Manageability Services at MicrosoftManageability Services at Microsoft

Published: December 2006

Microsoft IT EnvironmentMicrosoft IT Environment

● 340,000+ computers340,000+ computers● 121,000 end users121,000 end users● 98 countries98 countries● 441 buildings441 buildings● 15,000 clients running 15,000 clients running

Windows VistaWindows Vista™™● 25,000 clients running 25,000 clients running

the 2007 Microsoft the 2007 Microsoft Office systemOffice system

● 5,700 Exchange 5,700 Exchange Server 2007 Server 2007 mailboxesmailboxes

● 31 servers running 31 servers running Windows Server Windows Server “Longhorn”“Longhorn”

● 46 million+ remote 46 million+ remote connections per monthconnections per month

● 189,000+ SharePoint 189,000+ SharePoint sitessites

● 4 data centers4 data centers● 8,400 production 8,400 production

serversservers

● E-mail messages per E-mail messages per day:day:

3 3 million internalmillion internal

10 million 10 million incomingincoming

9 million filtered 9 million filtered outout

● 37 million instant 37 million instant messages messages per monthper month

● 120,000+ e-mail 120,000+ e-mail server accountsserver accounts

2

Possible Similarities Possible Differences

Microsoft IT As a Microsoft Customer

● Security is mission criticalSecurity is mission critical● Mix of Microsoft operating Mix of Microsoft operating

systems and configurationssystems and configurations● Balancing security, cost, Balancing security, cost,

and efficiency is the bottom and efficiency is the bottom lineline

● Heterogeneous network Heterogeneous network environmentenvironment

● Need to integrate disparate Need to integrate disparate management systemsmanagement systems

● Being the first and best Being the first and best customer of Microsoftcustomer of Microsoft

● Software deployed more than Software deployed more than onceonce

● Majority of users are Majority of users are technical, local technical, local administratorsadministrators

● High-priority target for High-priority target for security attackssecurity attacks

● State-of-the-art networks and State-of-the-art networks and latest operating systemslatest operating systems

● Windows-only environmentWindows-only environment

3

Primary ChallengesPrimary Challenges

● Pressure to reduce IT management costsPressure to reduce IT management costs● Continuous new software versions (beta release)Continuous new software versions (beta release)● Rapid updatesRapid updates● New computers and servers configured dailyNew computers and servers configured daily● Wide variety of hardware (various laptops, Wide variety of hardware (various laptops,

desktop computers, and Tablet PCs)desktop computers, and Tablet PCs)● Need to constantly monitor and control health Need to constantly monitor and control health

and security of network and security of network

4

Dogfood and IT ScorecardDogfood and IT Scorecard● Shared goalsShared goals● Product Product

feedbackfeedback● Planning and Planning and

testingtesting● ““Dogfooding” Dogfooding”

and running a and running a world-class world-class utilityutility——IT IT ScorecardScorecard

● ShowcaseShowcase

5

Manageability Services ModelManageability Services Model

Program Management

Ser

vice

Man

ag

emen

t

Third-Party Software

Customers

BusinessUnits

Microsoft IT

(Security)

EndUsers

ExternalCustomers

Tiered Support (Helpdesk, Shared T2 Globally)

PartnersProduct Groups

MSTManage

ServerLife Cycle

ServerLife Cycle

Image Management Operating System

ProvisioningPatch Management

Software Distribution

3 Software Distributions4 Updates

2,000 Images

CMDBServer and NetworkTools Management

Enterprise Reporting

500,000 Configuration Items15,000 Devices Managed100+ Metrics Managed

Server and NetworkFault Management

Alert StreamMP Onboarding

16,000 Devices Monitored37,000/1 Million Alerts

11 Base Management Packs

Image Management Operating System

ProvisioningPatch Management

Software Distribution

12 Software Distributions7 Updates

6,000 Images

ConfigurationManagement

ConfigurationManagement

ServiceMonitoring

ServiceMonitoring

ClientLife Cycle

ClientLife Cycle

6

Manageability Services Scope Manageability Services Scope

• 5 Active Directory forests• Standardized on Windows Server 2003• 200 servers provisioned each month

441 buildings globally

4 enterprise data centers and50 remote locations globally

ConfigurationManagement

ServerLife Cycle

ServiceMonitoring

Network (~10,000)

Servers (~10,000)

Telephony (~10,000)

ClientLife Cycle

Clients (~233,000)

• Local administrators• Compliance through

SMS• Multiple desktops • Frequent rebuilds • IPsec for Secure Net

7

Microsoft Operations FrameworkMicrosoft Operations Framework

● Structured approach to Structured approach to achieving operational achieving operational excellenceexcellence

● Collection of best practices, Collection of best practices, principles, and modelsprinciples, and models

● Guidance on achieving high Guidance on achieving high availability, reliability, and availability, reliability, and securitysecurity

● 21 service management 21 service management functionsfunctions

8

MOF-Based OperationsMOF-Based Operations$100 Million 3-Year Spend Reduction

IT Utility (Cost per Head)

Cumulative Reduction

FY03 FY04 FY05 FY06

$ 7,220 $ 6,159 $5, 778 $4, 739

-15% -20% -34%

● 90% Auto-ticketing90% Auto-ticketing● Single MOM consoleSingle MOM console● Alert-to-ticket ratio = 1.4:1Alert-to-ticket ratio = 1.4:1● CMDB drives MOF processesCMDB drives MOF processes● Decreased duplicate/No Decreased duplicate/No

Problem Found tickets by 90%Problem Found tickets by 90%● Improved critical updates from Improved critical updates from

28 to 21 days, emergency 28 to 21 days, emergency updates from 15 to 8 daysupdates from 15 to 8 days

Automation

Change and release processes centralized143 offices connected via Internet 450:1 server-to-staff ratio (remote support)200:1 server-to-staff ratio (on-site support)Tier 2 support moved to India

Consolidation

30% reduction in infrastructure servers

Exchange servers down from 74 to 4 sites globally

500+ virtual servers (16:1 guest-to-host ratio)

Data Protection Manager (eliminated 115 tape libraries)

Centralization

While Improving… Security

Zero service impacts from Denial of Service attacksIncreased patching speed700+ application security and privacy audits

Productivity

Significant improvement in customer satisfaction scoreIncreased mobility with Microsoft Office Outlook® Web Access, Smartphones, and RPC over HTTPGreater collaboration with SharePoint, MySites, Document Workplace

9

Life Cycle ManagementLife Cycle Management

Scripted builds,server joinsdomain

SMS post-build updates

SMSinventories for configurationand compliance

SMS deploys security updates and other software updates

1. Deploy 2. Baseline 3. Inventory 4. Update

• Seven base client images• MUI for international languages• Group Policy for standard registry key changes and

security configurations

Image Management

• Bare metal—fully automated via RIS and PXE (Windows Deployment Services/RIS)

• Scripted automated build-outs of base operating system

• Product key management

Operating System Provisioning

• Security and emergency updates• Windows and Office using ITMU • ITCU for third party

Patch Management

• Package, test, and deploy security and software update packages

• Baseline packages (N, N+1)

SoftwareDistribution Server and Client

Software Life Cycle

10

Patching MethodologyPatching MethodologyServer and Client (Critical Updates)Server and Client (Critical Updates)

MM TT WW TT FF SS SS MM TT WW TT FF SS SS MM TT WW TT FF SS SS MM TT WW TT

Update available to server owners for testing and deployment

Update available to desktops via SMS, Windows Update, or Automatic Updates

Two week grace period Forced Remediation

Testing/Evaluation/Installation Forced Remediation

Des

kto

ps

S

erve

rs Servers 99.5% Updated

Desktops 98% Updated

Sustainer Remediation

Sustainer Remediation

Patch Released

11

Degrees of Client ManagementDegrees of Client Management

IPsec boundaryCreates Secure Net environment

Remote access clients/dial-up

Workgroups

Labs

All Devices ~330,000

Unique management challenges

Secure Net Devices

~270,000

Devices managed through SMS~265,000

~16,000 servers

IPsec

12

HighClient Impact

LowClient ImpactLowClient Impact

Microsoft Update; E-mail and ITWeb Notification (Optional)

SMS Patch Management (Voluntary > Forced)

SER Scanning and Scripted Patching

Port Shutdown

13

Multiple-Phased Approach to Client Multiple-Phased Approach to Client ManagementManagement

SMS ArchitecturesSMS Architectures

Systems Management ServerData Center Lab Desktop

Server Patch Management

Primary Sites

Primary Sites

Central Site Central Site

Primary SiteSingapore

Primary SiteDublin

Primary SitePuget Sound

Central Site

Redmond

Australia-Asia EMEA North America

Puget Sound

Distribution Points

Distribution Points

Distribution Points

14

SMS RedmondSMS Redmond

Management PointsSQL Replication

Distribution Points

Clients

Redmond Primary Site

NLB Cluster Random Selection

15

Configuration Management ModelConfiguration Management ModelSelf-Service

Portal

CMDBData Warehousing and Reporting

Integration Framework

Management Applications

Managed InfrastructureTelephony : Applications : Network :

Server/Operating System

Fault : Config : Accounting : PerformanceSecurity : Audit

Problem

Mgm

t

Incid

ent Mgm

t

Change Mgm

t

Data A

nalysis● Asset management and Asset management and reporting tightly linked to reporting tightly linked to support operationssupport operations

● Service management drives Service management drives end-to-end IT servicesend-to-end IT services

● Metadata: manually populatedMetadata: manually populated● Service > asset mappingService > asset mapping● Service scopingService scoping● Exception trackingException tracking

● Element managementElement management● ““One Tool to Rule All” does One Tool to Rule All” does

not existnot exist● Federated modelFederated model● IntegrationIntegration● Extensible modelingExtensible modeling

16

Configuration and Reporting

IT Services Catalog

SQL Server Report BuilderSQL Server Reporting Services

Views Scorecards Reports

Self-ServicePortal

Data Warehousing And Analysis Services

SCCM/MOM

ODS Offload

Other ODSIT Config

SQL Server Integration Services

SQL Server Integration Services

17

Enterprise Monitoring and ControlEnterprise Monitoring and Control

Console Ad Hoc

InternalNetwork

LabsExtranet MMS

Pre

sen

tati

on

L

ayer

Ale

rt S

trea

mS

ou

rce

Info

rmat

ion

Network

Self-Help Reporting

Alert StreamNotification Workflow

Systems Integration (Connectors)Ad-Hoc Gap AnalysisSelf-Help UIMultiple Console Views

Management Pack BaselineReduce No Problem Found/Duplicate ticketsEvent-to-Ticket RatioEvent Stream Cleanup

Environment ConsolidationOnboardingMOM V3 ArchitectureAudit Event Collection Network Management

18

Network

EMC Smarts

MOM Agents

IT ConfigCMDB

IntranetMOM 2005

Zone

MessagingMOM 2005

Zone

Business UnitApplication

Console

MOM 2005 Master

MOM 2005Applications MG

IntranetManagement Group

2,039 agents

IntranetManagement Group

2,060 agents

ExtranetManagement Group

1,988 agents

Service Desk

VM VM

VM

VM

VM

Centralized MonitoringConsole

ExtranetMOM 2005

Zone

VM

MOM 2005 Data Warehouse

MOM 2005 ArchitectureMOM 2005 ArchitectureReal-Time Monitoring Tools

19

MOM 2005 Architecture Drill-DownMOM 2005 Architecture Drill-Down

Production

Management Group

Pre-Production

Management Group

Production

Management Group

Infrastructure Monitoring Management Group

Application Monitoring

ManagementGroup

• Application

• SQL Server

• IIS

• Hardware

• Operating System

• Infrastructure servicesManaged Server

Multi-Homed Agents

20

SQL

ACS ArchitectureACS Architecture

Intranet Domain

Controllers

Intranet Exceptions

Extranet

CollectorsCollection Databases

Reporting Databases

Event Pattern Monitoring WMI

Subscriber

SQL

SQL

DTS

DTS

DTS

WMI

WMI

WMI

21

04/11/23 22

Network

EMC SMARTS

IT ConfigCMDB

IntranetOperations Manager

Server Zone

IntranetOperations Manager

Client Zone

Operations Manager

Service Desk

Operations Manager 2007Planned Architecture

VM

VM

VM

Centralized MonitoringConsole

ExtranetOperations Manager

Zone

VM

Operations ManagerData Warehouse

Audit CollectionDatabase

Audit CollectionDatabase

Audit CollectionDatabase

22

Manageability Best PracticesManageability Best Practices

Maintenance Windows

Security Update Status

Thresholds for Logical Drives

ExchangeExchange

Backup ServerBackup Server

Directory Directory ServicesServices

Local ServerLocal ServerInternet Internet ConnectionConnection

● Outsource to AutomationOutsource to Automation● Self-service manageability Self-service manageability

servicesservices● Single console for operationsSingle console for operations● Automated agent managementAutomated agent management● Automated ticketingAutomated ticketing● Drive down alerts/ticketsDrive down alerts/tickets● MOF processes drive servicesMOF processes drive services● Implement service catalog and Implement service catalog and

CMDBCMDB● Smart ConsolidationSmart Consolidation

● InfrastructureInfrastructure——ExchangeExchange● Internet connected offices (ICOs)Internet connected offices (ICOs)

——consider ICOs and modified consider ICOs and modified SLAsSLAs

● Use virtual servers (utility model)Use virtual servers (utility model)● Consider backup to diskConsider backup to disk

23

For More InformationFor More Information

● Additional content on Microsoft IT Additional content on Microsoft IT deployments and best practices can be deployments and best practices can be found on found on http://www.microsoft.comhttp://www.microsoft.com

● Microsoft TechNet Microsoft TechNet http://www.microsoft.com/technet/itshowcasehttp://www.microsoft.com/technet/itshowcase

● Microsoft Case Study ResourcesMicrosoft Case Study Resourceshttp://www.microsoft.com/resources/casestudieshttp://www.microsoft.com/resources/casestudies

This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS

SUMMARY. Microsoft, Active Directory, Outlook, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

26