Enabling a Flexible Workforce, an insider’s view Asif Jinnah Field Desktop Services
The Microsoft Environment First and Best Customer Enterprise Infrastructure High Scale Processes • Over 150,000Windows 7 Clients • 90,000 Office 2007 &80,000 Office 2010 clients • 350,000+SharePoint Sites • 6 data centers • 8,819 production servers • 106 countries • 648 buildings • 272,000+ SMS managed computers • 741,000+ devices • 196,988 end users • 73,000,000+ internal IMs per month • 111,000+ user mailboxes • 1,200,000+ remote connections per month
Flexible Working – Anywhere - Anytime • Reduce Business Travel • Reduce travel time & lost productivity • Reduce Commuting with Unified Communications & Teleworking • Improve employee satisfaction & retention • Reduce Office Buildings and Space • Innovation & productivity • More flexible work space • Increase Flexibility & Security
Preparing the Workforce - Readiness • Windows Online Training, Help and Support • Work Smart Productivity Training • Proactive Role for IT • 33,685 Employees Attended • 627,000 hours in productivity • $40 Mil return (Soft ROI)
Microsoft UK Cost Savings • In Microsoft UK, the Sales & Marketing and Support Group has seen average cost reductions of over 50%in both T&E and Telecoms, generating savings of £3.6m ($5.7m)saving year on year (over the period from November 2008 to Oct 2009 compared to the previous 12 months) • T&E costs savings are 51% T&E (£3.3m or $5.2m) • Telecom costs savings are 54% Telecoms (£320k or $505k) The cost savings are due to the adoption of Unified Communication and Live Meeting and changes in the travel policy. The travel policy changes resulted in many business meetings being hosted online and therefore business continued as before.
Securing a Flexible Workforce Anywhere IPsec/Windows Firewall Trusted, non-compliant machine X TPM+BitLocker | SMS | Auth X Trusted, compliant machine; with malware Applications and Data Access to data and applications is restored once NAP remediates the client X NAP SSL VPN – Granular Access Trusted, compliant, healthy machine Compliant but Untrusted machine Untrusted machine
Secure Web and Remote Access Architecture Secure Web and Remote Access Enablement • Benefits • Secure access to external facing applications • Secure remote access to corporate applications externally • Secure corporate and branch connectivity Secure Remote Application Publishing Services External Corporate Users IAG www Servers Active Directory Application Server Active Directory ISA Cluster Secure VPN Services (Branch) • Offering Components • Secure Web Access Services – ISA Server 2006 • Secure VPN Services and Branch – ISA Server 2006 • Secure Remote Application Publishing Services – IAG 2007 ISA Cluster Secure Web Access Services Secure VPN Services (Client)
Enterprise Network Protection Architecture Enterprise Network Protection Policy based Network Access Services Certificate Authority Network Isolation Services Unhealthy Client • Benefits • Protection of wired and wireless network traffic • Managed isolation of critical server infrastructure • Reduction of unmanaged devices connecting to corporate resources • Enforcement of health polices Remediation Server NAP Server Critical Server Active Directory Critical Server Group Policy Network PolicyServer • Offering Components • Policy-Based Network Access Services • Network Access protection (NAP) • IPSec enforcement • 802.1 x enforcement • Wireless integrated • Network Isolation Services – IPSec + Group Policy SQL Cluster Healthy Client Critical Server Healthy Client Secure Wireless Services
Direct Access – Windows 7 & Server 2008 R2 • Best Practices and Benefits • Require two-factor authentication with smart cards when using DirectAccess • Use encryption on all communication to and from DirectAccess clients • IC0-1 - $250k Saving/Office • Use NAP to enforce client health and compliance
Update Management Best Practices Assess environment to be patched Identifynew updates 1.Assess 2. Identify 3. Evaluate and Plan 4. Deploy Deploy the update Evaluate and plan update deployment Microsoft Operations Framework
Maintaining a Flexible Workforce IPsec Workgroups Remote access clients/dial-up Labs IPsec boundary Creates Secure Net environment All Devices ~330,000 Secure Net Devices ~270,000 Devices managed through SMS/SCCM ~265,000 ~16,000 servers Unique management challenges 13
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.