Windows Azure Solution Implementer Guide. Agenda Recap Discussions to Date Next Steps Solution...

Windows Azure

Solution Implementer Guide

Agenda

Recap Discussions to Date

Next Steps

Solution Guidance

• Phase 1• Phase 2• Phase 3

Customize the Solution Requirements

Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities2. Position the Integrated Enterprise Platform

approach

Busin

ess

exec

utiv

es

1. Understand business needs and priorities2. Discuss range of potential solution

capabilities

ITex

ecut

ives

Arch

itect

s IT

pro/

dev

exec

utiv

es

Integrated Capability Analysis

Ensure target business capabilities cover process improvement prioritiesTranslate business capabilities into required infrastructure capabilitiesAssess current infrastructure maturityDetermine gaps to target integrated capabilitiesBuild a road map for integrating capabilities and implementing solutionsSpecify required platform architecture, technologies, and services Baseline the Microsoft platform road map

Business Driver Phase 1 Phase 2 Phase 3

FOCUS ON CORE VALUE-ADDED ACTIVITIES AND STAY COMPETITIVE

Provide self-managing capability to provision data services for applications throughout the enterprise without adding to the support burden of the IT department via a highly available, scalable, multiple-tenant storage service in the cloud that includes built-in fault tolerance; and via a simplified process of creating, prototyping, and deploying applications that integrate data across the organization

Provide the ability to build, modify, and distribute scalable applications through a combination of cloud and on-premises resources via a cloud-based development, service hosting, and service management environment that provides on-demand computing and storage to host, scale, and manage Web applications on the InternetProvide the ability to bring ideas to market faster with near-zero capital and operational expenditures via consumption of computing resources only as needed

Offer a systematic and secure solution that is deployed from the cloud, integrates with on-premises assets, and gives the IT organization oversight and control of distributed data assets along with a consistent development and management experience across the premises and the cloud via a simple, reliable, flexible, and powerful platform to create Web applications and services that support multiple languages and standards and integrate with the existing on-premises environment

RESPOND QUICKLY TO CHANGES IN BUSINESS AND CUSTOMER NEEDS

Provide the ability to link existing on-premises data stores to cloud-based storage services that support on-demand computing and storage capabilities while ensuring a familiar and consistent application development model via a familiar application development and relational data model in the cloud that provides connectivity with existing on-premises storageProvide the ability to expose and consume applications and services over the Internet across firewall, domain, and network boundaries via secure connectivity between loosely coupled services and applications that enable users to navigate through firewalls or network boundaries and to use a variety of communication patterns

Provide the ability to create new applications in the cloud without abandoning existing on-premises applications via bidirectional data synchronization between on-premises and cloud storageProvide the ability to create new applications in the cloud that can consume data that resides on-site via bidirectional data synchronization between cloud applications and on-premises data storageLower barriers to build composite applications, scalable and custom Web applications, and packaged line-of-business applications via bidirectional communication that is interoperable with existing systems, exposes endpoints easily, supports multiple connection options, and enables publish and subscribe for multicastingProvide the ability to consume disparate data sets, imagery, and content in real-time by using virtually any platform, application, or business workflow via a cloud computing platform that handles storage, delivery, billing, and reporting under a unified provisioning and billing frameworkProvide the ability to easily and flexibly configure users on different identity-management infrastructures while addressing a variety of security needs via creating user accounts that federate a user’s existing identity management using any directory system or standards-based infrastructure

Extend the availability of on-premises data to allow information to be easily shared with remote offices, mobile workers, and business partners through the cloud from multiple locations, desktop systems, and other devices via building business data hubs in the cloud, and via a bridge that enables on-premises and off-premises applications to work togetherProvide the ability to secure applications that extend beyond organizational boundaries and exercise complete, customizable control over the level of access that each user and group has within the application via federated identity and access control through rules-based authorization and flexible standards-based service that supports multiple credentials and parties that rely on it

Support for Priority Business CapabilitiesNote to presenter: This is a template.Prune, add, and prioritize per BDM and TDM feedback.Ensure consistency with the “Business Priorities Guide” and the “Capability Discussion Guide”.


Next Steps

Solution Guidance



Agenda

Phase 1Provides basic support for the most critical elements of the business driver

Phase 2Provides adequate, typical support for critical and priority elements of the business driver

Phase 3Provides thorough, streamlined support for the business driver that enables differentiated levels of performance

FOCUS ON CORE VALUE-ADDED

ACTIVITIES AND STAY COMPETITIVE

RESPOND QUICKLY TO CHANGES IN BUSINESS AND CUSTOMER NEEDS

Sophistication of the Solution

Solution GuidanceCONCEPTUAL

ARCHITECTUREMAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURECONCEPTUAL

ARCHITECTURE

MAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURE

Phase DefinitionFor each business driver, list the business challenges, solution features, and business benefits for this solution phase. Use this information and the “Support for Priority Business Capabilities” slides to structure the conversation with IT professional(s) for capturing, refining, and baselining business problems and solution functionality priorities.MappingThe Optimization mapping indicates the maturity level required for each capability of the solution to fully support the features specified in this solution phase. Use the mapping as a starting point to determine appropriate maturity levels for the solution. After mapping the solution, assess the gap between the current and desired infrastructure to:• Understand the scope and sequencing of work required• Organize a deployment road mapTechnologiesUse the results of the Optimization mapping to determine the technologies required for the features and supporting capabilities specified in this solution phase.

Conceptual ArchitectureUse this high-level, use case diagram to provide the “black box” definition of this solution phase. Customize to your solution definition during the integrated capability analysis.

Logical ArchitectureUse this logical, component-level architecture view to show all software components and how they interact to support this solution phase. Tailor to fit your particular solution definition during the integrated capability analysis. Note: Physical architecture is covered in the Architecture Guide also used during the integrated capability analysis.

Agenda


Next Steps

Solution Guidance



Phase 1 CONCEPTUAL ARCHITECTURETECHNOLOGIES

LOGICAL ARCHITECTURE

MAPPING

PHASE DEFINITION

Business Driver Needs Business CapabilitiesFOCUS ON CORE

VALUE-ADDED ACTIVITIES AND

STAY COMPETITIVE

Focus on services that truly add value instead of simply maintaining the current environment by managing operational resources and constraints as usual

Provide self-managing capability to provision data services for applications throughout the enterprise without adding to the support burden of the IT department

RESPOND QUICKLY TO CHANGES IN

BUSINESS AND CUSTOMER

NEEDS

Improve business agility and shorten time to market by taking advantage of existing skill sets and capital investments to expand service offeringsProvide a reliable, secure, and trustworthy platform to scale services to accommodate customer demands and business needs

Provide the ability to link existing on-premises data stores to cloud-based storage services that support on-demand computing and storage capabilities while ensuring a familiar and consistent application development modelProvide the ability to expose and consume applications and services over the Internet across firewall, domain, and network boundaries

B S R D

Datacenter Mgt and

Virtualization

Data Center Mgt & Virtualization

A defined software library exists. Automated build with defined deployment and provisioning processes. Physical and virtual hardware, software, and consumption unit assets are reconciled and reported on demand (manual or automated), and tools and data repository are in place to track and audit assets. Service capacity and resource utilization are monitored continuously; analysis tools are used to predict the impact of proposed changes (software, hardware, usage, and topology); Workloads can be relocated manually. Chargeback is consumption based. The organization actively uses virtualization to consolidate resources for production workloads. Some Production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. IT services are audited for compliance based on documented company and industry-standard policies (HIPAA, SOX, and PCI); reports are generated monthly. Services are available during server failure (e.g. server clustering, hot spares, and/or virtualization recovery solution). Process in place to assign costs for static Service allocations back to business groups; based on capacity not usage, or based on show-back reporting.

Server Security

Malware protection is centrally managed across server operating systems within organizations, including the host firewall. Protection for select mainstream/non-custom applications and services (such as e-mail, collaboration and portal applications, instant messaging), if available, is centrally managed. Integrated perimeter firewall, IPS, Web security, gateway anti-virus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across datacenter, application, organization, and cloud boundaries.

Networking Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and with support for auto configuration. Using IPv6 with IPSec for secure private communication over public network.

Storage

If a single disk or system component fails, no data is lost but data availability may be interrupted. Actively used data is geographically distributed or replicated to multiple servers; users have seamless and responsive access to most available servers across boundaries even in high-latency environments. Storage is managed and allocated dynamically from a highly available pool of physical space based on capacity required, and within limits set by policy quotas. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization

Device Security

Identity & Security Services

Identity & Access

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods, and machines; access control is role-based. Federation exists for selected applications. For consumer facing applications, federating with public providers (such as Facebook). Password policies are set within a directory service to enable single sign on across boundaries for most applications. Password resets through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. A scalable directory that is integrated and automatically synchronizes with all remaining directories across multiple geographies and isolated domains for all applications with connectivity to cloud when applicable.

Information Protection & Control

IT Process & Compliance

Each IT service has a formal definition of reliability. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service.

Phase 1: Core IO MAPPINGCONCEPTUAL

ARCHITECTURETECHNOLOGIESLOGICAL

ARCHITECTUREPHASE

DEFINITION

B S R D

Collaboration

Workspaces

Portals Multiple portals exist; directory services, authentication, and authorization are not uniform across portals, requiring users to sign in multiple times; user management methods are redundant.

Social Computing

Project Mgt

Information access

Interactive experience and navigation

Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring

Multi-Device Support

Interoperability

User Accessibility

Phase 1: BPIO MAPPINGCONCEPTUAL


ARCHITECTUREPHASE

DEFINITION

B S R D

BI and Analytics Platform

Business Intelligence

Data Warehouse Management

An IT-managed BI environment is in place and applications at the department level integrate with departmental data marts. IT designs, implements, and manages data schemas that are optimized for localized self-service reporting and analysis tools.

Big Data

Information Services and Marketplaces

Database and LOB Platform

Transaction Processing

Data Management

Key high-value data has associated formal data management policies and processes. Data governance may be recognized on a siloed basis, but not as a corporate discipline. Data and asset inventories and dependency relationships are manually documented periodically. Access policies for data and objects in databases are defined but not centralized, and do not reference data classifications. Administrative tasks are still performed using an over-privileged account. Security management is performed on a server-by-server basis. Systems are in place for retention backup. Organizational/departmental policies exist for how long items are stored and what is stored.

Application Infrastructure

Application messaging services used by development are aligned with standard application operating environments. Development and operations teams have the skills required to effectively and consistently make use of these technologies. Limited application component and service reuse strategies exist at the departmental or project level. Orchestration and workflow between applications is typically implemented via custom integrations. Applications are beginning to adopt web services or other standards implemented in operating environments to allow application components and common application services to interoperate as needed. Common application services and middleware component frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. A range of application services and infrastructure is provided across operating environments with central governance. A central engineering practices group co-sponsored by development and operations has formed and is providing valuable guidance to application development teams. Application developers consistently build applications using these application frameworks, so hosting, application services requirements, and management are predictable. Operating systems provide support for multiple application frameworks. Applications' deployment standards are consistently followed. A consistent platform for running and managing applications is implemented, and applications are designed with consistent approaches to health monitoring. Operations proactively monitors applications and back-end services using a shared thresholds/alerting infrastructure, and a centralized management tool and/or self-service interface is used to manage applications, services, and physical and virtual assets. Application and service monitoring data may be rendered on process performance dashboards.

Custom Developme

nt

Internet Applications

Component and Service Composition

Enterprise IntegrationUse of standardized processes for data integration is at the project level and technologies are used to improve back-end integration. The business leverages an integration broker running on-premises to connect to cloud applications using adapters. Application integrations leverage standard application messaging protocols and infrastructure to connect various applications running on-premises and in the cloud, connecting mission-critical data and transactions across enterprise applications. Centralized data integration strategies and tools are used across the enterprise.

Development Platform

The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization.

Application Lifecycle Management

Work-breakdown structures map estimated work to business value. Rudimentary metrics are used to manage project progress. Project managers aggregate data from standard status updates. Effective change management processes are in place. Testing has test harnesses and some automation, formal unit testing with good code coverage, and defined test strategy and processes. Explicit use of code quality tools typically occurs at the end of the development cycle. Processes are defined for debugging production defects and incidents, with a standard set of defect artifacts.

Phase 1: APO MAPPINGCONCEPTUAL


ARCHITECTUREPHASE

DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Server Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Server Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Assessment and Planning Toolkit 6.0; Microsoft Assessment and Planning Toolkit 6.5; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Microsoft Software Inventory Analyzer 5.0; Microsoft Software Inventory Analyzer 5.1; Opalis; Security Compliance Management Toolkit; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Automated Installation Kit; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2008 R2 Standard/Enterprise (Hyper-V); Windows Server 2012

Server Security Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2012

Networking Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2012

Storage

Microsoft Online Backup Service; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows 7 (Offline Files); Windows 8 (Offline Files); Windows Azure; Windows Server 2008 R2 (Backup and recovery); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (DFS-R and DFS-N) ; Windows Server 2008 R2 (Hardware RAID); Windows Server 2008 R2 (Software RAID); Windows Server 2012 (Backup/Recovery, Hyper-V Replica); Windows Server 2012 (DFS-R and DFS-N); Windows Server 2012 (Storage Spaces); Windows Server 2012 (Hardware RAID); Windows Storage Server 2008 (Backup and recovery); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 R2 (Backup and recovery); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 (RAID); Windows Storage Server 2008 (RAID)

Device Deploymen

t and Manageme

nt


Device Security


Identity & AccessForefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy, Read-Only Domain Controller); Windows Server 2008 R2 Standard (Active Directory Lightweight Directory Services, WS-Federation, WS-Trust); Windows Server 2012



Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Opalis; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012

Phase 1: Core IO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL


DEFINITION TECHNOLOGIES

B S R D

Collaboration

Workspaces

Portals Office 365 E1; Office 365 E2; Office 365 E3; Office 365 E4; Office SharePoint Server 2007 (Active Directory Domain Services integration with SharePoint); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (Active Directory Domain Services integration with SharePoint)

Social Computing

Project Mgt

Information access


Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 1: BPIO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL



B S R D



Data Warehouse Management SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010

Big Data




Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2005; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Excel 2010, Outlook 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developm

ent



Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional

Development Platform Visual Studio 11; Visual Studio Team Foundation Server 2010


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Premium; Visual Studio Team Foundation Server 2010

Phase 1: APO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREPhase 1

MAPPING TECHNOLOGIESLOGICAL

ARCHITECTUREPHASE

DEFINITIONCONCEPTUAL

ARCHITECTURE

Phase 1 LOGICAL ARCHITECTURE

CONCEPTUAL ARCHITECTURETECHNOLOGIES

MAPPING

PHASE DEFINITION


Agenda


Next Steps

Solution Guidance




LOGICAL ARCHITECTUREMAPPING

PHASE DEFINITION



STAY COMPETITIVE


Provide the ability to build, modify, and distribute scalable applications through a combination of cloud and on-premises resourcesProvide the ability to bring ideas to market faster with near-zero capital and operational expenditures



NEEDS


Provide the ability to create new applications in the cloud without abandoning existing on-premises applicationsProvide the ability to create new applications in the cloud that can consume data that resides on-siteLower barriers to build composite applications, scalable and custom web applications, and packaged line-of-business applicationsProvide the ability to consume disparate data sets, imagery, and content in real-time by using virtually any platform, application, or business workflowProvide the ability to easily and flexibly configure users on different identity-management infrastructures while addressing a variety of security needs

Phase 2

B S R D

Datacenter Mgt and

Virtualization


Automated build and deployment with consistent provisioning processes integrated with software and configuration library that includes virtual images; on demand reporting; self service portal for IT or end users to deploy. The IT asset life cycle is automated, and managed using policies, procedures, and tools; management of assets and thresholds are based on automated inventory information. Majority of production server resources are virtualized. Resource pooling implementation supports compliance and cost management strategies, such as Auditing and Reporting, Policy Management, Metered Usage, Multi-Tenancy and Process Automation. Performance monitoring of applications as well as physical and virtual hardware pools with enforceable SLAs; Service health monitoring with consistent reporting across heterogeneous environments. Policy enforcement occurs in near real time based on company and industry-standard polices that allow for immediate quarantine of non-compliant systems, and consistent compliance reporting and standards exist across all IT services. There are multiple levels of service availability clustering or load balancing. Virtualization and management is used to dynamically move applications and services when issues arise with datacenter compute, storage and network resources. Charge back based on cost of resources allocated and consumed, charged in aggregated or abstracted units using a defined Service Catalog (e.g., VM months).

Server Security Protection is deployed and centrally managed for all applications and services.

Networking Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries.

StorageIf a storage node fails, data access transparently fails over with no interruption in availability. Storage is managed and allocated dynamically from an elastic pool of storage capacity available across boundaries with automatic capacity expansion within limits set by business policy. Critical data is backed up by taking snapshots using a centralized, application-aware system.

Device Deploymen

t and Manageme

nt


Device Security


Identity & AccessCentralized IT offering of Federation services. Multiple Federation and trust relations between separate organizations 1 to 1 relationship. Multi-factor and certificate-based authentication are applied in some scenarios, such as remote access across boundaries (such as On Prem and Cloud). Self service password resets supported. A centralized, group/role based access policy is defined for business resources, applications, and information resources, managed through industry accepted processes.



Definitions of reliability for IT services are integrated across IT services and enforceable. IT service issues and design changes are tracked by using formal processes; testing is automated where possible. IT service release processes are uniform across IT services; deployment is automated and offers self service where possible; management reviews each service for readiness to release before deployment. Service-level and operational-level agreements are integrated for IT services; management reviews operational health regularly; some tasks are automated. Monitoring and flexible, tenant/service reporting are aggregated across individual areas for protection against malware, protection of information, and identity and access technologies.

Phase 2: Core IO MAPPING



PHASE DEFINITION

B S R D

Collaboration

Workspaces

Portals Multiple portals exist; directory services, authentication, and authorization are not uniform across portals, requiring users to sign in multiple times; user management methods are redundant.

Social Computing

Project Mgt

Information access


Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 2: BPIO MAPPING



PHASE DEFINITION

B S R D




An IT-managed BI environment and applications at the department level are aligned with the enterprise data warehouse (EDW) environment and applications. IT proactively builds, maintains, and manages key reports and analysis models that are used regularly across the business. IT designs, implements, and manages semantic models (such as OLAP) and data schemas optimized for managed and self-service reporting and analysis.

Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.

Application Infrastructure A common application messaging services infrastructure is in place and well managed for larger mission-critical applications.

Custom Developme

nt



Enterprise Integration Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities.


Developed applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.

Phase 2: APO MAPPING



PHASE DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Server Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Server Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager Self Service Portal 2.0; Windows Automated Installation Kit; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2008 R2 Standard/Enterprise (Hyper-V); Windows Server 2012

Server Security Forefront Endpoint Protection 2010; Forefront Protection 2010 for SharePoint; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2012


Storage

System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows 7 (Offline Files); Windows 8 (Offline Files); Windows Azure; Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (DFS-R and DFS-N); Windows Server 2008 R2 Enterprise (Failover Clustering); Windows Server 2012 (Cluster); Windows Server 2012 (DFS-R and DFS-N); Windows Server 2012 (Hyper-V Replica); Windows Server 2012 (Storage Spaces); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 Enterprise (Failover Clustering); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 Enterprise (Failover Clustering)

Device Deploymen

t and Manageme

nt


Device Security


Identity & Access

Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Federation Services); Windows Server 2008 R2 Standard (Active Directory Lightweight Directory Services, WS-Federation, WS-Trust); Windows Server 2012



Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Office SharePoint 2007 (Lists); Opalis; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL



B S R D

Collaboration

Workspaces

Portals Office 365 E1; Office 365 E2; Office 365 E3; Office 365 E4; Office SharePoint Server 2007 (Active Directory Domain Services integration with SharePoint); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (Active Directory Domain Services integration with SharePoint)

Social Computing

Project Mgt

Information access


Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL



B S R D



Data Warehouse Management SQL Server 2008 R2 Enterprise; SQL Server 2012; Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010

Big Data




Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt



Enterprise Integration.NET Framework; BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric


SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows SDK


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010


ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREMAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION

LOGICAL ARCHITECTUREPhase 2

Agenda


Next Steps

Solution Guidance





MAPPING

PHASE DEFINITIONPhase 3



STAY COMPETITIVE


Offer a systematic and secure solution that is deployed from the cloud, integrates with on-premises assets, and gives the IT organization oversight and control of distributed data assets along with a consistent development and management experience across the premises and the cloud



NEEDS


Extend the availability of on-premises data to allow information to be easily shared with remote offices, mobile workers, and business partners through the cloud from multiple locations, desktop systems, and other devicesProvide the ability to secure applications that extend beyond organizational boundaries and exercise complete, customizable control over the level of access that each user and group has within the application

B S R D

Datacenter Mgt and

Virtualization


Software and configuration library is maintained at current update levels with version control and auditing on demand. Resource provisioning and deprovisioning occurs dynamically and is elastic. Workloads are relocated dynamically. The organization has a consolidated view and a consolidated management process across heterogeneous virtual environments, including branch offices.

Server Security Protection is deployed and centrally managed for all applications and services.

Networking Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries.

StorageUsers have secure access to actively used data whether or not they are connected to the enterprise network, and can also access data securely from Internet kiosks and Internet-connected devices. Critical data across the enterprise is protected continuously by replicating it at a separate location or by using a cloud-based service; data backups can be recovered by using a self-service recovery process.

Device Deploymen

t and Manageme

nt


Device Security


Identity & Access Centralized IT offering of Federation services that integrates public identities and services. Offers 1 to many collaboration.


IT Process & Compliance Risk and vulnerability analysis is integrated across all IT services; IT compliance objectives and activities are integrated across IT services and automated where possible; management regularly audits to review policy and compliance.

Phase 3: Core IO MAPPING



PHASE DEFINITION

B S R D

Collaboration

Workspaces

Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Information access


Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 3: BPIO MAPPING



PHASE DEFINITION

B S R D




An IT-managed BI environment and applications at the department level are aligned with the enterprise data warehouse (EDW) environment and applications. IT proactively builds, maintains, and manages key reports and analysis models that are used regularly across the business. IT designs, implements, and manages semantic models (such as OLAP) and data schemas optimized for managed and self-service reporting and analysis.

Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.


Business processes follow a model-driven, dynamic approach. IT manages a SOA-based application infrastructure, comprised of LOB back ends and composite applications that extend them and has complete monitoring of integration scenarios across the cloud and on-premises applications. Use of standard application services supported by the operating application infrastructure environment is maximized. Engineering of infrastructure, shared application services, and application frameworks is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Many application characteristics can be modified by changing application configuration instead of code. Deployment of applications is simplified, consistent, and supported by automation. On-demand capabilities exist to add/change/remove application components without risk of downtime. Application blueprints do not have physical dependencies. Application and cross-application end-to-end process health management is proactive, with sophisticated SLAs and alerting structures in place.

Custom Developme

nt



Enterprise Integration Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities.


Use of standard application services supported by the operating application infrastructure environment is maximized. Architectural layering is enforced as part of code delivery and build automation. Engineering of infrastructure and central application services is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Development work management tools are integrated with operations incident management systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.

Phase 3: APO MAPPING



PHASE DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 (Server Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 R2 (Server Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self Service Portal 2.0 ; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter; Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2008 R2 Standard/Enterprise (Hyper-V); Windows Server 2012

Server Security Forefront Endpoint Protection 2010; Forefront Protection 2010 for SharePoint; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2012


Storage

Forefront Threat Management Gateway 2010; Forefront Unified Access Gateway; Internet Security and Acceleration Server 2006; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows 7 (Direct Access); Windows 8 (Direct Access); Windows Azure; Windows Server 2008 R2 (Direct Access); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (Failover Clustering); Windows Server 2012 (Cluster); Windows Server 2012 (Hyper-V Replica); Windows Server 2012 (SMB Encryption, Direct Access); Windows Server 2012 (Storage Spaces); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 Enterprise (Failover Clustering); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 Enterprise (Failover Clustering)

Device Deploymen

t and Manageme

nt


Device Security


Identity & Access

Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Azure Platform (Windows Identity Foundation, Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise/Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise/Datacenter (Active Directory Federation Services); Windows Server 2008 R2 Standard (Active Directory Lightweight Directory Services, WS-Federation, WS-Trust); Windows Server 2012



Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Office SharePoint 2007 (Lists); Opalis; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


B S R D

Collaboration

Workspaces

PortalsOffice 365 E1; Office 365 E2; Office 365 E3; Office 365 E4; Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Online (site manager); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)

Social Computing

Project Mgt

Information access


Messaging

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


B S R D



Data Warehouse Management SQL Server 2008 R2 Enterprise; SQL Server 2012; Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010

Big Data




Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office PerformancePoint Server; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows Azure; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt



Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric


SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010; Windows SDK


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


CONCEPTUAL ARCHITECTURE

MAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION

LOGICAL ARCHITECTUREPhase 3

Agenda


Next Steps

Solution Guidance



Identify your top-priority business drivers

Identify the business capabilities in the Capability Discussion Guide that match your priorities (see below)

Choose the phase (Phase 1, Phase 2, or Phase 3) that corresponds to your priorities

Add, remove, or adjust capabilities

Customize the pre-defined solutions (Phase 1, Phase 2, or Phase 3) by doing the following:

Understand your priorities

Choose a starting point

Adjust the mapping

Example: Steps to Customize the Solution

Example Solution Area: Phase 1 B S R D

Datacenter Mgt and

Virtualization


Deployment and management of software updates are tool based. The organization actively uses virtualization to consolidate resources for production workloads. Some production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. Services are available during server failure (for example, server clustering, hot spares, and virtualization recovery solution).

Server Security

Protection against malware is centrally managed across server operating systems within organizations, including the host firewall. Protection for select mainstream/non-custom applications and services (such as email, collaboration and portal applications, and instant messaging), if available, is centrally managed. Integrated perimeter firewall, IPS, web security, gateway antivirus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across data center, application, organization, and cloud boundaries. Remote access is secure, standardized, and available to end users across the organization.

Networking Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and include support for automatic configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. IPv4 is present for main transport services, using IPv6 for some transport services (for example, to achieve a larger address range).

Storage If a single disk or system component fails, no data is lost but data availability may be interrupted. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization ? Mobile device access configuration is automated and is pushed over-the-air. A solution is in place to configure and update devices. Mobile phones are used

for over-the-air synchronization with email, calendar, and contacts.

Device Security Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.


Identity & Access ?

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods and machines; access control is role-based. Password policies are set within a directory service to enable single sign-on across boundaries for most applications. Password resets occur through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as documents and email); policy

templates are used to standardize rights and control access to information.


IT policies are documented for each IT service. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Processes to manage incidents are in place for each IT service. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Problem management processes are in place for each IT service, with self-service access to knowledge base. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service.

Example: Customized Solution Requirements

Example: Tips to Customize the Solution

Server Security helps protect and secure the server infrastructure at the data center from viruses, spam, malware, and other intrusions.

Consider using an alternate maturity level that corresponds to your requirements

Identify, document, and discuss how a capability may be relevant

Keep a capability if you are unsure whether you need it

Agenda


Next Steps

Solution Guidance



Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities2. Position the Integrated Enterprise Platform

approach

Busin

ess

exec

utiv

es

1. Understand business needs and priorities2. Discuss range of potential solution

capabilities

ITex

ecut

ives

Arch

itect

s IT

pro/

dev

exec

utiv

es

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Azure Solution Implementer Guide. Agenda Recap Discussions to Date Next Steps Solution...

Documents

Transcript of Windows Azure Solution Implementer Guide. Agenda Recap Discussions to Date Next Steps Solution...