizations to achieve
mission-critical system reliability, availability, supportability,
and manageability of Microsoft products and technologies.
Windows Server System Reference Architecture
(WSSRA)
Logical Architecture
Diagram
WSSRA contains detailed IT infrastructure planning and
design guidance, tested and proven in labs. This guidance
enables organizations to build highly available, secure,
manageable, and reliable enterprise IT infrastructure.
Architecture
Blueprints
Implementation
Guides
Business Desktop Deployment (BDD) 2007
Released: January 2007
Detailed Project
Guidance and Job Aids
Deployment Workbench
MMC
BDD 2007 simplifies Windows Vista and the 2007 Office
system deployment, including comprehensive process
guidance, job aids and tools to correspond with every
stakeholder and phase of a large-scale desktop deployment
project.
TechNet Desktop
Deployment Center
Core Infrastructure Optimization (IO)
Implementer Resource Guides
Released: Spring 2007
Rationalized to
Dynamic Guide
Standardized to
Rationalized Guide
Basic to Standardized
Guide
Core IO Capability Model
IO provides a logical roadmap to progress the maturity of an
IT organization. These guides describe the core concepts for
implementing and managing IO-defined capabilities, linking
to more detailed and actionable content for implementation.
SOLUTIONACCELERATORS Act faster. Go further.
microsoft.com/technet/SolutionAccelerators
Core Infrastructure
Optimization
Implementer Resource
Guide:
Basic to Standardized
Identity and Access Management
Content Guide
Planning and
Architecting the
AD Infrastructure
Deploying the AD
Infrastructure
Logical Structure
Design Reqs
Defining the
Service
Configure Domain
Forest Design
Domain Design
Designing the AD
Logical Structure
Forest Root
Design
AD Namespacing
design
DNS
Infrastructure to
support AD
Rendering the AD
Logical Design
Creating
Organizational
units
Configure DNS on
Domain
Controllers
Operating Active
Directory
Desktop, Device and Server
Management
Moving from Basic to Standardized
Basic
• Lacking automated patch
management for most desktops
• Lacking standard images for most
desktops, no desktop image
strategy
• Inconsistent plan to manage
multiple operating systems
• Not monitoring most servers
• No provisioning for mobile devices
Standardized
• Automated patch management
• Defined set of standard images
• Desktop image strategy in place
that includes anti-virus,
management tools, line of business
applications
• Consistent plan to manage
operating systems
• Monitoring present for most critical
servers
• Mobile device provisioning
• Security policy provisioning for
mobile devices
• Remote wipe and policy
enforcement for mobile devices
Desktop, Server & Device Management
Content Guide
Automated Patch
Management
Assess
Phase
Inventory/Discover
computing assets
Automated Patch
Management … cont
Sources for SW
Updates
Assess existing
infrastructure for
updates
Plan release
Evaluate
and Plan
Phase
Assess operational
effectiveness
Identify
Phase
Discover new SW
Updates
Obtain SW Updates
in a reliable manner
Determine go/ no
go
Conduct
acceptance testing
Determine
inventory set to be
patch
Communicate
rollout schedule
Deploy
Phase
Preparation
Develop SW
Updates screening
methods
Identify process
owners
Stage updates on
distribution point
Advertise SW
Monitor deployment
Deployment
Handle failed
deployments
Develop and review
process
documentation
Vulnerability update
Review
Update build
images
Validate plan vs
deployed
Validate risk
mitigation
Desktop, Server & Device Management
Content Guide
Standardized
Computer Images
Plan
Consolidation of
Desktop Images to
2 OS versions
Define type of image
to use (thick or thin)
Create build
Multiple Standard
Images
Create deployment
point
Patches and
Updates
Update the
deployment points
Maintenance
Contracts
Development
Install a build
Test build
Stabilization
Test deployment
process
User Productivity
Application
Compatibility
Exceptions
Maintenance
Update build and log
changes
Desktop, Server & Device Management
Content Guide
Centralized
Management of Mobile
Devices
Device
Management
Capabilities
Exchange Server
2003 and
Exchange Server
2007
Identity Validation,
Data Protection, and
Data Backup of
Mobile Devices
Active Directory
Managing
Exchange
ActiveSync
Managing
Exchange
ActiveSync Users
Remotely
Enforced Device
Security Policies
Certificate-Based
Authentication
SMS 2003
Device
Management
Feature Pack
S/MIMEEncrypted
Messaging
User Access,
Passwords
Device Lockout,
Certificates
Data Access,
Data Encryption
Remote Device
Wipe
Desktop, Device and Server
Management
Moving from Standardized to Rationalized
Standardized
Rationalized
• Automated patch management
• Defined set of standard images
• Desktop image strategy in place that
includes antivirus, management
tools, line of business applications
• Consistent plan to manage operating
systems
• Monitoring present for most critical
servers
• Mobile device provisioning
• Security policy provisioning for
mobile devices
• Remote wipe and policy
enforcement for mobile devices
• Primary desktop operating system
is Vista or XP SP2
• Automated software distribution and
automated asset management and
tracking
• Patch management solution for
servers
• Layered image strategy
• Consistent plan to manage
operating system
• SLA monitoring of mission-critical
servers
Desktop, Server & Device
Management
Content GuideAutomated Tracking of
Automated
Operating System
Distribution
Hardware and Software
for Desktops
Latest Two OS Versions
and Service Packs on
Desktops
App Inventory
and Compatibility
Asset
Inventory
Reasons to Move to two
latest versions of the OS
Infrastructure
Remediation
Application
Deployment
and Usage
Wired and Wireless
Network Support
Security Patch
Management
Data Protection and
Recovery
User State
Migration
System Status
Web Security
Desktop
Hardening
OS
Deployment
Integrated Firewall
Packaging
Applications
Building Images
Automated
Deployment
HAL-Independence
Drive Encryption
You can find the first guide at:
http://www.microsoft.com/io
Links & Resources
Web site
http://www.microsoft.com/io
Blog
http://blogs.technet.com/io/
Other Sessions at MMS 2007:
SM20 Implementing Core Infrastructure Optimization:
The Implementer Resource Guides
Thank you for attending this TechNet Event
Find these slides at:
http://www.microsoft.com/uk/technetslides