Secure management of Secure management of InfrastructureInfrastructure

IT Complexity And CostIT Complexity And Cost

Enterprise IT ChallengesEnterprise IT Challenges

GrowthGrowth

Customer Customer serviceservice

Regulatory Regulatory compliancecompliance

Mobility Mobility

Varying skill Varying skill setssets

PC maintenancePC maintenance

Server Server consolidationconsolidation

Legacy platformsLegacy platforms

Identity Identity managementmanagement

Software updatesSoftware updates

Malicious Malicious attacks, viruses, attacks, viruses, spam, etc.spam, etc.

Evolving threatsEvolving threats

Patch Patch management, management, VPN, etc.VPN, etc.

Secure access Secure access (employees, (employees, partners and partners and customers)customers)

Solving The Challenge:Solving The Challenge:Infrastructure OptimizationInfrastructure Optimization

How Do You Get There?How Do You Get There?Infrastructure Optimization ModelInfrastructure Optimization Model

Cost Center Cost Center

Uncoordinated, Uncoordinated, manualmanual

infrastructure infrastructure

More Efficient More Efficient Cost CenterCost Center

Managed IT Managed IT Infrastructure Infrastructure

with limitedwith limited automationautomation

Managed and Managed and consolidated ITconsolidated IT InfrastructureInfrastructurewith maximum with maximum

automationautomation

Fully automated Fully automated management, management,

dynamic resource dynamic resource Usage , business Usage , business

linked SLA’slinked SLA’s

Business Business EnablerEnabler

Strategic Strategic AssetAsset

* Based on the Gartner IT Maturity Model* Based on the Gartner IT Maturity Model

Full LifecycleLifecycle

Improved system compliance with business and IT

policies

Lower Cost, Higher Productivity

Reduced time and effort required to troubleshoot and

maintain code

Increased responsiveness to changing business

demands

Knowledge Across The Lifecycle

Knowledge Across The LifecycleWhat is the Destination? Dynamic Systems Initiative

Dynamic SystemsDynamic Systems will result in reduced costs, improved reliability, and will result in reduced costs, improved reliability, and increased responsiveness across the entire IT life cycleincreased responsiveness across the entire IT life cycle

Microsoft’s Dynamic Systems Microsoft’s Dynamic Systems InitiativeInitiativeCore Technical PrinciplesCore Technical PrinciplesSW platforms and tools SW platforms and tools

that enable…that enable…Knowledge of an IT System: Knowledge of an IT System:

Designer’s intentDesigner’s intent

Operational Operational environmentenvironment

Governing IT Governing IT policiespolicies

Associated end Associated end user experienceuser experience

To be captured in…To be captured in…Software ModelsSoftware Models

MOM Management PacksMOM Management Packs

System Definition ModelSystem Definition Model

That can be created, That can be created, Modified and operated Modified and operated on…on…

Across the IT lifecycleAcross the IT lifecycle

Develop, Operate, Analyze/ActDevelop, Operate, Analyze/Act

Enhancing ProcessesEnhancing ProcessesMicrosoft Operations Framework (MOF) and Microsoft Operations Framework (MOF) and ITILITIL

Microsoft through MOF Microsoft through MOF defined many ITIL principlesdefined many ITIL principles

MOF applies ITIL MOF applies ITIL to Microsoft to Microsoft productsproducts

MOF and ITIL provide MOF and ITIL provide common IT Service common IT Service Management taxonomyManagement taxonomy

MOF makes Microsoft MOF makes Microsoft ITIL-CompliantITIL-Compliant

MOF is a foundation to MOF is a foundation to comply with SarbOx, HIPPA, comply with SarbOx, HIPPA, ISO, and other best practice ISO, and other best practice compliancecompliance

MOF makes ITIL MOF makes ITIL actionable on the actionable on the Microsoft PlatformMicrosoft Platform

ITILITIL®®

Managing Heterogeneity

Business and Support SystemsEnterprise Management Systems

BusinessUsers

HeterogeneousOps

MC

F

Dir

ect

Reporting Manager

Windows-centricoperators

SQ

LO

LA

Pnon-Windows systemsWindows-based systems

PartnerExtension

PartnerExtension

Infrastructure Infrastructure OptimizationOptimization

IT staff taxed by operational challenges

Users come up with their own IT solutions

IT Staff trained in best practices such as MOF, ITIL, etc.

Users expect basic services from IT

IT Staff manages an efficient, controlled environment

Users have tools they need, high availability, & access to information

IT is a strategic asset

Users look to IT as a valued partner to enable new business initiatives

IT processes undefined

High complexity due to localized processes, & minimal central control

Central Admin & config of security

Standard desktop images defined, not adopted company-wide

SLA’s are linked to business objectives

Clearly defined and enforced images, security, best practices (MOF, ITIL)

Self assessing & continuous improvement

Information easily & securely accessed from anywhere on Internet

Patch status of desktops is unknown

No unified directory for access management

Multiple directories for authentication

Limited automated s/w distribution

Automate identity and access management

Automated system management

Self provisioning and quarantine capable systems ensure compliance & high availability

Technology View of ModelTechnology View of Model

Technology View of ModelTechnology View of ModelOne ExampleOne Example

LimitedLimitedInfrastructureInfrastructureLack of Lack of standardized standardized security security measuresmeasuresAd hock Ad hock management management of system of system configurationconfigurationLimited to no Limited to no monitoring of monitoring of infrastructureinfrastructure

Defense-in-Defense-in-depth security depth security measures measures widely deployedwidely deployedAnti-malware Anti-malware protection (i.e. protection (i.e. spyware, bots, spyware, bots, rootkits, etc.)rootkits, etc.)Firewall enabled Firewall enabled on desktops, on desktops, laptops & laptops & serversserversSecure wireless Secure wireless networkingnetworkingService level Service level monitoring monitoring on desktops on desktops IPSec used to IPSec used to isolate critical isolate critical systemssystems

Automated Automated patch patch management management (WU, Update (WU, Update Services, SMS)Services, SMS)Edge firewall Edge firewall with lock-down with lock-down configurationconfigurationStandardized Standardized antivirus antivirus solutionsolutionFirewall enabled Firewall enabled on laptopson laptopsNew systems New systems limited to those limited to those supported by ITsupported by ITDefined set of Defined set of standard basic standard basic imagesimages

Security Security updates for updates for both clients & both clients & serversserversApplication Application compatibility compatibility testingtestingClient & server Client & server firewall firewall mitigationsmitigationsApplication and Application and image image deploymentdeploymentServer Server operationsoperationsReference Reference image systemimage systemSecurity event Security event correlationcorrelation

Automated, Automated, central central management of:management of:

Technology View of ModelTechnology View of ModelOne ExampleOne Example

LimitedLimitedInfrastructureInfrastructureLack of standardized Lack of standardized security measuressecurity measuresAd hock Ad hock management of management of system configurationsystem configurationLimited to no Limited to no monitoring of monitoring of infrastructureinfrastructure

Zero touch Zero touch deploymentdeploymentDefense-in-depth Defense-in-depth security measures security measures widely deployedwidely deployedAnti-malware Anti-malware protection (i.e. protection (i.e. spyware, bots, spyware, bots, rootkits, etc.)rootkits, etc.)Firewall enabled on Firewall enabled on desktops, laptops & desktops, laptops & serversserversSecure wireless Secure wireless networkingnetworkingService level Service level monitoring monitoring on desktops on desktops IPSec used to isolate IPSec used to isolate critical systemscritical systemsSecurity updates for Security updates for both clients & serversboth clients & servers

Light touch or Zero Light touch or Zero touch deployment.touch deployment.Application and image Application and image deploymentdeploymentAutomated patch Automated patch management (WU, management (WU, Update Services, SMS)Update Services, SMS)Secure and optimized Secure and optimized messaging messaging infrastructureinfrastructureEdge firewall with Edge firewall with lock-down lock-down configurationconfigurationStandardized Standardized antivirus solutionantivirus solutionFirewall enabled on Firewall enabled on laptopslaptopsNew systems limited New systems limited to those supported by to those supported by ITITDefined set of Defined set of standard basic imagesstandard basic imagesApplication Application compatibility testingcompatibility testing

Client & server firewall Client & server firewall mitigationsmitigationsServer operationsServer operationsReference Reference image systemimage systemSecurity event Security event correlationcorrelation

Automated, central Automated, central management of:management of:

Standardized Standardized Desktop images, Desktop images, not more than 2 not more than 2 versions of versions of Windows or Office. Windows or Office. Version of the OS Version of the OS or Office is N or N-1or Office is N or N-1

Multitude of Multitude of Desktop images, Desktop images, more than 2 more than 2 versions of versions of Windows or Office Windows or Office and/or older than N and/or older than N minus-2minus-2

Standardized Standardized modern Desktop modern Desktop images. Version of images. Version of Windows or Office Windows or Office is N or N-1is N or N-1

Standardized Standardized modern Desktop modern Desktop images. Version of images. Version of the Windows or the Windows or Office is N. Office is N. Desktop is key Desktop is key portal for business portal for business integration.integration.

Technology View of ModelTechnology View of ModelOne ExampleOne Example

No server-No server-based based identity or identity or access access management management Users Users operate in operate in admin modeadmin modeLimited or Limited or inconsistent inconsistent use of use of passwords at passwords at the desktopthe desktopMinimal Minimal enterprise enterprise access access standardsstandards

Active Active Directory for Directory for AuthenticatioAuthentication and n and Authorization Authorization Users have Users have access to access to admin modeadmin modeSecurity Security templates templates applied to applied to standard standard images images Desktops not Desktops not controlled by controlled by group policygroup policy

Active Active Directory Directory group policy group policy and Security and Security templates templates used to used to manage manage desktops for desktops for security security and settingsand settingsDesktops are Desktops are tightly tightly managedmanaged

Centrally Centrally manage manage users users provisioning provisioning across across heterogeneheterogeneous systemsous systems

Technology View of ModelTechnology View of ModelOne ExampleOne Example

Local user data Local user data stored stored randomly and randomly and not backed up not backed up to networkto networkAny backup Any backup happens locally happens locally No user state No user state migration migration available for available for deployment deployment Untested Untested recoveryrecoveryEach server Each server backed up to backed up to tapetape

Standards for Standards for local storage in local storage in “My Docs” but “My Docs” but not redirected not redirected or backed upor backed upAny backup Any backup happens at happens at workgroup workgroup level level Backup/restore Backup/restore on critical on critical serversserversSome Some automation of automation of user state user state migration migration available for available for deploymentdeploymentTested Tested recovery for recovery for Mission criticalMission critical

Users store data Users store data to “My Docs” to “My Docs” and synched to and synched to serverserverBackup Backup managed at managed at company levelcompany levelBackup/restore Backup/restore of all servers of all servers with SLAswith SLAsUser state is User state is preserved and preserved and restored for restored for deploymentdeploymentTested recovery Tested recovery Mission critical Mission critical & application & application datadataLAN based back-LAN based back-upsups

Self managed Self managed backup and backup and restore on all restore on all servers and servers and desktop data desktop data with SLAswith SLAsSAN based SAN based back-ups with back-ups with snapshotssnapshotsD2D technologyD2D technology

Technology View of ModelTechnology View of ModelOne ExampleOne Example

Running N-1 or Running N-1 or N-2 versions of N-2 versions of ExchangeExchange

Secure web Secure web mail with mail with integrated junk integrated junk mail filter, mail filter, S/MIME support S/MIME support and HTML and HTML content blocker content blocker Use an Use an application-application-layer firewall to layer firewall to pre-pre-authenticate authenticate web mail users web mail users before they before they reach the reach the mailbox servermailbox server

Unified Unified directory directory infrastructure infrastructure for access and for access and messagingmessagingBlock SPAM at Block SPAM at gateway and gateway and mailbox storemailbox storeServer anti-Server anti-virus that uses virus that uses multiple multiple scanning scanning enginesenginesRobust health Robust health monitoring and monitoring and more proactive more proactive resolution of resolution of issues issues

Security of Security of mobile mobile devices devices including including remote remote reset and reset and remote remote wipewipeDetect Detect potential potential service service outages and outages and receive receive alerts in alerts in advanceadvance

Where our customers are Where our customers are todaytoday

Cost Center Cost Center

Uncoordinated, Uncoordinated, manualmanual

infrastructure infrastructure

More efficient More efficient Cost CenterCost Center

Managed IT Managed IT Infrastructure Infrastructure

with limitedwith limited automationautomation

Managed and Managed and consolidated ITconsolidated IT InfrastructureInfrastructurewith maximum with maximum

automationautomation

Fully automated Fully automated management, management,

dynamic resource dynamic resource Usage , business Usage , business

linked SLA’slinked SLA’s

Business Business EnablerEnabler

Strategic Strategic AssetAsset

64%64%

31%31%

3%3% 2%2%

Infrastructure Optimization Model in Infrastructure Optimization Model in Action Action Sample Customer AssessmentSample Customer Assessment

Desktop InfrastructureDesktop Infrastructure

Server InfrastructureServer Infrastructure

Change ManagementChange Management

Operations ManagementOperations Management

Asset AdministrationAsset Administration

Customer ServiceCustomer Service

Technology Planning & Technology Planning & Process ManagementProcess Management

Overall RatingOverall Rating

Solutions for the JourneySolutions for the JourneySample Microsoft solutions Sample Microsoft solutions

Business Desktop Business Desktop Deployment Solution Deployment Solution

Accelerator V 2.5Accelerator V 2.5

Microsoft Infrastructure Microsoft Infrastructure deployment and migration Solution deployment and migration Solution

AcceleratorsAcceleratorsMicrosoft & partners infrastructure Microsoft & partners infrastructure

optimization servicesoptimization services

Application Compatibility and Application Compatibility and Active Directory Migration ToolkitsActive Directory Migration Toolkits

Microsoft Operations Framework service Microsoft Operations Framework service delivery solutionsdelivery solutions

2003 2008+1997 2000 2006

Infrastructure Costs

Complexity

1994ClientServer

N - Tier DynamicSystems

IT Complexity & CostIT Complexity & Cost

Support

ManagementCosts

$$

DSI – reducing TCO by building in experience

Desktop Cost Savings-The Most Desktop Cost Savings-The Most Obvious BenefitObvious BenefitHardware / SoftwareHardware / Software

Total Direct CostsTotal Direct Costs

End User ProductivityEnd User Productivity & Downtime & Downtime (Indirect Cost)(Indirect Cost)

Total TCOTotal TCO

AdministrationAdministration

OperationsOperations

$1,246$1,246

$261$261

$424$424

$1,931$1,931

$1,217$1,217

$3,148$3,148

$1,354$1,354

$774$774

$428$428

$2,556$2,556

$2,952$2,952

$5,50$5,5088

$1,333$1,333

$542$542

$426$426

$2,301$2,301

$2,265$2,265

$4,566$4,566

30%

52%

17%

31%

10%

16%

Deployment costs have Deployment costs have Declined…Declined…

Relative cost reductions shown reflect actual costs per seat, as reported by various Microsoft deployment partners. Relative cost reductions shown reflect actual costs per seat, as reported by various Microsoft deployment partners. Individual Individual customer experiences may vary depending on level of automation and testing.customer experiences may vary depending on level of automation and testing.

Costs Costs experiencedexperienced in in prior upgrade of prior upgrade of Microsoft OfficeMicrosoft Office

Previous UpgradePrevious Upgrade

Costs for current Costs for current upgrade upgrade anticipatedanticipated to to

be the samebe the same

SignificanSignificanttdrop in drop in actual actual costscosts

Office 2003Office 2003

28

Cost

s p

er

Desk

top

Cost

s p

er

Desk

top

ActualActual current cost current cost of of automatedautomated

upgradeupgrade

Actual current Actual current cost of cost of manualmanual upgradeupgrade

manualmanual upgradupgrad

ee

© 2005 Microsoft Corporation. All rights reserved.© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.