Active Directory Active Directory ConsolidationConsolidationClose Out MeetingClose Out Meeting

Dave ChomasDave ChomasSenior ConsultantSenior Consultantdchomas@microsoft.comdchomas@microsoft.com

AgendaAgenda Scope of the engagement? (Reminder)Scope of the engagement? (Reminder) Objectives of the engagement? (Reminder)Objectives of the engagement? (Reminder) Operations review findingsOperations review findings Systems management tools assessment findingsSystems management tools assessment findings Server infrastructure assessment findingsServer infrastructure assessment findings Potential consolidated environment architecturesPotential consolidated environment architectures Risk AnalysisRisk Analysis Next stepsNext steps Q&A Q&A

ScopeScope In ScopeIn Scope

High Level Current environment Assessment High Level Current environment Assessment Existing Server and network infrastructureExisting Server and network infrastructure

Existing IT operations reviewExisting IT operations review

Existing systems management tools assessmentExisting systems management tools assessment

Evaluate consolidation opportunities and scenariosEvaluate consolidation opportunities and scenarios

Planning and first pass design activitiesPlanning and first pass design activities

Out of ScopeOut of Scope Detailed designDetailed design

TrainingTraining

ScopeScope What this isWhat this is

Impartial high-level review of UW-M’s AD Impartial high-level review of UW-M’s AD

implementationsimplementations

What this isn’tWhat this isn’t

A ‘bash’ session of any groupA ‘bash’ session of any group

UW-M Business ObjectivesUW-M Business Objectives Reduce the total amount of redundant administration by Reduce the total amount of redundant administration by

granting UW-M’s Core Services IT organization the ability granting UW-M’s Core Services IT organization the ability to view and manage all global IT resources. to view and manage all global IT resources.

Allow UW-M to standardize the process of merging and Allow UW-M to standardize the process of merging and migrating business IT resources.migrating business IT resources.

Allow UW-M to consolidate the number of common Allow UW-M to consolidate the number of common directory services technologies providing similar IT directory services technologies providing similar IT services into a common or centralized platform to services into a common or centralized platform to maximize common services and tasks providing for a maximize common services and tasks providing for a more efficient operation for the university as a whole.more efficient operation for the university as a whole.

Improve business continuity by providing a global, Improve business continuity by providing a global, common and secure repository of trusted identification.common and secure repository of trusted identification.

Reduce costs by consolidating resources such as network Reduce costs by consolidating resources such as network services and server hardwareservices and server hardware

Identify the risks Identify the risks Determine next stepsDetermine next steps

Project TeamProject Team

CustomerCustomer Executive sponsor - Paul TrebianExecutive sponsor - Paul Trebian

Project manager - Atis PurinsProject manager - Atis Purins

Technology architects - AD Core Services Technology architects - AD Core Services

TeamTeam

MS Account TeamMS Account Team

Steve Moran – Engagement ManagerSteve Moran – Engagement Manager

Mary Paulson – Account ManagerMary Paulson – Account Manager

Delivery ConsultantDelivery Consultant

Dave ChomasDave Chomas

Server AssessmentServer Assessment

~14 Active Directory implementations on campus~14 Active Directory implementations on campus

6 email systems in addition to PantherMail6 email systems in addition to PantherMail

File & Print servers in each school/departmentFile & Print servers in each school/department

0

2

4

6

8

10

12

14

16

18

AD Core Services

DC

F&P

Mail

Management

Application

Basic Server Environments

Strengths of decentralized environments

Improvement Opportunities

Operations review findingsOperations review findings

More responsive staffMore responsive staff Better customer serviceBetter customer service IT staff has complete control over environmentIT staff has complete control over environment Prioritization of projects, service calls, etc.Prioritization of projects, service calls, etc.

More education neededMore education needed Insecure data centersInsecure data centers Environments running on desktopsEnvironments running on desktops Duplication of effortDuplication of effort Loss of objectivityLoss of objectivity Loss of budgetary controlLoss of budgetary control Inconsistent service levelsInconsistent service levels

Strengths of centralized environments

Improvement Opportunities

Operations review findingsOperations review findings

Easy automation of common tasksEasy automation of common tasks Simpler environment to troubleshootSimpler environment to troubleshoot Strong(er) budgetary controlsStrong(er) budgetary controls Economies of scale for commodity servicesEconomies of scale for commodity services University-wide perspectiveUniversity-wide perspective

Lack of communication with customersLack of communication with customers Perceived as un-responsive, reactionary instead of proactivePerceived as un-responsive, reactionary instead of proactive Perceived as slow to implement new technologiesPerceived as slow to implement new technologies

Best Practice environments

Operations review findingsOperations review findings

Centralized in terms of organizationCentralized in terms of organization Retains objectivity when your customer isn’t your bossRetains objectivity when your customer isn’t your boss

Decentralized in terms of locationDecentralized in terms of location Maximizes communicationsMaximizes communications Maximizes customer interactionMaximizes customer interaction

Not Not everyevery position should be centralized position should be centralized Strategy & vision needs ‘big picture’ viewStrategy & vision needs ‘big picture’ view TrainingTraining Budgetary controlBudgetary control

Share & Partner!Share & Partner! No more Central IT – Campus ITNo more Central IT – Campus IT

Best Practice environments

Operations review findingsOperations review findings

Need better documentation Need better documentation Stop reinventing the wheel – look at other educational Stop reinventing the wheel – look at other educational

institutions’ websites for inspirationinstitutions’ websites for inspiration StanfordStanford

http://http://windows.stanford.edu/index.shtmlwindows.stanford.edu/index.shtml YaleYale

http://wss.yale.edu/win2k/http://wss.yale.edu/win2k/ University of Colorado-BoulderUniversity of Colorado-Boulder

http://www.colorado.edu/its/windows2000/http://www.colorado.edu/its/windows2000/ Massachusetts Institute of TechnologyMassachusetts Institute of Technology

http://http://web.mit.edu/pismereweb.mit.edu/pismere//

System Management Tools AssessmentSystem Management Tools Assessment

Most groups are manually monitoring their systemsMost groups are manually monitoring their systems Consolidation would allow centralized monitoring, giving better Consolidation would allow centralized monitoring, giving better

uptime and SLAsuptime and SLAs

Software Distribution and Patch Management

Service Monitoring

Most groups are managing their own software management & patch Most groups are managing their own software management & patch management systems management systems

Consolidation would allow centralized patch managementConsolidation would allow centralized patch management

Options going forwardOptions going forward

Cease Consolidation Plans

ProsPros ConsCons

Path of least resistancePath of least resistance Duplicate ServicesDuplicate Services

Each group maintains controlEach group maintains control Duplicate EffortDuplicate Effort

Disjointed services for the campusDisjointed services for the campus

Options going forwardOptions going forward

Consolidate using existing AD.UWM.EDU

ProsPros ConsCons

Path of least resistancePath of least resistance Political effort involvedPolitical effort involved

Maintains existing SLAsMaintains existing SLAs A lot of rework to make it palatable to campusA lot of rework to make it palatable to campus

All benefits of consolidationAll benefits of consolidation

Options going forwardOptions going forward

Consolidate using new AD implementation

ProsPros ConsCons

Designed from ground up for campusDesigned from ground up for campus Technical effort involvedTechnical effort involved

All benefits of consolidationAll benefits of consolidation A lot of rework of existing directoriesA lot of rework of existing directories

Becomes technical architects of common Active Directory Becomes technical architects of common Active Directory implementationimplementation

Upon completion of common AD, morphs into the Change Control Upon completion of common AD, morphs into the Change Control Board (CCB)Board (CCB) This can help make central IT authority more palatableThis can help make central IT authority more palatable Architectural changes must be brought before CCB prior to Architectural changes must be brought before CCB prior to

implementationimplementation Central IT authority responsible for day-to-day operationsCentral IT authority responsible for day-to-day operations

All core services teams (File, E-Mail, etc.) work together on All core services teams (File, E-Mail, etc.) work together on cross-over issuescross-over issues

Options going forwardOptions going forwardAD Core Services Team

Options going forwardOptions going forward

Strategy & Vision Group formed Creates business requirements for common ADCreates business requirements for common AD Provides campus leadership for ALL ITProvides campus leadership for ALL IT Made up of non-technical leadersMade up of non-technical leaders

Leave technical product decisions to core services teamsLeave technical product decisions to core services teams

Risk AnalysisRisk Analysis

Risk Result

AD.UWM.EDU fails from lack of use by wider community While some groups will migrate to AD.UWM.EDU anyway, larger and more complex groups will maintain their own structures – ultimately dooming the centralized offering

Opportunity cost of what can’t be offered Certain enterprise applications and offerings are only economically viable if a certain scale can be achieved. What’s the cost of continuing to offer “just authentication services” via Active Directory?

Inconsistent SLAs offered by the individual school IT groups

Too much “it’s the other’s guy’s problem” attitude on campus. Little to no realization that it is one campus where one mismanaged group can impact the entire campus

Inconsistent patching offered by the individual school IT groups

Security risk if not all campus machines are consistently patched and maintained

Lack of training in products It is only a matter of time before an administrator makes a mistake due to a lack of training. These mistakes can be managed when an environment is small, but once the entire University is onboard, it can spiral out of control

Next StepsNext Steps Open discussion:Open discussion:

Consolidation opportunities?Consolidation opportunities? Potential architectures?Potential architectures? Technologies can be utilized?Technologies can be utilized?

Next StepsNext Steps Recommendations:Recommendations:

““Loose Confederation” ADLoose Confederation” AD Easiest to achieve with new AD, but existing can Easiest to achieve with new AD, but existing can

be savedbe saved Campus needs to partner with each otherCampus needs to partner with each other Campus IT – not Central ITCampus IT – not Central IT Training across the boardTraining across the board

Logical DesignLogical Design An example of a “loose confederation” Active DirectoryAn example of a “loose confederation” Active Directory

root.uwm.edu

School A

Department 1

Department 2

School B

schoolC.root.uwm.edu

Department A

Department B

schoolD.uwm.edu

Department A

Group 1

Group 2

Department B

© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.This This presentationpresentation is for informational purposes only. MICROSOFT is for informational purposes only. MICROSOFT

MAKES NO WARRANTIES, EXPRESS MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.OR IMPLIED, IN THIS SUMMARY.

Q&AQ&A

ThanksThanks