Core IO Assessment Tool

Published: December 8, 2011

Model v2.32, Report v 2.22

Penspen

Core Infrastructure OptimizationAssessment Report

Core Infrastructure Optimization Assessment Report

Disclaimer

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, the information presented herein should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

© 2010 Microsoft Corporation and Alinean, Inc. All rights reserved.

The names of companies and products mentioned herein may be the trademarks of their respective owners.

© 2010 Microsoft Corporation and Alinean, Inc. All rights reserved. Page 2


IntroductionWe frequently look to investments in technology to help us differentiate our businesses. In many cases, technology is a strong imperative for improved business performance in the modern enterprise. However, technology alone does not hold the key to business success. IT systems will not offer creative insight into new product development, will not seize opportunities for process improvement, and will not develop strong relationships with business partners. Technology plays an important role as an enabler to support every enterprise's most valuable asset—its people.

Companies today are realizing that there has never been a greater need for IT to become and be seen as a true corporate asset that delivers ongoing business value. This changing agenda is evident in results of the “Top 10 Business and Technology Priorities in 2010” survey publish by Gartner EXP in January, 2010 (http://www.gartner.com/it/page.jsp?id=1283413). Mark McDonald, Group Vice President and head of research for Gartner EXP, explains that “2009 was the most challenging year for CIOs in the corporate and public sectors as they faced multiple budget cuts, delayed spending and increased demand for services with reduced resources. This is set to change in 2010, as the economy transitions from recession to recovery and enterprises transition their strategies from cost-cutting efficiency to value-creating productivity.”

The economic recovery and transitions that are taking place give the enterprise and IT the opportunity to reposition themselves and exploit the tough corrective actions taken during the recession. CIOs see 2010 as an opportunity to accelerate IT’s repositioning from a support function to strategic contributor focused on innovation and competitive advantage. They have aspired to this shift for years, but economic, strategic and technological changes have only recently made it feasible.


As CIOs advance their enterprise and IT capabilities and achieve a sustained improvement in their IT infrastructure, they must take a long-term, strategic view of optimization and link these capability and optimization improvements to their business needs and strategy. The goal of Infrastructure Optimization is to help companies realize the full value of their IT infrastructure to drive better business results.

Infrastructure Optimization— centered on using an organization's IT assets to support and advance the business—helps companies measure their level of Infrastructure. Microsoft has developed the Core Infrastructure Optimization model and the Business Productivity Infrastructure Optimization model

http://www.gartner.com/it/page.jsp?id=1283413


to help organizations obtain a visual and actionable progression through each of the four optimization levels—aiding them in developing a project roadmap to advance within these levels.

Each of the models illustrate the strategic value and business benefits of moving from a "basic" stage of Optimization, where the IT infrastructure is generally considered a "cost center," toward a more "dynamic" infrastructure, where the business value of the IT infrastructure is clearly understood and is viewed as a business growth enabler and strategic business asset. Using these models, organizations can gauge the current Optimization level of their infrastructure and platform, establish a technology vision for the future, and build a clear project roadmap to achieving that vision.

Why a Core Infrastructure Optimization Model?While most executives realize that technology is crucial to the operation and success of their businesses, many will admit that the state of their IT systems is less than optimal. For example: software versions and security updates might be inconsistent across workstations, network issues could impact employee productivity, and IT staff might be diverted from strategic projects in order to manually install needed updates and create workarounds for unexpected problems. Analysts say more than 70 percent of a typical IT budget is spent on infrastructure. This includes servers, operating systems, networking, and storage systems. In addition, refreshing and managing desktop and mobile devices adds additional cost.

Scenario: Inefficient IT Environments To help companies progress from costly and inefficient infrastructures to more agile IT environments, Microsoft



offers prescriptive guidance with its Core Infrastructure Optimization (IO) model. The Core IO model details steps companies can take to assess where they are today and to plan for and create an IT environment that is cost-effective, efficient, well managed, and secure. As a company's Core IO level advances, IT is no longer seen as a "cost center" but is considered a strategic corporate asset that delivers ongoing business value.

Challenges for Enterprises: Large companies need to manage a level of complexity that can span thousands of desktops and devices all over the world. They may have several IT departments in different locations using various platforms, applications, and hardware. Data volumes can be huge. Growth and rapid development in new technologies may have resulted in data center desktop infrastructures that are overly complex, inflexible, and difficult to manage with built-in costs that are not only high, but somewhat fixed regardless of changing business requirements. Security needs are also more complicated in large companies due to the sheer number of computers, devices, employees, partners, and customers IT departments must address.

Customers and partners need easy online interaction, and everyone needs to be able to communicate—regardless of their location. The Core IO model addresses the complex and ever changing IT environment of enterprises and provides a project roadmap for how to optimize their infrastructure.

Challenges for Midsize Businesses: Midsize businesses need to have an infrastructure that provides the level of service people expect when doing business today, including: quick access to electronic resources, the ability to communicate and collaborate online, and up-to-date business tools that increase productivity. However, midsize businesses may not have the luxury of a large IT department. One or two people may be responsible for all IT strategy and management. Additionally, funds for IT development may be tight.

Because of these limited resources, it is crucial for midsize businesses to simplify their IT systems and to use technology that automates processes, improves security, and minimizes technology issues that prevent workers from doing their jobs. The Core IO model provides a project roadmap for midsize businesses to optimize their infrastructure at a level that is appropriate without unnecessary complications.

Solution: Automated, Dynamic, and Strategic IT Whether in an enterprise or a midsize business, a well-managed and secure IT infrastructure can be a catalyst for company growth. A more Optimized infrastructure enables IT professionals to spend less time on mundane, day-to-day tasks and to focus more resources on strategic technology solutions that help achieve business goals. An optimized IT infrastructure is one that is automated, dynamic, and a strategic asset. It will make a company more secure, reduce costs, and increase productivity.

Improving Security. Many businesses have a variety of security related products in place to help protect their computers from spam, viruses, and hackers. Managing multiple applications, tracking updates, and helping to ensure that third party updates are compatible with existing software are key tasks for today's IT departments.

An integrated security solution helps to protect the core infrastructure, the network, and the applications that run within the network. Additionally, when security patches and updates can be distributed from a central location and easily managed, IT managers can know that computers are running the latest updates. An integrated solution means that security fixes are part of everyday infrastructure management, versus a handwritten reminder on the day's to-do list.

Reducing Costs. Every extra task IT professionals perform costs money. Every failed attempt to access the business tools and information employees need costs money. Every minute a network is down due to a technology failure or a security breach costs money. Simplicity is the key to reducing such costs.

Simplifying IT management helps IT administrators to manage desktops and servers from a central location— saving time and money that used to be spent traveling to remote offices to carry out needed tasks. Additionally, when IT professionals update workstations and servers from a single location, they can be sure all systems are quickly brought up to date, thereby reducing vulnerabilities in the business.

With an integrated solution that improves server system performance and uptime, employees become more



productive because they can access their resources (files, data, and applications) more quickly and without interruption. Additionally, it is not uncommon for employees to damage their workstations by installing incompatible software that causes their computers to stop running. User support is simplified and decreased with a centralized solution that better controls the changes that users can make on their computers.

Enhancing Productivity. Productivity gains are realized throughout the company when a well-managed and more secure infrastructure is in place. Whether it is the ability for workers to more securely access their e-mail, files, or applications from any location, or an IT professional who can now manage the infrastructure proactively from one location, or an executive who is editing a strategic proposal and needs to recover a lost file—productivity gains are made and employee satisfaction is improved.

Fit the Infrastructure to the BusinessThe Core IO model offers a starting place for enterprises and midsize organizations to evaluate the current state of their IT infrastructures and learn how to achieve the level of Optimization appropriate for their businesses.

Microsoft and partners can provide the technologies, processes, and procedures to help customers move through the Infrastructure Optimization journey. Processes move from fragmented or nonexistent to optimized and repeatable. The ability to use technology to improve business agility and deliver business value increases as a company moves to a more Optimized state—empowering information workers and managers and supporting new business opportunities.



Core Infrastructure Optimization Model Assessment for Penspen

Based on the assessment tool completed online by Penspen's team, we analyzed your current core infrastructure to determine how to better optimize it for efficiency and cost savings. The results will help you understand where your organization stands today and can help you plan for an IT environment that will deliver best in class management, security, and efficiency.

Organized by the Core IO technology capability areas, the results show that Penspen's infrastructure has been assessed as follows:

Core Infrastructure Optimization Basic Standardized Rationalized Dynamic

Datacenter Services √

Client Services √

Identity and Security Services √

IT Process and Compliance √

Your IT infrastructure can be a powerful tool to enable your business, but it may not be optimized toward that goal. Microsoft's Core IO model helps you manage your IT infrastructure, realize dramatic cost savings from your investments, and align your IT infrastructure with the needs of your business. The model has been developed using industry best practices and Microsoft's own experiences with its enterprise customers. The first step is to evaluate the current Optimization level of your infrastructure based on the following continuum:

• Basic: "We Fight Fires"IT professionals who manage a Basic infrastructure find their environments extremely hard to control. They have very high desktop and server management costs, are generally very reactive to security threats, and have very little positive impact on the ability of the business to benefit from IT.

• Standardized: "We're Gaining Control"IT professionals who manage infrastructures in a Standardized state have realized the value of having basic standards and policies, but often find themselves reacting to issues. By advancing toward a Rationalized state, IT professionals can gain control over their infrastructure, develop proactive policies and processes, and feel more prepared for what may come.

• Rationalized: "We Enable Business"IT professionals who manage a Rationalized infrastructure know how to keep desktop and server management costs low. Mature policies and procedures help them support the business. However, by moving the IT infrastructure toward a Dynamic state, additional benefit can be achieved:

o Implementing new or alternative technologies becomes a business advantageo Taking on a new business challenge or opportunity provides advantages that far outweigh the

incremental IT costo Business integration becomes easier, faster, and at lower costs.

• Dynamic: "We're a Strategic Asset"Your IT infrastructure has become a strategic asset to your organization. Congratulations! Your next step is to capture and use your IT systems’ knowledge to design more manageable systems and automate ongoing operations. We call this process a self-managing Dynamic system, the ideal infrastructure state that reduces costs and gives you more time to focus on business growth and what is most important to your organization.



The results show that Penspen's Core Infrastructure has been categorized at a basic level. This is determined by the least optimized level within the four technology capability areas of the Core IO model.

Comparing Penspen to PeersComparing Penspen to similar organizations within the Professional Services industry, located in Latin America, and 20-39 PCs in size, Penspen:

Core Infrastructure Optimization - Comparison

Datacenter ServicesPenspen was compared in Datacenter Services against 102 respondents in the Professional Services industry, 105 respondents located in Latin America, and 100 respondents with 20-39 PCs. For your Datacenter Services, Penspen scored a Basic level of optimization, while other peer survey respondents scored as follows:



Datacenter Services - Comparison Datacenter Services Assessment of Peer Group

% of respondents

Total respondents = 411 in the Professional Services industry, 420 located in Latin America, and 400 with 20-39 PCs (all prior respondents to this assessment).

What the Datacenter Services Results Mean to PenspenDatacenter Management and Virtualization: No server image management or capacity plan is in place. Patch deployment is manual and monitoring of critical servers is limited. Virtualization technologies may be use in test environment.Server Security: There is no security or security is basic, with unmanaged protection for servers, applications, and the network; remote access is limited or non-existent.Networking: There is a single Domain Name System with manual zones and records. Dynamic Host Configuration Protocol supports IPv4 and is not network-aware. There is no caching or wide area network monitoring. Storage: Storage is managed locally on physical disks; data loss is a risk. Data backup, restoration, and archiving are manual. Users can access shared data, and sensitive data is protected by passwords.

Penspen's Responses for Datacenter Services

Datacenter Management and Virtualization

1) What best describes your server image maintenance strategy?

•There is no defined set of core standard images

2) What best describes your application and server workload deployment strategy?

•Scripted process are used to deploy applications consistently

3) What best describes your patch and update process strategy for data center services?

•Patch deployment is manual for the majority of servers that run Windows Server

4) What best describes your asset management strategy for servers?

•Hardware and software inventory tracking for servers is manual; no policies, procedures, resources, or tools are in place

5) What best describes your server capacity management and consolidation strategy?

•There is no capacity planning process for servers

6) What best describes your server virtualization strategy?

•No server virtualization or server virtualization used only in test environments

7) What best describes your server monitoring strategy in data centers?



•IT system (hardware, hypervisor, OS, and application)-aware monitoring exists for critical servers

8) What best describes your server compliance policy?

•A documented policy is in place for configuration and compliance of servers and IT systems

9) What best describes your high-availability strategy?

•There is no high-availability strategy

Server Security

10) What best describes your server operating system protection strategy?

•Malware protection is centrally managed across server operating systems, including the host firewall

11) What best describes your application protection strategy for servers?

•Applications are not protected, or protection is unmanaged

12) What best describes your network protection strategy?

•Multiple vendor products are used for firewall, IPS, Web security, gateway anti-virus, and URL filtering

13) What best describes your secure remote access strategy?

•Remote access is secure, standardized, and available to end users across the organization

Networking

14) What best describes your Domain Name System management strategy?

•Zones and records are created manually

15) What best describes your Domain Name System resilience strategy?

•The Domain Name System server is a single server

16) What best describes your Dynamic Host Configuration Protocol management strategy?

•A Dynamic Host Configuration Protocol server dynamically registers the client host name IP address; the Domain Name System presents a unified view to the namespace

17) What best describes your Dynamic Host Configuration Protocol infrastructure strategy?

•Dynamic Host Configuration Protocol servers are aware of sub-networks

18) What best describes your network quality of service strategy?

•There is simple monitoring of network device outages

19) What best describes your network branch optimization strategy?

•There is no caching technology

20) What best describes your wide area network monitoring strategy?

•Wide area network health and performance are not monitored or reported

Storage

21) What best describes your storage management strategy?

•Storage is managed on individual servers or disk arrays

22) What best describes your storage availability strategy?

•Users are notified about data integrity errors, but data loss is possible if a disk or system component fails

23) What best describes your storage access strategy?

•Users access files and frequently used information from caches on local disks or servers in local offices, even if primary servers are remote; users can access personal files stored on a server from other PCs

24) What best describes your storage discovery strategy?

•A defined e-discovery policy and manual processes exist for identifying and retrieving electronically stored information

25) What best describes your sensitive information storage strategy?

•Sensitive information is stored in disconnected systems or is manually placed in password-protected locations to prevent unauthorized access

26) What best describes your data classification strategy?

•Data is classified manually or based on location in a folder hierarchy



27) What best describes your storage allocation strategy?

•Storage is allocated in file shares or logically on shared, fixed-size disk volumes

28) What best describes your backup and recovery strategy for servers?

•Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite

29) What best describes your data archiving strategy?

•Data is archived automatically based on storage quotas and date of last modification or access

30) What best describes your data de-duplication strategy?

•Multiple copies of duplicate files are stored separately

Client ServicesPenspen was compared in Client Services against 103 respondents in the Professional Services industry, 107 respondents located in Latin America, and 100 respondents with 20-39 PCs. For your Client Services, Penspen scored a Basic level of optimization, while other peer survey respondents scored as follows:

Client Services - Comparison Client Services Assessment of Peer Group

% of respondents

Total respondents = 206 in the Professional Services industry, 214 located in Latin America, and 200 with 20-39 PCs (all prior respondents to this assessment).

What the Client Services Results Mean to PenspenClient Management and Virtualization: Desktop images and applications are deployed manually with no consistent OS strategy. Desktop systems and assets are managed manually. There is no application or desktop virtualization. Configuration of mobile and non-PC devices is manual.Client Security: Protection against malware is unmanaged or non-existent. No encryption mechanism exists for client devices. End users have administrative privileges.

Penspen's Responses for Client Services

Client Management and Virtualization

1) What best describes your client image management and deployment strategy?

•Standard images may be present for desktop deployment; deployment is manual

2) What best describes your operating system policy strategy for clients?

•There is no consistent operating system deployment strategy



3) What best describes your roaming user profiles strategy across the organization?

•A centralized store of user profiles enables profiles to roam with users

4) What best describes your client backup and recovery strategy?

•Users back up critical data locally according to corporate policy and by using the tool provided; when it is necessary, user state can be abstracted from the operating system image (such as for a session, virtual desktop infrastructure, or roaming profile)

5) What best describes your application deployment and control strategy for clients?

•The majority of applications is deployed manually with limited policies

6) What best describes your application virtualization strategy?

•There is no use of application virtualization

7) What best describes your application compatibility strategy?

•There is no application compatibility testing solution

8) What best describes your patch management strategy for desktop systems?

•There is no centralized patch management for desktop systems

9) What best describes your desktop monitoring strategy?

•Desktop systems and system events are not centrally monitored

10) What best describes your configuration compliance strategy for clients?

•Configurations are standardized; systems are assessed for compliance, and some settings are enforced through group policies

11) What best describes your asset management strategy for clients?

•Hardware and software inventory is automated and reporting is centralized; information may not be complete or accurate, and typically is not used for decision-making; inventory is reconciled annually

12) What best describes your mobile device provisioning strategy?

•Mobile devices are configured and synchronized with desktop systems manually

13) What best describes your non-PC device provisioning strategy?

•Non-PC devices are configured manually

14) What best describes your mobile usage strategy for line-of-business applications?

•Mobile phones are used for over-the-air synchronization with e-mail, calendar, and contacts

15) What best describes your security policy strategy for mobile devices?

•Mobile devices are managed by security policy provisioning (such as personal identification numbers) and remote deletion

16) What best describes your mobile software management strategy?

•There is no software distribution for mobile devices

Client Security

17) What best describes your mobile remote access strategy?

•All mobile access to internal systems is proxied through the messaging system

18) What best describes your strategy for protecting clients against malware?

•Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process

19) What best describes your client lockdown strategy?

•All users are deployed as standard users by default, and administrative access is given as needed

20) What best describes your client encryption strategy?

•Disk-level encryption is in place for select laptops and devices that have a high business impact

Identity and Security ServicesPenspen was compared in Identity and Security Services against 102 respondents in the Professional Services industry, 106 respondents located in Latin America, and 100 respondents with 20-39 PCs. For



your Identity and Security Services, Penspen scored a Basic level of optimization, while other peer survey respondents scored as follows:

Identity and Security Services - Comparison Identity and Security Services Assessment of Peer Group

% of respondents

Total respondents = 204 in the Professional Services industry, 212 located in Latin America, and 200 with 20-39 PCs (all prior respondents to this assessment). What the Identity and Security Services Results Mean to PenspenIdentity and Access: There are no standard policies to control identity and access. Multiple user profiles exist and user accounts are provisioned and deprovisioned manually. There is no federation or password policy for authentication and authorization. Directory services are isolated due to lack of integration and lack of application deployment methods.Information Protection and Control: Protection against malware is unmanaged or non-existent. No encryption mechanism exists for client devices. End users have administrative privileges.

Penspen's Responses for Identity and Security Services

Identity and Access

1) What best describes your identity provisioning and access management strategy?

•User account provisioning and de-provisioning are manual and access is controlled per instance

2) What best describes your password and group management strategy?

•There is no end-user self-service for password resets and group management

3) What best describes your identity federation strategy?

•There is no federation of identity

4) What best describes your authentication strategy?

•Password policies are set within the directory service to enable life-cycle management

5) What best describes your authorization strategy?

•There is a centralized access policy for business resources, with some standardization in the policy

6) What best describes your application directory service strategy?

•Multiple application directory services exist to support multiple standards

7) What best describes your directory services strategy?

•Most applications and services share a common directory for authentication; some point-to-point



synchronization exists across different directories, applications, and repositories

Information Protection and Control

8) What best describes your strategy for protecting data at rest?

•Discovery, classification, and protection of data stored on servers or in the back office is non-existent

9) What best describes your strategy for protecting data in motion?

•There are technologies and processes for discovery, user-driven classification, and protection of data at select points and for select protocols in the network (for example, at gateways or in e-mail)

10) What best describes your strategy for protecting data in use?

•There are technologies and processes for discovery and protection of data that is created and used at select endpoints; individual users drive data classification

11) What best describes your information protection policy?

•Basic information protection is in place with simple policies to restrict use (such as drive and folder encryption)

12) What best describes your strategy for information protection reporting?

•Auditing and reporting are manual processes

IT Process and CompliancePenspen was compared in IT Process and Compliance against 102 respondents in the Professional Services industry, 106 respondents located in Latin America, and 100 respondents with 20-39 PCs. For your IT Process and Compliance, Penspen scored a level of optimization, while other peer survey respondents scored as follows:

IT Process and Compliance - Comparison IT Process and Compliance Assessment of Peer Group

% of respondentsTotal respondents = 102 in the Professional Services industry, 106 located in Latin America, and 100 with 20-39 PCs (all prior respondents to this assessment).

What the IT Process and Compliance Results Mean to PenspenIT Process and Compliance: There are no standard policies to control identity and access. Multiple user profiles exist and user accounts are provisioned and deprovisioned manually. There is no federation or password policy for authentication and authorization. Directory services are isolated due to lack of integration and lack of application deployment methods.

Penspen's Responses for IT Process and Compliance



IT Process and Compliance

1) What best describes your strategy to plan for alignment of IT services?

•Business strategy and IT strategy occasionally are aligned; measurement of IT service capacity, availability, continuity, and data integrity is unmanaged; IT service costs and returns are sometimes recognized

2) What best describes your strategy to plan for IT service policies?

•IT policies are developed and stored occasionally

3) What best describes your strategy to plan for IT service reliability?

•IT service reliability is defined occasionally

4) What best describes your project planning strategy for IT services?

•IT service project plans and functional specifications are developed occasionally

5) What best describes your strategy for building and stabilizing the delivery of IT services and testing procedures?

•Bug handling, design changes, and testing are not formally managed for IT services

6) What best describes your strategy for IT services deployment?

•IT service release and deployment processes are not formally managed

7) What best describes your strategy for IT service operations and service-level agreements?

•Service-level or operational-level agreements are not formally managed

8) What best describes your strategy for IT service incident management?

•IT service incidents are not formally managed

9) What best describes your service monitoring strategy for IT services?

•Monitoring, reporting, and auditing tools are not formally managed for IT services

10) What best describes your strategy for monitoring security and reporting on IT services?

•Monitoring and reporting are centralized for protection against malware, protection of information, and identity and access technologies

11) What best describes your problem management strategy for IT services?

•IT service problems are not formally managed

12) What best describes your change and configuration management strategy for IT services?

•The IT service change and configuration process is not formally managed

13) What best describes your IT services team accountability and management strategy?

•IT service owners and accountability are not formally assigned

14) What best describes your IT compliance strategy for IT services?

•Risk and vulnerability analysis of IT service confidentiality, integrity, and availability is not formally managed; IT compliance objectives and activities are not defined

Benefits of Advancing a Level within the Core IO ModelAdvancing to the next Optimization level within one of the Core IO capability areas can help your organization reduce IT costs, improve service levels, and increase business agility.

Data Center Services CapabilityEstablish a comprehensive, integrated, and simplified approach to data protection and recovery. With this Microsoft solution, your organization can:

Data Center Management and Virtualization• Reduced maintenance efforts, better standards, and increased performance efficiency• Time and cost savings due to enhanced decision-making capabilities and faster problem resolution• Higher return on investment by using virtualization because of lower up-front costs and reduced

operational expenses• Lower costs and time savings due to automation



• Better management of and control over resources, supported by enhanced decision-making capabilities

• Faster decision-making due to enhanced reporting• High availability of services with minimal downtime and higher return on investment• Adherence with security and compliance standards and policies• Enablement of data governance policies and processes• Reduced total cost of ownership and improved manageability due to consolidation of branches• Improved organizational control and scalability, time savings, and reduced effort due to faster and

more efficient processes• Continually available services in a fully protected and compliant infrastructure• Uninterrupted business and high return on investment due to continually available services• Optimal return on investment due to optimal resource utilization• Faster provision of compatible configurations• Faster and more efficient deployment of systems• Efficient management of server resources• High availability of services and lower risk of service outages• Faster identification and resolution of issues, including clear documentation• Simplified planning process for IT infrastructure across multiple scenarios through network-wide

automated discovery and assessments• Increased system security, including timely application of security updates• Improved manageability and consistency, and decrease in redundant system updates• Faster workflow processes with fewer chances for error in problem resolution• Improved control of resources due to better management, security, and compliance control• Faster and more effective management that includes change management and prediction

capabilities• Near-immediate resolution of problems due to real-time policy enforcement, supported by

standardized documentation• Increased organizational scalability due to centralized control and faster deployment of systems• Optimal resource utilization with minimal efforts and delay• Faster resolution of server problems due to automation• Continually available services due to servers that are highly optimized and load balanced• Cost-effective and easy monitoring and management of physical and virtual environments by

applying cross-platform management capabilities

Server Security• Increased employee performance and efficiency due to secure remote access• Improved business continuity due to standardized security, protection, and better management tools• Improved system security with low risk of vulnerability due to integrated protection against threats

and malware• Cost and time savings due to unified protection across various services• Business connectivity nearly anytime and anywhere, due to secure remote access• High business continuity due to more complete protection against threats and automatic resolution

of problems• Faster business connectivity nearly anytime and anywhere, due to highly secure and fast remote

access and compliance policy enforcement• Improved protection against threats due to centralized management• Improved network security that includes protection against malicious activities• Improved capability to identify and resolve problems due to enhanced security• Improved protection against threats due to unified management of security applications• Faster connectivity due to secure remote access integrated with compliance measures• More complete protection of systems and servers due to automated security tools for better

management• More complete protection against security threats due to a unified security system that provides

multiple layers of security• More effective management due to automated security processes that include compliance



measures and interaction with other tools• Proactive IT services and fewer problems to resolve due to secure access that includes remediation

for non-compliance

Networking• Improved business continuity due to better interaction with other services across all sub-networks• Better return on investment due to efficient use of resources• Improved employee productivity due to faster access to files• Faster identification and resolution of problems, which frees IT resources and improves end-user

productivity• Improved control over technology and a business-enabling range of services due to integrated

reporting tools• Higher availability and reliability of services and of applications that use services• Easier accommodation of increasing business needs and expansion requirements because the

business can gain leverage from seamless interaction with virtual networks• Improved employee productivity because of the ability to access systems from almost anywhere

and at any time, due to secure and fast interaction with the client system• High-quality services and optimal use of resources due to allocation without delay or errors• Faster services, optimal use of resources, and higher return on investment due to a fully unified

system with proper tools and reporting structure• Improved management, with standards and consistency in processes, due to centralized and

integrated auditing and reporting of branches• Fewer errors and improved use of time due to automatic zone creation and record updates• Less chance of error due to high availability of Domain Name System information• Efficient means of integration and management of Dynamic Host Configuration Protocol services• Reduced time, effort, and risk of errors due to automatic data cleanup • Efficient means of integration and management of Dynamic Host Configuration Protocol services• Reduced effort, fewer errors, and improved quality of service due to intelligent allocation of

bandwidth• Faster auditing and problem resolution due to centralized monitoring and management tools• Easy classification, monitoring, and reporting for different zones• Faster and more efficient resolution of issues regarding Domain Name System service• Efficient means of integration and management of Dynamic Host Configuration Protocol services• On-demand, high-quality services provided across the organization• Highly optimized and controlled environment for delivering high-quality services due to a

centralized, fully integrated system

Storage• Enhanced protection for crucial business information• Enhanced business continuity due to mobile access and increased availability• Organized information due to a well-structured format for data classification• Improved productivity due to better performance of backup services that help stabilize the

environment• Increased business continuity, lower downtime, and higher availability of reliable information

sources• Enhanced safety of sensitive information due to faster and better security measures• Minimal business impact provided by efficient backup windows• Savings of time, resources, and efforts, and reduced chance of errors due to automated processes• Enhanced decision-making capabilities, due to faster and more reliable process• Improved business continuity due to required information being available nearly any time• A safer and more productive environment, due to highly secure and reliable connectivity from

remote locations• Higher business continuity due to standards and policies that help to ensure higher quality and

optimization of processes• Higher return on investment and reliability due to optimized resource utilization and consistent data



across the organization• Improved consistency, uniformity, and better decision-making capabilities due to a unified structure

across the organization• More efficient storage processes and management capabilities within the IT department• Ability to recover crucial data even after a system failure due to improved protection• Fewer problems transferring data due to availability of data from nearly any location• Improved management capabilities due to standard and consistent processes to identify data• Elimination of the manual process to define data to archive due to a new data archiving process

based on rules• Higher availability of information due to reduced chances of a complete service outage• Improved standards, consistency, and control over processes due to automatic archival based on

policy• Time savings, reduced chance of errors, and fewer delays when conducting security checks due to

an automated identification process• Mission-critical application data is stored on safer, more reliable alternatives• Reduced chance of errors and enhanced analysis and planning capabilities due to highly efficient

storage systems• Higher availability of data and fewer threats of unauthorized or unsafe access to sensitive

information• More complete protection for sensitive information due to automated encryption that provides an

extra layer of protection• Higher quality of information and higher availability due to complete management of the data life

cycle• More consistent storage methods and adherence to compliance standards due to policy

enforcement

Client Services CapabilitySimplify desktop, device, and server management. With this Microsoft solution, your organization can:

Client Management and Virtualization• Use less effort to maintain systems, improved standards, and increased performance efficiency• Save time and money due to enhanced decision-making capabilities and faster problem resolution• Reduce the total cost of ownership and have a more effective management because of a

consolidated branch infrastructure• Improve scalability and presence of on-demand services• Reduce cost and time required to provide help desk support• Increase decision-making capabilities due to enhanced reporting• Save in time and cost to manage systems due to faster and more efficient means of managing

information• Increase control across the organization due to faster and more efficient methods and savings of

time and effort• Save cost and time because of automated deployment processes• Increase consistency and improved compliance across the organization• Increase management efficiency, consistency, and compatibility across independent systems• Save time and effort due to faster and more efficient deployment on systems• Improve visibility into issues, faster problem identification, and presence of services to solve IT

problems• Save time and effort and reduced chance of errors due to faster workflow processes• Save time and money due to faster problem remediation and resolution• Improve control over resources due to better management and compliance control• Increase scalability due to centralized control and faster means to deploy systems• Decrease human effort due to easier, faster, and cheaper deployment of computers• Improve the resolution of issues due to increased empowerment of IT to be proactive

Client Security



• Improve security because of standardized protection and better management tools• Improve organizational standards because of a consistent, well-defined process to provision users• Decrease risk of security breaches and sensitive information leaks• Increase security and reduced risk and vulnerability because of more effective protection against

threats• Increase productivity and time savings because of a simplified process to provide user access for a

variety of client devices• Provide more consistent security and stability of desktop and mobile environments, inside and

outside the corporate firewall• Improve business continuity and more complete protection against threats because of automatic

problem resolution• Simplify user access and facilitated tracking of access permissions because of application-based

processes• Enable faster and better protection of all user data because of automated encryption capabilities• Save effort and time to protect against threats because of centralized management• Maintain better control over desktop systems • Simplify management of a test environment to maximize use of test hardware, improve life cycle

management, and increase test coverage• Enhance security protection that includes better capabilities to identify and resolve problems• Increase consistency and improved management of user access permissions and related issues• Save of time and effort to provide end-to-end security protection because of automated tools that

enable better management• Improve control over the client environment across the organization because problems are resolved

proactively• Provide more complete protection of sensitive information, which can be controlled and managed

more easily within a centralized control system

Identity and Security Services CapabilityIdentity and access management solutions can improve operational efficiencies and security, help with compliance mandates (internal and external), and, most importantly, enable new business initiatives such as cross company collaboration. With this Microsoft solution, your organization can:

Identity and Access• Increased productivity due to faster provisioning resolution of other access related issues• Reduced need for support to resolve password problems because users have fewer passwords to

remember• Increased consistency and security across the organization because of a unified identity

management system• Reduced cost to manage user accounts• Higher organizational security standards because password management is a well-defined process• Increased productivity and reduced time and effort because of single authentication to access

multiple applications• Increased productivity and time savings because new employees can be rapidly provisioned• Increased employee efficiency because of a consistent user experience across computers that is

based on business roles• Mitigation of risk and business application security breaches in accordance with security policies• Increased security and reliability in connectivity with customers• Automated provisioning and removal of digital identity for accounts; managed identity life cycles• Minimal administrative overhead in managing identity and access• Simplified user access and facilitated regulatory compliance (easier to deploy and use)• Faster service delivery because of simplified processes• Increased security and accountability because of strong password enforcement• Reduced support time and effort because of fewer help desk calls to change or reset passwords• Consistency and better management of digital identities through centralized management• Reduced number of password-related help desk calls, and automation of access to workflows



• Increased consistency and security, and better management of user identity related issues• Reduced effort to manage directory services because of a unified directory• Faster service delivery and problem resolution because IT is empowered to be proactive• Better service management and more efficient service delivery because of unified federation for

employees, customers, and other users• A higher level of security against intrusion across the organization• Minimized risk of operational disruptions because of better management and control of IT

infrastructure

Information Protection and Control• Improved security due to standardized protection processes and technologies• Saves efforts and brings better standards and performance efficiency • Increased productivity because of a consistent reporting structure• Increased productivity with well-organized data and enhanced protection for the desktops• Saves money and time by providing better and faster services for classification of data• Increased security and reliability in data classification and protection mechanism• Enhanced decision making capabilities and faster problem resolution saves time and money• Secure and productive environment, due to highly secure and reliable data protection mechanism• Reduced maintenance cost with better protection across the organization• Saves cost and time in policy enforcement, with lesser scope for errors in deployment• Better adherence to compliance standards and regulations because of better and faster auditing

processes with automated reporting• Efficient data protection supported by automated discovery and protection mechanism• Improved efficiency and protection with defined process and technologies for data discovery and

classification• Enhanced security enabling a complete protection for critical information, provides an extra layer of

security• Faster and effective auditing process enabling proactive solutions to problems• Reduced time and efforts due to automated protection for data and its classification across

organization• Improved and efficient management using automated classification of data• Standard and consistent process applied for data identification, providing better management

capabilities• Policy enforcement ensures a consistent protection, with implementation of high standards and

access controls mechanisms• Better management and compliance control enables better control over the resources• More consistent protection methods and adherence to classification methods due to policy

enforcement• Enhanced control with a well-defined mechanism for data discovery and protection across the

network• Saves time and efforts with real-time policy enforcement across client systems outside the

organization• Proactive IT with efficient identification and problem resolution mechanisms

IT Process and Compliance CapabilityIT and security process solutions can help your organization define and manage IT services so that it can unlock the value of this important business asset. With this Microsoft solution, your organization can:

• Increased return on investment with efficient use of IT services and resources• Improved employee productivity with faster availability of crucial IT services• Increased speed of access to information and functionality to drive management with efficient

problem identification and actions to quickly resolve issues• Improved process to increase business needs and expansion requirements because of an integrated

platform for all IT services• High availability of services with minimal downtime and higher return on investment



• Faster processes, lower costs, and decreased time due to automated IT services• Improved control over technology and business-enabling range of services with integrated reporting

tools• Improved organizational control and scalability, time savings, and reduced effort due to faster and

more efficient IT processes• High-quality services and optimal use of resources due to faster and efficient allocation • Uninterrupted business continuity and high return on investment due to highly reliable IT services • Optimized budget and effective alignment of investments with the business strategy• Faster resolution of IT service management problems• Improved management and control over IT services with detailed analysis and measurement of all IT

services across the organization• Improved consistency and reliability of IT services complying with corporate IT policies• Reduced effort, fewer errors, and improved quality of service due to intelligent allocation of IT

resources• Faster problem resolution due to centralized monitoring and management tools• Improved quality of services and comprehensive auditing with well-defined accountability and

ownership of services and corresponding issues• Improved control of resources due to better management, security, and compliance controls• Improved compliance and consistency of results through automated best practices• Faster service delivery across physical and virtual environments• Faster process of testing and deploying IT services across the organization• Faster resolution of IT services-related problems due to automation

How Penspen can Optimize their Core InfrastructureIn order to advance Penspen's Core Infrastructure to the next level, the following projects should be considered:

Data Center Services (advance from basic to standardized)To advance from your current basic level to a standardized level of Optimization, we recommend the following projects:• Deploy an image maintenance solution to maintain a set of individual images that is independent of hardware but can support many different hardware configurations.• Deploy a solution to centrally manage compatibility evaluations and configuration settings for applications.• Implement a central solution to deploy patches and updates to critical servers.• Deploy a centralized data repository for all server hardware and software assets.• Deploy a solution to consolidate infrastructure, application, and branch office server workloads.• Deploy a solution to centrally monitor service-level agreements for servers to help ensure that appropriate agreements are in place.• Create policies to enforce configuration baselines at regular intervals and use them to protect the infrastructure.• Deploy a solution to reduce downtime and balance application loads.• Deploy a security solution to protect operating systems against spyware, malware, and other threats.• Deploy a solution to protect messaging applications from viruses, worms, spam, and other inappropriate content.• Enable filtering of URLs for data sources to improve blocking of malicious Web sites and to deliver a mechanism that helps prevent intrusion and exploitation of vulnerabilities.• Deploy a solution to implement secure and standardized remote access for all users in the organization by implementing a VPN solution allowing employees to connect from various remote locations.• Enable distributed administration of the Domain Name System namespace by automating zone creation and record update processes for DNS servers.• Deploy secondary Domain Name System servers to provide fault tolerance and replicate data from primary to secondary DNS servers.



• Enable Dynamic Host Configuration Protocol servers to centrally manage IP addresses and other related configuration parameters.• Enable Dynamic Host Configuration Protocol client computers to request and accept TCP/IP configuration information from DHCP servers to automate the process of configuring TCP/IP on DHCP clients.• Enable Dynamic Host Configuration Protocol servers to provide Internet Protocol addresses to clients that span multiple sub-networks.• Allow administrators to prioritize and manage the sending rate for outgoing network traffic to help ensure that resources are used efficiently and to provide the required level of service.• Increase the responsiveness of applications used on the network by caching a copy of data accessed from an intranet Web site or a file server locally within the branch office.• Deploy tools that enable administrators to capture network traffic and to view and analyze network usage.• Manage dedicated servers for data storage to ensure that data is quickly recoverable.• Enable frequent backup and restoration to prevent data loss in case of disk or system failure.• Enable administrators to centrally manage file shares, set permissions, and manage open files and users who are connected to file shares.• Ensure that the backup volumes and archives are well managed, indexed, and searchable.• Develop and implement usage policies and access rights for all sensitive information.• Formulate processes for data classification to organize information across the organization.• Maintain and allocate dedicated servers for data storage.• Enable administrators to create backups and recover the operating system, applications, and data to avoid downtime that is due to damaged or lost data, hardware failures, and disasters.• Enable administrators to establish file management tasks to archive sets of files automatically on a schedule.• Deploy tools with built-in storage filters that can actively compare and eliminate identical files on file sharing volumes.• Deploy a solution to deliver updates to specific server targets reliably.• Deploy a solution that includes server-event monitoring to provide the root causes of application and server failures.• Enable users to work with network files even when they are not connected to the corporate network.

Client Services (advance from basic to standardized)To advance from your current basic level to a standardized level of Optimization, we recommend the following projects:• Provide unified virus and spyware protection for business desktop systems and laptops by using a single console to centralized management and control.• Implement an identity management solution that allows administrators to provision client access and modify access permissions.• Implement a solution to encrypt drives and check integrity of early boot components for laptops and other devices, to protect sensitive data if a device is lost, stolen, or inappropriately decommissioned.• Roll out standard processes and tool sets to manage operating system images and deployments on client systems.• Deploy operating systems that have at least one year of support from the date of installation on client machines.• Maintain a central database of user profiles and allow users to access their profiles from virtually any workstation.• Enable users to back up personal data on a regular schedule or according to organizational policies.• Implement a solution to centrally manage software application distribution and configuration settings for local and remote users.• Provide a virtualization platform to accelerate and extend desktop and application deployments from the



centralized server to any device.• Implement a solution to centrally manage configuration settings for all applications and roll out testing processes to evaluate application compatibility.• Implement a centralized solution to deploy patches and updates to all desktop systems automatically.• Implement a solution to capture all application and operating system failures in a central location to enable IT teams to track and monitor desktop problems.• Create policies to enforce configuration baselines at regular intervals.• Implement a centralized repository to automatically audit and track all hardware and software assets.• Implement a solution to enable administrators to assess, deploy, and update mobile device software and applications over the Internet.• Enable automatic assessment and configuration of all non-PC devices such as handheld scanners, card readers, and dumb terminals.• Deploy a solution that uses the Internet to synchronize e-mail, contacts, and calendar with mobile devices.• Provide a solution to remove sensitive data remotely from lost, stolen, or compromised devices.• Maintain an inventory of installed applications and configuration for mobile devices.• Use the corporate messaging system to enable mobile device access to internal systems, and to synchronize mobile devices with business-critical information.• Deploy a firewall to protect desktop systems and laptops from hackers and malicious software.• Deploy and manage application images to resolve application compatibility issues.• Monitor systems for compliance and enforce policies on users or user groups.• Enable administrators to use group policies to approve or block mobile applications.

Identity and Security Services (advance from basic to standardized)To advance from your current basic level to a standardized level of Optimization, we recommend the following projects:• Deploy a server-based directory infrastructure to manage users, computers, groups, printers, applications, and other resources in the directory.• Provide management console that supports password reset and the ability to set up groups in the domain.• Set up trust relationships to project a user's digital identity and access rights to trusted partners.• Enable authentication at logon and mechanisms that control access to directory resources.• Provide a central location for configuration information, authentication requests, and information about all of the objects that are stored on servers.• Provide directory services for directory-enabled applications to simplify the application installation process.• Create a uniform authentication system for different applications that has the ability to synchronize accounts, resources, and credentials among directories.• Implement rights management solution to enable users to publish and consume rights-protected content.• Allow content owners to configure rights management to enable users to open, modify, print, forward, or take other actions on rights-managed information.• Implement an application to encrypt and decrypt content, retrieve templates and revocation lists, acquire licenses and certificates from a server, and perform many other related tasks based on user rights and permission.• Integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.• Enable IT to design and generate reports for specific needs and to view logs historically or in real time, including active sessions.• Create user accounts in the cloud that federate an existing identity management system, other directory systems, or any standards-based infrastructure.• Formulate data classification processes to organize information across the organization.





What's Next?

As you move beyond these industry averages and high level metrics to explore your particular and unique TCO, service levels, and business opportunities for improvement, we invite you to take advantage of the following next steps:

1. Review Optimization white papers and customer case studies to learn more about the benefits and value of IO.http://www.microsoft.com/optimization/default.mspx

2. Request that a Partner or Microsoft representative contact you regarding your Core IO Assessment and next steps.https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=e040f48d-4111-42ca-ad5c-97033d637df1&lcid=1033

3. Take the BPIO Optimization Assessment.https://roianalyst.alinean.com/msft/AutoLogin.do?d=205061108838259481


https://roianalyst.alinean.com/msft/AutoLogin.do?d=205061108838259481

https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=e040f48d-4111-42ca-ad5c-97033d637df1&lcid=1033

https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=e040f48d-4111-42ca-ad5c-97033d637df1&lcid=1033

http://www.microsoft.com/optimization/default.mspx


About the Research This software tool and metrics were developed by Alinean, the leading developer of research, methodologies and software tools to measure and quantify the value and return on investment (ROI) from B2B solutions.Since 1994, the Alinean team has been researching the ROI and Total Cost of Ownership (TCO) of B2B solutions, and building tools to help quantify and improve the value in business investments. Alinean's name comes from the Spanish word for "Alignment," highlighting Alinean's mission to be the leading provider of solutions that help solution providers, consultants and business executives align investments with business strategies and tangible value.

Additional information about Alinean can be found at http://www.alinean.com.


http://www.alinean.com/


APPENDIX A: Business Value of Improved Core IO

Direct IT Value Impacts DescriptionHardware and Software SpendingClient Hardware PurchasesPC PurchasesDesktop purchases (growth, replacements and upgrades)

Spending (capital investments and leases) on desktop PCs for growth, replacements and upgrades.

Laptop purchases ( (growth, replacements and upgrades)

Spending (capital investments and leases) on laptop / notebook / mobile PCs for growth, replacements and upgrades.

Thin Client Purchases (growth, replacements and upgrades)

Spending (capital investments and leases) on thin clients for growth, replacements and upgrades.

Mobile Messaging Device Purchases (growth, replacements and upgrades)

Microsoft Windows Mobile® Messaging DevicesSpending (capital investments and leases) on Windows Mobile messaging devices for new deployments, growth, replacements and upgrades.

Non-Windows Mobile Messaging DevicesSpending (capital investments and leases) on non-Windows Mobile messaging devices e.g. RIM Blackberry, Nokia) for new deployments, growth, replacements and upgrades.

Client Software PurchasesPC Operating System Spending (capital investments) on PC operating systems to support growth and upgrades.

PC Personal Productivity ApplicationsSpending (capital investments) on PC personal productivity application to support growth and upgrades. Includes Office applications.

PC Business ApplicationsSpending (capital investments) on PC business applications (core infrastructure related) to support growth and upgrades.

PC Utilities and Tools Spending (capital investments) on PC utilities and IT support and administration tools.

Other / Client Access Licenses (CALs)Spending (capital investments) on any other PC CAL licenses or user core infrastructure software.

Client Maintenance and Support ContractsClient Computer Hardware Maintenance and Support ContractsDesktop PC contracts Annual maintenance and support contracts for PC operating system software.Laptop PC contracts Annual maintenance and support contracts for laptop PC hardware.Thin client contracts Annual maintenance and support contracts for thin client hardware.

Mobile messaging device contractsAnnual maintenance and support contracts for mobile messaging device hardware and service contracts.

Other contracts Annual maintenance and support contracts for any other core infrastructure hardware.Client Computer Software Maintenance and Support ContractsPC Operating System Contracts Annual maintenance and support contracts for PC operating system software.PC Personal Productivity Applications Contracts Annual maintenance and support contracts for PC personal productivity application software.

PC Business Applications ContractsAnnual maintenance and support contracts for PC core-infrastructure business applications software.

PC Utilities and Tools Contracts Annual maintenance and support contracts for PC utilities and IT tools software.Other / CALs Contracts Annual maintenance and support contracts for any other PC / CAL software.Server Hardware Purchases

File/print serversSpending (capital investments and leases) on file/print servers for growth, replacements and upgrades. File servers are used to store documents in a secure manner. Print servers are used to queue user documents for printers.

Directory/networking servers

Spending (capital investments and leases) on directory and networking servers for growth, replacements, and upgrades. Directory servers include Windows NT® operating system for domains and Active Directory servers , as well as networking servers such as DHCP, DNS, and WINS (excludes networking infrastructure such as routers, hubs and switches).

Direct IT Value Impacts Description

Security serversSpending (capital investments) on server management software to support new capabilities, growth and upgrades. Includes Microsoft Systems Management Server (SMS) and configuration manager solutions.

Messaging and collaboration servers

Spending (capital investments and leases) on messaging and collaboration servers for growth, replacements and upgrades. Includes servers that provide e-mail, calendaring, messaging and contact services for users through Microsoft Exchange or other messaging / collaboration servers.

Other infrastructure serversSpending (capital investments and leases) on any other core infrastructure servers for growth, replacements and upgrades.

Server Software Purchases



Server operating systemSpending (capital investments) on server operating systems to support new capabilities, growth and upgrades.

File / print softwareSpending (capital investments) on file / print management software to support new capabilities, growth and upgrades.

Directory/ networking softwareSpending (capital investments) on directory / network management software to support new capabilities, growth and upgrades.

Security software and toolsSpending (capital investments) on security management software to support new capabilities, growth and upgrades.

Messaging and collaboration softwareSpending (capital investments) on messaging and collaboration software to support new capabilities, growth and upgrades.

Database softwareSpending (capital investments) on database and data warehouse management software to support new capabilities, growth and upgrades.

Server monitoringSpending (capital investments) on server monitoring software to support new capabilities, growth and upgrades. Includes Microsoft Operations Manager.

Server managementSpending (capital investments) on server management software to support new capabilities, growth and upgrades. Includes Microsoft® Systems Management Server (SMS) and Microsoft ®Systems Center Configuration Manager solutions.

Other Any other core infrastructure software spending.Server Maintenance and Support ContractsServer Hardware Maintenance and Support ContractsFile/print servers Annual maintenance and support contracts for file / print server hardware.Directory/networking servers Annual maintenance and support contracts for directory / networking server hardware.Security servers Annual maintenance and support contracts for security server hardware.Messaging and collaboration servers Annual maintenance and support contracts for messaging and collaboration server hardware.Other infrastructure servers Annual maintenance and support contracts for other infrastructure server hardware.Server Software Maintenance and Support ContractsServer operating system Annual maintenance and support contracts for server operating system software.File / print software Annual maintenance and support contracts for file and print management server software.

Directory/ networking softwareAnnual maintenance and support contracts for directory and network management server software.

Security software and tools Annual maintenance and support contracts for security management server software.

Messaging and collaboration softwareAnnual maintenance and support contracts for e-mail, messaging and collaboration server software.

Database software Annual maintenance and support contracts for database management server software.

Server monitoringAnnual maintenance and support contracts for server monitoring software such as MOM / Operations Manager.

Server managementAnnual maintenance and support contracts for server monitoring software such as Includes Microsoft® Systems Management Server (SMS) and Microsoft ®Systems Center Configuration Manager

Other Annual maintenance and support contracts for any other server core infrastructure software.


WAN Network BandwidthAnnual expenses for WAN network bandwidth, particularly expenses for connecting branch / remote office to headquarters - those expenditures which could be reduced with WAN optimization tools and practices.

Dedicated Security HardwareAnnual expenses for dedicated security hardware such as VPN and firewall investments, particularly those at branch and remote offices which could be reduced with integrated security solutions such as Microsoft Internet Security and Acceleration Server (ISA).

IT Operations and Administration LaborPC Operations and AdministrationPC Infrastructure Management (PC Engineering)

Hardware / software evaluation and purchaseInternal or contract (outsourced) resources responsible for PC hardware and software asset analysis and planning for evaluation and purchase / procurement.

PC deployment / replacementInternal or contract (outsourced) resources responsible for PC installs, deployments and replacements.

Threat assessment and security planningInternal or contract (outsourced) resources responsible for assessing PC / client related security threats and performing security planning and risk mitigation activities.

Hardware configuration / reconfigurationInternal or contract (outsourced) resources responsible for PC and client hardware moves, adds and changes.

User administration and provisioning (adds, deletes and changes)

Internal or contract (outsourced) resources responsible for PC user administration including additions, deletions, moves, and changes.

Application managementInternal or contract (outsourced) resources responsible for PC productivity and business applications management including maintenance and settings management.

Software deployment Internal or contract (outsourced) resources responsible for PC software deployments.Hardware maintenance Internal or contract (outsourced) resources responsible for PC break fix management and



maintenance.Data management, storage planning, backup and restore

Reduce the person hours spent creating traditional management reports, including design, incorporating data, data updating, and distribution

Other

PC Security Patch ManagementInternal or contract (outsourced) resources responsible for PC security patch management for operating systems and applications.

Number of patch events per yearAverage person hours per patch event

PC Image ManagementInternal or contract (outsourced) resources responsible for PC image management including planning, configuration management, builds and distribution.

Number of core imagesNumber of image updates / distributions per yearNumber of hours per year testing and certifying images (per image)

PC Security Breach MitigationInternal or contract (outsourced) resources responsible for PC security breach remediation (when risk is realized) including response, repair and post incident forensics.

Incidents per yearAverage person hours to resolve issueServer Operations and AdministrationServer Infrastructure ManagementServer hardware and OS moves, adds and changes (MACs)

Internal or contract (outsourced) resources responsible for server hardware and operating system configurations and reconfigurations (moves, adds and changes).

Availability and performance managementInternal or contract (outsourced) resources responsible for server availability (up-time) and performance monitoring and management.

Application managementInternal or contract (outsourced) resources responsible for server application management including application adds, moves and changes (configuration management).


Server security and identity / access managementInternal or contract (outsourced) resources responsible for server proactive security management and user identity and access management to servers and applications.

Server and network disk, storage and file managementInternal or contract (outsourced) resources responsible for server and network based disk, storage and file management.

Server backup and restore managementInternal or contract (outsourced) resources responsible for server data protection including backup and restore management.

Networking services management Internal or contract (outsourced) resources responsible for server network management.

IT asset, reporting and compliance managementInternal or contract (outsourced) resources responsible for server asset management, reporting, auditing and compliance management.

Other server related IT full time employeesAny other core infrastructure server related internal or contract (external outsourced) resources.

Server Image ManagementInternal or contract (outsourced) resources responsible for server security patch management for operating systems and applications.

Number of core imagesNumber of image updates / distributions per yearNumber of person hours per year testing and certifying images (per image)

Server Security Patch ManagementInternal or contract (outsourced) resources responsible for server image management including planning, configuration management, builds and distribution.

Number of Patch events per yearAverage person hours per patch event

Server Security Breach MitigationInternal or contract (outsourced) resources responsible for server security breach remediation (when risk is realized) including response, repair and post incident forensics.

Incidents per yearAverage Person hours to resolve issue

Tools and Directory ManagementInternal or contract (outsourced) resources responsible for managing IT tools such as operations and configuration management, and Active Directory / directory management.

Managing systems management software such as SMS, Tivoli or ZenworksManaging directories or building policies for directories such as Active Directory or eDirectoryService Desk

IT Service DeskInternal or contract (outsourced) resources responsible for core infrastructure (PC, user and server) service / help desk support including operators, level 1 basic support, level 2 advanced support and level 3 technical or dispatched support services.

Contacts per monthAverage Level 0/1 support minutes per call



Escalation rate to level 2 support (%)Average Level 2 support minutes per callEscalation rate to level 3 / dispatched support (%)Average level 3 / dispatched support minutes per call

Indirect User Value Impacts DescriptionFacilities and OverheadPC Power Annual operating power costs for PC hardware.Server Facilities and OverheadOperating and Cooling Power Annual costs for core infrastructure server operating and cooling power.Data Center Space

Indirect User Value Impacts Description

End User OperationsCost of end users supporting themselves (self-support) and each other (peer support) in lieu of formal support to the organization. Includes formal training and informal learning time.

User installed softwareApplication configuration settingsRecreating dataOS configuration settingsSelf troubleshootingPeer troubleshootingCreating workaroundConfiguring printersConfiguring other hardwareBacking up PC DataUser self patchingOptimizing PCSelf LearningFormal LearningOther

Service Desk Problem Resolution DowntimeProblem resolution downtime lost productivity when waiting for service desk issue resolutions. Includes reduction in average number of incidents, time resolution per incident (mean time to repair) and escalation rate.

Average Problem Resolution Time for Level 0/1 issues (other metrics specified above)Average Problem Resolution Time for Level 2 issuesAverage Problem Resolution Time for Level 3 issues

PC Unplanned DowntimePC unplanned downtime events and resultant lost productivity costs. This cost includes only unplanned downtime not tallied as part of end user operations (peer / self support), security breach impacts, PC data loss / recovery or service desk problem resolution wait time.

Unplanned downtime hours per year

PC Planned DowntimePC planned downtime events for on-going system maintenance, patches, updates and upgrades and the resultant lost productivity costs.

Planned downtime hours per year

Server Unplanned DowntimeUnplanned outages to servers which cause user downtime and resultant loss of productivity. These costs do not include server data protection or security breach related downtime.

Unplanned downtime hours per yearPercentage of users impacted per eventServer Planned Downtime Planned maintenance to servers causing downtime and resultant loss of user productivity.Planned downtime hours per yearPercentage of users impacted per event

Security Breach User ImpactLost user productivity when a security breach occurs (virus, malware) and systems have to be repaired or recovered. Includes security incident productivity impacts for both servers and PCs.

Security incidents per yearDowntime hours per eventPercentage of users impacted per event

Indirect User Value Impacts Description

PC Data Loss / RecoveryLost user productivity when a PC data loss incident occurs and the system needs to be rebuilt and recovered.

Percentage of PCs that are backed up and protected effectively from loss



Percentage of PCs effected by data loss / recovery per yearAverage productivity loss to recover or recreate data (hours/issue)

Server Data ProtectionLost user productivity when an infrastructure server data loss incident occurs and the system needs to be rebuilt and recovered.


Documents

Core IO Assessment Tool