Introducing... MCS Talks Infrastructure Architecture. Mark Aslett – Consultant Microsoft Consulting Services. MCS Talks Infrastructure Architecture. Live Meeting Information. Feedback Panel. Questions & Answers. Blog - http://blogs.technet.com/MCSTalks. Introducing MCS Talks. - PowerPoint PPT Presentation
Introducing...MCS Talks Infrastructure ArchitectureMark Aslett
ConsultantMicrosoft Consulting ServicesMCS Talks Infrastructure
Architecture1Seminar NameMicrosoft TechNet Seminar 2006Live Meeting
Information...
Feedback PanelQuestions & AnswersBlog -
http://blogs.technet.com/MCSTalksMicrosoft TechNet Seminar
2006Seminar Name2Introducing MCS Talks...Series Objectives: Share
Microsoft Consulting Services field experience of designing and
architecting Microsoft based infrastructure solutions Core topics:
Infrastructure Architecture - todayCore Infrastructure (AD, DNS
etc)
MessagingSecurityIdentityDesktopManagementOperationsSharePointApplication
Virtualization
Microsoft TechNet Seminar 2006Seminar Name3
Ireland1000 UsersDevelopmentLondon6,000 UsersHead
OfficeIndia1500 UsersDevelopmentLondon LANBristolFail OverData
CentreManchesterData CentreManchesterLANManchester25,000 UsersCall
CentreGlasgow LANGlasgow25,000 UsersManufacturing1MB to
8MBADSLRemoteVPN Users3,000York100 UsersNewcastle350
UsersEdinburgh400 UsersBirmingham750 UsersReading350 UsersOxford250
UsersExeter500 UsersParis20 UsersTokyo10 UsersNew York30
Users1MB512KB512KB10MB2MB1GB1MB1MB1MB1MB1MB10MB10MB100MB1GBContoso
Network Infrastructure4Seminar NameMicrosoft TechNet Seminar
2006Session 1: Infrastructure ArchitectureJason Heyes
ArchitectKevin Sangwell Architect MCS Talks Infrastructure
Architecture5Seminar NameMicrosoft TechNet Seminar 2006Integration
complexity is not solved by toolsWill newer HW alleviate growth
needs?
Does backing up mean we are prepared?
Will newer versions of the software increase operational
efficiency?
By adding more people will we be able to get more operational
reach?
Are we compliant, on which layer application, network?Will more
management tools increase our control? Or our operational
quality?
Will more security tools decrease our threats ?
When we develop an application, does it consume from our
existing operational best practices?
By having a single network directory do we simplify application
access?
You can take all of these actions and only increase complexity
!!!Fully AutomatedDynamic physical / virtual computeMobile device
mgmtAutomated quarantine of unhealthy PCs
Federated identityAcross platforms and organisations
Threat mgmtAcross client and server edgeAutomtd risk
assesment
Business / IT defined SLAsBackup and restore of clients with
SLAsProactive sys mgmtCapacity planning
StandardizedDynamicRationalizedBasicData Protection and
RecoveryIdentity and Access ManagementSecurity and NetworkingIT and
Security ProcessDesktop, Device, and Server ManagementCore
InfrastructureOptimisation Model$1,320/PCMinimal PC
SecurityAnti-virusManual patchingNo enforced sec. complianceNoneNo
PC life cycle strategyNo policy based PC mgtMany hw, sw configNo
system-wide mgmtPoor sys mgt tool coverageDuplicate mgmt
toolsManual sw, patch deploymtMultiple DirectoriesMany auth.
directoriesNo dir synchronizationManual user provisioningLimited PC
SecurityPC firewallAuto patching
StandardizationDefined PC lifecycleLimited policy based PC
mgtMany software configsLimited sys mgmtSingle sys mgt toolSoftware
packagingSoftware distribution
Single directory for AuthOne authentication
dir.$580/PCComprehensive SecurityAnti SpywareEnforced security
compliance + Network Access Control
$230/PCStds ComplianceDefined PC life cycle, stds
enforcementFull policy based PC mgtMinimal hw, sw
configsComprehensive sys mgtHw, sw inventoriesHw, sw
reportingAuto/targeted sw dist.Automated provisioningSingle
Sign-onAuto password resetAuto user
provisioning7StandardizedRationalizedBasicIO Improves IT
EfficiencyAccomplish More with the Same ResourcesPCs managed per IT
FTE1002003004007000
Organization
500600
Avg PCs per/IT FTEIT Labor/PC Source: IDC data analyzed by
Microsoft 200620%60%20%76$1,320 172$580442$2308/6/2008 11:52
AMPerform an IO self assessment
http://www.microsoft.com/optimization/tools/overview.mspxMicrosoft
TechNet Seminar 2006Seminar Name9A Different Approach Is NeededAn
approach thatHolisticAddresses existing complexityCreates an
integrated, uniform environmentAdopts to proven Best
PracticesRecognises Role Based ProductivityPrioritises and
sequences IT projects in a structured, systematic manner
People
Process
TechnologyOperational habits are what deliver
resultsArchitecture Considerations11 2008 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries.The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation. Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.8/6/2008Remote OfficeArchitecture Considerations12
2008 Microsoft Corporation. All rights reserved. Microsoft,
Windows, Windows Vista and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries.The information herein is for informational purposes only
and represents the current view of Microsoft Corporation as of the
date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.8/6/2008Remote Office ChallengesWAN
performance/reliabilityProvisioning new
services/applications/serversManagement headachesRemote user
supportUser experienceData securitySpaceCostMicrosoft TechNet
Seminar 2006Seminar Name13DCs in Remote Offices8/6/2008 2008
Microsoft Corporation. All rights reserved. Microsoft, Windows,
Windows Vista and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.The
information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.14Server Core
and HyperVNew Hardware?Still have to patch child partitionsStill
the same # workloads/servers to manageNeed to have good business
continuity plan to minimize impact of single point of failureEnsure
IT Staff skill set is updated to manage Server Core and virtualized
environment8/6/2008 2008 Microsoft Corporation. All rights
reserved. Microsoft, Windows, Windows Vista and other product names
are or may be registered trademarks and/or trademarks in the U.S.
and/or other countries.The information herein is for informational
purposes only and represents the current view of Microsoft
Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.15FilesharesLocal FileserverGreat user
experienceDifficult to backup & manageSolutionServer Core in
branchDFS-R implemented hub & spokeMany Win2K3 DFS-R challenges
gone in Win2K8Backups from replicated copy on corp serverSMB 2.0
performance benefitsVista client + Win2K8 server
Microsoft TechNet Seminar 2006Seminar Name16Network Access
ProtectionArchitecture Considerations17 2008 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries.The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation. Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.8/6/2008Addressing Network Health ProblemsNAP
Enforcement OptionsDHCP: easiest to implement, but easiest to
workaroundVPN: more secure than DHCP, but have to use WS2008 RRAS
(may displace current VPN solution), subject to industry
trends802.1x: Design complexity to manage for multiple network user
typesIPSEC: Recommended enforcement8/6/2008 2008 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista
and other product names are or may be registered trademarks and/or
trademarks in the U.S. and/or other countries.The information
herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO
THE INFORMATION IN THIS PRESENTATION.19IPSec Enforcement8/6/2008
2008 Microsoft Corporation. All rights reserved. Microsoft,
Windows, Windows Vista and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries.The information herein is for informational purposes only
and represents the current view of Microsoft Corporation as of the
date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.20VirtualiZationArchitecture Considerations21 2008
Microsoft Corporation. All rights reserved. Microsoft, Windows,
Windows Vista and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.The
information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008
Virtualized InfrastructureManagement Server
VirtualizationDesktop
VirtualizationApplicationVirtualizationPresentationVirtualization
Microsoft TechNet Seminar 2006Seminar Name22Alternative Desktop
Deployment Models
SAN
Remote bootRemote boot
SAN
RDP ServersRDP
Windows Server OS
Servers
Blade PC
RDP RDP RDP RDP
Attributes of Alternative Desktop ModelsData SecurityEase of
MgmtApplication CompatibilityUser ExperienceNetwork
ImpactTCOCapital CostOffline CapabilityTechnology
MaturityTraditional PCDiskless PCVirtual Desktop on Server
Server-based DesktopBlade PCTraditional PC + Bit-locker + SoftGrid
and w/ Folder Redirection
StrengthWeaknessNeutral
Presentation VirtualizationWhat problems does Presentation
Virtualization solve?Application needs to pull large amounts of
data from central database?Incompatibilities between desktop OS and
application?CharacteristicsRun an application in one location,
control from anotherAllows data to be centralised rather than
distributed on desktopsCost of managing applications is
reducedMicrosoft TechNet Seminar 2006Seminar Name25DMZInternetCorp
LANTerminal ServerHotelExternal FirewallInternal
FirewallHomeE-MailServerTerminalServer
Internet
Terminal Services Gateway
HTTPS / 443Presentation VirtualizationCore Scenario26Application
VirtualizationWhat problems does Application Virtualization
solve?Application to application incompatibilityMakes application
deployment easier no need to test for application
conflictsCharacteristicsRemoves application configuration from the
OS layerEach application runs in its own protected runtime
environment, isolated from each otherApplications can run on
clients without being installed Allows administration from central
locationMicrosoft TechNet Seminar 2006Seminar Name27Application
Virtualization
Microsoft System CenterApplication VirtualizationManagement
ServerMicrosoft System CenterApplication VirtualizationStreaming
Server
Microsoft Application VirtualizationStandalone ModeHost
VirtualizationWhat problems does Host Virtualization solve?Optimise
server investments by consolidating multiple server roles onto a
single physical boxBusiness Continuity Management everything that
was on a server is now in a couple of files can make it highly
portableDynamic datacentre ensure resources are appropriately
usedTest & Development
Microsoft TechNet Seminar 2006Seminar Name29Virtualization
2010Information Week Oct. 2007The [virtualization field] is nowhere
near saturated. IDC estimates that only 17% of the worldwide server
market will be virtualized by 2010, up from 5% in 2005.Microsoft
TechNet Seminar 2006Seminar Name30Hyper-V: Windows Server
VirtualizationWhat is it?Hypervisor based virtualization
platformWindows Server 2008 x64 Edition technologyStandards
based
RequirementsWindows Server 2008 x64 EditionsHardware assisted
virtualizationAMD AMD-V or Intel VT
Microsoft TechNet Seminar 2006Seminar Name31SecurityArchitecture
Considerations32 2008 Microsoft Corporation. All rights reserved.
Microsoft, Windows, Windows Vista and other product names are or
may be registered trademarks and/or trademarks in the U.S. and/or
other countries.The information herein is for informational
purposes only and represents the current view of Microsoft
Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.8/6/2008Security challenges being faced
todayChallengesComplex management of access rightsProvisioning /
de-provisioningInternal StaffPartner/external staffPerimeter
ProtectionControlling confidential dataSome
AnswersFederationRole-based managementRights-ManagementMicrosoft
TechNet Seminar 2006Seminar Name33Sharing Identities Between
Organisations and ApplicationsTraditional ApproachesNT Trust
(rarely seen)Shadow accountsProxy accountsProblemsNT Trusts are
realtime but not granular enoughShadow accounts have to be created
and administeredProxy accounts break audit rules and are by
definition unsecureMicrosoft TechNet Seminar 2006Seminar Name34
AD
AD
AccountFederationServerResourceFederationServerCompany BCompany
AFederation Trust
RMS
WebSSOFederated Rights Management8/6/2008 11:53 AM35Information
Protection is Business CriticalSharing of information is not
optional!Conducting business requires collaborationTraditional
information protection methods are location-basedFirewalls, access
control/encryptionOther challengesHard to
manage/administerDifficult to set a consistent policyDifficult to
auditCan still result in information loss or leakage36
Identity-based Information ProtectionPersistent protection for
sensitive/confidential dataControls access to information across
the information lifecycleAllows only authorized access based on
trusted identitySecures transmission and storage of sensitive
information wherever it goes policies embedded into the content;
documents encrypted with 128 bit encryptionEmbeds digital usage
policies (print, view, edit, expiration etc.) in to the content to
help prevent misuse after delivery Persistent
ProtectionEncryption
Policy Access Permissions Use Right Permissions
High AvailabilityArchitecture Considerations38 2008 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista
and other product names are or may be registered trademarks and/or
trademarks in the U.S. and/or other countries.The information
herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO
THE INFORMATION IN THIS PRESENTATION.8/6/2008Some ApproachesNo
Single Point of FailureRedundancy in application or
infrastructure?Application: AD, Exchange, SQL Server
2008Infrastructure (MSCS): SQL Server 2005, File/Print Servers,
Hyper-VMicrosoft Clustering Services (MSCS)Beware of non-cluster
friendly appsILM, SCOM, SCCM, ISACould boot from SANNLB
clusteringISA, IIS, SharePoint, RO SQLMicrosoft TechNet Seminar
2006Seminar Name398 Node Cluster (Windows 2003)
Active NodeActive NodeActive NodeActive NodeActive NodePassive
NodePassive NodePassive Node
Disk SubsystemSwitch FabricDisk Controller
ClientsMicrosoft TechNet Seminar 2006Seminar Name4016 Node
Cluster (Windows 2008)
Active NodeActive NodeActive NodeActive NodeActive NodePassive
NodePassive NodePassive Node
Disk SubsystemSwitch FabricDisk Controller
Active NodeActive NodeActive NodeActive NodeActive NodePassive
NodePassive NodePassive Node8/6/2008 2008 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries.The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation. Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.41Windows Server 2008 ClusteringCluster HCL is
goneCluster validation tool which you can runHardware needs to have
Windows Server 2008 logoMicrosoft Support simplifiedGeo-clusters
simplifiedMulti-subnetIPv6 SupportTask-based wizardsMicrosoft
TechNet Seminar 2006Seminar Name42DataCentre
ConsolidationArchitecture Considerations43 2008 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista
and other product names are or may be registered trademarks and/or
trademarks in the U.S. and/or other countries.The information
herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO
THE INFORMATION IN THIS PRESENTATION.8/6/2008Step 0: Choosing the
building blocksBuild a balanced systemWindows Server 2008 x64
Edition EE/DTCServer Core InstallationQuad processor/Quad Core (16
cores)AMD-V or Intel VTMemory2 GB per core minimum (32 GB)4 GB per
core recommended (64 GB)Storage4 Gb Fibre ChannelNetworking1 Gb/E
NIC (onboard) for VM management/cluster heartbeat/migration1
quad-port Gb/E PCI-E for VMs
44Step 1: Ensure you have Active DirectoryDomainController
Ethernet45Step 2: Building a Virtualization FarmVirtualization
Farm 1(14 + 2 Servers)DomainController
Ethernet46Step 3: Adding StorageVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet47Step 4: Bare Metal Provisioning with System Center
Configuration Manager
System CenterConfiguration ManagerVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet48Step 5: Virtual Machine Provisioning with System
Center Virtual Machine Manager
System CenterConfiguration Manager
System CenterVirtual Machine ManagerVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet49Step 6: Health Monitoring with System Center
Operations Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations ManagerVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet50Step 7: Virtual Machine Snapshots with Data Protection
Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations Manager
System CenterData Protection ManagerVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet51Step 8: Virtual Machine Snapshots with Data Protection
Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations Manager
System CenterData Protection ManagerVirtualization Farm 1(14 + 2
Servers)
Fibre ChannelSwitch
WANReplicationSANDomainController
32 connections
Ethernet52SummaryWindows Server 2008 and Windows Vista help you
move toward Dynamic IO model
Identity and Access ManagementFederated Services
Desktop, Device and Server Management Enhanced Group
PolicyVirtualisation
Security and NetworkingNAPRole based management
Data Protection and RecoveryBitLockerHigh availability
Microsoft TechNet Seminar 2006Seminar Name53Software as a
service (cloud computing)Infrastructure Futures54 2008 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista
and other product names are or may be registered trademarks and/or
trademarks in the U.S. and/or other countries.The information
herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO
THE INFORMATION IN THIS PRESENTATION.8/6/2008Software +
Services?Software + ServicesOn PremiseSaaSMicrosoft TechNet Seminar
2006Seminar Name55Microsoft: Exchange
Attached ServicesOn-Premise or Hosted
Multi-headed Client56
Employees
CustomersPartners
Shrink the Perimeter57SaaS ProviderS+S: Replacing
ChallengesYou
IntegrationIdentity ManagementDataOperationsSecurityContract
ManagementSLAsComplianceService DeliveryService Level Management
Capacity Management Availability Management IT Continuity
Management Financial Management Service
SupportHelpdeskTraining58StandardizedDynamicRationalizedBasicData
Protection and RecoveryIdentity and Access ManagementSecurity and
NetworkingIT and Security ProcessDesktop, Device, and Server
ManagementChallenges facing the IT
ProManagementSecurityVirtualizationService-Level
AgreementsOperationsInstrumentationIdentity FederationIdentity
Lifecycle ManagementInformation Rights ManagementOperational
EfficiencyOperational AgilityNew Operational Models59Ihr Potenzial.
Unser Antrieb.Thank you for attending this TechNet Event
Find these slides
at:http://www.microsoft.com/uk/technetslides
Visit our blog at:http://blogs.technet.com/mcstalks
Register for the next session, Core Infrastructure,
at:http://go.microsoft.com/?linkid=9308566
60Seminar NameMicrosoft TechNet Seminar 2006
