Upload
adele
View
39
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Introducing... MCS Talks Infrastructure Architecture. Mark Aslett – Consultant Microsoft Consulting Services. MCS Talks Infrastructure Architecture. Live Meeting Information. Feedback Panel. Questions & Answers. Blog - http://blogs.technet.com/MCSTalks. Introducing MCS Talks. - PowerPoint PPT Presentation
Citation preview
Introducing...MCS Talks Infrastructure ArchitectureMark Aslett ConsultantMicrosoft Consulting ServicesMCS Talks Infrastructure Architecture1Seminar NameMicrosoft TechNet Seminar 2006Live Meeting Information...
Feedback PanelQuestions & AnswersBlog - http://blogs.technet.com/MCSTalksMicrosoft TechNet Seminar 2006Seminar Name2Introducing MCS Talks...Series Objectives: Share Microsoft Consulting Services field experience of designing and architecting Microsoft based infrastructure solutions Core topics: Infrastructure Architecture - todayCore Infrastructure (AD, DNS etc) MessagingSecurityIdentityDesktopManagementOperationsSharePointApplication Virtualization
Microsoft TechNet Seminar 2006Seminar Name3
Ireland1000 UsersDevelopmentLondon6,000 UsersHead OfficeIndia1500 UsersDevelopmentLondon LANBristolFail OverData CentreManchesterData CentreManchesterLANManchester25,000 UsersCall CentreGlasgow LANGlasgow25,000 UsersManufacturing1MB to 8MBADSLRemoteVPN Users3,000York100 UsersNewcastle350 UsersEdinburgh400 UsersBirmingham750 UsersReading350 UsersOxford250 UsersExeter500 UsersParis20 UsersTokyo10 UsersNew York30 Users1MB512KB512KB10MB2MB1GB1MB1MB1MB1MB1MB10MB10MB100MB1GBContoso Network Infrastructure4Seminar NameMicrosoft TechNet Seminar 2006Session 1: Infrastructure ArchitectureJason Heyes ArchitectKevin Sangwell Architect MCS Talks Infrastructure Architecture5Seminar NameMicrosoft TechNet Seminar 2006Integration complexity is not solved by toolsWill newer HW alleviate growth needs?
Does backing up mean we are prepared?
Will newer versions of the software increase operational efficiency?
By adding more people will we be able to get more operational reach?
Are we compliant, on which layer application, network?Will more management tools increase our control? Or our operational quality?
Will more security tools decrease our threats ?
When we develop an application, does it consume from our existing operational best practices?
By having a single network directory do we simplify application access?
You can take all of these actions and only increase complexity !!!Fully AutomatedDynamic physical / virtual computeMobile device mgmtAutomated quarantine of unhealthy PCs
Federated identityAcross platforms and organisations
Threat mgmtAcross client and server edgeAutomtd risk assesment
Business / IT defined SLAsBackup and restore of clients with SLAsProactive sys mgmtCapacity planning
StandardizedDynamicRationalizedBasicData Protection and RecoveryIdentity and Access ManagementSecurity and NetworkingIT and Security ProcessDesktop, Device, and Server ManagementCore InfrastructureOptimisation Model$1,320/PCMinimal PC SecurityAnti-virusManual patchingNo enforced sec. complianceNoneNo PC life cycle strategyNo policy based PC mgtMany hw, sw configNo system-wide mgmtPoor sys mgt tool coverageDuplicate mgmt toolsManual sw, patch deploymtMultiple DirectoriesMany auth. directoriesNo dir synchronizationManual user provisioningLimited PC SecurityPC firewallAuto patching
StandardizationDefined PC lifecycleLimited policy based PC mgtMany software configsLimited sys mgmtSingle sys mgt toolSoftware packagingSoftware distribution
Single directory for AuthOne authentication dir.$580/PCComprehensive SecurityAnti SpywareEnforced security compliance + Network Access Control
$230/PCStds ComplianceDefined PC life cycle, stds enforcementFull policy based PC mgtMinimal hw, sw configsComprehensive sys mgtHw, sw inventoriesHw, sw reportingAuto/targeted sw dist.Automated provisioningSingle Sign-onAuto password resetAuto user provisioning7StandardizedRationalizedBasicIO Improves IT EfficiencyAccomplish More with the Same ResourcesPCs managed per IT FTE1002003004007000
Organization
500600
Avg PCs per/IT FTEIT Labor/PC Source: IDC data analyzed by Microsoft 200620%60%20%76$1,320 172$580442$2308/6/2008 11:52 AMPerform an IO self assessment
http://www.microsoft.com/optimization/tools/overview.mspxMicrosoft TechNet Seminar 2006Seminar Name9A Different Approach Is NeededAn approach thatHolisticAddresses existing complexityCreates an integrated, uniform environmentAdopts to proven Best PracticesRecognises Role Based ProductivityPrioritises and sequences IT projects in a structured, systematic manner
People
Process
TechnologyOperational habits are what deliver resultsArchitecture Considerations11 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Remote OfficeArchitecture Considerations12 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Remote Office ChallengesWAN performance/reliabilityProvisioning new services/applications/serversManagement headachesRemote user supportUser experienceData securitySpaceCostMicrosoft TechNet Seminar 2006Seminar Name13DCs in Remote Offices8/6/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.14Server Core and HyperVNew Hardware?Still have to patch child partitionsStill the same # workloads/servers to manageNeed to have good business continuity plan to minimize impact of single point of failureEnsure IT Staff skill set is updated to manage Server Core and virtualized environment8/6/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.15FilesharesLocal FileserverGreat user experienceDifficult to backup & manageSolutionServer Core in branchDFS-R implemented hub & spokeMany Win2K3 DFS-R challenges gone in Win2K8Backups from replicated copy on corp serverSMB 2.0 performance benefitsVista client + Win2K8 server
Microsoft TechNet Seminar 2006Seminar Name16Network Access ProtectionArchitecture Considerations17 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Addressing Network Health ProblemsNAP Enforcement OptionsDHCP: easiest to implement, but easiest to workaroundVPN: more secure than DHCP, but have to use WS2008 RRAS (may displace current VPN solution), subject to industry trends802.1x: Design complexity to manage for multiple network user typesIPSEC: Recommended enforcement8/6/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.19IPSec Enforcement8/6/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.20VirtualiZationArchitecture Considerations21 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008
Virtualized InfrastructureManagement Server VirtualizationDesktop VirtualizationApplicationVirtualizationPresentationVirtualization
Microsoft TechNet Seminar 2006Seminar Name22Alternative Desktop Deployment Models
SAN
Remote bootRemote boot
SAN
RDP ServersRDP
Windows Server OS
Servers
Blade PC
RDP RDP RDP RDP
Attributes of Alternative Desktop ModelsData SecurityEase of MgmtApplication CompatibilityUser ExperienceNetwork ImpactTCOCapital CostOffline CapabilityTechnology MaturityTraditional PCDiskless PCVirtual Desktop on Server Server-based DesktopBlade PCTraditional PC + Bit-locker + SoftGrid and w/ Folder Redirection
StrengthWeaknessNeutral
Presentation VirtualizationWhat problems does Presentation Virtualization solve?Application needs to pull large amounts of data from central database?Incompatibilities between desktop OS and application?CharacteristicsRun an application in one location, control from anotherAllows data to be centralised rather than distributed on desktopsCost of managing applications is reducedMicrosoft TechNet Seminar 2006Seminar Name25DMZInternetCorp LANTerminal ServerHotelExternal FirewallInternal FirewallHomeE-MailServerTerminalServer
Internet
Terminal Services Gateway
HTTPS / 443Presentation VirtualizationCore Scenario26Application VirtualizationWhat problems does Application Virtualization solve?Application to application incompatibilityMakes application deployment easier no need to test for application conflictsCharacteristicsRemoves application configuration from the OS layerEach application runs in its own protected runtime environment, isolated from each otherApplications can run on clients without being installed Allows administration from central locationMicrosoft TechNet Seminar 2006Seminar Name27Application Virtualization
Microsoft System CenterApplication VirtualizationManagement ServerMicrosoft System CenterApplication VirtualizationStreaming Server
Microsoft Application VirtualizationStandalone ModeHost VirtualizationWhat problems does Host Virtualization solve?Optimise server investments by consolidating multiple server roles onto a single physical boxBusiness Continuity Management everything that was on a server is now in a couple of files can make it highly portableDynamic datacentre ensure resources are appropriately usedTest & Development
Microsoft TechNet Seminar 2006Seminar Name29Virtualization 2010Information Week Oct. 2007The [virtualization field] is nowhere near saturated. IDC estimates that only 17% of the worldwide server market will be virtualized by 2010, up from 5% in 2005.Microsoft TechNet Seminar 2006Seminar Name30Hyper-V: Windows Server VirtualizationWhat is it?Hypervisor based virtualization platformWindows Server 2008 x64 Edition technologyStandards based
RequirementsWindows Server 2008 x64 EditionsHardware assisted virtualizationAMD AMD-V or Intel VT
Microsoft TechNet Seminar 2006Seminar Name31SecurityArchitecture Considerations32 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Security challenges being faced todayChallengesComplex management of access rightsProvisioning / de-provisioningInternal StaffPartner/external staffPerimeter ProtectionControlling confidential dataSome AnswersFederationRole-based managementRights-ManagementMicrosoft TechNet Seminar 2006Seminar Name33Sharing Identities Between Organisations and ApplicationsTraditional ApproachesNT Trust (rarely seen)Shadow accountsProxy accountsProblemsNT Trusts are realtime but not granular enoughShadow accounts have to be created and administeredProxy accounts break audit rules and are by definition unsecureMicrosoft TechNet Seminar 2006Seminar Name34
AD
AD
AccountFederationServerResourceFederationServerCompany BCompany AFederation Trust
RMS
WebSSOFederated Rights Management8/6/2008 11:53 AM35Information Protection is Business CriticalSharing of information is not optional!Conducting business requires collaborationTraditional information protection methods are location-basedFirewalls, access control/encryptionOther challengesHard to manage/administerDifficult to set a consistent policyDifficult to auditCan still result in information loss or leakage36
Identity-based Information ProtectionPersistent protection for sensitive/confidential dataControls access to information across the information lifecycleAllows only authorized access based on trusted identitySecures transmission and storage of sensitive information wherever it goes policies embedded into the content; documents encrypted with 128 bit encryptionEmbeds digital usage policies (print, view, edit, expiration etc.) in to the content to help prevent misuse after delivery Persistent ProtectionEncryption
Policy Access Permissions Use Right Permissions
High AvailabilityArchitecture Considerations38 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Some ApproachesNo Single Point of FailureRedundancy in application or infrastructure?Application: AD, Exchange, SQL Server 2008Infrastructure (MSCS): SQL Server 2005, File/Print Servers, Hyper-VMicrosoft Clustering Services (MSCS)Beware of non-cluster friendly appsILM, SCOM, SCCM, ISACould boot from SANNLB clusteringISA, IIS, SharePoint, RO SQLMicrosoft TechNet Seminar 2006Seminar Name398 Node Cluster (Windows 2003)
Active NodeActive NodeActive NodeActive NodeActive NodePassive NodePassive NodePassive Node
Disk SubsystemSwitch FabricDisk Controller
ClientsMicrosoft TechNet Seminar 2006Seminar Name4016 Node Cluster (Windows 2008)
Active NodeActive NodeActive NodeActive NodeActive NodePassive NodePassive NodePassive Node
Disk SubsystemSwitch FabricDisk Controller
Active NodeActive NodeActive NodeActive NodeActive NodePassive NodePassive NodePassive Node8/6/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.41Windows Server 2008 ClusteringCluster HCL is goneCluster validation tool which you can runHardware needs to have Windows Server 2008 logoMicrosoft Support simplifiedGeo-clusters simplifiedMulti-subnetIPv6 SupportTask-based wizardsMicrosoft TechNet Seminar 2006Seminar Name42DataCentre ConsolidationArchitecture Considerations43 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Step 0: Choosing the building blocksBuild a balanced systemWindows Server 2008 x64 Edition EE/DTCServer Core InstallationQuad processor/Quad Core (16 cores)AMD-V or Intel VTMemory2 GB per core minimum (32 GB)4 GB per core recommended (64 GB)Storage4 Gb Fibre ChannelNetworking1 Gb/E NIC (onboard) for VM management/cluster heartbeat/migration1 quad-port Gb/E PCI-E for VMs
44Step 1: Ensure you have Active DirectoryDomainController
Ethernet45Step 2: Building a Virtualization FarmVirtualization Farm 1(14 + 2 Servers)DomainController
Ethernet46Step 3: Adding StorageVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet47Step 4: Bare Metal Provisioning with System Center Configuration Manager
System CenterConfiguration ManagerVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet48Step 5: Virtual Machine Provisioning with System Center Virtual Machine Manager
System CenterConfiguration Manager
System CenterVirtual Machine ManagerVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet49Step 6: Health Monitoring with System Center Operations Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations ManagerVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet50Step 7: Virtual Machine Snapshots with Data Protection Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations Manager
System CenterData Protection ManagerVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
SANDomainController
32 connections
Ethernet51Step 8: Virtual Machine Snapshots with Data Protection Manager
System CenterConfiguration Manager
System CenterVirtual Machine Manager
System CenterOperations Manager
System CenterData Protection ManagerVirtualization Farm 1(14 + 2 Servers)
Fibre ChannelSwitch
WANReplicationSANDomainController
32 connections
Ethernet52SummaryWindows Server 2008 and Windows Vista help you move toward Dynamic IO model
Identity and Access ManagementFederated Services
Desktop, Device and Server Management Enhanced Group PolicyVirtualisation
Security and NetworkingNAPRole based management
Data Protection and RecoveryBitLockerHigh availability
Microsoft TechNet Seminar 2006Seminar Name53Software as a service (cloud computing)Infrastructure Futures54 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/6/2008Software + Services?Software + ServicesOn PremiseSaaSMicrosoft TechNet Seminar 2006Seminar Name55Microsoft: Exchange
Attached ServicesOn-Premise or Hosted
Multi-headed Client56
Employees
CustomersPartners
Shrink the Perimeter57SaaS ProviderS+S: Replacing ChallengesYou
IntegrationIdentity ManagementDataOperationsSecurityContract ManagementSLAsComplianceService DeliveryService Level Management Capacity Management Availability Management IT Continuity Management Financial Management Service SupportHelpdeskTraining58StandardizedDynamicRationalizedBasicData Protection and RecoveryIdentity and Access ManagementSecurity and NetworkingIT and Security ProcessDesktop, Device, and Server ManagementChallenges facing the IT ProManagementSecurityVirtualizationService-Level AgreementsOperationsInstrumentationIdentity FederationIdentity Lifecycle ManagementInformation Rights ManagementOperational EfficiencyOperational AgilityNew Operational Models59Ihr Potenzial. Unser Antrieb.Thank you for attending this TechNet Event
Find these slides at:http://www.microsoft.com/uk/technetslides
Visit our blog at:http://blogs.technet.com/mcstalks
Register for the next session, Core Infrastructure, at:http://go.microsoft.com/?linkid=9308566
60Seminar NameMicrosoft TechNet Seminar 2006