Manageability Services at Microsoft Published: December 2006.
-
Upload
mitchell-field -
Category
Documents
-
view
223 -
download
3
Transcript of Manageability Services at Microsoft Published: December 2006.
Manageability Services at MicrosoftManageability Services at Microsoft
Published: December 2006
Microsoft IT EnvironmentMicrosoft IT Environment
● 340,000+ computers340,000+ computers● 121,000 end users121,000 end users● 98 countries98 countries● 441 buildings441 buildings● 15,000 clients running 15,000 clients running
Windows VistaWindows Vista™™● 25,000 clients running 25,000 clients running
the 2007 Microsoft the 2007 Microsoft Office systemOffice system
● 5,700 Exchange 5,700 Exchange Server 2007 Server 2007 mailboxesmailboxes
● 31 servers running 31 servers running Windows Server Windows Server “Longhorn”“Longhorn”
● 46 million+ remote 46 million+ remote connections per monthconnections per month
● 189,000+ SharePoint 189,000+ SharePoint sitessites
● 4 data centers4 data centers● 8,400 production 8,400 production
serversservers
● E-mail messages per E-mail messages per day:day:
3 3 million internalmillion internal
10 million 10 million incomingincoming
9 million filtered 9 million filtered outout
● 37 million instant 37 million instant messages messages per monthper month
● 120,000+ e-mail 120,000+ e-mail server accountsserver accounts
2
Possible Similarities Possible Differences
Microsoft IT As a Microsoft Customer
● Security is mission criticalSecurity is mission critical● Mix of Microsoft operating Mix of Microsoft operating
systems and configurationssystems and configurations● Balancing security, cost, Balancing security, cost,
and efficiency is the bottom and efficiency is the bottom lineline
● Heterogeneous network Heterogeneous network environmentenvironment
● Need to integrate disparate Need to integrate disparate management systemsmanagement systems
● Being the first and best Being the first and best customer of Microsoftcustomer of Microsoft
● Software deployed more than Software deployed more than onceonce
● Majority of users are Majority of users are technical, local technical, local administratorsadministrators
● High-priority target for High-priority target for security attackssecurity attacks
● State-of-the-art networks and State-of-the-art networks and latest operating systemslatest operating systems
● Windows-only environmentWindows-only environment
3
Primary ChallengesPrimary Challenges
● Pressure to reduce IT management costsPressure to reduce IT management costs● Continuous new software versions (beta release)Continuous new software versions (beta release)● Rapid updatesRapid updates● New computers and servers configured dailyNew computers and servers configured daily● Wide variety of hardware (various laptops, Wide variety of hardware (various laptops,
desktop computers, and Tablet PCs)desktop computers, and Tablet PCs)● Need to constantly monitor and control health Need to constantly monitor and control health
and security of network and security of network
4
Dogfood and IT ScorecardDogfood and IT Scorecard● Shared goalsShared goals● Product Product
feedbackfeedback● Planning and Planning and
testingtesting● ““Dogfooding” Dogfooding”
and running a and running a world-class world-class utilityutility——IT IT ScorecardScorecard
● ShowcaseShowcase
5
Manageability Services ModelManageability Services Model
Program Management
Ser
vice
Man
ag
emen
t
Third-Party Software
Customers
BusinessUnits
Microsoft IT
(Security)
EndUsers
ExternalCustomers
Tiered Support (Helpdesk, Shared T2 Globally)
PartnersProduct Groups
MSTManage
ServerLife Cycle
ServerLife Cycle
Image Management Operating System
ProvisioningPatch Management
Software Distribution
3 Software Distributions4 Updates
2,000 Images
CMDBServer and NetworkTools Management
Enterprise Reporting
500,000 Configuration Items15,000 Devices Managed100+ Metrics Managed
Server and NetworkFault Management
Alert StreamMP Onboarding
16,000 Devices Monitored37,000/1 Million Alerts
11 Base Management Packs
Image Management Operating System
ProvisioningPatch Management
Software Distribution
12 Software Distributions7 Updates
6,000 Images
ConfigurationManagement
ConfigurationManagement
ServiceMonitoring
ServiceMonitoring
ClientLife Cycle
ClientLife Cycle
6
Manageability Services Scope Manageability Services Scope
• 5 Active Directory forests• Standardized on Windows Server 2003• 200 servers provisioned each month
441 buildings globally
4 enterprise data centers and50 remote locations globally
ConfigurationManagement
ServerLife Cycle
ServiceMonitoring
Network (~10,000)
Servers (~10,000)
Telephony (~10,000)
ClientLife Cycle
Clients (~233,000)
• Local administrators• Compliance through
SMS• Multiple desktops • Frequent rebuilds • IPsec for Secure Net
7
Microsoft Operations FrameworkMicrosoft Operations Framework
● Structured approach to Structured approach to achieving operational achieving operational excellenceexcellence
● Collection of best practices, Collection of best practices, principles, and modelsprinciples, and models
● Guidance on achieving high Guidance on achieving high availability, reliability, and availability, reliability, and securitysecurity
● 21 service management 21 service management functionsfunctions
8
MOF-Based OperationsMOF-Based Operations$100 Million 3-Year Spend Reduction
IT Utility (Cost per Head)
Cumulative Reduction
FY03 FY04 FY05 FY06
$ 7,220 $ 6,159 $5, 778 $4, 739
-15% -20% -34%
● 90% Auto-ticketing90% Auto-ticketing● Single MOM consoleSingle MOM console● Alert-to-ticket ratio = 1.4:1Alert-to-ticket ratio = 1.4:1● CMDB drives MOF processesCMDB drives MOF processes● Decreased duplicate/No Decreased duplicate/No
Problem Found tickets by 90%Problem Found tickets by 90%● Improved critical updates from Improved critical updates from
28 to 21 days, emergency 28 to 21 days, emergency updates from 15 to 8 daysupdates from 15 to 8 days
Automation
Change and release processes centralized143 offices connected via Internet 450:1 server-to-staff ratio (remote support)200:1 server-to-staff ratio (on-site support)Tier 2 support moved to India
Consolidation
30% reduction in infrastructure servers
Exchange servers down from 74 to 4 sites globally
500+ virtual servers (16:1 guest-to-host ratio)
Data Protection Manager (eliminated 115 tape libraries)
Centralization
While Improving… Security
Zero service impacts from Denial of Service attacksIncreased patching speed700+ application security and privacy audits
Productivity
Significant improvement in customer satisfaction scoreIncreased mobility with Microsoft Office Outlook® Web Access, Smartphones, and RPC over HTTPGreater collaboration with SharePoint, MySites, Document Workplace
9
Life Cycle ManagementLife Cycle Management
Scripted builds,server joinsdomain
SMS post-build updates
SMSinventories for configurationand compliance
SMS deploys security updates and other software updates
1. Deploy 2. Baseline 3. Inventory 4. Update
• Seven base client images• MUI for international languages• Group Policy for standard registry key changes and
security configurations
Image Management
• Bare metal—fully automated via RIS and PXE (Windows Deployment Services/RIS)
• Scripted automated build-outs of base operating system
• Product key management
Operating System Provisioning
• Security and emergency updates• Windows and Office using ITMU • ITCU for third party
Patch Management
• Package, test, and deploy security and software update packages
• Baseline packages (N, N+1)
SoftwareDistribution Server and Client
Software Life Cycle
10
Patching MethodologyPatching MethodologyServer and Client (Critical Updates)Server and Client (Critical Updates)
MM TT WW TT FF SS SS MM TT WW TT FF SS SS MM TT WW TT FF SS SS MM TT WW TT
Update available to server owners for testing and deployment
Update available to desktops via SMS, Windows Update, or Automatic Updates
Two week grace period Forced Remediation
Testing/Evaluation/Installation Forced Remediation
Des
kto
ps
S
erve
rs Servers 99.5% Updated
Desktops 98% Updated
Sustainer Remediation
Sustainer Remediation
Patch Released
11
Degrees of Client ManagementDegrees of Client Management
IPsec boundaryCreates Secure Net environment
Remote access clients/dial-up
Workgroups
Labs
All Devices ~330,000
Unique management challenges
Secure Net Devices
~270,000
Devices managed through SMS~265,000
~16,000 servers
IPsec
12
HighClient Impact
LowClient ImpactLowClient Impact
Microsoft Update; E-mail and ITWeb Notification (Optional)
SMS Patch Management (Voluntary > Forced)
SER Scanning and Scripted Patching
Port Shutdown
13
Multiple-Phased Approach to Client Multiple-Phased Approach to Client ManagementManagement
SMS ArchitecturesSMS Architectures
Systems Management ServerData Center Lab Desktop
Server Patch Management
Primary Sites
Primary Sites
Central Site Central Site
Primary SiteSingapore
Primary SiteDublin
Primary SitePuget Sound
Central Site
Redmond
Australia-Asia EMEA North America
Puget Sound
Distribution Points
Distribution Points
Distribution Points
14
SMS RedmondSMS Redmond
Management PointsSQL Replication
Distribution Points
Clients
Redmond Primary Site
NLB Cluster Random Selection
15
Configuration Management ModelConfiguration Management ModelSelf-Service
Portal
CMDBData Warehousing and Reporting
Integration Framework
Management Applications
Managed InfrastructureTelephony : Applications : Network :
Server/Operating System
Fault : Config : Accounting : PerformanceSecurity : Audit
Problem
Mgm
t
Incid
ent Mgm
t
Change Mgm
t
Data A
nalysis● Asset management and Asset management and reporting tightly linked to reporting tightly linked to support operationssupport operations
● Service management drives Service management drives end-to-end IT servicesend-to-end IT services
● Metadata: manually populatedMetadata: manually populated● Service > asset mappingService > asset mapping● Service scopingService scoping● Exception trackingException tracking
● Element managementElement management● ““One Tool to Rule All” does One Tool to Rule All” does
not existnot exist● Federated modelFederated model● IntegrationIntegration● Extensible modelingExtensible modeling
16
Configuration and Reporting
IT Services Catalog
SQL Server Report BuilderSQL Server Reporting Services
Views Scorecards Reports
Self-ServicePortal
Data Warehousing And Analysis Services
SCCM/MOM
ODS Offload
Other ODSIT Config
SQL Server Integration Services
SQL Server Integration Services
17
Enterprise Monitoring and ControlEnterprise Monitoring and Control
Console Ad Hoc
InternalNetwork
LabsExtranet MMS
Pre
sen
tati
on
L
ayer
Ale
rt S
trea
mS
ou
rce
Info
rmat
ion
Network
Self-Help Reporting
Alert StreamNotification Workflow
Systems Integration (Connectors)Ad-Hoc Gap AnalysisSelf-Help UIMultiple Console Views
Management Pack BaselineReduce No Problem Found/Duplicate ticketsEvent-to-Ticket RatioEvent Stream Cleanup
Environment ConsolidationOnboardingMOM V3 ArchitectureAudit Event Collection Network Management
18
Network
EMC Smarts
MOM Agents
IT ConfigCMDB
IntranetMOM 2005
Zone
MessagingMOM 2005
Zone
Business UnitApplication
Console
MOM 2005 Master
MOM 2005Applications MG
IntranetManagement Group
2,039 agents
IntranetManagement Group
2,060 agents
ExtranetManagement Group
1,988 agents
Service Desk
VM VM
VM
VM
VM
Centralized MonitoringConsole
ExtranetMOM 2005
Zone
VM
MOM 2005 Data Warehouse
MOM 2005 ArchitectureMOM 2005 ArchitectureReal-Time Monitoring Tools
19
MOM 2005 Architecture Drill-DownMOM 2005 Architecture Drill-Down
Production
Management Group
Pre-Production
Management Group
Production
Management Group
Infrastructure Monitoring Management Group
Application Monitoring
ManagementGroup
• Application
• SQL Server
• IIS
• Hardware
• Operating System
• Infrastructure servicesManaged Server
Multi-Homed Agents
20
SQL
ACS ArchitectureACS Architecture
Intranet Domain
Controllers
Intranet Exceptions
Extranet
CollectorsCollection Databases
Reporting Databases
Event Pattern Monitoring WMI
Subscriber
SQL
SQL
DTS
DTS
DTS
WMI
WMI
WMI
21
04/11/23 22
Network
EMC SMARTS
IT ConfigCMDB
IntranetOperations Manager
Server Zone
IntranetOperations Manager
Client Zone
Operations Manager
Service Desk
Operations Manager 2007Planned Architecture
VM
VM
VM
Centralized MonitoringConsole
ExtranetOperations Manager
Zone
VM
Operations ManagerData Warehouse
Audit CollectionDatabase
Audit CollectionDatabase
Audit CollectionDatabase
22
Manageability Best PracticesManageability Best Practices
Maintenance Windows
Security Update Status
Thresholds for Logical Drives
ExchangeExchange
Backup ServerBackup Server
Directory Directory ServicesServices
Local ServerLocal ServerInternet Internet ConnectionConnection
● Outsource to AutomationOutsource to Automation● Self-service manageability Self-service manageability
servicesservices● Single console for operationsSingle console for operations● Automated agent managementAutomated agent management● Automated ticketingAutomated ticketing● Drive down alerts/ticketsDrive down alerts/tickets● MOF processes drive servicesMOF processes drive services● Implement service catalog and Implement service catalog and
CMDBCMDB● Smart ConsolidationSmart Consolidation
● InfrastructureInfrastructure——ExchangeExchange● Internet connected offices (ICOs)Internet connected offices (ICOs)
——consider ICOs and modified consider ICOs and modified SLAsSLAs
● Use virtual servers (utility model)Use virtual servers (utility model)● Consider backup to diskConsider backup to disk
23
For More InformationFor More Information
● Additional content on Microsoft IT Additional content on Microsoft IT deployments and best practices can be deployments and best practices can be found on found on http://www.microsoft.comhttp://www.microsoft.com
● Microsoft TechNet Microsoft TechNet http://www.microsoft.com/technet/itshowcasehttp://www.microsoft.com/technet/itshowcase
● Microsoft Case Study ResourcesMicrosoft Case Study Resourceshttp://www.microsoft.com/resources/casestudieshttp://www.microsoft.com/resources/casestudies
This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY. Microsoft, Active Directory, Outlook, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
26