Garry CorcoranIO LeadMicrosoft UK

Session Code: SM01

Implementing Core Infrastructure Optimization: The Implementer Resource Guides

Original Presenter: Eduardo KassnerEnterprise Technology Strategist

Session Objectives

Why IO ?

Learn how to discuss implementation of Core IO concepts and best practices.Find out how to navigate and leverage existing best practice implementation content and where to find itLearn how to create project execution plans using products, WSSRA, MOF, TechNet and Solution Accelerator guidance.

Infrastructure Optimization Model

Desktop, Server and Device Management

Security and Networking

Identity and Access Management

Data Protection and Recovery

IT and Security Process

Identity and Access Management

Desktop Server & Device management

Security and Networking

Provide home & mobile workers operational access to CRMLink HR and all IT Identity systems

Best Practices Across Lifecycle Yield Optimization

PCs/ IT FTE

100

200

300

400

0

500

76$1,320/PC

172$580/PC

442$230/PC

600

Improve IT efficiencyIncrease agilityShift investment mix

Note: $/PC represent annual IT labor per PCSource: IDC, 2006; Microsoft studies, 2005-06

Plan /Optimize

Change

OperateSupport

Plan/Optimize

Change

Operate

Support

Plan/Optimize

Change

OperateSupport

Plan/Optimize Change

OperateSupport

Basic Standardized Rationalized

Limited PC Security• PC firewall• Auto patching

PC Security $130/PC Savings

Multiple Directories• Many auth. directories• No dir synchronization• Manual user provisioning

Single directory for Auth• One authentication dir.

Automated provisioning• Single Sign-on• Auto password reset• Auto user provisioning

Comprehensive PC Security• Anti Spyware• Enforced security compliance

with Network Access Control

Limited sys mgmt• Single sys mgt tool• Software packaging• Software distribution

No system-wide mgmt• Poor sys mgt tool coverage• Duplicate mgmt tools• Manual sw, patch deploymt

Standardization• Defined PC lifecycle• Limited policy based PC mgt• Many software configs

Stds Compliance• Defined PC Lifecycle, stds enforcement• Full policy based PC mgt• Minimal hw, sw configs

None• No PC life cycle strategy• No policy based PC mgt• Many hw, sw config

Minimal PC Security• Anti-virus• Manual patching• No enforced sec. compliance

Comprehensive sys mgt• Hw, sw inventories• Hw, sw reporting• Auto/targeted sw dist.

Source: IDC, 2006

Standardized desktops $110/PC Centrally managed PC config $190/PC

Comprehensive directory solution $120/PC

Single system management tool $110/PC Automated software distribution $120/PC

$1,320/PC $580/PC $230/PC

Automated user provisioning $50/PC

Best Practices for Infrastructure OptimizationPapers Located //www.microsoft.com/io (Desktop, AD, & SMS)

Infrastructure Optimization

You might have experienced:

IO AssessmentIO Model PresentationIT Plan Alignment NOW HOW DO YOU

EXECUTE THIS ???

Identity & Access Management

Desktop, Devices & Server ManagementSecurity & NetworkingData Protection and RecoverySecurity Process

ITIL/COBIT – based Management ProcessGovernance

Automated Patch management SoftwareImage based deployment

MOF Optimizing QuadrantMOF Team ModelSLM & SLA Reviews

Implement ITIL + MOF

Data Protection ManagerNAS/SAN Solutions

Develop Security Policies

Implement Group Policythrough AD

Implement XPSP2 as default OSMOM 2005 for managing serversDeploy a VPN solution

CORE IOCustomer Progression Roadmap

REAL WORLD EXAMPLE

Current IO Tools

You probably have seen IO over the last year, and maybe even planned your projects with this model

InfrastructureOptimization

Core IOModel

IO PlansMOF BDD

Continuous Improvement

Roadmap

The Microsoft Operations Framework (MOF) provides operational guidance that enables organizations to achieve mission-critical system reliability, availability, supportability, and manageability of Microsoft products and technologies.

MOF Process Model

Self Assessment Tool

SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators

Microsoft Operations Framework

Architecture Blueprints

WSSRA contains detailed IT infrastructure planning and design guidance, tested and proven in labs. This guidance enables organizations to build highly available, secure, manageable, and reliable enterprise IT infrastructure.

SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators

Logical Architecture Diagram

Implementation Guides

Windows Server System Reference Architecture (WSSRA)

Detailed Project Guidance and Job

Aids

BDD 2007 simplifies Windows Vista and the 2007 Office system deployment, including comprehensive process guidance, job aids and tools to correspond with every stakeholder and phase of a large-scale desktop deployment project.

Deployment Workbench MMC

TechNet Desktop Deployment Center

SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators

Business Desktop Deployment (BDD) 2007Released: January 2007

announcing…

Released: Spring 2007

Basic to Standardized Guide

IO provides a logical roadmap to progress the maturity of an IT organization. These guides describe the core concepts for implementing and managing IO-defined capabilities, linking to more detailed and actionable content for implementation.

SOLUTIONACCELERATORS Act faster. Go further.microsoft.com/technet/SolutionAccelerators

Core IO Capability Model

Standardized to Rationalized Guide

Rationalized to Dynamic Guide

Core Infrastructure Optimization (IO)

Implementer Resource Guides

Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized

Identity and Access Management Content Guide

Planning and Architecting the AD Infrastructure

Defining the Service

Designing the AD Logical Structure

Logical Structure Design Reqs

Forest Design

Domain Design

Forest Root Design

AD Namespacing design

DNS Infrastructure to support AD

Creating Organizational units

Rendering the AD Logical Design

Deploying the AD Infrastructure

Configure Domain

Configure DNS on Domain Controllers

IDA

DD&SM

S&N

S

DP&R

Operating Active Directory

Based on :• WSSRA Directory Services• MOF Directory Administration• Identity and Access Management Series

Solution Accelerators• Active Directory Guidance in Windows

Server 2003 TechNet

Basic Standardized

Desktop, Device and Server Management Moving from Basic to Standardized

• Lacking automated patch management for most desktops

• Lacking standard images for most desktops, no desktop image strategy

• Inconsistent plan to manage multiple operating systems

• Not monitoring most servers• No provisioning for mobile

devices

• Automated patch management• Defined set of standard images• Desktop image strategy in place

that includes anti-virus, management tools, line of business applications

• Consistent plan to manage operating systems

• Monitoring present for most critical servers

• Mobile device provisioning • Security policy provisioning for

mobile devices• Remote wipe and policy

enforcement for mobile devices

Desktop, Server & Device Management Content Guide

Automated Patch Management

Assess Phase

Identify Phase

Discover new SW Updates

Obtain SW Updates in a reliable manner

Develop SW Updates screening methods

Identify process owners

Develop and review process documentation

Inventory/Discover computing assets

Sources for SW Updates

Assess existing infrastructure for updates

Assess operational effectiveness

Plan release

Conduct acceptance testing

Determine inventory set to be patch

Determine go/ no go

Evaluate and Plan Phase

Deploy Phase

Automated Patch Management … cont

Deployment

Review

Preparation Stage updates on distribution point

Vulnerability update

Validate plan vs deployed

Communicate rollout schedule

Advertise SW

Monitor deployment

Handle failed deployments

Update build images

Validate risk mitigation

IDA

DD&SM S

S&N

DP&R

Based on :• Patch Management Solution Accelerators

Desktop, Server & Device Management Content GuideStandardized Computer Images

Plan

Development

Define type of image to use (thick or thin)

Create build

Create deployment point

Install a build

Update the deployment points

Stabilization

Maintenance

Test build

Test deployment process

Update build and log changes

Consolidation of Desktop Images to 2 OS versions

Multiple Standard Images

Exceptions

Patches and Updates

Maintenance Contracts

User Productivity

Application Compatibility

IDA

DD&SM S

S&N

DP&R

Based on :• Business Desktop Deployment 2007

Desktop, Server & Device Management Content Guide

Centralized Management of Mobile Devices

SMS 2003 Device Management Feature Pack

Device Management Capabilities

Exchange Server 2003 and Exchange Server 2007

Active Directory

Managing Exchange ActiveSync

Managing Exchange ActiveSync Users

Remotely Enforced Device Security Policies

Certificate-Based Authentication

S/MIME-Encrypted Messaging

Identity Validation, Data Protection, and Data Backup of Mobile Devices

User Access, Passwords

Device Lockout, Certificates

Data Access, Data Encryption

Remote Device Wipe

IDA

DD&SM S

S&N

DP&R

Based on :• Step-by-Step Guide to Deploying Windows

Mobile-based Devices with Exchange Server 2003 SP2

• Product Guides: Exchange Server, SMS 2003

Standardized Rationalized

Desktop, Device and Server Management Moving from Standardized to Rationalized

• Automated patch management• Defined set of standard images• Desktop image strategy in place that

includes antivirus, management tools, line of business applications

• Consistent plan to manage operating systems

• Monitoring present for most critical servers

• Mobile device provisioning • Security policy provisioning for

mobile devices• Remote wipe and policy

enforcement for mobile devices

• Primary desktop operating system is Vista or XP SP2

• Automated software distribution and automated asset management and tracking

• Patch management solution for servers

• Layered image strategy• Consistent plan to manage

operating system• SLA monitoring of mission-critical

servers

Desktop, Server & Device Management Content GuideAutomated

Operating System Distribution

App Inventory and Compatibility

Building Images

Based on :• Business Desktop Deployment 2007• Product Guides:

• SMS 2003• Windows Vista• Windows XP

Infrastructure Remediation

Packaging Applications

User State Migration

Desktop Hardening

Automated Tracking of Hardware and Software for Desktops

Asset Inventory

System Status

Application Deployment and Usage

Security Patch Management

OS Deployment

Latest Two OS Versions and Service Packs on Desktops

Reasons to Move to two latest versions of the OS

Web Security

Wired and Wireless Network Support

Data Protection and Recovery

Integrated Firewall

HAL-Independence

IDA

DD&SM R

Automated Deployment

Drive Encryption

DOWNLOAD THE GUIDES AND PLEASE GIVE US FEEDBACK !!!

GUIDE 3 IS COMING SOON!!!

You can find the first guide at:http://www.microsoft.com/io

Links & Resources

Web sitehttp://www.microsoft.com/io

Bloghttp://blogs.technet.com/io/

Other Sessions at MMS 2007:SM20 Implementing Core Infrastructure Optimization: The Implementer Resource Guides

Thank you for attending this TechNet Event

Find these slides at:http://www.microsoft.com/uk/technetslides