Operational Efficiency MS

1
Operational Efficiency_at_ MS

• Tibor Kolejak
• Regional IT Site Manger
• Microsoft Czech Republic

Company Logo Here
2
IT_at_Microsoft

• 72,000 mailboxes

• 150,000 PCs
• gt7,000 servers

• 20 (?) Microsoft Exchange Messaging Servers

Stockholm
Benelux
Dublin
Munich
TVP
Chicago
Canyon Park, Redmond
Les Ulis
Milan
Madrid
Chofu Otemachi
Silicon Valley
Charlotte
Los Colinas
Dubai

• 400 supported Microsoft sites worldwide

Singapore

• gt400 apps
• 26M voice calls per month
• 50K employees
• 5K contractors
• 17K vendors

Sao Paulo
Sydney
Johannesburg

• 4.5M e-mail messages per day internally

3
Challenges

• Large, highly dynamic environment
• Security
• 2,500 attacks, probes, and scans daily
• Over 125,000 virus-infected messages quarantined
  monthly
• Unique IT environments for product development,
  testing, support, and research require special
  security
• Technology-literate staff
• 95 with local administrator right to their
  desktop

4
Operational efficiency

• To get more with less
• To increase service levels with less money

Adequate synergy of various factors required!
Platforms
People
Management tools
Processes
Network solutions
Platform
etc.
5
Agenda

• Model Enterprise
• Windows Server 2003 Deployment
• Microsoft Operations Manager
• SMS 2003 Deployment

6
Model Enterprise
DSL/Local ISP/ Leased Line to local ISP
ATT/GX/Equant Leased Line
ATT/GX Leased Line
ICO 1 - ICO 2 - Standard Building
7
Windows Server 2003 Deployment

• Major milestone for MS
• A lot of new innovative features
• Internal deployment coming from the need to
  improve security, availability and reliability

8
Major Phases of Deployment

• Future Technology
• Integration Planning
• Test and Pilot
• Enterprise Deployment
• Sustain and Manage

4Sustain Manage
1Integration Planning
3EnterpriseDeployment
2Test Pilot
9
Business Benefits

• Reliability
• Scalability
• Security
• Lower Support Costs

10
Microsoft Operation Manager
Situation Monitoring the enterprise with many
different tools makes the task expensive and
inefficient Solution Consolidate and adopt
Microsoft Operations Manager as key enterprise
11
Groups _at_ MS IT using MOM

• Business Unit IT
• Messaging and Collaboration Services
• Enterprise Infrastructure Services
• Corporate Security

12
Business Benefits

• Lower TCO
• Proactive versus reactive/ Server availability
  increase
• Scaleable
• Flexible and interoperable

13
Patch Management

• Situation
• Security vulnerabilities can lead to loss of
  revenue and intellectual property
• Solution
• SMS 2003 is key tool in Microsoft IT patch
  management process

14
Patch Management Framework
1. Assess Environment to be Patched Periodic
Tasks A. Create/maintain baseline of systems B.
Access patch management architecture (is it
fit for purpose) C. Review Infrastructure/
configuration Ongoing Tasks A. Discover Assets B.
Inventory Clients
2. Identify New Patches Tasks A. Identify new
patches B. Determine patch relevance
(includes threat assessment) C. Verify patch
authenticity integrity (no virus installs
on isolated system)
1. Assess
2. Identify
3. Evaluate Plan Patch Deployment Tasks A.
Complete patch acceptance testing B. Obtain
approval to deploy patch C. Perform risk
assessment D. Plan patch release process
4. Deploy the Patch Tasks A. Distribute and
install patch B. Report on progress C. Handle
exceptions D. Review deployment
3. Evaluate Plan
4. Deploy
15
Business Benefits

• Automated security update and application
  deployment
• Enforcement within prescribed timeframes
• Minimized unplanned downtime
• Central reporting and administration
• Clear communication path
• More accurate and efficient patch management
• More updates, fewer administrators, less time
• Reduction in manual effort to deploy updates
• Automated tools, fewer scripts

16
Server Patch Management Architecture
1 Central Site ServerWindows Server 2003SQL
Server 2000 SP3a
10 Primary Site ServersWindows Server 2003
6,000 Windows Server 2003Based Servers Running
SMS 2003Advanced Client with Advanced Security
17
Server Patch Management Process Team Roles

• MSRC
• Releases security bulletins
• Corporate Security
• Assigns deployment priority
• Data Center Operations
• Manages data centers
• Hosts SMS infrastructures
• Patches servers

18
Server Patch Management Phases

• Two schedules, one deployment/enforcement process
• Phase 1 Monitoring for security bulletins and
  updates from Microsoft
• Process of deploying update to servers begins
  after update is released

19
Server Patch Management Process Phases

• Phase 2 Determining the risk level
• MSRC - Critical, Important, or Moderate
• CSCT - Deployment scheduled - based on adjusted
  MSRC rating
• DCOPS - Security Update Inventory Tool helps
  determine which servers are vulnerable
• MBSA scans for missing/installed updates

20
Server Patch Management Process Phases

• Phase 3 Testing
• Deploying synthetic patch to test deployment
  success
• Monitor success, investigate and fix failures

21
Server Patch Management Process Phases

• Phases 47 Deploying the patch

12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
8 P.M.12 A.M.
4 P.M.8 P.M.
Thursday
Friday
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Standard Deployment
Saturday
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Sunday
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Hour 1
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Hour 2
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Hour 3
Emergency Deployment
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
Hour 4
12 A.M.4 A.M.
4 A.M.8 A.M.
8 A.M.1 P.M.
1 P.M.4 P.M.
4 P.M.8 P.M.
8 P.M.12 A.M.
22
Server Patch Management Process Phases

• Phase 8 Reporting
• Determine success of deployment and degree of
  voluntary patching
• Advertisement Status Viewer

23
Demos
24
Asante sana kusikiliza!?tkolejak_at_microsoft.com