Welcome
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

Welcome PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Welcome. Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/technet. Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

Download Presentation

Welcome

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Welcome

Welcome


Stay connected with microsoft ireland http www microsoft com ireland technet

Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/technet

  • Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

  • Get involved in local Microsoft Technology user groups – let me know if you’re interested.

  • Just launched Technet Ireland www.Microsoft.com/ireland/technet

  • Great event line up next year!


Agenda

Agenda

  • 9:30 Setting the scene – IOI

  • 9:45 Active Directory and IPSec

  • 11.00 Tea / Coffee

  • 11:15 MOM

  • 12:30 Lunch


A crisis of complexity

Value

Creation

Maintenance

& Delivery

A Crisis Of Complexity


Solving the challenge infrastructure optimization

Solving The Challenge:Infrastructure Optimization


Welcome

The IOM Journey frees resources and provides the foundation for organizational agility

Managed and

consolidated IT

Infrastructure

with maximum

automation

Fully automated

management,

dynamic resource

Usage , business

linked SLA’s

Managed IT

Infrastructure

with limited

automation

Uncoordinated, manual

infrastructure

More Efficient Cost Center

Business Enabler

Strategic Asset

Cost Center

* Based on the Gartner IT Maturity Model


Technology view of model

Technology View of Model


Technology view of model one example

Technology View of ModelOne Example

Security, Networking & Monitoring

LimitedInfrastructure

Lack of standardized security measures

Ad hock management of system configuration

Limited to no monitoring of infrastructure

Automated patch management (WU, Update Services, SMS)

Edge firewall with lock-down configuration

Standardized antivirus solution

Firewall enabled on laptops

New systems limited to those supported by IT

Defined set of standard basic images

Defense-in-depth security measures widely deployed

Anti-malware protection (i.e. spyware, bots, rootkits, etc.)

Firewall enabled on desktops, laptops & servers

Secure wireless networking

Service level monitoring on desktops

IPSec used to isolate critical systems

Automated, central management of:

Security updates for both clients & servers

Application compatibility testing

Client & server firewall mitigations

Application and image deployment

Server operations

Reference image system

Security event correlation


Technology view of model one example1

Technology View of ModelOne Example

Desktop Lifecycle

  • Primary desktop OS is WinXP with images defined at corporate level

  • Reference Image managed manually

  • Automated software distribution, management and tracking

  • Zero touch upgrade and install

  • Application certification and compatibility testing

  • Automated reference image system connected to OEM partner

  • Automated patch management extended to servers

  • Automated application compatibility testing

  • Defined set of standard basic images

  • Multiple desktop OS’ still exist at department level

  • Automated patch management (WU, SUS, SMS)

  • Light touch upgrade and install

  • Departmental application testing

  • No standard OS image

  • All desktops are unique after deployment

  • Inconsistent patch management

  • Manually deploying and upgrading systems with DVDs or CDs

  • Limited or ad hoc application testing


Technology view of model one example2

Technology View of ModelOne Example

Secure Manageable Messaging

Unified directory infrastructure for access and messaging

Block SPAM at gateway and mailbox store

Server anti-virus that uses multiple scanning engines

Monitor messaging server health

Running any version of Exchange

Secure web-based e-mail access

Use an application-layer firewall to pre-authenticate web mail users before they reach the mailbox server

Security of mobile devices including remote reset and remote wipe

Detect potential service outages and receive alerts in advance


Technology view of model one example3

Technology View of ModelOne Example

Data Protection & Recovery

  • Local user data stored randomly and not backed up to network

  • Any backup happens locally

  • No user state migration available for deployment

  • Standards for local storage in “My Docs” but not redirected or backed up

  • Any backup happens at workgroup level

  • Backup/restore on critical servers

  • Some automation of user state migration available for deployment

  • Users store data to “My Docs” and synched to server

  • Backup managed at company level

  • Backup/restore of all servers with SLAs

  • User state is preserved and restored for deployment

  • Self managed backup and restore on all servers and desktop data with SLAs


Technology view of model one example4

Technology View of ModelOne Example

Identity & Access Management

  • Active Directory for Authentication and Authorization

  • Users have access to admin mode

  • Security templates applied to standard images

  • Desktops not controlled by group policy

  • Active Directory group policy and Security templates used to manage desktops for security and settings

  • Desktops are tightly managed

  • No server-based identity or access management

  • Users operate in admin mode

  • Limited or inconsistent use of passwords at the desktop

  • Minimal enterprise access standards

  • Centrally manage users provisioning across heterogeneous systems


Translating ioi into action

Translating IOI into action

Garrett Wallis - Microsoft Consulting Services, Ireland


Know what you have

Know what you have


Measure impact of change

Measure impact of change

Point

Solutions

Integration

Standards BasedCommon Tools

Strategically AlignedException Management

Core

Applications

Server

SAP Dev

FilePrint

MessagingWeb

Client

Messaging SAP

Antivirus Remote Control

OfficeInternet

FileNETUtilities

Suppor t

Management

Security

File\Print\Fax Servers

Platform

Server

Single Manufacturer

Certified Installs

Standard Build

Managed

Client

Single Manufacturer

Gold Build

Version Control

Other devices (PDA, mobile, etc.)

File\Print\Fax Servers

Domain

NetworkServices

DHCP etc.

Authentication

AD, SSO, etc

NameServices

DNS, WINS

Replication

Network

WAN

LAN

RAS

Internet


Ad forest domain and ou design

AD Forest, Domain and OU Design

Common Practices/Tips and Tricks


Forest domain design

Forest/Domain Design

  • Majority of Active Directory Forests being implemented are single forest/single domain

    • separate development/pre-production forests

    • Multiple NT4 production domains collapsed into single domain

    • Significant impact on administration – centralised (some delegation of tasks)

  • Tip: Always start from single forest/single domain when planning

    • Try to avoid non-technical influences

  • Tip: Two things that “negatively affect” AD

    • Bad replication design

    • Bad Group Policies


Ou design

OU Design

  • OU creation based on

    • Delegation of Administration

    • Application of GPO’s

      • Increasing use of security/WMI filtering of GPO’s

  • Choice of 3 basic models reflect

    • Resources

    • Geography

    • BU Structure

  • Tip: use a top level OU

  • Tip: moving objects between OU’s affects

    • GPOs applied

    • Scripts

  • Tip: Naming Conventions


Welcome

Demo

  • Different OU Strategies


Gpo s

GPO’s

  • Minimum should be

    • Domain and Security policies

    • Automatic updates

    • Windows Firewall

    • Remote Desktop/Remote Assistance/Remote Control

    • Internet Explorer configuration

    • Restricted Groups

    • Office ADM’s

  • Tip: Take as much configuration out of the standard build process into Group Policy as possible

  • Tip: netstat –ano

  • Tip: Disable unused portions of GPO’s

  • Tip: Naming Conventions

  • Link: Group Policy Settings Reference for Windows Server 2003 with Service Pack 1


Welcome

Demo

  • Group Policy application, and using security filtering in GPMC


Ipsec

IPSec

  • What’s it about?

    • Ensure only managed/known devices communicate with each other

    • IPSec or 802.1x?

    • Gathering momentum with Networking teams – take control of the options!

  • What’s achievable in standard environments?

    • Domain Isolation (full or partial)

    • Server Isolation in Isolated Domain

  • What is an IPSec Policy

    • Filters to identify machines and protocols/ports

    • Actions to taken when traffic matches a filter

  • Tip: Mandatory - Ensure that core domain traffic - Domain Controllers, WINS, DNS, DHCP etc. etc. is filtered out and always allowed

  • Tip: Keep it simple, get comfortable

  • Link: IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windows


Welcome

Demo

  • IPSec

    • Domain Isolation

    • Server isolation (if time permits)


Coffee break

Coffee Break


Welcome

MOM

  • Why MOM (from a field perspective?)

    • Always asked “What should we monitor in AD, or Exchange, or SQL?”

      • Answer – what MOM monitors

    • Knowledge driven – intended to supply the resolution with the problem

    • SO easy to integrate with other management tools

      • Dell OpenManage Server Administrator, HP Insight Manager

    • SLA evidence (Reporting)

    • Why implement a mission critical environment without MOM?

    • It isn’t expensive

    • Tip: Check for MP’s regularly

    • Tip: MOM on SQL SP4 gotchas


Welcome

Demo

  • MOM install (ish!!)

  • MP import, including Dell, HP

  • Agent deployment

  • Reporting

  • Create a Management Pack!

  • Link: MOM 2005 Resource Kit


For a single server deployment of mom 2005

For a single server deployment of MOM 2005

  • Install Base OS - Windows Server 2003 Standard with SP1

  • Install IIS and ASP.NET (Add Remove Programs...Windows Components...Etc.)

  • Get updates (WSUS, SMS, Microsoft Update, other...)

  • Create MOM and SQL Service Accounts, appropriate permissions and rights

  • Install SQL Server 2000 (default installation, but specify DB path)

  • Install SQL 2000 SP3a (SQL 2000 SP4 gotcha - KB902803)

  • Install SQL 2000 Reporting Services (SQL Reporting Services SP2 gotcha too - KB902804)

  • Install MOM Server - Check Prerequisites

  • Install MOM Reporting - Check Prerequisites

  • Install SQL 2000 Server SP 4

  • Install SQL 2000 Reporting Services Service Pack 2


Additional links

Additional Links

  • Service overview and network port requirements for the Windows Server system - http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

  • MOM Management Packs - http://www.microsoft.com/management/mma/catalog.aspx

  • Windows Server System Reference Architecture - http://www.microsoft.com/technet/itsolutions/wssra/raguide/default.mspx

  • Windows XP Security Guide - http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx

  • Windows Server 2003 Security Guide - http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

  • What's New in Windows Server 2003 R2 - http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx


Stay connected with microsoft ireland http www microsoft com ireland technet1

Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/technet

  • Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

  • Get involved in local Microsoft Technology user groups – let me know if you’re interested.

  • Just launched Technet Ireland www.Microsoft.com/ireland/technet

  • Great event line up next year!


  • Login