Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Taylor, Deputy CISO Martin Myers, IT Architect

Published byΕυδοξία Πρωτονοτάριος Modified over 4 years ago

Similar presentations

Presentation on theme: "John Taylor, Deputy CISO Martin Myers, IT Architect"— Presentation transcript:

1 John Taylor, Deputy CISO Martin Myers, IT Architect
How Johns Hopkins Achieves Security and Operational Efficiencies Using a Common Windows Operating System Deployment John Taylor, Deputy CISO Martin Myers, IT Architect October 7, 2019

2 About IT@JH Administrators of SMS/SCCM since 1996
Central Active Directory (started 2002) Central IT with 40 other IT groups using common SCCM Core Enterprise SCCM Roles: SCCM Central Packager SCCM Infrastructure Engineer ECI Engineer IT Architect In our Enterprise Management, Monitoring, and Security (EMMS) team Delegated OU/SCCM collections, centralized SCCM packages and inventory Use SharePoint to provide documentation and blog posts about SCCM

3 Enterprise Client Image (ECI) Initiative
Provide a common Windows client image as an Enterprise Service Started initiative in Fall of 2013 Must integrate with SCCM Must provide customizations for IT groups Provide common solutions to update existing client software 48,584 systems running ECI today Customizations were required

4 Dependencies Networking Storage/ Virtualization ECI
Policy & Standardization IT Group Participation ECI

5 Achieving Departmental/Schools Buy-In
Meet with Management of each IT group Started with IT Management only on ECI Committee Committee Meetings initially every two weeks (had many debates) Meetings became technical only

6 ECI Roles and Responsibilities - EMMS
Create and maintain common base client image Document client image feature set Document process for deploying image (USB and over the wire) Document packages available for deployment to all existing deployed ECI systems Create templates for documenting Task Sequences Quarterly update for each OS version Maintain change log for all ECI changes

7 ECI Roles and Responsibilities – ECI Customers
Regular Attendance at meetings Define Operating System version(s) requirements Define core application/feature set Define policy for types of updates included in the client image Use SharePoint site for client image documentation and meeting minutes Create and document all Task Sequences not provided by the common image Test enterprise client image as updates are released Deploy quarterly image updates to client systems via SCCM

8 Enterprise OSD Imaging scenarios Deployment options
Bare-Metal Refresh Replace Deployment options PXE Lite-Touch Zero-Touch Distributed task sequence templates Each IT group configures their own task sequences from the template No universal domain join account or admin group December 14, 2019

9 Technical Challenges Hardware standardization and drivers
Scaled back RBAC for Driver Packages Worked with Hardware Standards Committee Worked with VAR for imaging client hardware Infrastructure File storage Network bandwidth IT Group learning curve Scaling out the SCCM infrastructure Distribution Points State Migration Points Import Computer process using SCORCH

10 All editions: Enterprise
Operating Systems Windows 7 Dec 2013 – Nov 2018 Windows 8.1 Aug 2014 – Feb 2016 Windows Feb 2016 – May 2016 Windows Nov 2016 – Jun 2017 Windows Jun 2017 – Apr 2018 Windows Jun 2018 – Oct 2018 Windows Aug 2018 – Apr 2019 Windows Mar 2019 – Jan 2020 … … … … 2020 All editions: Enterprise

11 Core Applications Microsoft Office Citrix Receiver
Started with Office 2010, Office 2013 (in 2014), currently Office 2016 Citrix Receiver Adobe Reader, Shockwave, and Flash Player Google Chrome Enterprise .NET Framework Microsoft Bitlocker Administration and Monitoring (MBAM) Imprivata (ESSO) Pulse Secure VPN Latest Java (JRE) client (eliminated in Fall 2018) Windows Management Framework OS Security Updates

12 Windows 10 ECI Update Strategy
Initially, quarterly updates Every 3 months Each ECI release supported for 1 year Later, moved to tri-annual updates Every 4 months Microsoft announced 30 months of support for Windows 10 Enterprise build versions 4 total releases for each Windows 10 version With Windows , added a supported upgrade Task Sequence for Windows 10 upgrades

13 Upgrade Task Sequences
Supported for all systems using ECI Tested by EMMS and ECI customers Not supported for non-Enterprise editions Standardizes solution for OS upgrades across JH Released with each new Windows 10 ECI Can be deployed as available or required Customers can update early (available) Long-term, communicated deadline (required)

14 Security Efforts Supported
Removal of SMBv1 (Oct. 2016) Ensure Windows Auditing meets standard (if no GPO) Laptop and Desktop Encryption compliance Local Admin Password Solution (LAPS) EMET (Windows 7) Defender ATP Windows EOL compliance Increased awareness of application security issues across JH

15 Workstation Health Dashboard
Measures Security and Operational Compliance SCCM/ECI Compliance OS Version Compliance Security Updates and Reboot Length LAPS, Defender ATP, and Encryption Status, NAC Chrome, Citrix Receiver, Office Versions, Imprivata, Adobe Reader IT Management, Audits and IT Staff subscribe to dashboard SCCM Root Collection Based

16 Unexpected Benefits Created a forum for Windows client issue discussions A regular discussion with SCCM Admins across JH Increased SCCM Admin proficiencies Centralized application compatibility issues Familiar platform for customers/IT staff who move between departments

17 Enterprise Management, Monitoring, and Security
Information Johns Hopkins

Download ppt "John Taylor, Deputy CISO Martin Myers, IT Architect"

Similar presentations

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services Los Alamos LA-UR 09-03038 DCS-1 Departmental Computing.

Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services Los Alamos LA-UR DCS-1 Departmental Computing.
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.

Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada

Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.

A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Changing the Way Systems are Deployed 1. 2 * Ghost since 1999 * Almost 4500 licenses * Prior to 2007 license count increase of 5% or greater a year *

Changing the Way Systems are Deployed 1. 2 * Ghost since 1999 * Almost 4500 licenses * Prior to 2007 license count increase of 5% or greater a year *
Randy Diddel A+ Certified Technician Apple Certified Associate-Mac Integration OS X ITIL Foundations v3 Mac Team Technical Support Analyst II UNM IT Workstation.

Randy Diddel A+ Certified Technician Apple Certified Associate-Mac Integration OS X ITIL Foundations v3 Mac Team Technical Support Analyst II UNM IT Workstation.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.
Delivering a New Desktop and Application Deployment Strategy Indiana University and the New Emerging Personal Computing Model Duane Schau

Delivering a New Desktop and Application Deployment Strategy Indiana University and the New Emerging Personal Computing Model Duane Schau
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Similar presentations

Ads by Google