IT Roadmap - New Glarus Elementary School · IT Roadmap Project Deliverable Prepared For New Glarus...

IT Roadmap

Project Deliverable

Prepared For

New Glarus School District

Prepared By

Grant Conroy

Version 1.0

March 9, 2010

Revision History

Date Author Version Description

3/8/2010 Grant Conroy 1.0 Initial document

Contents

Executive Summary .......................................................................................................................................................2

NGS Information ............................................................................................................................................................4

Challenges for NGS .......................................................................................................................................................5

Solution: Automated, Dynamic, and Strategic IT............................................................................................................6

Increase Security ...........................................................................................................................................................6

Reduce Costs ................................................................................................................................................................6

Increase Productivity ......................................................................................................................................................6

Current Organizational Maturity .....................................................................................................................................7

Introduction ....................................................................................................................................................................7

Core IO Assessment Detail ............................................................................................................................................7

Overall Ranking .............................................................................................................................................................7

Identity and Access Management ..................................................................................................................................8

Desktop, Device and Server Management ....................................................................................................................8

Security and Networking ................................................................................................................................................9

Data Protection and Recovery .....................................................................................................................................10

IT and Security Process ...............................................................................................................................................11

Project Roadmap .........................................................................................................................................................13

Introduction ..................................................................................................................................................................13

Novell eDirectory to Microsoft Active Directory Migration ............................................................................................14

Deploy System Center Configuration Manager, Inventory & OSD ...............................................................................15

Group Policy Management ...........................................................................................................................................15

Implement Security Policy and Procedures..................................................................................................................16

Implement Server Consolidation and Virtualization ......................................................................................................18

Business Case .............................................................................................................................................................18

Analysis Overview ........................................................................................................................................................18

Benefits ........................................................................................................................................................................19

Conclusion ...................................................................................................................................................................21

Cloud Migration Projects ..............................................................................................................................................21

Implement an IT Service Delivery Framework .............................................................................................................22

Figure 1 NGS Overall Core IO Maturity Ranking relative to peer organizations ............................................................7

Figure 2 Identity and Access Management - Comparison .............................................................................................8

Figure 3 Identity and Access Management Assessment of Peer Group ........................................................................8

Figure 4 Desktop, Device, and Server Management - Comparison ...............................................................................9

Figure 5 Desktop, Device, and Server Management Assessment of Peer Group .........................................................9

Figure 6 Security and Networking - Comparison ..........................................................................................................10

Figure 7 Security and Networking Assessment of Peer Group ....................................................................................10

Figure 8 Data Protection and Recovery - Comparison .................................................................................................11

Figure 9 Data Protection and Recovery Assessment of Peer Group ...........................................................................11

Figure 10 IT and Security Process - Comparison ........................................................................................................12

Figure 11 IT and Security Process Assessment of Peer Group ...................................................................................12

Figure 12 Project Roadmap Stack Diagram .................................................................................................................14

Figure 13 The Microsoft Operations Framework (MOF) 4.0 Service Lifecycle .............................................................24

Figure 14 – ITIL Service Management Lifecycle ..........................................................................................................25

Table 1 Virtualization ROI Measures ...........................................................................................................................18

Table 2 Production Server Consolidation and Management Benefits ..........................................................................19

IT Roadmap Project Deliverable

www.cdw.com/microsoft 2

Executive Summary

The New Glarus School District (NGS) IT Coordinator is responsible for over 1,100 users across two main

buildings on a single campus in New Glarus, Wisconsin. Like many primary and secondary schools, NGS is

extraordinarily understaffed, provided with little funding relative to the number of users supported, and given

little direction from either the school board or the state government to direct its IT spending.

Information Technology is central to the education of NGS students and must run consistently, reliably and

agilely to enable the teachers, students and support staff to meet their goals. While NGS may not be a

revenue generating organization, it is held to educational standards and must see its students achieve said

standards without compromise. To that end, the time educators are allotted to work with students, i.e. the

school year, must be used in a planned fashion with curriculum matching a carefully planned school calendar.

Should an IT system fail and cause teachers to be unable to complete their lesson plans for a day NGS does

not lengthen the school year by a day. The time in reference is lost along with the teaching potential of that

day.

With a single IT employee and .5 FTE as a shared headcount the focus of this IT roadmap is providing basic

and reliable IT services. The roadmap targets low-hanging-fruit such as projects with little capital investment

and major operational returns. The identification of simple but heavily repeated tasks was of primary import

during the interview process with NGS. The largest recommended project on the roadmap is the

implementation of an automated deployment and management solution for NGS’s Windows clients. This is

in response to the identification of a single 1056 man-hour manual task that the IT Coordinator1 must

execute on an annual basis.

Other significant projects on the roadmap revolve around the outsourcing of major IT services. The School

District is neither equipped nor funded sufficiently to provide these services, reliably, in-house. Today’s

economic climate and new Web 2.0/3.0 technologies are forcing many schools to seek cheap, reliable and

technically forward tools to solve their problems. Input, Inc., a market research firm, estimates that state and

local government spending on outsourced IT cloud services will increase 22% annually in the period from

2009 to 2014. The estimated value of this change reflects an upward spend of $630 million in 2014 vs. $230

million in 2009.

The City of Los Angeles outsourced many of its basic internal IT services to Google Apps in 2009. This is

reflective of thousands of organizations that have made the move to outsourced environments, and New

Glarus may wish to replicate the Los Angeles deal with Google, or with Microsoft, Gaggle or another

outsourcing cloud provider. This approach is not without risk; beyond the obvious and assumed risk of

handing over the District’s data to a third-party, the risk of future regulation looms. The States of Michigan

1 The IT Coordinator with another 2.5 FTEs during the period in question



and Utah are developing their own cloud offerings for compulsory use by child organizations. The federal

government may also define standards or approve specific vendors for the hosting of electronic data. These

concerns should be considered when selecting whether or not to move services into the cloud and during

vendor selections, as well-known vendors are more likely to be responsive to new legislation and ongoing

requirements changes.



NGS Information

The School District of New Glarus, Wisconsin is home to the approximately 1,000 students attending New

Glarus Elementary, Middle and High Schools; the 70+ teachers and 60+ support staff, as well as over 225

annual parent or community volunteers.

More than 75% of NGS’ teachers have, or are in the process of obtaining, graduate degrees, intimating that

they are familiar with Internet tools for research. Over 74% of the students taking the ACT scored between

27-36, and NGS produced two National Merit Scholars in 2007. NGS has initiatives for Excellence in the

following areas:

Academic Excellence

o Mock Trial

o Wireless Internet in every classroom

o Smartboards in every classroom

o Pre-engineering and technical design courses

Excellence in Athletics

o Capitol Conference member

o 14 varsity sport offerings

o A no-cut sports policy

Excellence in Co-Curriculars

o 93% of students in co-curricular activities

o Family, Career & Community Leaders State officers

o Student Senate at the middle/high school

o Award-winning Student Council

o Out-of-state and trips abroad (Band, Spanish, German, and Service Learning)

Excellence in Career & Technical Education

o Career and Technical Education empowers students with the knowledge and skills necessary

for career development and life success in a technological and global society.

o Agri-Business Education

o Business Education

Staff Excellence

o In the past 2 years teachers have had training in: differentiation, curriculum mapping, 6

Traits of Writing, High Performance Writing, Block Scheduling, technology, and student

underachievement.

o Instructional Coaches that are also classroom teachers

o Gifted and Talented coordinator

o Committees: Wellness, Staff Development, School Improvement, Power of Positive Staff

and Students

o Teacher mentoring program for new staff

o Support staff trained in CPR and First Aid; AED-trained staff



Challenges for NGS

School Districts such as NGS need to have an infrastructure that provides the level of service people expect

when performing educational duties today, including: quick access to electronic resources, the ability to

communicate and collaborate online, and up-to-date educational tools that increase productivity. However,

NGS, like most school districts, does not have the luxury of a large IT department. One to two people are

effectively responsible for all IT strategy and management. Additionally, funds for strategic IT development

are tight.

Because of these limited resources it is crucial for NGS to simplify their IT systems and to use technology

that automates processes, improves security, and minimizes technology issues that prevent employees and

volunteers from doing their jobs. The purpose of this document is to provide a project roadmap for NGS to

optimize their infrastructure at a level that is appropriate without unnecessary complications. This roadmap

also provides a business case for consolidation and virtualization of servers, analyzing the potential value,

cost, benefits and estimated return on investment to NGS. The business case was modeled industry standard

data from Alinean, an independent market research vendor.



Solution: Automated, Dynamic, and Strategic IT

A well-managed and secure IT infrastructure can be a catalyst for lowering NGS IT spend on supportive

services. A more optimized infrastructure enables IT professionals to spend less time on mundane, day-to-

day tasks and to focus more resources on strategic technology solutions that help achieve educational goals.

An optimized IT infrastructure is one that is automated, dynamic, and a strategic asset. It will make NGS

more secure, reduce costs, and increase productivity.

Increase Security

An integrated security solution will help NGS protect the core infrastructure, the network, and the

applications and data that run within the network. Additionally, when security patches and updates can be

distributed from a central location and easily managed, the NGS IT Director and school board can know that

computers are running the latest updates, protecting students from the many disreputable aspects of Internet

life. An integrated solution means that security fixes are part of everyday infrastructure management and that

compliance can be measured and reported in near real-time.

Reduce Costs

Simplifying IT management helps NGS IT Coordinator to manage desktops and servers from a single

console— saving time and money that used to be spent traveling between campus buildings to carry out

needed tasks. Additionally, when IT professionals update workstations and servers from a single location,

they can be sure all systems are quickly brought up to date, thereby reducing vulnerabilities in the school

district and total cost of ownership (TCO).

Increase Productivity

Productivity gains may realized throughout NGS when a well-managed and more secure infrastructure is in

place. Whether it is a school principal or executive who is editing a strategic proposal and needs to recover a

lost file, the ability for teachers and students to more securely access their e mail, files, or applications from

any location, or the IT Coordinator who can now manage the infrastructure proactively from one location—

productivity gains are made and employee satisfaction is improved. Many productivity gains will be realized

after NGS has stabilized their existing infrastructure by removing Novell’s eDirectory and implemented

Microsoft Active Directory as the single directory of record. Productivity gains are tied as much to solid

business process as to a particular technology or solution, so the implementation of each new system should

be executed in parallel with training and best practices knowledge transfer to NGS.



Current Organizational Maturity

Introduction

To determine which best practices are suitable as drivers for implementation in NGS’ project roadmap, CDW

utilized the Microsoft Core Infrastructure Optimization model to asses New Glarus School District’s IT

maturity relative to their peers in primary and secondary education. The following section provides detailed

output of the Core Infrastructure Optimization assessment across each of five major workloads:

Identity and Access Management

Desktop, Device and Server Management

Security and Networking

Data Protection and Recovery

IT and Security Process

Core IO Assessment Detail

Overall Ranking

The overall ranking of an organizations IT maturity is based on the lowest score received across and major

workload. New Glarus has mapped to a Basic level of maturity overall. This is good, as it provides many best

practice improvements to choose from for implementation. The greater the number of best practices

implemented the lower the TCO of the IT environment tends to become.

Figure 1 NGS Overall Core IO Maturity Ranking relative to peer organizations



At the Basic level, IT infrastructure is characterized by manual, localized processes and minimal central

control, as well as nonexistent or un-enforced IT policies and standards for security, backup, image

management, deployment, compliance, and other common IT practices.

Identity and Access Management

The Identity and Access Management workload examines how customers should consider managing people

and asset identities, solutions that should be implemented to manage and protect their identity data

(synchronization, password management, and user provisioning, to mention few), and how to manage access

to resources from corporate mobile users, customers and/or partners outside of a firewall.

In the Identity and Access Management workload, NGS measured as a Basic organization. New Glarus was

compared in Identity and Access Management against 375 respondents in the Education (Primary /

Secondary) industry, 983 respondents located in North America, and 1873 respondents with 500-999 PCs.

For your Identity and Access Management, New Glarus scored a basic level of optimization, while other peer

survey respondents scored as follows:

Figure 2 Identity and Access Management - Comparison

Figure 3 Identity and Access Management Assessment of Peer Group

NGS has multiple directory services in place resulting in inefficiencies in user experience and authentication.

This kind of inefficiency can be reduced by deploying tools to unify user and group identities, access

directories, and by giving users visibility across the different directories. New Glarus is currently addressing

this best practice for implementation as part of a project to migrate to Active Directory as the primary

directory for use by the organization.

Desktop, Device and Server Management

The Desktop, Device, and Server Management workload examines how customers should consider managing

desktops, mobile devices, and servers as well as how to deploy patches, operating systems, and applications

across the network. It also includes how customers can leverage virtualization and branch office technologies

to improve their IT infrastructure.



In the Desktop, Device and Server Management workload NGS measured as a Basic organization. New

Glarus was compared in Desktop, Device, and Server Management against 357 respondents in the Education

(Primary / Secondary) industry, 680 respondents located in North America, and 1599 respondents with 500-

999 PCs. For your Desktop, Device, and Server Management, New Glarus scored a basic level of

optimization, while other peer survey respondents scored as follows:

Figure 4 Desktop, Device, and Server Management - Comparison

Figure 5 Desktop, Device, and Server Management Assessment of Peer Group

New Glarus is characterized by a limited infrastructure with few or no IT policies and few desktop standards.

Our recommendation is to deploy tools and procedures to manage desktop configuration and updates,

operating system diversity, and operating system refresh lifecycles. NGS is in a catch-22 situation common to

business and education verticals alike; their users require specific applications for teaching purposes which are

not part of the standard imaging process and are, for the most part, unknown to the IT department. As these

applications do not appear in the IT Service Catalogue and are not able to be accurately inventoried they are

unable to be managed as enterprise resources. The SCCM implementation project found on the project

roadmap will remediate this deficiency by inventorying unknown executable files in the NGS computing

environment.

Security and Networking

The Security and Networking workload examines what customers should consider implementing in their IT

infrastructure to help guarantee that information and communication are protected from unauthorized access

while at the same time provides a mechanism to protect their IT infrastructure from denial attacks and viruses

while preserving access to corporate resources.

In the Security and Networking workload, NGS measured as a Basic organization. New Glarus was compared

in Security and Networking against 370 respondents in the Education (Primary / Secondary) industry, 900

respondents located in North America, and 1831 respondents with 500-999 PCs. For your Security and

Networking, New Glarus scored a basic level of optimization, while other peer survey respondents scored as

follows:



Figure 6 Security and Networking - Comparison

Figure 7 Security and Networking Assessment of Peer Group

Within the New Glarus desktop computing environment there exists:

A limited standard for antivirus software on desktops

A dated PIX firewall, scheduled to be replaced with an updated Cisco ASA unit.

no workstation level firewall infrastructure

limited server monitoring

We recommend integrating tools and procedures to ensure stronger security, network access, and the

performance monitoring of your organization’s IT environment. Many of these critical best practices,

especially those pertaining to firewalls and security on the desktop, will be implemented as part of the Group

Policy project detailed on the project roadmap. Server monitoring, another critical function, will be

accomplished as part of the service-level agreements governing outsourcing of major IT services.

Data Protection and Recovery

The Data Protection and Recovery workload examines structured or disciplined backup, storage, and restore

management. As information and data stores proliferate, organizations are under increasing pressure to

protect that information and provide cost-effective and time-efficient recovery when required.

In the Data Protection and Recovery workload, NGS measured as a Basic organization. New Glarus was

compared in Data Protection and Recovery against 371 respondents in the Education (Primary / Secondary)

industry, 910 respondents located in North America, and 2218 respondents with 500-999 PCs. New Glarus

scored a basic level of optimization, while other peer survey respondents scored as follows:



Figure 8 Data Protection and Recovery - Comparison

Figure 9 Data Protection and Recovery Assessment of Peer Group

Like most basic environments, New Glarus is characterized by a limited or ad hoc structure for data backup

and recovery of information. We recommend deploying tools and procedures to manage backup and recovery

of data. Currently the data backup requirement for New Glarus’ internal systems, including major systems

such as messaging and file storage, exceeds 3TB. The cost to provide a backup service to meet this data

requirement, without considering the cost of application level backup modules, exceeds $80k per internal

NGS research. This line item capital cost may be reduced to zero by outsourcing the major IT services

consuming storage, i.e. messaging, collaboration, and file services. Appropriate mechanisms for disaster

recovery and business continuity are usually included in an outsourced cloud environment, but this should be

validated prior to contractual obligation for each specific IT service outsourced and then again on a recurring

annual basis.

IT and Security Process

The IT and Security Process workload provides proven best practice guidance on how to cost-effectively

design, develop, operate, and support solutions while achieving high reliability, availability, and security. While

rock-solid technology is necessary to meet demands for reliable, available, and highly secure IT services,

technology alone is not sufficient; excellence in process and people (skills, roles, and responsibilities) is also

needed

New Glarus was compared in IT and Security Process against 368 respondents in the Education (Primary /

Secondary) industry, 888 respondents located in North America, and 2191 respondents with 500-999 PCs.

For IT and Security Process, New Glarus scored a basic level of optimization, while other peer survey

respondents scored as follows:



Figure 10 IT and Security Process - Comparison

Figure 11 IT and Security Process Assessment of Peer Group

IT and Security Process at NGS is characterized by the lack of formal, documented procedures, policies, and

standards for service, upgrade and maintenance, change management, problem reporting, and tracking. This

is not unusual in a shop with less than two FTEs. Nonetheless, as contingency planning is a must-do, we

recommend employing IT service and management methodologies such as Microsoft Operations Framework

or IT Infrastructure Library-based methodologies. Often the implementation of a process framework will

discover myriad opportunities to improve both IT labor utilization as well as service levels. Streamlined

processes also improve the satisfaction of IT consumers, increasing the goodwill between IT and the school.



Project Roadmap

Introduction

Customers benefit substantially by moving from a basic level to a standardized level—dramatically reducing

costs through developing standards, policies, and controls with an enforcement strategy, automating many

manual and time consuming tasks, adopting best practices, and aspiring to make IT a strategic asset rather

than a burden. NGS can accomplish many major tasks required to reach the Standardized level of maturity by

executing the projects on this roadmap. The stack diagram depicted on the next page is representative of the

high-level flow of projects. Projects, as depicted, may run parallel and may overlap (not depicted).

The standardized infrastructure introduces controls through the use of standards and policies to manage

desktops, servers, mobile devices, and how machines are introduced to the network, and the use of

Microsoft’s Active Directory service to manage resources, security policies, and access control. Customers in

a standardized state have realized the value of basic standards and some policies yet are still quite reactive.

Generally all patches, software deployments, and desktop services are provided through medium touch with

medium to high cost. However, these customers have a reasonable inventory of hardware and software and

are beginning to manage licenses and application testing is based on a virtualized environment. Security

measures are improved with a locked down perimeter, but internal security may still be a risk. If customer has

remote locations to manage (Branch Offices), they may be consolidating their infrastructure based on

networking solutions.

Customers benefit by moving from this standardized state to a rationalized state with their infrastructure by

gaining substantial control and having proactive policies and processes that prepare them for the spectrum of

circumstances from opportunity to catastrophe. Service management becomes a recognized concept and the

organization is taking steps to implement it.



Figure 12 Project Roadmap Stack Diagram

Novell eDirectory to Microsoft Active Directory Migration

The cornerstone of a standardized environment is the use of Microsoft’s Active Directory as the directory of

authority for the organization. NGS currently has split directories, using both Novell’s eDirectory and

Microsoft’s Active Directory. There is currently a project underway to remove Novell’s eDir and replace it

with Microsoft’s Active Directory.

Active Directory must be in place to support the future projects on this roadmap, specifically System Center

Configuration Manager and Group Policy Management. These three projects will significantly reduce the



number of IT labor hours devoted to supporting the existing systems and create availability within NGS’

resource pool for professional development and more strategic projects, such as the cloud migration projects.

Deploy System Center Configuration Manager, Inventory & OSD

NGS could dramatically decrease the number of man hours and associated IT labor costs dedicated to each

Windows Client (both servers and workstations) by fully implementing, tuning, and operating an enterprise

level systems management tool. The tool must provide for software distribution, asset tracking, Microsoft

license tracking, patch management, software metering, integrated remote control, configuration

management, and fully automated operating system deployment (OSD) for both servers and workstations.

Although Microsoft’s System Center Configuration Manager (SCCM) is the best-of-breed product and the

most advanced in Gartner’s Magic Quadrant other Enterprise Software Deployment suites should also be

considered for implementation in the desktop and server management roles based on cost and simplicity.

NGS can enable cradle-to-grave lifecycle administration of fully managed Windows Clients by implementing

SCCM or a comparable product. If implemented by NGS SCCM will:

Offer highly automated patch

management

Control each machine remotely from a

central location

Have advanced zero-touch application

deployment features

Perform in-place operating system

deployments with zero-touch

Perform side-by-side operating system

deployments with light-touch

Detect and remediate desired

configuration drift

Inventory hardware and software

Meter and report on application usage

Track and Manage NGS’ Microsoft

Licensing entitlements and usage

Prevent degradation of host operating

system from user modifications

SCCM will also enable NS to identify and manage their assets in real-time via Web Reporting. Change and

Configuration Management is also enabled via SCCM and provides a mechanism for policy detection and

enforcement. The automation enhancements and policy enforcement vehicles provided by an SCCM

implementation may provide NGS with a direct savings of over 750 IT labor hours in the year following

operationalization. This is based on the assumption that NGS will use SCCM’s zero touch operating system

deployment features to eliminate the need to touch each desktop for reimaging over the summer. It is

assumed further that 250-400 IT labor hours would be dedicated to the deployment of the SCCM system and

development of the operating system images.

As NGS does not currently patch workstations during the year it is impossible to show a savings related to

reliable patching of the desktop, but best practices ensure that patching will provide a safer and more reliable

desktop environment for use by NGS’ IT consumers.

Group Policy Management

Centralized workstation configuration enforcement is vital to a managed desktop scenario. Group Policy

Objects are a powerful Active Directory-based tool that allows the configuration of both user and computer

environments based on dynamic attributes. By configuring Group Policy Objects, or GPOs, NGS may



provide increased security to each Windows Client while decreasing management costs. The following

recommendations from the Core IO maturity mapping may be achieved by implementing GPOs:

Desktops should be locked down- users should not be allowed to change settings or install software

Implement group policy objects to manage the existing Windows Firewall implementations on the

desktop

A proper Group Policy implementation is central to all of the recommended best practices. The deployment

of Group Policy must occur in a top-down fashion; standards must be set from a central owner and

promulgated out to the enterprise.

The implementation costs for Group Policy Objects are generally low. Configurations must be built based on

applicable security or administrative policy, tested in the lab, and pushed into production. No additional

hardware is required for the use of GPOs, making them a very cost effective tool to leverage for a cohesive

and reliable computing environment.

Following the software inventoried and reported on by SCCM, NGS’ IT Director will be able to leverage

Group Policy to allow specific software to be run and installed, protecting the closed nature of the network

while ensuring that IT consumers can run the applications they require.

Implement Security Policy and Procedures

A security policy defines how an organization intends to protect its physical and intellectual property from

theft, modification and misuse. Defined in a written document and published to the organization, a security

policy also defines what is considered acceptable use of corporate assets. The policy may contain additional

information, such as how the organization intends to educate its IT consumers on the tenets of security in

their day to day operations, what enforcement vehicles exist, what the repercussions are for violating security

policy and how the efficacy of the security policy will be evaluated. Following are high-level topics for

inclusion in an Information Security Policy.

Scope. An information security policy should apply universally to all users without exception and

govern access to all corporate resources and intellectual property including:

○ Buildings

○ Applications

○ Files & Data

○ Networks

○ Other types of Systems

Data Classification. The policy should define the importance of data based on the specific type of

content being evaluated. For instance; Human Resources Confidential as opposed to just

Confidential.

Data Handling. Security requirements from multiple classification categories (i.e. regulatory,

insurance, PCI, contractual, legal) should be combined into generic policy statements such as:

○ Access to data and systems shall be provided with the least privilege required

○ To protect customer privacy no clear text representations of exam related documents may be

accessed by anyone in the company except teachers of that subject and only for the explicit

purposes of responding to student initiated inquiries.



○ Users may only access data that they are intentionally authorized by the company to access

and only if required by their specific job function.

Executive Sponsorship and Consistent Communication. The information security policy must

be sponsored and agreed upon by the highest levels of management (top down sponsorship). All

other corporate documentation must comply with the Information Security Policy and may not be

inconsistent with the policies contained in any way.

Supporting References. The Information Security Policy does not need to have all the granular

detail for execution of the policy. This type of information, for example; charts of roles and

responsibilities, technology standards and security procedures may be documented separately and

referenced from the Policy itself.

Specific instructions on generally accepted mandates, for instance no sharing of user accounts.

Designation of provisioning roles which are pertinent to security. For instance, only the IT

Department may activate switch ports.

Consequences for non-compliance For instance, being reprimanded or terminated from

employment.

The benefits of having a published and effectual security are difficult to quantify into dollars without

undertaking a complete risk analysis; however the cost of defining a security policy is minimal. A security

policy may also define a methodology to be used for security reviews within different educational units

creating an objective approach to security which may be applied consistently throughout NGS’ varied school

units.

To narrow the focus of the security policy to the scope of this optimization review, specific policy statements

should be chosen that will be meaningful and effective within NGS; for example:

Only authorized administrators shall be provided with access to systems capable of making changes

to operating system configuration settings;

Passwords shall be required to be complex in nature, may not be reused within 1 year, and must

include:

○ Capital letters

○ Lower case letters

○ Numbers

○ Symbols

○ Eight characters

Any computer that stores customer identity or purchasing data shall have full drive encryption

Security procedures are the enforcement vehicle for security policy. While complete granular procedures

cannot be defined before the security policy is written, it is still possible to implement targeted improvements

to security procedures that will retain their validity in the future. Following are some specific

recommendations for NGS to implement immediately. These recommendations will also help NGS progress

to the Standardized/Rationalized state:

Perform frequent auditing of in-place identity security.

Document and publish a consistent global Incident Response Plan; this can be used to highlight

budget shortcomings devoted to limited tape backup capacity.



Create a process to recover from network based attacks.

Document and publish a process to keep all network based resources up to current patch levels.

Document and publish a process to manage security requirement tests for all software acquired or

developed.

Document and publish a policy for desktop and server firewall use.

Document and publish a data classification process.

Ensure that classified data is reviewed periodically for value.

Implement and enforce a password complexity policy.

CDW’s Server and Security consultants are able to assist NGS in the development of a security policy. For

additional information on security policy best practices please see the International Standards Organization's,

Security Management series (27001, 27002, 27005, www.iso.org) or the Information Systems Audit and

Control Association's Control Objectives for Information Technology (CoBIT, www.isaca.org).

Implement Server Consolidation and Virtualization

Business Case

Server virtualization has become one of the top consolidation and optimization strategies of CIOs and IT

Directors over the past several years. When used by NGS virtualized server consolidation will significantly

reduce cost and complexity within the ‘data center’ and increase business agility.

NGS should begin their server virtualization project with a proper analysis of their infrastructure. By

leveraging Microsoft System Center Configuration Manager, as well as other freely available virtualization and

consolidation planning tools, NGS’ initial analysis will identify and prioritize servers which are candidates for

virtualization as well as those that are not. For the purposes of this business case, we assumed that New

Glarus would consolidate seven physical servers on to on virtual host computer. Virtualization will also allow

New Glarus to leverage its limited but existing 200GB tape backup unit more efficiently by backing up VM

guests from a single host.

Analysis Overview

This analysis assumes that NGS will leverage Microsoft Windows Server Enterprise edition with integrated

Hyper-V virtualization services as their consolidated virtualization platform. The analysis further assumes that

there are seven dual-core physical servers utilized at ~5%; that the server count will increase by 10% annually;

that 1,100 users are supported by these servers; that 7 applications are supported by these servers; and that

the future physical host systems will be housed in NGS’ ‘data center’. As a result of the consolidation the

following benefits are expected:

Table 1 Virtualization ROI Measures

Three Year Virtualization ROI Measures

Three year net benefits $330,306

Three year investment in Microsoft Virtualization $20,411

Return on Investment (Net Benefits / Total Investment) 1,618%

http://www.iso.org/

http://www.isaca.org/



Three Year Virtualization ROI Measures

NPV Savings (3y) $276,503

Payback Period (in months) 1

Benefits

The following section, TCO Savings for NGS, describes the cumulative summary benefits for Production

Server Consolidation and Green IT benefits. The sections following the TCO Savings for NGS section

describe in detail the assumptions and calculations used to arrive at the benefits presented in the summary

table below.

TCO Savings for NGS

Over the three-year analysis period, comparing business usual costs for the current environment, versus

projected costs with the proposed Microsoft Integrated Virtualization Solution, the following benefits are

expected to be realized:

Benefit Analysis – Three year analysis for NGS

As Is (Current) Costs

Costs With Microsoft Virtualization

Benefits with Microsoft Virtualization

Competitive Savings Percent with Microsoft Virtualization

Production Server Consolidation and Management Benefits

$369,425 $38,222 $331,203 89.7%

Production Server Consolidation Green IT Benefits

$22,727 $3,213 $19,514 85.9%

Three year total benefits $392,152 $41,435 $350,717 89.4%

Production Server Consolidation & Management Benefits

For NGS, virtualization of the Production Servers is expected to yield the benefits described in the table

below.

Table 2 Production Server Consolidation and Management Benefits


As Is Estimated (Current) Costs




Production Server Consolidation and Management Virtualization Benefits

$369,425 $38,222 $331,203 72.80%

Existing Server Cost Avoidance $299,268 $4,458 $294,810 81.00%

New Server Purchase Cost Avoidance

$16,626 $0 $16,626 83.10%

Networking Savings $3,800 $2,280 $1,520 85.00%








Networked Storage Savings $0 $0 $0 85.40%

Provisioning Efficiency Savings $1,390 $0 $1,390 92.20%

Change Management Efficiency Savings

$26,998 $15,249 $11,749 70.70%

Operations and Administration Efficiency Savings

$21,343 $16,235 $5,108 20.30%


For NGS, the Green IT Benefits are expected to yield the following:







$22,727 $3,213 $19,514 85.8%

Power and Cooling Savings $8,385 $2,392 $5,993 78.6%

Data Center Space Savings $14,342 $821 $13,521 89.6%

Carbon Emissions per Year (in metric tons)

18 5 13 84.9%

Number of Equivalent Cars Carbon Emissions (per year)

3 1 2 85.1%

Number of Equivalent Trees to Cover CO2 Emissions (per year)

462 128 334 84.9%

Number of Equivalent Homes Carbon Emissions (per year)

2 1 1 84.5%

Costs

To achieve the benefits described above, NGS’ investment is expected to be as follows:

Microsoft Virtualization Investment (costs) Total Costs Over Three year

Microsoft Integrated Virtualization Licensing Costs $17,199

Production Server Virtualization Licensing Cost $17,199

Microsoft Integrated Virtualization Implementation and Training Costs $3,212

Production Server Virtualization Professional Services Costs $2,500

Production Server Virtualization Implementation Labor Costs $462



Microsoft Virtualization Investment (costs) Total Costs Over Three year

Three year total costs $20,411

Conclusion

A customized plan to consolidate NGS’ Windows Server systems into a virtualized environment will enable

NGS to reduce capital and operation costs while increasing uptime and business agility.

Capital costs are reduced by reducing the ratio of applications to physical servers from 1:1 to an expected 7-

10:1. By reducing the number of physical servers which have directly attached physical disk NGS will also

increase its efficiency in the utilization, purchase and management of storage. Network hardware follows the

same paradigm; fewer physical servers equated to fewer switch ports and thus a more cost effective

networking environment. This is expected to provide a reduction of capital outlay used for server hardware of

well over 20%.

Operating Costs are also significantly reduced by implementing a consolidated virtualization solution. Data

center rack space is expensive, as are the power and cooling systems which support it. A single Wintel server

is estimated to require $255/yr in power and $763 /yr in cooling, a combined total of $1,000 per physical

system. Achieving the anticipated 7-10:1 reduction in physical servers will reduce NGS’ Wintel ‘data center’

operating costs by over $6k and free space for non-virtualized hardware to be located in the ‘data center’.

Server provisioning costs are also reduced significantly through the use of templates and virtual instance

creation. Automated or instant server provisioning saves approximately 10 IT Labor hours per server instance

deployed. Virtual server instances recover faster than physical server instances from unplanned downtime.

NGS will realize savings not just from a savings in IT Labor hours but also a savings in end-user hours as

well, as a down server has a many to one relationship.

By removing varied types of physical hardware from support and replacing them with virtual instances NGS

will be able to implement a standard set of administration processes for the management of server operating

systems. In turn, a common set of processes lend themselves to common key performance indicators and

metrics; enabling intelligence regarding the current state of the environment to be understood and presented

to management and other consumers alike with ease.

Cloud Migration Projects

As mentioned in the Executive Summary of this document, there are significant precedents in both state and

local governments successfully migrating their messaging infrastructures, collaboration portals and

productivity suites. The benefits of migrating these classically internal services to a cloud provider include:

Reduced or eliminated internal capital equipment costs

Faster response to moves, adds, changes due to fully automated processes

More robust and feature rich service offerings

Significantly matured disaster recovery operations

Few barriers to entry; short migration times

Greater storage capacity per user at much lower cost per gigabyte



Reduction is required number of IT labor hours/year

Instant Remote Access for all students

On top of all of these drivers, it is much easier and cheaper to establish universal electronic identity through a

cloud provider’s logged and audited security apparatus than with an internal identity lifecycle management

solution. Many of the features, i.e. single sign on, advanced workgroup collaboration and document

management would not be available to smaller institutions such as New Glarus without a significant capital

and operational investment in a particular technology platform. Software licensing and version management is

simplified and offloaded to the cloud provider via electronic web interfaces and rolling upgrades; IT no

longer has to worry about upgrading to the ‘latest version of Office’ and can focus its resources instead on

bettering education for students and teachers.

There are several major providers that should be examined by NGS; Google, Microsoft and Gaggle have

service offerings specifically targeted at the education vertical. As vendor selection is outside the scope of this

document, but we recommend that NGS follow a standard software acquisition process: i.e. define business

and technical requirements; make an apples-to-apples comparison and an all-in comparison of each offering;

pilot each offering to a small group of representative users with NGS; record their feedback, evaluate vendor

durability within the marketplace, etc.

The looming prospect of regulatory legislation at the local, state or federal level should also be considered

before moving core services into the cloud. While it is likely that major service providers such as Google and

Microsoft would move to be in compliance with any new regulations it is unknown. Smaller providers such as

Gaggle are not subject to analyst review and no further information is available about their tentative future

plans.

Migrating NGS messaging, productivity and collaboration services into externally managed services by

Microsoft or Google is viewed as positive move towards accomplishing the best practices of the standardized

state. By leveraging service providers’ resources, New Glarus’ IT services may be packed with more features

and provided at a lower cost than in-house systems. Capital and operational expenditures avoided by

outsourcing applications as discussed above frees money to accelerate the goal of 1:1 computing. Applications

run in the cloud do not require fast client computers; cheap netbook devices have been shown to work very

well in educational environments when used in conjunction with cloud provided applications.

Implement an IT Service Delivery Framework

An IT Service Management Framework is the cornerstone of successful service delivery. An examination of

NGS’ current project list indicates that many applications are deployed as point solutions without evidence of

a clear strategic alignment. Many organizations in the Basic state suffer from this type of reactive approach to

project prioritization. NGS, in particular, suffers inefficiencies due to the lack of a formal process for

introducing software into the network; teachers are currently allowed to install software they deem required

outside of any IT involvement.

IT Service Management will create and enforce a service development methodology directly linked to a

portfolio management methodology; i.e. all projects compete for a finite group of resources. The

methodology will force stakeholders to develop business cases for each project following a common



template. This allows the objective derivation of prioritization scores based on the project’s holistic impact to

NGS’ students and teachers, allowing the projects which are truly the most beneficial to be implemented

regardless of subjective advocacy. The service development and portfolio management methodologies

consider governance a dominant priority; as such projects are clearly measured based on predefined success

criteria. This tight integration ensures that all IT dollars spent are done so in a transparent and efficient

manner.

NGS utilizes a small IT department and does not require a full ITIL implementation which is costly and time

consuming. A limited introduction of the Microsoft Operations Framework or ITIL v3 will enable NGS to

realize the following benefits:

Alignment of IT strategy with business strategy

Capture and maintain skills and knowledge

Improve project based deliverables and time management

More effectively use its internal and partner resources

Create transparency, enabling easier justification of expenditures targeted at improving service quality

More effectively design and manage services to meet teacher, student and support staff demand

Roll out new services in a more cost effective and timely manner

Reduce costs by reducing the amount of duplicate work effort and rework

Establish key performance indication metrics which may be used to provide demonstrable proof of

departmental performance

Reduce service downtime

Clearly define roles and responsibilities

Create efficient and centrally managed processes

Implement Continuous Service Improvement Plans to constantly evaluate and improve the quality

and delivery of IT services

The simplest framework solution is the Microsoft Operations Framework. MOF based policies and

procedures may be written for the new systems to provide a running start on implementing Service

Management. The Information Technology Infrastructure Library, or ITIL, resides at the other end of the

spectrum and provides very encompassing methodologies for service management across the entire IT

spectrum.



For a basic flow diagram of the Microsoft Operations Framework please see Error! Reference source not

found.3 below:

Figure 13 The Microsoft Operations Framework (MOF) 4.0 Service Lifecycle



For a basic flow diagram of the ITIL Service Management lifecycle please see the figure below:

Figure 14 – ITIL Service Management Lifecycle

By implementing an IT Service Delivery Framework NGS will fulfill the following recommendations from

the Core IO maturity mapping:

Implement an IT Service Delivery Framework

CDW’s IT Governance Services can help NGS select a process performance measurement framework based

on industry standards, assess current capabilities, and design processes and the supporting functions needed

to meet business goals (e.g., job design, organizational design, reporting, staffing plan, etc.) The services are

aimed at driving efficiencies and savings through the effective management of NGS’ resources.

IT Roadmap - New Glarus Elementary School · IT Roadmap Project Deliverable Prepared For New Glarus...

Documents

Transcript of IT Roadmap - New Glarus Elementary School · IT Roadmap Project Deliverable Prepared For New Glarus...