Building an Optimized Infrastructure Samm DiStasio Director Infrastructure Optimization Strategy Microsoft Corporation Building an Optimized Infrastructure US ENTERPRISE CIO SUMMIT

Infrastructure Optimization Overview An example 11/29/2018 9:18 PM Key challenges Infrastructure Optimization Overview An example The benefits of the journey How to get started

Regulatory Compliance SITO Summit 2006 Technology Change Regulatory Compliance Competition Security Cost Reduction Keep Business Up & Running Customer Connection End User Productivity Business Results & New Value

Enterprise IT Challenges 11/29/2018 9:18 PM Enterprise IT Challenges Growth Customer service Regulatory compliance Device management Varying skill sets Mobility PC maintenance Server sprawl Legacy platforms Deployment and maintenance Identity management Software updates Malicious attacks, viruses, spam, etc. Evolving threats Patch management, VPN, etc. Secure access (employees, partners and customers) ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

A Blueprint to Overcome the Challenges 11/29/2018 9:18 PM A Blueprint to Overcome the Challenges Infrastructure optimisation – a model based approach Capability sequencing framework to help you build an optimized infrastructure (not Microsoft-specific) Grounded in industry analyst and  academic work, consortium work coming Provides guidance and best practices for step-by-step implementation Drives cost reduction, security and efficiency gains as well as enabling agility 5

More Efficient Cost Center Cost Center 11/29/2018 9:18 PM Uncoordinated, manual Infrastructure Knowledge not captured Managed IT Infrastructure with limited automation and knowledge capture Managed and consolidated IT Infrastructure with extensive Automation, knowledge captured and re-used Fully automated management, dynamic resource Usage , business linked SLA’s. Knowledge capture automated and use automated Business Enabler Strategic Asset More Efficient Cost Center Cost Center

Where our customers are today 11/29/2018 9:18 PM Where our customers are today 64% Managed and consolidated IT Infrastructure with maximum automation Fully automated management, dynamic resource Usage , business linked SLA’s Managed IT Infrastructure with limited automation Uncoordinated, manual infrastructure 31% More efficient Cost Center Business Enabler Strategic Asset Cost Center 3% 2% ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Core Infrastructure Optimisation Model 11/29/2018 9:18 PM Core Infrastructure Optimisation Model IT and Security Process Identity and Access Management Desktop, Server and Device Management Security and Networking Data Protection and Recovery

Technology View of Model 11/29/2018 9:18 PM Technology View of Model Limited Infrastructure Lack of standardized security measures Ad hock management of system configuration Limited to no monitoring of infrastructure Defense-in-depth security measures widely deployed Anti-malware protection (i.e. spyware, bots, rootkits, etc.) Firewall enabled on desktops, laptops & servers Secure wireless networking Service level monitoring on desktops IPSec used to isolate critical systems Automated patch management (WU, Update Services, SMS) Edge firewall with lock-down configuration Standardized antivirus solution Firewall enabled on laptops New systems limited to those supported by IT Defined set of standard basic images Security updates for both clients & servers Application compatibility testing Client & server firewall mitigations Application and image deployment Server operations Reference image system Security event correlation Automated, central management of: ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Technology View of Model 11/29/2018 9:18 PM Technology View of Model Limited Infrastructure Lack of standardized security measures Ad hock management of system configuration Limited to no monitoring of infrastructure Zero touch deployment Defense-in-depth security measures widely deployed Anti-malware protection (i.e. spyware, bots, rootkits, etc.) Firewall enabled on desktops, laptops & servers Secure wireless networking Service level monitoring on desktops IPSec used to isolate critical systems Security updates for both clients & servers Light touch or Zero touch deployment. Application and image deployment Automated patch management (WU, Update Services, SMS) Secure and optimized messaging infrastructure Edge firewall with lock-down configuration Standardized antivirus solution Firewall enabled on laptops New systems limited to those supported by IT Defined set of standard basic images Application compatibility testing Client & server firewall mitigations Server operations Reference image system Security event correlation Automated, central management of: Standardized Desktop images, not more than 2 versions of Windows or Office. Version of the OS or Office is N or N-1 Multitude of Desktop images, more than 2 versions of Windows or Office and/or older than N minus-2 Standardized modern Desktop images. Version of Windows or Office is N or N-1 Standardized modern Desktop images. Version of the Windows or Office is N. Desktop is key portal for business integration. ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Technology View of Model 11/29/2018 9:18 PM Technology View of Model No server-based identity or access management Users operate in admin mode Limited or inconsistent use of passwords at the desktop Minimal enterprise access standards Active Directory for Authentication and Authorization Users have access to admin mode Security templates applied to standard images Desktops not controlled by group policy Active Directory group policy and Security templates used to manage desktops for security and settings Desktops are tightly managed Centrally manage users provisioning across heterogeneous systems ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Technology View of Model 11/29/2018 9:18 PM Technology View of Model Local user data stored randomly and not backed up to network Any backup happens locally No user state migration available for deployment Untested recovery Each server backed up to tape Standards for local storage in “My Docs” but not redirected or backed up Any backup happens at workgroup level Backup/restore on critical servers Some automation of user state migration available for deployment Tested recovery for Mission critical Users store data to “My Docs” and synched to server Backup managed at company level Backup/restore of all servers with SLAs User state is preserved and restored for deployment Tested recovery Mission critical & application data LAN based back-ups Self managed backup and restore on all servers and desktop data with SLAs SAN based back-ups with snapshots D2D technology ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Technology View of Model 11/29/2018 9:18 PM Technology View of Model Running N-1 or N-2 versions of Exchange Secure web mail with integrated junk mail filter, S/MIME support and HTML content blocker Use an application-layer firewall to pre-authenticate web mail users before they reach the mailbox server Unified directory infrastructure for access and messaging Block SPAM at gateway and mailbox store Server anti-virus that uses multiple scanning engines Robust health monitoring and more proactive resolution of issues Security of mobile devices including remote reset and remote wipe Detect potential service outages and receive alerts in advance ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Solutions for the Journey: Sample Microsoft solutions 11/29/2018 9:18 PM Solutions for the Journey: Sample Microsoft solutions Business Desktop Deployment Solution Accelerator V 2.5 Application Compatibility and Active Directory Migration Toolkits Microsoft Infrastructure deployment and migration Solution Accelerators Microsoft & partners infrastructure optimization services Microsoft Operations Framework service delivery solutions ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Application Platform Infrastructure Optimisation Model 11/29/2018 9:18 PM Application Platform Infrastructure Optimisation Model Move from adhoc development on legacy systems to modern, team development and management throughout the SDLC Move from managing disparate data silos to a scalable, integrated data management platform Move from disconnected applications and services to SOA and adaptive business processes Move from data silos and manual analysis to real-time and closed loop analysis Move from no UX awareness to proactive collaboration of design and development

Business Productivity Infrastructure optimisation model 11/29/2018 9:18 PM Business Productivity Infrastructure optimisation model Unified Communication & Collaboration Move from basic e-mail & phone communication to secure unified business communications, from ad-hoc teaming to federated collaboration outside firewall Enterprise Content Management Move from content on files shares & poor discoverability to federated documents & records mgmt with integrated search capabilities Business Intelligence Move from data silos & manual analysis to real-time and closed loop analysis

Infrastructure Optimization And IT Performance Infrastructure Optimisation and IT performance Basic Standardized Rationalized IT costs $1,320 $580 $230 Service Levels (# Svc Desk Calls) 8.4 8.5 7.7 Business Agility (# weeks) 5.4 5.2 4.3 IT Labor Costs @ $53/hour Service Desk Help Desk Deskside Desktop Engineering and Support Image Management Security Software and Patch Deployment PC Management Infrastructure Data Management Service Levels Quality and Timeliness of IT Services Number of Services Desk Calls (Proxy) Business Agility Time required to provide new IT Services Number of weeks for new LOB App (Proxy)

Organizational Impact 11/29/2018 9:18 PM Enterprise Content Management Search Business Intelligence Mobility Workflow and Portals Infrastructure Unified Communication Business Process Integration Collaboration © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Best practices and what they contribute Limited PC Security PC firewall Auto patching Identity & Access Management = $170/PC Savings PC Security = $130/PC Savings Multiple Directories Many auth. directories No dir synchronization Manual user provisioning Single directory for Auth One authentication dir. Automated provisioning Single Sign-on Auto password reset Auto user provisioning Comprehensive PC Security Anti Spyware Enforced security compliance with Network Access Control $1,320/PC $580/PC $230/PC Limited sys mgmt Single sys mgt tool Software packaging Software distribution Systems Management = $230/PC Savings No system-wide mgmt Poor sys mgt tool coverage Duplicate mgmt tools Manual sw, patch deploymt Standardization Defined PC lifecycle Limited policy based PC mgt Many software configs Stds Compliance Defined PC Lifecycle, stds enforcement Full policy based PC mgt Minimal hw, sw configs None No PC life cycle strategy No policy based PC mgt Many hw, sw configs Minimal PC Security Anti-virus Manual patching No enforced sec. compliance Comprehensive sys mgt Hw, sw inventories Hw, sw reporting Auto/targeted sw dist. Standardization & Standards Compliance = $300/PC Savings Source: IDC, 2006

Best practices accross Lifecycle Yield Optimisation PCs/ IT FTE 76 $1,320/PC 172 $580/PC 442 $230/PC 600 Plan / Optimize Change Operate Support 500 Plan/ Optimize Change Operate Support 400 300 Plan/ Optimize Change Operate Support 200 Plan/ Optimize Change Operate Support Improve IT efficiency Increase agility Shift investment mix 100 Note: $/PC represent annual IT labor per PC Source: IDC, 2006; Microsoft studies, 2005-06

The Infrastructure Optimization Journey 11/29/2018 9:18 PM The Infrastructure Optimisation Journey Our recommendation: Work with Microsoft and/or our Partners to help you get started Assess your IT capability against the models Prioritize and identify capability gaps required to support your business Build a multi-year plan with Microsoft and our partners that maps to your business and IT priorities Review and tune with your Microsoft and partner teams on an ongoing basis Visit www.microsoft.com/io for more details

US ENTERPRISE CIO SUMMIT © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Moving from Basic to Standardized Desktop, Device & Server Management Challenge S Desktop, device & server mgmt Solution No desktop standards for hardware, operating system and applications Desktops not centrally managed leading to costly manual management & patching processes. Security vulnerabilities prevalent due to lack of consistent patch management IT org is highly reactive, firefighting unpredictable issues. Software distribution very expensive Peer to peer support dominates leading to lower end user productivity High helpdesk call volume. Service Level Agreements are not in place due to lack of infrastructure control. Mobile workers not protected from virus exposure. Concern over unauthorized access to sensitive data on mobile devices. Inability to define mobile policies by organization or unit Variable device policy settings with inability to verify corporate security standards. No centralized management/enforcement of device policies Inability to remotely wipe corporate data from lost or stolen devices Costly support from lack of common administration experience for desktops & devices Benefits Consistent desktop builds and experience throughout organization OS standardization reduces administration costs and increases user productivity (Research shows customers can save up to $110/PC by using Standardized Desktop Strategy Faster, cheaper Deployment. Lower Deployment cost per PC Better Desktop Security levels. Less risk of Security Threat (Research shows that customers can save up to $130/PC by implementing comprehensive PC security). Monitoring services help simplify identification issues, streamlines the process for determining the root cause of the problem and facilitates quick resolution to restore services and prevent potential IT problems. Lower Help Desk Costs Lower Operational Costs Research shows that by using system management tools companies can save up to $110/PC and up to $120/PC by using auto software distribution. Mobile workers kept up-to-date with direct connectivity between corporate networks and devices Administrators can ensure data protection and compliance with corporate security policies including ability to set password policies, and remotely wipe devices Implement a Centralized Patch Management Solution. (Ex – SMS) Define A set Of desktop Images with Images policy I.e. what OS, AV, management tools, productivity suites and LOB applications the images should include. Have a Consistent plan of Managing your Desktop OS (Plan Includes Monitoring, SW/HW inventory, SW distribution, remote control and Patch management). Using a management solution to monitor and control your critical servers. Build a secure Mobile Work environment by using mobile provisioning, security policy provisioning (PIN) for mobile devices and remote wipe and policy enforcement. (EX using Microsoft mobile device feature pack). 24