Microservices Application Simplicity Infrastructure Complexity
Secure management of Infrastructure. IT Complexity And Cost.
-
Upload
anne-wilkins -
Category
Documents
-
view
217 -
download
0
Transcript of Secure management of Infrastructure. IT Complexity And Cost.
Secure management of Secure management of InfrastructureInfrastructure
IT Complexity And CostIT Complexity And Cost
Enterprise IT ChallengesEnterprise IT Challenges
GrowthGrowth
Customer Customer serviceservice
Regulatory Regulatory compliancecompliance
Mobility Mobility
Varying skill Varying skill setssets
PC maintenancePC maintenance
Server Server consolidationconsolidation
Legacy platformsLegacy platforms
Identity Identity managementmanagement
Software updatesSoftware updates
Malicious Malicious attacks, viruses, attacks, viruses, spam, etc.spam, etc.
Evolving threatsEvolving threats
Patch Patch management, management, VPN, etc.VPN, etc.
Secure access Secure access (employees, (employees, partners and partners and customers)customers)
Solving The Challenge:Solving The Challenge:Infrastructure OptimizationInfrastructure Optimization
How Do You Get There?How Do You Get There?Infrastructure Optimization ModelInfrastructure Optimization Model
Cost Center Cost Center
Uncoordinated, Uncoordinated, manualmanual
infrastructure infrastructure
More Efficient More Efficient Cost CenterCost Center
Managed IT Managed IT Infrastructure Infrastructure
with limitedwith limited automationautomation
Managed and Managed and consolidated ITconsolidated IT InfrastructureInfrastructurewith maximum with maximum
automationautomation
Fully automated Fully automated management, management,
dynamic resource dynamic resource Usage , business Usage , business
linked SLA’slinked SLA’s
Business Business EnablerEnabler
Strategic Strategic AssetAsset
* Based on the Gartner IT Maturity Model* Based on the Gartner IT Maturity Model
Full LifecycleLifecycle
Improved system compliance with business and IT
policies
Lower Cost, Higher Productivity
Reduced time and effort required to troubleshoot and
maintain code
Increased responsiveness to changing business
demands
Knowledge Across The Lifecycle
Knowledge Across The LifecycleWhat is the Destination? Dynamic Systems Initiative
Dynamic SystemsDynamic Systems will result in reduced costs, improved reliability, and will result in reduced costs, improved reliability, and increased responsiveness across the entire IT life cycleincreased responsiveness across the entire IT life cycle
Microsoft’s Dynamic Systems Microsoft’s Dynamic Systems InitiativeInitiativeCore Technical PrinciplesCore Technical PrinciplesSW platforms and tools SW platforms and tools
that enable…that enable…Knowledge of an IT System: Knowledge of an IT System:
Designer’s intentDesigner’s intent
Operational Operational environmentenvironment
Governing IT Governing IT policiespolicies
Associated end Associated end user experienceuser experience
To be captured in…To be captured in…Software ModelsSoftware Models
MOM Management PacksMOM Management Packs
System Definition ModelSystem Definition Model
That can be created, That can be created, Modified and operated Modified and operated on…on…
Across the IT lifecycleAcross the IT lifecycle
Develop, Operate, Analyze/ActDevelop, Operate, Analyze/Act
Enhancing ProcessesEnhancing ProcessesMicrosoft Operations Framework (MOF) and Microsoft Operations Framework (MOF) and ITILITIL
Microsoft through MOF Microsoft through MOF defined many ITIL principlesdefined many ITIL principles
MOF applies ITIL MOF applies ITIL to Microsoft to Microsoft productsproducts
MOF and ITIL provide MOF and ITIL provide common IT Service common IT Service Management taxonomyManagement taxonomy
MOF makes Microsoft MOF makes Microsoft ITIL-CompliantITIL-Compliant
MOF is a foundation to MOF is a foundation to comply with SarbOx, HIPPA, comply with SarbOx, HIPPA, ISO, and other best practice ISO, and other best practice compliancecompliance
MOF makes ITIL MOF makes ITIL actionable on the actionable on the Microsoft PlatformMicrosoft Platform
ITILITIL®®
Managing Heterogeneity
Business and Support SystemsEnterprise Management Systems
BusinessUsers
HeterogeneousOps
MC
F
Dir
ect
Reporting Manager
Windows-centricoperators
SQ
LO
LA
Pnon-Windows systemsWindows-based systems
PartnerExtension
PartnerExtension
Infrastructure Infrastructure OptimizationOptimization
IT staff taxed by operational challenges
Users come up with their own IT solutions
IT Staff trained in best practices such as MOF, ITIL, etc.
Users expect basic services from IT
IT Staff manages an efficient, controlled environment
Users have tools they need, high availability, & access to information
IT is a strategic asset
Users look to IT as a valued partner to enable new business initiatives
IT processes undefined
High complexity due to localized processes, & minimal central control
Central Admin & config of security
Standard desktop images defined, not adopted company-wide
SLA’s are linked to business objectives
Clearly defined and enforced images, security, best practices (MOF, ITIL)
Self assessing & continuous improvement
Information easily & securely accessed from anywhere on Internet
Patch status of desktops is unknown
No unified directory for access management
Multiple directories for authentication
Limited automated s/w distribution
Automate identity and access management
Automated system management
Self provisioning and quarantine capable systems ensure compliance & high availability
Technology View of ModelTechnology View of Model
Technology View of ModelTechnology View of ModelOne ExampleOne Example
LimitedLimitedInfrastructureInfrastructureLack of Lack of standardized standardized security security measuresmeasuresAd hock Ad hock management management of system of system configurationconfigurationLimited to no Limited to no monitoring of monitoring of infrastructureinfrastructure
Defense-in-Defense-in-depth security depth security measures measures widely deployedwidely deployedAnti-malware Anti-malware protection (i.e. protection (i.e. spyware, bots, spyware, bots, rootkits, etc.)rootkits, etc.)Firewall enabled Firewall enabled on desktops, on desktops, laptops & laptops & serversserversSecure wireless Secure wireless networkingnetworkingService level Service level monitoring monitoring on desktops on desktops IPSec used to IPSec used to isolate critical isolate critical systemssystems
Automated Automated patch patch management management (WU, Update (WU, Update Services, SMS)Services, SMS)Edge firewall Edge firewall with lock-down with lock-down configurationconfigurationStandardized Standardized antivirus antivirus solutionsolutionFirewall enabled Firewall enabled on laptopson laptopsNew systems New systems limited to those limited to those supported by ITsupported by ITDefined set of Defined set of standard basic standard basic imagesimages
Security Security updates for updates for both clients & both clients & serversserversApplication Application compatibility compatibility testingtestingClient & server Client & server firewall firewall mitigationsmitigationsApplication and Application and image image deploymentdeploymentServer Server operationsoperationsReference Reference image systemimage systemSecurity event Security event correlationcorrelation
Automated, Automated, central central management of:management of:
Technology View of ModelTechnology View of ModelOne ExampleOne Example
LimitedLimitedInfrastructureInfrastructureLack of standardized Lack of standardized security measuressecurity measuresAd hock Ad hock management of management of system configurationsystem configurationLimited to no Limited to no monitoring of monitoring of infrastructureinfrastructure
Zero touch Zero touch deploymentdeploymentDefense-in-depth Defense-in-depth security measures security measures widely deployedwidely deployedAnti-malware Anti-malware protection (i.e. protection (i.e. spyware, bots, spyware, bots, rootkits, etc.)rootkits, etc.)Firewall enabled on Firewall enabled on desktops, laptops & desktops, laptops & serversserversSecure wireless Secure wireless networkingnetworkingService level Service level monitoring monitoring on desktops on desktops IPSec used to isolate IPSec used to isolate critical systemscritical systemsSecurity updates for Security updates for both clients & serversboth clients & servers
Light touch or Zero Light touch or Zero touch deployment.touch deployment.Application and image Application and image deploymentdeploymentAutomated patch Automated patch management (WU, management (WU, Update Services, SMS)Update Services, SMS)Secure and optimized Secure and optimized messaging messaging infrastructureinfrastructureEdge firewall with Edge firewall with lock-down lock-down configurationconfigurationStandardized Standardized antivirus solutionantivirus solutionFirewall enabled on Firewall enabled on laptopslaptopsNew systems limited New systems limited to those supported by to those supported by ITITDefined set of Defined set of standard basic imagesstandard basic imagesApplication Application compatibility testingcompatibility testing
Client & server firewall Client & server firewall mitigationsmitigationsServer operationsServer operationsReference Reference image systemimage systemSecurity event Security event correlationcorrelation
Automated, central Automated, central management of:management of:
Standardized Standardized Desktop images, Desktop images, not more than 2 not more than 2 versions of versions of Windows or Office. Windows or Office. Version of the OS Version of the OS or Office is N or N-1or Office is N or N-1
Multitude of Multitude of Desktop images, Desktop images, more than 2 more than 2 versions of versions of Windows or Office Windows or Office and/or older than N and/or older than N minus-2minus-2
Standardized Standardized modern Desktop modern Desktop images. Version of images. Version of Windows or Office Windows or Office is N or N-1is N or N-1
Standardized Standardized modern Desktop modern Desktop images. Version of images. Version of the Windows or the Windows or Office is N. Office is N. Desktop is key Desktop is key portal for business portal for business integration.integration.
Technology View of ModelTechnology View of ModelOne ExampleOne Example
No server-No server-based based identity or identity or access access management management Users Users operate in operate in admin modeadmin modeLimited or Limited or inconsistent inconsistent use of use of passwords at passwords at the desktopthe desktopMinimal Minimal enterprise enterprise access access standardsstandards
Active Active Directory for Directory for AuthenticatioAuthentication and n and Authorization Authorization Users have Users have access to access to admin modeadmin modeSecurity Security templates templates applied to applied to standard standard images images Desktops not Desktops not controlled by controlled by group policygroup policy
Active Active Directory Directory group policy group policy and Security and Security templates templates used to used to manage manage desktops for desktops for security security and settingsand settingsDesktops are Desktops are tightly tightly managedmanaged
Centrally Centrally manage manage users users provisioning provisioning across across heterogeneheterogeneous systemsous systems
Technology View of ModelTechnology View of ModelOne ExampleOne Example
Local user data Local user data stored stored randomly and randomly and not backed up not backed up to networkto networkAny backup Any backup happens locally happens locally No user state No user state migration migration available for available for deployment deployment Untested Untested recoveryrecoveryEach server Each server backed up to backed up to tapetape
Standards for Standards for local storage in local storage in “My Docs” but “My Docs” but not redirected not redirected or backed upor backed upAny backup Any backup happens at happens at workgroup workgroup level level Backup/restore Backup/restore on critical on critical serversserversSome Some automation of automation of user state user state migration migration available for available for deploymentdeploymentTested Tested recovery for recovery for Mission criticalMission critical
Users store data Users store data to “My Docs” to “My Docs” and synched to and synched to serverserverBackup Backup managed at managed at company levelcompany levelBackup/restore Backup/restore of all servers of all servers with SLAswith SLAsUser state is User state is preserved and preserved and restored for restored for deploymentdeploymentTested recovery Tested recovery Mission critical Mission critical & application & application datadataLAN based back-LAN based back-upsups
Self managed Self managed backup and backup and restore on all restore on all servers and servers and desktop data desktop data with SLAswith SLAsSAN based SAN based back-ups with back-ups with snapshotssnapshotsD2D technologyD2D technology
Technology View of ModelTechnology View of ModelOne ExampleOne Example
Running N-1 or Running N-1 or N-2 versions of N-2 versions of ExchangeExchange
Secure web Secure web mail with mail with integrated junk integrated junk mail filter, mail filter, S/MIME support S/MIME support and HTML and HTML content blocker content blocker Use an Use an application-application-layer firewall to layer firewall to pre-pre-authenticate authenticate web mail users web mail users before they before they reach the reach the mailbox servermailbox server
Unified Unified directory directory infrastructure infrastructure for access and for access and messagingmessagingBlock SPAM at Block SPAM at gateway and gateway and mailbox storemailbox storeServer anti-Server anti-virus that uses virus that uses multiple multiple scanning scanning enginesenginesRobust health Robust health monitoring and monitoring and more proactive more proactive resolution of resolution of issues issues
Security of Security of mobile mobile devices devices including including remote remote reset and reset and remote remote wipewipeDetect Detect potential potential service service outages and outages and receive receive alerts in alerts in advanceadvance
Where our customers are Where our customers are todaytoday
Cost Center Cost Center
Uncoordinated, Uncoordinated, manualmanual
infrastructure infrastructure
More efficient More efficient Cost CenterCost Center
Managed IT Managed IT Infrastructure Infrastructure
with limitedwith limited automationautomation
Managed and Managed and consolidated ITconsolidated IT InfrastructureInfrastructurewith maximum with maximum
automationautomation
Fully automated Fully automated management, management,
dynamic resource dynamic resource Usage , business Usage , business
linked SLA’slinked SLA’s
Business Business EnablerEnabler
Strategic Strategic AssetAsset
64%64%
31%31%
3%3% 2%2%
Infrastructure Optimization Model in Infrastructure Optimization Model in Action Action Sample Customer AssessmentSample Customer Assessment
Desktop InfrastructureDesktop Infrastructure
Server InfrastructureServer Infrastructure
Change ManagementChange Management
Operations ManagementOperations Management
Asset AdministrationAsset Administration
Customer ServiceCustomer Service
Technology Planning & Technology Planning & Process ManagementProcess Management
Overall RatingOverall Rating
Solutions for the JourneySolutions for the JourneySample Microsoft solutions Sample Microsoft solutions
Business Desktop Business Desktop Deployment Solution Deployment Solution
Accelerator V 2.5Accelerator V 2.5
Microsoft Infrastructure Microsoft Infrastructure deployment and migration Solution deployment and migration Solution
AcceleratorsAcceleratorsMicrosoft & partners infrastructure Microsoft & partners infrastructure
optimization servicesoptimization services
Application Compatibility and Application Compatibility and Active Directory Migration ToolkitsActive Directory Migration Toolkits
Microsoft Operations Framework service Microsoft Operations Framework service delivery solutionsdelivery solutions
2003 2008+1997 2000 2006
Infrastructure Costs
Complexity
1994ClientServer
N - Tier DynamicSystems
IT Complexity & CostIT Complexity & Cost
Support
ManagementCosts
$$
DSI – reducing TCO by building in experience
Desktop Cost Savings-The Most Desktop Cost Savings-The Most Obvious BenefitObvious BenefitHardware / SoftwareHardware / Software
Total Direct CostsTotal Direct Costs
End User ProductivityEnd User Productivity & Downtime & Downtime (Indirect Cost)(Indirect Cost)
Total TCOTotal TCO
AdministrationAdministration
OperationsOperations
$1,246$1,246
$261$261
$424$424
$1,931$1,931
$1,217$1,217
$3,148$3,148
$1,354$1,354
$774$774
$428$428
$2,556$2,556
$2,952$2,952
$5,50$5,5088
$1,333$1,333
$542$542
$426$426
$2,301$2,301
$2,265$2,265
$4,566$4,566
30%
52%
17%
31%
10%
16%
Deployment costs have Deployment costs have Declined…Declined…
Relative cost reductions shown reflect actual costs per seat, as reported by various Microsoft deployment partners. Relative cost reductions shown reflect actual costs per seat, as reported by various Microsoft deployment partners. Individual Individual customer experiences may vary depending on level of automation and testing.customer experiences may vary depending on level of automation and testing.
Costs Costs experiencedexperienced in in prior upgrade of prior upgrade of Microsoft OfficeMicrosoft Office
Previous UpgradePrevious Upgrade
Costs for current Costs for current upgrade upgrade anticipatedanticipated to to
be the samebe the same
SignificanSignificanttdrop in drop in actual actual costscosts
Office 2003Office 2003
28
Cost
s p
er
Desk
top
Cost
s p
er
Desk
top
ActualActual current cost current cost of of automatedautomated
upgradeupgrade
Actual current Actual current cost of cost of manualmanual upgradeupgrade
manualmanual upgradupgrad
ee
© 2005 Microsoft Corporation. All rights reserved.© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.