Welcome
Download
1 / 29

Welcome - PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on

Welcome. Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/technet. Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Welcome' - hector-carpenter


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Stay connected with microsoft ireland http www microsoft com ireland technet
Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/technet

  • Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

  • Get involved in local Microsoft Technology user groups – let me know if you’re interested.

  • Just launched Technet Ireland www.Microsoft.com/ireland/technet

  • Great event line up next year!


Agenda
Agenda

  • 9:30 Setting the scene – IOI

  • 9:45 Active Directory and IPSec

  • 11.00 Tea / Coffee

  • 11:15 MOM

  • 12:30 Lunch


A crisis of complexity

Value

Creation

Maintenance

& Delivery

A Crisis Of Complexity


Solving the challenge infrastructure optimization
Solving The Challenge:Infrastructure Optimization


The IOM Journey frees resources and provides the foundation for organizational agility

Managed and

consolidated IT

Infrastructure

with maximum

automation

Fully automated

management,

dynamic resource

Usage , business

linked SLA’s

Managed IT

Infrastructure

with limited

automation

Uncoordinated, manual

infrastructure

More Efficient Cost Center

Business Enabler

Strategic Asset

Cost Center

* Based on the Gartner IT Maturity Model


Technology view of model
Technology View of Model for organizational agility


Technology view of model one example
Technology View of Model for organizational agilityOne Example

Security, Networking & Monitoring

LimitedInfrastructure

Lack of standardized security measures

Ad hock management of system configuration

Limited to no monitoring of infrastructure

Automated patch management (WU, Update Services, SMS)

Edge firewall with lock-down configuration

Standardized antivirus solution

Firewall enabled on laptops

New systems limited to those supported by IT

Defined set of standard basic images

Defense-in-depth security measures widely deployed

Anti-malware protection (i.e. spyware, bots, rootkits, etc.)

Firewall enabled on desktops, laptops & servers

Secure wireless networking

Service level monitoring on desktops

IPSec used to isolate critical systems

Automated, central management of:

Security updates for both clients & servers

Application compatibility testing

Client & server firewall mitigations

Application and image deployment

Server operations

Reference image system

Security event correlation


Technology view of model one example1
Technology View of Model for organizational agilityOne Example

Desktop Lifecycle

  • Primary desktop OS is WinXP with images defined at corporate level

  • Reference Image managed manually

  • Automated software distribution, management and tracking

  • Zero touch upgrade and install

  • Application certification and compatibility testing

  • Automated reference image system connected to OEM partner

  • Automated patch management extended to servers

  • Automated application compatibility testing

  • Defined set of standard basic images

  • Multiple desktop OS’ still exist at department level

  • Automated patch management (WU, SUS, SMS)

  • Light touch upgrade and install

  • Departmental application testing

  • No standard OS image

  • All desktops are unique after deployment

  • Inconsistent patch management

  • Manually deploying and upgrading systems with DVDs or CDs

  • Limited or ad hoc application testing


Technology view of model one example2
Technology View of Model for organizational agilityOne Example

Secure Manageable Messaging

Unified directory infrastructure for access and messaging

Block SPAM at gateway and mailbox store

Server anti-virus that uses multiple scanning engines

Monitor messaging server health

Running any version of Exchange

Secure web-based e-mail access

Use an application-layer firewall to pre-authenticate web mail users before they reach the mailbox server

Security of mobile devices including remote reset and remote wipe

Detect potential service outages and receive alerts in advance


Technology view of model one example3
Technology View of Model for organizational agilityOne Example

Data Protection & Recovery

  • Local user data stored randomly and not backed up to network

  • Any backup happens locally

  • No user state migration available for deployment

  • Standards for local storage in “My Docs” but not redirected or backed up

  • Any backup happens at workgroup level

  • Backup/restore on critical servers

  • Some automation of user state migration available for deployment

  • Users store data to “My Docs” and synched to server

  • Backup managed at company level

  • Backup/restore of all servers with SLAs

  • User state is preserved and restored for deployment

  • Self managed backup and restore on all servers and desktop data with SLAs


Technology view of model one example4
Technology View of Model for organizational agilityOne Example

Identity & Access Management

  • Active Directory for Authentication and Authorization

  • Users have access to admin mode

  • Security templates applied to standard images

  • Desktops not controlled by group policy

  • Active Directory group policy and Security templates used to manage desktops for security and settings

  • Desktops are tightly managed

  • No server-based identity or access management

  • Users operate in admin mode

  • Limited or inconsistent use of passwords at the desktop

  • Minimal enterprise access standards

  • Centrally manage users provisioning across heterogeneous systems


Translating ioi into action

Translating IOI into action for organizational agility

Garrett Wallis - Microsoft Consulting Services, Ireland


Know what you have
Know what you have for organizational agility


Measure impact of change
Measure impact of change for organizational agility

Point

Solutions

Integration

Standards Based Common Tools

Strategically Aligned Exception Management

Core

Applications

Server

SAP Dev

File Print

Messaging Web

Client

Messaging SAP

Antivirus Remote Control

Office Internet

FileNET Utilities

Suppor t

Management

Security

File\Print\Fax Servers

Platform

Server

Single Manufacturer

Certified Installs

Standard Build

Managed

Client

Single Manufacturer

Gold Build

Version Control

Other devices (PDA, mobile, etc.)

File\Print\Fax Servers

Domain

NetworkServices

DHCP etc.

Authentication

AD, SSO, etc

NameServices

DNS, WINS

Replication

Network

WAN

LAN

RAS

Internet


Ad forest domain and ou design

AD Forest, Domain and OU Design for organizational agility

Common Practices/Tips and Tricks


Forest domain design
Forest/Domain Design for organizational agility

  • Majority of Active Directory Forests being implemented are single forest/single domain

    • separate development/pre-production forests

    • Multiple NT4 production domains collapsed into single domain

    • Significant impact on administration – centralised (some delegation of tasks)

  • Tip: Always start from single forest/single domain when planning

    • Try to avoid non-technical influences

  • Tip: Two things that “negatively affect” AD

    • Bad replication design

    • Bad Group Policies


Ou design
OU Design for organizational agility

  • OU creation based on

    • Delegation of Administration

    • Application of GPO’s

      • Increasing use of security/WMI filtering of GPO’s

  • Choice of 3 basic models reflect

    • Resources

    • Geography

    • BU Structure

  • Tip: use a top level OU

  • Tip: moving objects between OU’s affects

    • GPOs applied

    • Scripts

  • Tip: Naming Conventions


Demo for organizational agility

  • Different OU Strategies


Gpo s
GPO’s for organizational agility

  • Minimum should be

    • Domain and Security policies

    • Automatic updates

    • Windows Firewall

    • Remote Desktop/Remote Assistance/Remote Control

    • Internet Explorer configuration

    • Restricted Groups

    • Office ADM’s

  • Tip: Take as much configuration out of the standard build process into Group Policy as possible

  • Tip: netstat –ano

  • Tip: Disable unused portions of GPO’s

  • Tip: Naming Conventions

  • Link: Group Policy Settings Reference for Windows Server 2003 with Service Pack 1


Demo for organizational agility

  • Group Policy application, and using security filtering in GPMC


Ipsec
IPSec for organizational agility

  • What’s it about?

    • Ensure only managed/known devices communicate with each other

    • IPSec or 802.1x?

    • Gathering momentum with Networking teams – take control of the options!

  • What’s achievable in standard environments?

    • Domain Isolation (full or partial)

    • Server Isolation in Isolated Domain

  • What is an IPSec Policy

    • Filters to identify machines and protocols/ports

    • Actions to taken when traffic matches a filter

  • Tip: Mandatory - Ensure that core domain traffic - Domain Controllers, WINS, DNS, DHCP etc. etc. is filtered out and always allowed

  • Tip: Keep it simple, get comfortable

  • Link: IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windows


Demo for organizational agility

  • IPSec

    • Domain Isolation

    • Server isolation (if time permits)


Coffee break
Coffee Break for organizational agility


MOM for organizational agility

  • Why MOM (from a field perspective?)

    • Always asked “What should we monitor in AD, or Exchange, or SQL?”

      • Answer – what MOM monitors

    • Knowledge driven – intended to supply the resolution with the problem

    • SO easy to integrate with other management tools

      • Dell OpenManage Server Administrator, HP Insight Manager

    • SLA evidence (Reporting)

    • Why implement a mission critical environment without MOM?

    • It isn’t expensive

    • Tip: Check for MP’s regularly

    • Tip: MOM on SQL SP4 gotchas


Demo for organizational agility

  • MOM install (ish!!)

  • MP import, including Dell, HP

  • Agent deployment

  • Reporting

  • Create a Management Pack!

  • Link: MOM 2005 Resource Kit


For a single server deployment of mom 2005
For a single server deployment of MOM 2005 for organizational agility

  • Install Base OS - Windows Server 2003 Standard with SP1

  • Install IIS and ASP.NET (Add Remove Programs...Windows Components...Etc.)

  • Get updates (WSUS, SMS, Microsoft Update, other...)

  • Create MOM and SQL Service Accounts, appropriate permissions and rights

  • Install SQL Server 2000 (default installation, but specify DB path)

  • Install SQL 2000 SP3a (SQL 2000 SP4 gotcha - KB902803)

  • Install SQL 2000 Reporting Services (SQL Reporting Services SP2 gotcha too - KB902804)

  • Install MOM Server - Check Prerequisites

  • Install MOM Reporting - Check Prerequisites

  • Install SQL 2000 Server SP 4

  • Install SQL 2000 Reporting Services Service Pack 2


Additional links
Additional Links for organizational agility

  • Service overview and network port requirements for the Windows Server system - http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

  • MOM Management Packs - http://www.microsoft.com/management/mma/catalog.aspx

  • Windows Server System Reference Architecture - http://www.microsoft.com/technet/itsolutions/wssra/raguide/default.mspx

  • Windows XP Security Guide - http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx

  • Windows Server 2003 Security Guide - http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

  • What's New in Windows Server 2003 R2 - http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx


Stay connected with microsoft ireland http www microsoft com ireland technet1
Stay Connected with Microsoft Ireland for organizational agilityhttp://www.microsoft.com/ireland/technet

  • Stay connected by signing up for the new Irish TechNet Newsletter here: http://www.microsoft.com/ireland/technet/technetflash/

  • Get involved in local Microsoft Technology user groups – let me know if you’re interested.

  • Just launched Technet Ireland www.Microsoft.com/ireland/technet

  • Great event line up next year!


ad