State of Windows Services at the UW

Slides:

Advertisements

Similar presentations

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Name | Title | Microsoft Corporation

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.

© 2006 Cisco Systems, Inc. All rights reserved. CUDN v1.1—4-1 Migrating from Voice Mail to Unified Messaging Migrating Voice Mail to Unified Messaging.

UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,

Understanding Active Directory

Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer UW Windows Infrastructure.

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Internet Services Alberto Pace. Internet Services Group u Mission and Goals u Provide core computing services, worldwide u Three specific areas u Collaborative.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Identity and Access Management Business Ready Security Solutions.

UW Windows Authentication Group Multiple forest scenario task force - Testing report and recommendations.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Ideas for 2011 Prepare must be done work items –Warranty –Software maintenance –Commitments.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Collaboration Tools and Challenges at the University of Washington Tony Chang, Senior Strategic Integration Architect Computing and Communications Scott.

Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006 Managed Workstations: UW Nebula.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer Fill-in Topics for Windows HiEd Conference 2007.

Mario D’Silva National Technology Specialists Unified Communications UNC307.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Implementing Microsoft Exchange Online with Microsoft Office 365

FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.

Microsoft IT Team & Enterprise Collaboration Kimberly Malone Group Program Manager Microsoft IT Collaboration Services.

Lync Online - Overview. | Copyright© 2010 Microsoft Corporation Lync Online – Key Features & Benefits At Launch IM, Lync-to-Lync audio and video (including.

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Connecting people in new ways, anytime, anywhere Quick adoption through Ease of use and Microsoft Office Ease deployment through interoperability and.

Office 365 Upsell Paths.

UW Windows Authentication Group

Getting Connected to NGS while on the Road…

Secure Connected Infrastructure

Stop Those Prying Eyes Getting to Your Data

Group Services CIO Council Update

Guy D. Falsetti Sr. Systems Architect University of Iowa

People-Centric Management

Overview of CSE and UW Computing Facilities

City-wide Active Directory Project Town Hall II

Microsoft Lync 2010: In the Cloud

IT Connects: Lync and Box Staff Association Council

RMS Architecture EMS Partner Bootcamp TechReady 18 9/17/2018

Microsoft 365 Business Customer Targeting 2/6/18

Get Office 2016 with Office 365 and get down to business

Managed Workstations: The Hachet Man’s Story October 2016

Ask the Microsoft Infrastructure Team October 2017

IT services Miki Kallio Liaison Manager (IT and Research), PhD

Microsoft Lync / Skype for Business

Managing Digital Identity

11/19/2018 4:38 AM Microsoft 365 Business Customer Targeting Janine Brittain - EXEED 2/6/18 © Microsoft Corporation. All rights reserved. MICROSOFT.

Migrating to Office 365 from Google mail and exchange

SharePoint Online Hybrid – Configure Outbound Search

Getting Connected to NGS while on the Road…

NHS Regional Roadshows

Microsoft Virtual Academy

Leadership and Me Brian Arkills

Office 365 Identity Management

Brian Arkills Microsoft Solutions Architect

Grow Your Business with Office 365 Yammer: Working Social

Skype For Business Introduction

M6: Advanced Identity Management topics for Office 365

SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM

SBS 2008 – One year on David Overton

Microsoft Virtual Academy

Presentation transcript:

State of Windows Services at the UW Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer  Change is in the air; UW change from president & provost levels; C&C changing; I’ve been re-org’ed twice in the past couple months. Many of these changes are VERY good; in fact, I now work in a Windows Engineering team of a dozen previously silo’ed engineers. ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

The Windows platform, circa 2000 Lots of Windows platform distrust; is it enterprise ready? Windows client base had a heavy mix of “home” OS flavor (Win98, Windows Me) New fangled domain-based features like Kerberos, LDAP, and DNS-integration IIS 4 proved to have many security vulnerabilities -”insecure” or “unstable”. -Lots of questions and issues ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Where we’ve come from, circa 2000 C&C Windows services included: the UW forest, to facilitate resource sharing across units Nebula, to facilitate managed workstations UW Pubcookie ISAPI module for IIS Over 450 Windows domains & more than 1,200 Windows domain controllers across campus Lots of NT4 domains ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Key Pain Points Between Then and 2006 Remember Nimda, CodeRed, Blaster, Slammer? High rate of domain compromises MS02-001 made UW forest service problematic C&C chose to not run Dynamic DNS, nor Exchange. No central IIS web platform offering either Nebula cost was high until 2006 Departmental silos of Windows services: multiple user provisioning processes and multiple passwords No good IIS authorization mechanism ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

2006: UW Windows Infrastructure Enabling infrastructure; Provides ability to offer Windows services to entire UW audience Automated UW NetID provisioning with password Trusts permitted for campus domains Some automated group provisioning, including affiliation (faculty, staff, student, etc.) and courses Does not solve managed user scenario … more to come aka the NETID domain or netid.washington.edu The UW Windows Infrastructure (UWWI) is born out of departmental outcry. 20 trusts today ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

The 4 large boxes represent some slightly fictitious campus domains, red arrows show trust relationships, the access key shows which domain resources any particular domain user might be able to access. Note that trust relationships needed for any particular unit to have complete collaboration are many. Note the possibly redundant user accounts and provisioning. Note that there really is no way for EHS to offer their web service campus-wide with Windows user accounts and authorization, without first self-provisioning all netids or getting a domain trust to every campus domain. Trust relationships become much simpler for complete collaboration; each domain needs only one. Domains can continue to provide their existing domain-specific services via their own domain accounts, but now have the option to provide campus-wide services and sharing via NETID accounts. So EHS can offer their web service campus-wide. Note this also sets the stage for C&C to offer campus-wide services like sharepoint, exchange, and nebula. Redundant user accounts and provisioning processes go away. Redundant domain controllers go away. Every unit still has the autonomy it needs to manage its Windows resources. This process could take a long time, and might never be attained, with some units keeping their Windows domain and trust to NETID. ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

The Near Future Share vision that most campus Windows domains should consolidate into the NETID domain Microsoft roadmap drafted to enable partnership with campus C&C will work with campus partners to provide central service offerings for Exchange and SharePoint on an expedited schedule Nebula will move into the NETID domain and pilot these services ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Microsoft Numbers, since 1/2007 Based on campus security scans1: 223 campus domain controllers2 263 campus IIS web servers 74 campus Microsoft Dynamic DNS servers Based on C&C survey: Email: 38% use “Pine” vs. 32% use “Outlook” Calendar: 19% use Outlook vs. 12% use Oracle Relative use of OS: 75% of campus uses Windows more than 80% of time Step back and look at numbers … Which are limited by firewalls Only includes DCs with an OS > Windows 2000, i.e. listening on port 389 DC numbers justify vision IIS numbers argue for central web service based on IIS DDNS numbers argue for central DDNS service C&C survey numbers validate what most of us guessed: Windows use is rampant, and Outlook use is not insignificant ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Future Possibilities Provide Windows user and group management mechanisms Office Communication Server / Exchange Unified Messaging AD integrated certificate authority Unix and Mac interoperability Dynamic DNS VPN Services 2-way password sync? Collapse Kerberos realms? Active Directory Federated Services Phase out UW forest? Central IIS web service offering? (other than SharePoint) <Your favorite Windows thing here> OCS=IM and video conferencing, presence services Unified Messaging=Exchange linked to your phone system – voice mail in your Inbox, inbound faxes in your Inbox ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Nebula in a Nutshell 0 domain or server compromises over 10-year history Many “models” of computers with differing support levels: Gold workstations = we manage, $52/month Bronze workstation = you manage, $26/month Kiosks = we manage Strongly managed servers = we manage Loosely managed servers = we manage OS, you manage app Locally managed servers = you manage Services provided include: Help desk support Networked home directory and group file space Group management services Automated software deployment Security management and reporting Discounts for other C&C services (Oracle Calendar, BES, and others) More Info at: http://staff.washington.edu/barkills/Nebula-HiEd.ppt Laptops cost more. Doesn’t include hardware, add ~$30/month for hardware ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Want to Know More? UW Windows Infrastructure http://www.netid.washington.edu/ MS Collaborative Applications Roadmap http://go.cac.washington.edu/go/?linkID=10 MS Collaborative Applications Engineering Blog http://go.cac.washington.edu/go/?linkID=9 UW Windows Infrastructure Engineering Blog http://go.cac.washington.edu/go/?linkID=11 Windows Domains at the UW http://go.cac.washington.edu/go/?linkID=12

The End Brian Arkills barkills@cac.washington.edu Author of “LDAP Directories Explained” ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.