mission critical solution implementer guide. agenda recap discussions to date next steps solution...

Mission Critical

Solution Implementer Guide

Agenda

Recap Discussions to Date

Next Steps

Solution Guidance

• Phase 1• Phase 2• Phase 3

Customize the Solution Requirements

Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities2. Position the Integrated Enterprise Platform

approach

Busin

ess

exec

utiv

es

1. Understand business needs and priorities2. Discuss range of potential solution

capabilities

ITex

ecut

ives

Arch

itect

s IT

pro/

dev

exec

utiv

es

Integrated Capability Analysis

Ensure target business capabilities cover process improvement prioritiesTranslate business capabilities into required infrastructure capabilitiesAssess current infrastructure maturityDetermine gaps to target integrated capabilitiesBuild a road map for integrating capabilities and implementing solutionsSpecify required platform architecture, technologies, and services Baseline the Microsoft platform road map

Business Driver Phase 1 Phase 2 Phase 3

IMPROVE BUSINESS EFFICIENCY WITHOUT ADDED COMPLEXITY

Improve workload management to support applications and services and provide maximum flexibility and scalability via quick and easy configuration of servers and rapid provisioning of applications and services with the ability to scale environments up and outBack up server data that supports critical services in accordance with standard IT practices and help ensure recovery from damaged or lost data, hardware failures, and disaster via identifying critical applications and services based on value of data, cost of outage, and other business-driven metrics and via optimized techniques to ensure successful backup of all critical servers, applications, and services according to outlined recovery goalsProvide the ability to scale environments up and out to meet performance objectives for applications, even under increasing loads via tools for performance monitoring, troubleshooting, and auto-tuning to manage and monitor performance of mission-critical applications and services

Help ensure business agility by enabling a dynamic IT infrastructure to support applications and services, balance loads, and maximize resource usage for improved flexibility, scalability, and reliability via virtualization to consolidate multiple, underused physical servers; reconfigure virtual machines; provide flexible resource control; enable quick migration; and make server, networking, and storage more efficientProvide support to accommodate planned downtime and reduce unplanned downtime without affecting availability of mission-critical applications via failover clustering and streamlined maintenance and disaster recovery options to eliminate single points of failureCentrally monitor and manage the operation of critical server infrastructure, end-user systems, and services to adhere to service-level agreements (SLAs) via remote management of servers through the command line, automated scripts, and remote management servicesProactively manage performance by identifying potential performance issues and monitoring service levels across applications and services via defined resource limits and priorities for workloads that support predictable performance across workloads

Help ensure a stable and controlled environment for business-critical applications to meet service levels and to remain flexible and scalable to support, manage, and secure applications that are increasingly critical to business goals via a dynamic, reliable, and scalable virtualization platform combined with a single set of integrated management tools to manage both physical and virtual resourcesProvide the ability to build, modify, and distribute scalable applications with minimal on-premises resources via cloud-based development, service hosting, and a service management environment that provides on-demand computing and storage to host, scale, and manage Web applications on the InternetHelp ensure continual backup and archiving of data to speed up recovery and to enable rapid restoration across data centers that are located at multiple sites to achieve the appropriate level of availability defined by SLAs via continual or near-continual data backup and archiving based on workload, including multiple recovery points for fast rollback and recovery of essential services and one-touch application restoration across geographies and multiple data centersProactively plan for performance optimization initiatives by monitoring the performance and utilization metrics of servers, databases, applications, and services across the organization via centralized storage of performance data from across the organization in a performance management data warehouse to help monitor key performance metrics, and via configuring customized alerts that display when metric thresholds are crossed

Support for Priority Business CapabilitiesNote to presenter: This is a template.Prune, add, and prioritize per BDM and TDM feedback.Ensure consistency with the “Business Priorities Guide” and the “Capability Discussion Guide”.


PROTECT BUSINESS ASSETS AND INTELLECTUAL PROPERTY

Help secure the IT infrastructure from attacks while preserving access to corporate resources, including applications and services via a secured environment through integrated identity and access management, policy validation, network restriction, and ongoing monitoring of network health that includes defense-in-depth policies across endpoints, servers, and the network

Provide more secure remote access to applications and services while enabling IT administrators to centrally manage network access and to control and monitor system health policies via enabling policy-based access and standardized security, management, and configuration controls; and centralized audits of system security for collecting, storing, and analyzing security event dataEnforce security measures and centrally monitor key security events to help identify and audit security breaches and compliance failures for all servers, applications, and services via reports and dashboards, flexible custom views, and configurable event logs to help IT investigate the causes of non-compliance and to take measures to establish appropriate policies, procedures, and controls

Help secure and manage users' internal and external access across systems, from virtually anywhere and any device across the organization via enforced security policies that provide robust protection and can flexibly support the connectivity needs of an increasing number of internal and external users, devices, system configurations, and network connection typesHelp ensure automatic identification of security and compliance threats and automated mitigation of all deviations from security policy via detailed configuration auditing and reporting, measurement of security metrics, and performance of event analysis and correlation in real timeProvide a versatile and interoperable platform to enable more secure access to applications across multiple systems, networks, and organizations in different trust realms via federated security that provides a more secure and scalable service architecture across organizational boundaries



ACHIEVE RAPID TIME-TO-MARKET FOR COMPETITIVE ADVANTAGE

Lower barriers to build composite applications, scalable and custom Web applications, and packaged line-of-business applications via an integrated and extensible application development environment that consistently supports various phases of the development cycle across diverse teams Provide the ability to extend and unlock the value in existing line-of-business systems and enable future updates and replacements of these systems with minimal impact to the applications that consume them via implementing a services layer on top of line-of-business systems to make these systems available to other systems, applications, and business processes

Provide integrated tools for developing mission-critical applications that target multiple devices including desktop systems, hand-held devices, smart phones, Web, and mobile devices via next-generation tools that support development of applications across a variety of devices, application types, and programming tasks and include the highest quality user experienceAggregate individual services into composite services to provide a range of new capabilities focused on building robust, connected, mission-critical applications via an enterprise service bus that supports messaging patterns that enable dynamic service aggregation, message routing, validation, transformation, exception management, and fault toleranceProvide the ability to form composite services from collections of individual services to help accelerate adoption, management, and reuse of services across the organization via implementing an enterprise-wide service catalog that has a well-defined, coarse-grained, business centric, and reusable shared services architecture that includes more secure accessProvide the ability to transfer or convert legacy applications and data from less cost-effective systems to systems based on Microsoft Windows via an integrated, robust, and extensible solution that includes consistent servers, clients, applications, and database managementProvide a full range of supported and fully integrated cross-platform network services to support interoperability while extending UNIX-based applications to Windows systems via enabling seamless access to information that is stored on multiple platforms, consolidating network management across platforms, integrating custom and legacy UNIX-based applications, and providing the ability to reuse UNIX applications and scripts in WindowsProvide the ability to integrate data from diverse sources that include legacy systems, and help present the data in a consistent way throughout the organization via enterprise-class data integration solutions to extract, transform, and load data from a wide array of data sources and the ability to share, secure, and manage interactive reports

Enable organizations to rapidly create more secure, manageable, and reliable mission-critical applications that include integrated workflows that better align with business processes and have enterprise-wide strategic impact via powerful and robust development tools that provide security advancements, management tools, and enhancements to build, test, and deploy highly reliable and secure mission-critical applications that include complex workflowsProvide a consistent development and management experience across customer Odyssey7*premises and cloud environments via a reliable, secure, and trustworthy platform that enables on-premises and off-premises applications to work togetherAggregate business services into a set of dynamic, mission-critical business applications that extend beyond the firewall or organizational boundaries and enable proactive management of SLAs via adopting a standards-based, interoperable, reliable platform to help effectively manage heterogeneous systems by using dynamic versioning, control, updates, redeployments, and workload adaptabilityDeploy a systematic and secure solution in the cloud that integrates with existing on-premises assets via a cloud-based solution that supports creating, prototyping, and deploying applications and integrates with the existing on-premises environment



Next Steps

Solution Guidance



Agenda

Sophistication of the Solution

Phase 1Provides basic support for the most critical elements of the business driver

Phase 2Provides adequate, typical support for critical and priority elements of the business driver

Phase 3Provides thorough, streamlined support for the business driver that enables differentiated levels of performance

PROTECT BUSINESS ASSETS AND

INTELLECTUAL PROPERTY

ACHIEVE RAPID TIME-TO-MARKET FOR COMPETITIVE ADVANTAGE

IMPROVE BUSINESS EFFICIENCY WITHOUT ADDED COMPLEXITY

Solution GuidanceCONCEPTUAL

ARCHITECTUREMAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURECONCEPTUAL

ARCHITECTURE

MAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURE

Phase DefinitionFor each business driver, list the business challenges, solution features, and business benefits for this solution phase. Use this information and the “Support for Priority Business Capabilities” slides to structure the conversation with IT professional(s) for capturing, refining, and baselining business problems and solution functionality priorities.MappingThe Optimization mapping indicates the maturity level required for each capability of the solution to fully support the features specified in this solution phase. Use the mapping as a starting point to determine appropriate maturity levels for the solution. After mapping the solution, assess the gap between the current and desired infrastructure to:• Understand the scope and sequencing of work required• Organize a deployment road mapTechnologiesUse the results of the Optimization mapping to determine the technologies required for the features and supporting capabilities specified in this solution phase.

Conceptual ArchitectureUse this high-level, use case diagram to provide the “black box” definition of this solution phase. Customize to your solution definition during the integrated capability analysis.

Logical ArchitectureUse this logical, component-level architecture view to show all software components and how they interact to support this solution phase. Tailor to fit your particular solution definition during the integrated capability analysis. Note: Physical architecture is covered in the Architecture Guide also used during the integrated capability analysis.

Agenda


Next Steps

Solution Guidance



Phase 1 CONCEPTUAL ARCHITECTURETECHNOLOGIES

LOGICAL ARCHITECTURE

MAPPING

PHASE DEFINITION

Business Driver Needs Business CapabilitiesIMPROVE

BUSINESS EFFICIENCY

WITHOUT ADDED COMPLEXITY

Allow for increased business agility in an environment that supports mission-critical work to ensure scalable, reliable, and flexible applications and servicesEnsure business continuity in a centrally managed and continually available environment that supports mission-critical workProvide continual performance of applications and services to ensure responsiveness to business needs

Improve workload management to support applications and services and provide maximum flexibility and scalabilityBack up server data that supports critical services in accordance with standard IT practices and help ensure recovery from damaged or lost data, hardware failures, and disasterProvide the ability to scale environments up and out to meet performance objectives for applications, even under increasing loads

PROTECT BUSINESS ASSETS

AND INTELLECTUAL

PROPERTY

Provide more secure access to applications from virtually any location and satisfy internal and external compliance requirements

Help secure the IT infrastructure from attacks while preserving access to corporate resources, including applications and services

ACHIEVE RAPID TIME-TO-MARKET

FOR COMPETITIVE ADVANTAGE

Respond to business changes rapidly by enabling faster development of innovative custom or packaged business applicationsMaximize existing investments by providing flexible connections among existing systems and supporting cross-platform applications

Lower barriers to build composite applications, scalable and custom Web applications, and packaged line-of-business applicationsProvide the ability to extend and unlock the value in existing line-of-business systems and enable future updates and replacements of these systems with minimal impact to the applications that consume them

B S R D

Datacenter Mgt and

Virtualization

Data Center Mgt & Virtualization

A defined software library exists. Automated build with defined deployment and provisioning processes. Deployment and management of software updates are tool based. Capacity management processes are manual and reactive, resource utilization and capacity are monitored periodically. The organization actively uses virtualization to consolidate resources for production workloads. Some Production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. IT services are audited for compliance based on documented company and industry-standard policies (HIPAA, SOX, and PCI); reports are generated monthly. Services are available during server failure (e.g. server clustering, hot spares, and/or virtualization recovery solution).

Server Security

Malware protection is centrally managed across server operating systems within organizations, including host firewall, host IPS/vulnerability shielding, and quarantine, with defined SLAs. Protection is deployed and centrally managed for all applications and services. Integrated perimeter firewall, IPS, Web security, gateway anti-virus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across datacenter, application, organization, and cloud boundaries.

NetworkingRedundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and with support for auto configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. Wide area network traffic health and performance are monitored and reported. IPv4 for main transport services, using IPv6 for some transport services (eg. to achieve larger address range).

StorageIf a single disk or system component fails, no data is lost but data availability may be interrupted. Storage is managed and allocated on highly available servers using virtual disks or dynamic disk volumes. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization

The majority of the installed client base has a minimum of one year of mainstream support remaining. Some applications are virtualized, but most are installed as packages or are included in the standard image. A solution is in place to configure and update devices. Mobile devices are managed by security policy provisioning (such as personal identification numbers) and remote wipe.

Device Security Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.

Identity & Security Services

Identity & Access

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods, and machines; access control is role-based. Password policies are set within a directory service to enable single sign on across boundaries for most applications. Password resets through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control

Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as documents and e-mail); policy templates are used to standardize rights and control access to information. Reporting is predefined for select server and back-office waypoints.

IT Process & Compliance

IT service portfolio aligns with individual business units; the IT service costs, returns, capacity, availability, continuity, and integrity are reported. IT policies are documented for each IT service. Each IT service has a formal definition of reliability. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Each IT service has its own change and configuration management process; standard changes are identified for each IT service. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service. Self service objectives and/or agreement exists, IT Service request process exists, fulfillment is manual. Defined orchestration with scripted processes to support manual execution.

Phase 1: Core IO MAPPINGCONCEPTUAL

ARCHITECTURETECHNOLOGIESLOGICAL

ARCHITECTUREPHASE

DEFINITION

B S R D

Collaboration

Workspaces Workspaces are managed at the departmental level and are available from individual productivity applications.

Portals Multiple portals exist; directory services, authentication, and authorization are not uniform across portals, requiring users to sign in multiple times; user management methods are redundant.

Social Computing

Project Mgt

Information access

Interactive experience and navigation

Messaging Secure, remote, online and offline access to rich mailbox and calendar functionality exists inside and outside the firewall. IT manages mailbox provisioning by using a single directory.

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring

Multi-Device Support

Interoperability

User Accessibility

Phase 1: BPIO MAPPINGCONCEPTUAL


ARCHITECTUREPHASE

DEFINITION

B S R D

BI and Analytics Platform

Business Intelligence

IT provides access for users to sanctioned data sources as database connections, data feeds, or static data dumps, upon which users can easily perform ad-hoc queries and data analysis using Excel or other analysis tools. Users can share their analyses via a BI portal. Users may have access to more advanced self-service analytics tools to perform data mining or predictive analysis without dependence on IT or a Data Analyst. Some level of automation is in place to render data pulled from enterprise systems on dashboards, but is used for only strategic or high profile projects. Dashboards have integrated interfaces to allow users to roll-up and drill-down on live data.

Data Warehouse ManagementBig DataInformation Services and Marketplaces

Database and LOB Platform

Transaction Processing

Data Management

Key high-value data has associated formal data management policies and processes. Data governance may be recognized on a siloed basis, but not as a corporate discipline. Data and asset inventories and dependency relationships are manually documented periodically. Access policies for data and objects in databases are defined but not centralized, and do not reference data classifications. Administrative tasks are still performed using an over-privileged account. Security management is performed on a server-by-server basis. Systems are in place for retention backup. Organizational/departmental policies exist for how long items are stored and what is stored.

Application Infrastructure

Application messaging services used by development are aligned with standard application operating environments. Development and operations teams have the skills required to effectively and consistently make use of these technologies. Limited application component and service reuse strategies exist at the departmental or project level. Orchestration and workflow between applications is typically implemented via custom integrations. Applications are beginning to adopt web services or other standards implemented in operating environments to allow application components and common application services to interoperate as needed. Common application services and middleware component frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Limited application component and service reuse strategies exist at the departmental or project level. Common application services and runtime application frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Operations is beginning to rationalize to the standard common services and consolidate runtime platforms. Deploying applications is complex and process varies by application. Monitoring of applications uses IT infrastructure components and tools to monitor business process steps, workflow instances, health of applications and services, and the entire process at a summary level. The organization leverages application servers, and developers write very little system and management code. Management tools consist of utilizing included management software more fully. Built-in diagnostics exist for domain connectivity, services health, firewall settings, network connectivity, and for SOA runtime infrastructure.

Custom Developme

nt

Internet Applications User experience is considered as an afterthought, if at all during site development. Basic integration of rich technology (Silverlight, Flash, Java, etc.) exists, but is inconsistent throughout the site, and is generally used to provide islands of richness.

Component and Service Composition

Some use of reusable assets is supported by high-value services, components, and modules. Composition by IT departments requires advanced coding skills. Use of composition frameworks and tools happens on a project-by-project basis. SOA and portal components are not coordinated. Central IT provides managed and secure data services to some of the most commonly needed enterprise entities and provides business units with standard services to some key enterprise systems and for some standard needs like reporting and dashboards. LOB applications expose pre-built web parts that integrate with the company portal and are easily used by users. Developers are beginning to create components and services for the designated portal platform, though the efforts are exploratory in nature or focused on individual projects. The composite application portal has basic integration with existing business productivity desktop and enterprise applications (such as desktop applications and email). No discoverability of services is in place. Application models are highly descriptive of the application components and dependencies. Manual checks against the application map are in place to avoid impacts on services by component changes. Components and low-level services are documented manually, though the culture of management of those components has not been pervasive across the organization.

Enterprise Integration Reusable integration components are developed for custom development on an ad hoc basis. Project management is centralized for application integrations.

Development Platform

The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization. Application customization is performed through customization support offered by the application, on an isolated project basis with no standard approaches or consideration for future maintenance or integration.

Application Lifecycle Management

Work-breakdown structures map estimated work to business value. Rudimentary metrics are used to manage project progress. Project managers aggregate data from standard status updates. Effective change management processes are in place. Testing has test harnesses and some automation, formal unit testing with good code coverage, and defined test strategy and processes. Explicit use of code quality tools typically occurs at the end of the development cycle. An explicit version control and software configuration management strategy exists. Builds are automated. Some branching and merging occurs. Continuous integration or nightly builds are supported for most applications. Labs for testing and development have environment specifications that are defined and tested with environment build procedures and application build deployment procedures. Processes are defined for debugging production defects and incidents, with a standard set of defect artifacts.

Phase 1: APO MAPPINGCONCEPTUAL


ARCHITECTUREPHASE

DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008/2008 R2; Hyper-V Server 2008/2008 R2 (Server Consolidation); Hyper-V Server 2008/2008 R2 Standard; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010/2012; Opalis; Security Compliance Management Toolkit; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Automated Installation Kit; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing, Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2008 R2 Standard/Enterprise (Hyper-V); Windows Server 2012; Windows Server Update Services 2.0/3.0

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy, and Access Services); Windows Server 2012

Networking Microsoft Network Monitor 3.3/3.4; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server, Dynamic Host Configuration Protocol server, Policy-based Quality of Service); Windows Server 2012

StorageMicrosoft Online Backup Service; System Center 2012 Data Protection Manager; System Center Data Protection Manager 2010; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Backup and recovery, Hardware RAID, Software RAID); Windows Server 2012 (Backup/Recovery, Hyper-V Replica, Hardware RAID, Storage Spaces, Virtual Disks); Windows Storage Server 2008; Windows Storage Server 2008 (Backup and recovery, RAID); Windows Storage Server 2008 R2; Windows Storage Server 2008 R2 (Backup and recovery, RAID)

Device Deploymen

t and

Management


Exchange Server 2007/2010; Microsoft Desktop Optimization Pack 2011/2011 R2 (Application Virtualization); System Center 2012 Configuration Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; Windows 7/ 8; Windows Azure; Windows Server 2008 R2 (Remote Desktop Services); Windows Server 2012 (Remote Desktop Services)

Device Security Forefront Endpoint Protection 2010; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Server 2008 R2; Windows Server 2012

Identity & Security

Services

Identity & Access Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2012


Forefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; SQL Server 2008 R2; SQL Server 2012; Windows Azure; Windows Server 2008 R2; Windows Server 2012


Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008/2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Opalis; PowerShell 2.0; Project Server 2010; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012

Phase 1: Core IO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL


DEFINITION TECHNOLOGIES

B S R D

Collaboration

Workspaces Office 2007 (client integration with SharePoint); Office 2010 (client integration with SharePoint); Office SharePoint Server 2007 (document workspaces); SharePoint Online (document workspaces, client integration); SharePoint Online P1/P2; SharePoint Server 2010 (document workspaces)

Portals Office SharePoint Server 2007 (Active Directory Domain Services integration with SharePoint); SharePoint Online P1/P2; SharePoint Server 2010 (Active Directory Domain Services integration with SharePoint)

Social Computing

Project Mgt

Information access


Messaging Exchange Server 2007/2010; Office Outlook 2007; Outlook 2010; Outlook Web App 2007/2010

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 1: BPIO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL



B S R D


Business Intelligence Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PowerPivot; Report Builder; SharePoint 2010 Standard; SharePoint Foundation 2010; SQL Server 2008 R2; SQL Server 2012; Visio 2007; Visio 2010

Data Warehouse Management

Big Data

Information Services and Marketplaces



Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2005; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6/7/8; Office Professional 2010 (Excel 2010, Outlook 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008/2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt

Internet Applications .Net Framework; Internet Information Services (IIS) 6/7; Silverlight; Visual Studio 2008/2010


BizTalk Server 2006 R2; BizTalk Server 2006 R2 (Adapters); BizTalk Server 2009; BizTalk Server 2009 (Adapters); BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2/2012; System Center 2007; System Center 2012; Visual Studio 2008/2010; Windows Server AppFabric

Enterprise Integration BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office SharePoint Server 2007; SharePoint 2010


Office Professional 2010; SQL Server 2008 R2; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional; Visual Studio Team Foundation Server 2010; Windows SDK


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Premium; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010

Phase 1: APO TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREPhase 1

MAPPING TECHNOLOGIESLOGICAL

ARCHITECTUREPHASE

DEFINITIONCONCEPTUAL

ARCHITECTURE

Phase 1 LOGICAL ARCHITECTURE

CONCEPTUAL ARCHITECTURETECHNOLOGIES

MAPPING

PHASE DEFINITION


Agenda


Next Steps

Solution Guidance




BUSINESS EFFICIENCY



Help ensure business agility by enabling a dynamic IT infrastructure to support applications and services, balance loads, and maximize resource usage for improved flexibility, scalability, and reliabilityProvide support to accommodate planned downtime and reduce unplanned downtime without affecting availability of mission-critical applicationsCentrally monitor and manage the operation of critical server infrastructure, end-user systems, and services to adhere to service-level agreements (SLAs)Proactively manage performance by identifying potential performance issues and monitoring service levels across applications and services


AND INTELLECTUAL

PROPERTY


Provide more secure remote access to applications and services while enabling IT administrators to centrally manage network access and to control and monitor system health policiesEnforce security measures and centrally monitor key security events to help identify and audit security breaches and compliance failures for all servers, applications, and services




Provide integrated tools for developing mission-critical applications that target multiple devices including desktop systems, hand-held devices, smart phones, Web, and mobile devicesAggregate individual services into composite services to provide a range of new capabilities focused on building robust, connected, mission-critical applicationsProvide the ability to form composite services from collections of individual services to help accelerate adoption, management, and reuse of services across the organizationProvide the ability to transfer or convert legacy applications and data from less cost-effective systems to systems based on Microsoft WindowsProvide a full range of supported and fully integrated cross-platform network services to support interoperability while extending UNIX-based applications to Windows systemsProvide the ability to integrate data from diverse sources that include legacy systems, and help present the data in a consistent way throughout the organization


LOGICAL ARCHITECTUREMAPPING

PHASE DEFINITIONPhase 2

Phase 2: Core IO MAPPING



PHASE DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Software and configuration library is maintained at current update levels with version control and auditing on demand. Automated build and deployment with consistent provisioning processes integrated with software and configuration library that includes virtual images; on demand reporting; self service portal for IT or end users to deploy. Software update management and auditing are policy-driven and monitored, including automated vulnerability detection. Isolation and remediation of vulnerable and non-compliant systems are automated. Service capacity and resource utilization are monitored continuously; analysis tools are used to predict the impact of proposed changes (software, hardware, usage, and topology); Workloads can be relocated manually. Chargeback is consumption based. The organization has a consolidated view and a consolidated management process across heterogeneous virtual environments, including branch offices. Majority of production server resources are virtualized. Resource pooling implementation supports compliance and cost management strategies, such as Auditing and Reporting, Policy Management, Metered Usage, Multi-Tenancy and Process Automation. Performance monitoring of applications as well as physical and virtual hardware pools with enforceable SLAs; Service health monitoring with consistent reporting across heterogeneous environments. Policy enforcement occurs in near real time based on company and industry-standard polices that allow for immediate quarantine of non-compliant systems, and consistent compliance reporting and standards exist across all IT services. There are multiple levels of service availability clustering or load balancing. Virtualization and management is used to dynamically move applications and services when issues arise with datacenter compute, storage and network resources.

Server Security Remote access is secure, standardized, and available to end users across the organization.

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Wide area network traffic health and performance is monitored and reported centrally, providing real time visibility with integration into service management tools. Using IPv6 with IPSec for secure private communication over public network.

StorageIf a storage node fails, data access transparently fails over with no interruption in availability. Storage is managed and allocated dynamically from a highly available pool of physical space based on capacity required, and within limits set by policy quotas. Critical data is backed up by taking snapshots using a centralized, application-aware system.

Device Deploymen

t and

Management


The majority of the installed client base has a combination of current and recently released operating systems. Applications are distributed on demand for the majority of traditional desktop environments and productivity applications. A solution is in place to automatically identify devices to deploy, configure, and update while maintaining device security. Mobile devices are managed by enforceable application and hardware policies (such as device encryption and hardware access).

Device Security Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.


Identity & Access

Provisioning and de-provisioning of user and super-user accounts, certificates, and/or multi-factor authentication is automated. Federation exists for selected applications. For consumer facing applications, federating with public providers (such as Facebook). Multi-factor and certificate-based authentication are applied in some scenarios, such as remote access across boundaries (such as On Prem and Cloud). Self service password resets supported. A centralized, group/role based access policy is defined for business resources, applications, and information resources, managed through industry accepted processes. A scalable directory that is integrated and automatically synchronizes with all remaining directories across multiple geographies and isolated domains for all applications with connectivity to cloud when applicable.


Persistent information protection helps to enforce policy on sensitive data across boundaries, including data on mobile devices. Reporting for server, back-office, and end-user waypoints; analysis capabilities exist to provide investigation of critical incidents.


The IT service portfolio is aligned with the organization; management regularly reviews how the service portfolio and strategy align, and reports costs and returns across IT services. IT policies are integrated across all IT services, enabling or restricting use of resources as appropriate. Definitions of reliability for IT services are integrated across IT services and enforceable. IT service issues and design changes are tracked by using formal processes; testing is automated where possible. IT service release processes are uniform across IT services; deployment is automated and offers self service where possible; management reviews each service for readiness to release before deployment. Service-level and operational-level agreements are integrated for IT services; management reviews operational health regularly; some tasks are automated. Monitoring and flexible, tenant/service reporting are aggregated across individual areas for protection against malware, protection of information, and identity and access technologies. The change and configuration management process is integrated across IT services; standard changes are identified across IT services and automated with self service where possible. Risk and vulnerability analysis is integrated across all IT services; IT compliance objectives and activities are integrated across IT services and automated where possible; management regularly audits to review policy and compliance. A self service catalog is defined with SLAs/SLOs and consumed via a self service portal supported by some automated fulfillment. Comprehensive service life cycle orchestration that is automated for some workloads.

B S R D

Collaboration


Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Information access



Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 2: BPIO MAPPING



PHASE DEFINITION

B S R D


Business IntelligenceDashboards are consistently used to provide operational and strategic views of the business from real time or periodically refreshed data. BI portal experience has rich visualizations, dashboards and scorecards with full data interactivity (slicing, filtering, etc.) consistent with self service reporting and analysis tools. Users have the ability to create unique personal and/or shared views of data that are actually combinations of multiple views (i.e. mashups).


Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.


A common application messaging services infrastructure is in place and well managed for larger mission-critical applications. Standard service-based application architectures are being rationalized and implemented with appropriate governance. Applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. Applications use web services to communicate across application boundaries. Processes and infrastructure for managing service endpoints, service discovery, and routing of application messages is in place. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems. Components and services are explicitly tagged for reuse. A range of application services and infrastructure is provided across operating environments with central governance. A central engineering practices group co-sponsored by development and operations has formed and is providing valuable guidance to application development teams. Application developers consistently build applications using these application frameworks, so hosting, application services requirements, and management are predictable. Operating systems provide support for multiple application frameworks. Applications' deployment standards are consistently followed. A consistent platform for running and managing applications is implemented, and applications are designed with consistent approaches to health monitoring. Operations proactively monitors applications and back-end services using a shared thresholds/alerting infrastructure, and a centralized management tool and/or self-service interface is used to manage applications, services, and physical and virtual assets. Application and service monitoring data may be rendered on process performance dashboards.

Custom Developme

nt

Internet ApplicationsUser experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation). Pages are dynamic and database-driven, and may use some templates for replication of content across them. Custom coding is needed to work on different browsers.


Developers have tools that allow them to automate the creation of components usable by end users out of low-level services, and to publish them to the central repository and obtain basic metrics of usage. Tooling for solution assembly is simplified. A single platform is designated for portal infrastructure. Point solutions enable simple UI customization by end users. Business units are beginning to implement programs to migrate many of their solutions to the new standard platform. Tooling is difficult, as different stakeholders (analysts, developers, end users, etc.) have allegiance to their tools and the tools do not integrate well. Some independent end-user composition happens as a result of the portal deployment. Along with IT, business units are becoming suppliers of reusable assets and realize that they can empower their users by connecting services and experience, building upon the assets that the central IT team provides and by creating their own. Creation of LOB extension applications can be accomplished without a lot of custom code and through the assembly of existing components. There is a designated tool for the creation of composite LOB extension in addition to the integration with advanced developer tools. However, other tools continue to exist for different functional purposes like workflow, UI creation, etc. Business productivity and collaboration applications, features, and infrastructure can be easily leveraged as components to integrate powerful and familiar capabilities into the context of a composite application interface. The organization overall realizes that services and UI needs to blend, start rationalizing which UI standard they will be driving to, and move to a point where every service has a “face” that is consumable for composing new applications. End users can share their created solutions back to the repository. Mechanisms exist to allow for ranking and rating of solutions and components. A managed central repository of all configuration items, assets, and systems provides dependency maps, reporting, and metrics for development and operations teams across the organization to manage integrations, performance, and scale.

Enterprise IntegrationUse of standardized processes for data integration is at the project level and technologies are used to improve back-end integration. The business leverages an integration broker running on-premises to connect to cloud applications using adapters. Application integrations leverage standard application messaging protocols and infrastructure to connect various applications running on-premises and in the cloud, connecting mission-critical data and transactions across enterprise applications. Centralized data integration strategies and tools are used across the enterprise.


Developed applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. A repeatable release process is in place with integrated configuration management, work item tracking, and automated builds with BVTs. A defined code promotion strategy that minimizes disruptions is followed and a gated check-in protects key code lines. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.

Phase 2: APO MAPPING



PHASE DEFINITION

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008/2008 R2; Hyper-V Server 2008/2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008/2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010/2012; Opalis; Security Compliance Management Toolkit; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing, Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2012

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Virtual Private Network); Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking, Virtual Private Network); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 Enterprise (Network Policy and Access Services, Windows Firewall); Windows Server 2012

NetworkingForefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server, Dynamic Host Configuration Protocol server, Policy-based Quality of Service); Windows Server 2012

Storage

Microsoft Online Backup Service; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Server 2008 R2 (Backup and recovery); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (Failover Clustering); Windows Server 2012 (Backup/Recovery, Hyper-V Replica, Cluster, Storage Spaces); Windows Storage Server 2008 (Backup and recovery); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 Enterprise (Failover Clustering); Windows Storage Server 2008 R2 (Backup and recovery); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 Enterprise (Failover Clustering)

Device Deploymen

t and

Management


Application Virtualization 4.5/4.6; Exchange Server 2007/2010; Microsoft Desktop Optimization Pack 2011/2011 R2 (Application Virtualization); Microsoft Enterprise Desktop Virtualization; System Center 2012 Configuration Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; Virtual Desktop Infrastructure Suite; Windows 7/8; Windows Server 2008 R2 (Remote Desktop Services); Windows Server 2012 (Remote Desktop Services)

Device SecurityForefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010 (Network Inspection System); Internet Security and Acceleration Server 2006; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Server 2008 R2 (Network Access Protection); Windows Server 2012


Identity & AccessForefront Identity Manager 2010 (Credential Management, Policy Management, User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008/2008 R2 (Read-Only Domain Controller); Windows 7/8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise/Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Standard (Active Directory Lightweight Directory Services, WS-Federation, WS-Trust); Windows Server 2012


Forefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; SQL Server 2008 R2/2012; System Center 2012 Operations Manager; System Center Operations Manager 2007 R2; Windows Azure; Windows Server 2008 R2 (Active Directory Rights Management Services); Windows Server 2012


Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008/2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Opalis; PowerShell 2.0; Project Server 2010; SharePoint 2010; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007/2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL



B S R D

Collaboration

Workspaces Office 2007 (client integration with SharePoint); Office 2010 (client integration with SharePoint); Office SharePoint Server 2007 (document workspaces); SharePoint Online (document workspaces, client integration); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (document workspaces)

PortalsOffice SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Online (site manager); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)

Social Computing

Project Mgt

Information access


Messaging Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Web App 2007; Outlook Web App 2010

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL



B S R D


Business IntelligenceOffice Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SharePoint Foundation 2010; SharePoint Online (Insights, Excel Services, Visio Services); SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010

Data Warehouse Management .

Big Data




Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt

Internet Applications.Net Framework; Expression Studio 3; Expression Studio 4; Expression Web 4; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office SharePoint Server 2007; SharePoint 2010; Silverlight; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Premium; Visual Studio 2010 Professional


BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Windows Server AppFabric

Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional


SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows SDK


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010


ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREMAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION

LOGICAL ARCHITECTUREPhase 2

Agenda


Next Steps

Solution Guidance





MAPPING

PHASE DEFINITIONPhase 3


BUSINESS EFFICIENCY



Help ensure a stable and controlled environment for business-critical applications to meet service levels and to remain flexible and scalable to support, manage, and secure applications that are increasingly critical to business goalsProvide the ability to build, modify, and distribute scalable applications with minimal on-premises resourcesHelp ensure continual backup and archiving of data to speed up recovery and to enable rapid restoration across data centers that are located at multiple sites to achieve the appropriate level of availability defined by SLAsProactively plan for performance optimization initiatives by monitoring the performance and utilization metrics of servers, databases, applications, and services across the organization


AND INTELLECTUAL

PROPERTY


Help secure and manage users' internal and external access across systems, from virtually anywhere and any device across the organizationHelp ensure automatic identification of security and compliance threats and automated mitigation of all deviations from security policyProvide a versatile and interoperable platform to enable more secure access to applications across multiple systems, networks, and organizations in different trust realms




Enable organizations to rapidly create more secure, manageable, and reliable mission-critical applications that include integrated workflows that better align with business processes and have enterprise-wide strategic impactProvide a consistent development and management experience across customer premises and cloud environmentsAggregate business services into a set of dynamic, mission-critical business applications that extend beyond the firewall or organizational boundaries and enable proactive management of SLAsDeploy a systematic and secure solution in the cloud that integrates with existing on-premises assets

B S R D

Datacenter Mgt and

Virtualization


Automated build, deployment and provisioning processes with orchestration to configure new instances of services based on a template that can be composed of multiple virtual images; real time reporting. Resource provisioning and deprovisioning occurs dynamically and is elastic. Workloads are relocated dynamically. The organization uses virtualization to manage resource allocation dynamically for running workloads and services including moving workloads from server to server based on resource needs or business rules. Service performance monitoring with automated remediation and centralized view across all SLAs; consolidated view across all management tools. Real-time policy enforcement and reporting are based on company and industry-standard polices with automated non-compliance resolution for all IT services. Services are available during complete site outage (via geo-clustering and automated management).

Server Security Network security is automated and proactive, with centralized alerting and reporting to meet network protection service-level agreements. Secure remote access is integrated with quarantine for compliance with corporate policy.

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Wide area network traffic health and performance is monitored and reported centrally, providing real time visibility with integration into service management tools. Using IPv6 with IPSec for secure private communication over public network.

Storage

Critical data can be replicated with failover between geographical or virtual locations or services to provide business continuity in the event of a site failure. Critical data across the enterprise is protected continuously by replicating it at a separate location or by using a cloud-based service; data backups can be recovered by using a self-service recovery process. Data archiving is managed based on storage location by using automated compliance and retention policies such as rights management, read-only storage, and file expiration; Archiving capacity is elastic across boundaries with automatic capacity expansion within limits set by business policy.

Device Deploymen

t and Manageme

nt


There is an automated solution for federated management of all devices. Mobile devices are managed and integrated with core infrastructure services for policy configuration and enforcement including multi-factor authentication.

Device Security Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.


Identity & Access Centralized IT offering of Federation services. Multiple Federation and trust relations between separate organizations 1 to 1 relationship.

Information Protection & Control Persistent information protection is automatically identified and encrypted according to policy across environment and devices


Definitions of reliability for IT services have formal, predictive models. Reporting on service-level and operational-level agreements occurs in real time across the organization; IT services are provisioned dynamically to provide the required levels of reliability and scalability; all tasks that can be automated are automated. Monitoring, reporting, and auditing are automated with event correlation, notification of incidents that matter, and remediation for protection against malware, protection of information, and identity and access technologies. Risks and vulnerabilities are analyzed across all IT services against developed models; compliance objectives and activities are automated, and then updated automatically based on changes to IT policies.

Phase 3: Core IO MAPPING



PHASE DEFINITION

B S R D

Collaboration


Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Information access



Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

Phase 3: BPIO MAPPING



PHASE DEFINITION

Phase 3: APO MAPPING



PHASE DEFINITION

B S R D


Business IntelligenceData Analysts use powerful data management workbench with integrated access to tools for data preparation, cleansing, multi-variate analysis, and a sophisticated set of data mining algorithms with extensibility and tuning options. Data Analysts can easily publish their findings and data sets for access by business users.


EDW is refreshed on a near real-time basis so that information is readily available to mission-critical applications, analytics, and reporting systems. A high degree of concurrency exists, with many users running complex queries and interacting with complex analytics tools simultaneously with data loading. Management and maintenance of storage, hardware, and supporting software is manual and ad hoc.

Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.


Use of standard application services supported by the operating application infrastructure environment is maximized. Engineering of infrastructure, shared application services, and application frameworks is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Many application characteristics can be modified by changing application configuration instead of code. Deployment of applications is simplified, consistent, and supported by automation. On-demand capabilities exist to add/change/remove application components without risk of downtime. Application blueprints do not have physical dependencies. Application and cross-application end-to-end process health management is proactive, with sophisticated SLAs and alerting structures in place.

Custom Developme

nt

Internet ApplicationsUser experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation). Pages are dynamic and database-driven, and may use some templates for replication of content across them. Custom coding is needed to work on different browsers.


User solutions can be promoted to IT-managed services. Policies and support exist to manage the data from these solutions in a safe and secure manner. Central IT can easily discover, monitor, and analyze business unit solutions for compliance. IT can easily leverage the dependency web to analyze relationships with business and technical assets to minimize service disruptions. IT measures usage and dependencies, and can invest in innovations based on usage. User experiences for composed applications are delivered through multiple channels (web, desktop, and mobile) systematically.

Enterprise Integration Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities.


Use of standard application services supported by the operating application infrastructure environment is maximized. Architectural layering is enforced as part of code delivery and build automation. Engineering of infrastructure and central application services is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Development work management tools are integrated with operations incident management systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. A repeatable release process is in place with integrated configuration management, work item tracking, and automated builds with BVTs. A defined code promotion strategy that minimizes disruptions is followed and a gated check-in protects key code lines. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.

B S R D

Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008/2008 R2; Hyper-V Server 2008/2008 R2 (Live Migration, Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008/2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010/2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center 2012 Virtual Machine Manager + Concero Project; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self-Service Portal 2.0; Windows Azure; Windows Azure Platform (Developer portal); Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing, Multi-Site Clustering, Windows Deployment Services); Windows Server 2008 R2 Enterprise/Datacenter; Windows Server 2008 R2 Enterprise/Datacenter (Hyper-V); Windows Server 2012).

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Virtual Private Network, Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Forefront Unified Access Gateway 2010 (Endpoint access controls); Intelligent Application Gateway 2007; Intelligent Application Gateway 2007 (Endpoint and Access Security); Internet Security and Acceleration Server 2006 (Multi-Networking, Virtual Private Network); Opalis; System Center 2012 Endpoint Protection; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center Service Manager 2010; Windows Server 2008 R2 Enterprise (Network Policy and Access Services, Windows Firewall); Windows Server 2012

NetworkingForefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server, Dynamic Host Configuration Protocol server, Policy-based Quality of Service); Windows Server 2012

Storage

System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Azure Platform; Windows Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (Failover Clustering) + third party host/storage replication; Windows Server 2012 (File Classification Infrastructure, Hyper-V Replica, Storage Spaces); Windows Storage Server 2008 (Windows Rights Management Services); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 + third party host/storage replication; Windows Storage Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 + third party host/storage replication

Device Deploymen

t and Manageme

nt


Application Virtualization 4.5/4.6; Exchange Server 2007/2010; Microsoft Desktop Optimization Pack 2011/2011 R2 (Application Virtualization); Microsoft Enterprise Desktop Virtualization; System Center 2012 Configuration Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; Virtual Desktop Infrastructure Suite; Windows 7/8; Windows Server 2008 R2/2012 (Remote Desktop Services)

Device SecurityForefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010 (Network Inspection System); Internet Security and Acceleration Server 2006; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Server 2008 R2 (Network Access Protection); Windows Server 2012


Identity & AccessForefront Identity Manager 2010 (Credential Management, Policy Management, User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008/2008 R2 (Read-Only Domain Controller); Windows 7/8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise/Datacenter (Active Directory Certificate Services, Active Directory Federation Services); Windows Server 2012


Forefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; SQL Server 2008 R2/2012; System Center 2012 Operations Manager; System Center Operations Manager 2007 R2; Windows Phone 7.5/8; Windows Server 2008 R2 (Active Directory Rights Management Services, Active Directory Federation Services); Windows Server 2012


Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008/2008 R2; Internet Security and Acceleration Server 2006; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Opalis; PowerShell 2.0; Project Server 2010; SharePoint 2010; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007/2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


B S R D

Collaboration

Workspaces Office 2007 (client integration with SharePoint); Office 2010 (client integration with SharePoint); Office SharePoint Server 2007 (document workspaces); SharePoint Online (document workspaces, client integration); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (document workspaces)

PortalsOffice SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Online (site manager); SharePoint Online P1; SharePoint Online P2; SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)

Social Computing

Project Mgt

Information access


Messaging Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Web App 2007; Outlook Web App 2010

Unified Communications

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


B S R D


Business IntelligenceData Mining Add-ins for Microsoft Office; Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SharePoint Foundation 2010; SharePoint Online (Insights, Excel Services, Visio Services); SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010

Data Warehouse Management SQL Server 2008 R2 Parallel Data Warehouse; SQL Server 2012

Big Data




Data Management Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt

Internet Applications.Net Framework; Expression Studio 3; Expression Studio 4; Expression Web 4; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office SharePoint Server 2007; SharePoint 2010; Silverlight; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Premium; Visual Studio 2010 Professional


BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Windows Server AppFabric

Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric


SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010; Windows SDK


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010


ARCHITECTURELOGICAL

ARCHITECTURE

MAPPINGPHASE


CONCEPTUAL ARCHITECTURE

MAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION

LOGICAL ARCHITECTUREPhase 3

Agenda


Next Steps

Solution Guidance



Example: Steps to Customize the Solution

Identify your top-priority business drivers

Identify the business capabilities in the Capability Discussion Guide that match your priorities (see below)

Choose the phase (Phase 1, Phase 2, or Phase 3) that corresponds to your priorities

Add, remove, or adjust capabilities

Customize the pre-defined solutions (Phase 1, Phase 2, or Phase 3) by doing the following:

Understand your priorities

Choose a starting point

Adjust the mapping

Example Solution Area: Phase 1 B S R D

Datacenter Mgt and

Virtualization


Deployment and management of software updates are tool based. The organization actively uses virtualization to consolidate resources for production workloads. Some production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. Services are available during server failure (for example, server clustering, hot spares, and virtualization recovery solution).

Server Security

Protection against malware is centrally managed across server operating systems within organizations, including the host firewall. Protection for select mainstream/non-custom applications and services (such as email, collaboration and portal applications, and instant messaging), if available, is centrally managed. Integrated perimeter firewall, IPS, web security, gateway antivirus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across data center, application, organization, and cloud boundaries. Remote access is secure, standardized, and available to end users across the organization.

Networking Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and include support for automatic configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. IPv4 is present for main transport services, using IPv6 for some transport services (for example, to achieve a larger address range).

Storage If a single disk or system component fails, no data is lost but data availability may be interrupted. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization ? Mobile device access configuration is automated and is pushed over-the-air. A solution is in place to configure and update devices. Mobile phones are used

for over-the-air synchronization with email, calendar, and contacts.

Device Security Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.


Identity & Access ?

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods and machines; access control is role-based. Password policies are set within a directory service to enable single sign-on across boundaries for most applications. Password resets occur through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as documents and email); policy

templates are used to standardize rights and control access to information.


IT policies are documented for each IT service. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Processes to manage incidents are in place for each IT service. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Problem management processes are in place for each IT service, with self-service access to knowledge base. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service.

Example: Customized Solution Requirements

Example: Tips to Customize the Solution

Server Security helps protect and secure the server infrastructure at the data center from viruses, spam, malware, and other intrusions.

Consider using an alternate maturity level that corresponds to your requirements

Identify, document, and discuss how a capability may be relevant

Keep a capability if you are unsure whether you need it

Agenda


Next Steps

Solution Guidance



Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities2. Position the Integrated Enterprise Platform

approach

Busin

ess

exec

utiv

es

1. Understand business needs and priorities2. Discuss range of potential solution

capabilities

ITex

ecut

ives

Arch

itect

s IT

pro/

dev

exec

utiv

es

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

mission critical solution implementer guide. agenda recap discussions to date next steps solution...

Documents