Infrastruktuuri optimeerimine Tallinn Empowering People in a Changing Workplace Increased pressure and opportunity for IT Meet changing business needs Work across boundaries Digest an overload of information Manage compliance and risk Manage IT cost, complexity Maximize the value of LOB systems Rationalize redundant investments Improve operational efficiency More Pressure Than Ever On IT 30% New 70% Maintenance with limited resources for advancing capability Business Results & New Value End User ProductivityCustomerConnection Cost Reduction Competition Technology Change Regulatory Compliance Security Keep Business Up & Running Top 5 things in CIO list IT fuels profitable revenue growth Source: Enterprise IT Capabilities and Business Performance, Marco Iansiti, David Sarnoff Professor of Business Administration, Harvard Business School George Favaloro, Principal, Keystone Strategy, Inc-March 2006 Top 25% of IT capable firms grew revenue 6.8% faster per year Top 25% of IT capable firms realize 23% higher revenue per employee Managers in IT capable firms state they have significantly better insight and control over key dimensions of their business IT gives managers more insight and control Firms with better IT have more productive employees Driving Business Outcomes Purchasing does not mean acquiring a capability RFP or RFQ feature set Years RFP or RFQ feature set RFP or RFQ feature set RFP or RFQ feature set Requested Implemented Trained IntegrationComplexity More people increase complexity More tools also increase complexity $$$ Integration complexity is not solved by tools Will newer HW alleviate growth needs? Does backing up mean we are prepared? Will newer versions of the software increase operational efficiency? By adding more people will we be able to get more operational reach? Are we compliant, on which layer application, network? Will more management tools increase our control? Or our operational quality? Will more security tools decrease our threats ? When we develop an application, does it consume from our existing operational best practices? By having a single network directory do we simplify application access? You can take all of these actions and only increase complexity !!! Applied Governance: A Different Approach Is Needed An approach that Holistic Addresses existing complexity Creates an integrated, uniform environment Adopts to proven Best Practices Recognizes Role Based Productivity Prioritizes and sequences IT projects in a structured, systematic manner Dynamic IT for the People-Ready Business Manage Complexity, Achieve Agility Advance the Business with IT Solutions Amplify the Impact of Your People Protect Information, Control Access IT Infrastructure Optimization Model A new approach for managing IT as a strategic asset. Provides a capability based technology neutral framework upon which you can base an optimized infrastructure Establishes a foundation based on industry analysts, academic and consortium research Provides guidance and best practices for step-by- step implementation Drives cost reduction, security and efficiency gains Enable agility Application Platform Optimization Model Business Productivity Infrastructure Optimization Model Core Infrastructure Optimization Model What Is Dynamic IT? Unified & Virtualized User- Focused Service- Enabled Service- Enabled Process-Led, Model-Driven Separate logical operation from physical hardware More flexible to and streamline change Strengthen business continuity Scale rapidly to meet business demand Separate logical operation from physical hardware More flexible to and streamline change Strengthen business continuity Scale rapidly to meet business demand Captures process, structure and expertise in models Sets rules and tolerances for system health Triggers self-correction when outside tolerance Provides visibility between people and systems Captures process, structure and expertise in models Sets rules and tolerances for system health Triggers self-correction when outside tolerance Provides visibility between people and systems Provides link between internal & external services Extend capability with.NET, XML, web2.0 services Integrate emerging services without internal dev Strengthen connections with customers, partners Provides link between internal & external services Extend capability with.NET, XML, web2.0 services Integrate emerging services without internal dev Strengthen connections with customers, partners Connects natural workflow with applications Weave real workflow into application design Enable rich user experiences Integrate familiar interface with powerful apps Connects natural workflow with applications Weave real workflow into application design Enable rich user experiences Integrate familiar interface with powerful apps Dynamic IT is Microsofts vision for a new generation of integrated products and technologies that helps customers gain strategic advantage through their IT Dynamic IT and Infrastructure Optimization Unified & Virtualized User- Focused Service- Enabled Service- Enabled Process-Led, Model-Driven BasicStandardizedRationalizedDynamic Uncoordinated,manualinfrastructure Managed IT Infrastructure with limited automation automation Managed and consolidated IT Infrastructure Infrastructure with maximum automation Fully automated management, dynamic resource usage, business linked SLAs Infrastructure Optimization Infrastructure Optimization is a structured, systematic process of assessing maturity across IT capabilities, then prioritizing projects to progress towards a Dynamic state BasicStandardizedRationalizedDynamic Uncoordinated,manualinfrastructure Managed IT Infrastructure with limited automation automation Managed and consolidated IT Infrastructure Infrastructure with maximum automation Fully automated management, dynamic resource usage, business linked SLAs People Process Technology Infrastructure Optimization - Examples Basic Many ways of achieving the same objective, often in reaction to problems Standardized A standardized, repeatable process Rationalized Managed and consolidated through automation Dynamic Fully automated management, dynamic resource usage, business linked SLAs BasicStandardizedRationalizedDynamic Inconsistent or non-existent policies for security and compliance Inconsistent or non-existent policies for security and compliance Unknown health of services due to the lack of tools and resources Unknown health of services due to the lack of tools and resources No vehicle for sharing accumulated knowledge across IT No vehicle for sharing accumulated knowledge across IT Environments are extremely hard to control Environments are extremely hard to control Very reactive to security threats Very reactive to security threats Software deployments, patches and services are provided through high touch Software deployments, patches and services are provided through high touch Inconsistent or non-existent policies for security and compliance Inconsistent or non-existent policies for security and compliance Unknown health of services due to the lack of tools and resources Unknown health of services due to the lack of tools and resources No vehicle for sharing accumulated knowledge across IT No vehicle for sharing accumulated knowledge across IT Environments are extremely hard to control Environments are extremely hard to control Very reactive to security threats Very reactive to security threats Software deployments, patches and services are provided through high touch Software deployments, patches and services are provided through high touch Unstructured and lacking central control, infrastructure based on manual processes, ad hoc security and disparate resources BasicStandardizedRationalizedDynamic Standards and policies to manage desktops, mobile devices, and servers introduce controls and operational consistency Active Directory is used to manage resources, security policies and network access Active Directory is used to manage resources, security policies and network access The value of basic standards and policies are recognized but not yet implemented broadly The value of basic standards and policies are recognized but not yet implemented broadly Deployments, patches and desktop services are provided at medium touch Deployments, patches and desktop services are provided at medium touch Inventory of hardware and software assets are maintained and license use managed Inventory of hardware and software assets are maintained and license use managed Security is improved with a locked down perimeter, though internal security may still be a risk Security is improved with a locked down perimeter, though internal security may still be a risk Active Directory is used to manage resources, security policies and network access Active Directory is used to manage resources, security policies and network access The value of basic standards and policies are recognized but not yet implemented broadly The value of basic standards and policies are recognized but not yet implemented broadly Deployments, patches and desktop services are provided at medium touch Deployments, patches and desktop services are provided at medium touch Inventory of hardware and software assets are maintained and license use managed Inventory of hardware and software assets are maintained and license use managed Security is improved with a locked down perimeter, though internal security may still be a risk Security is improved with a locked down perimeter, though internal security may still be a risk BasicStandardizedRationalizedDynamic Security is proactive and response to threats is rapid and controlled Security is proactive and response to threats is rapid and controlled The use of zero-touch deployment helps minimize cost and time The use of zero-touch deployment helps minimize cost and time Minimal number of desktop images and low-touch management Minimal number of desktop images and low-touch management Hardware and software inventory is managed, with optimal license use Hardware and software inventory is managed, with optimal license use Security measures involve strict policies and control Security measures involve strict policies and control Security is proactive and response to threats is rapid and controlled Security is proactive and response to threats is rapid and controlled The use of zero-touch deployment helps minimize cost and time The use of zero-touch deployment helps minimize cost and time Minimal number of desktop images and low-touch management Minimal number of desktop images and low-touch management Hardware and software inventory is managed, with optimal license use Hardware and software inventory is managed, with optimal license use Security measures involve strict policies and control Security measures involve strict policies and control Costs involved in managing desktops and servers are at their lowest, with integrated IT management policies, tools, and processes BasicStandardizedRationalizedDynamic Costs are fully controlled Costs are fully controlled Integration between users and data, desktops, and servers; collaboration is pervasive Integration between users and data, desktops, and servers; collaboration is pervasive Mobile users have nearly on-site levels of service and capabilities Mobile users have nearly on-site levels of service and capabilities Processes are fully automated, often incorporated into the technology itself Processes are fully automated, often incorporated into the technology itself Additional investments in technology yield specific, rapid and measurable benefits Additional investments in technology yield specific, rapid and measurable benefits Self-provisioning software and quarantine-like systems allow automated processes Self-provisioning software and quarantine-like systems allow automated processes Costs are fully controlled Costs are fully controlled Integration between users and data, desktops, and servers; collaboration is pervasive Integration between users and data, desktops, and servers; collaboration is pervasive Mobile users have nearly on-site levels of service and capabilities Mobile users have nearly on-site levels of service and capabilities Processes are fully automated, often incorporated into the technology itself Processes are fully automated, often incorporated into the technology itself Additional investments in technology yield specific, rapid and measurable benefits Additional investments in technology yield specific, rapid and measurable benefits Self-provisioning software and quarantine-like systems allow automated processes Self-provisioning software and quarantine-like systems allow automated processes Highly responsive and efficient IT infrastructure; automated processes and flexible resources drive business agility and competitive advantage DynamicStandardizedRationalizedBasic Helping CIOs Show Leadership And Value Freeing Resources The IO Journey frees resources and provides the foundation for organizational agility Cost Center Uncoordinated, manual infrastructure; knowledge not captured More Efficient Cost Center Managed IT infrastructure with limited automation and knowledge capture Managed and consolidated IT infrastructure with extensive automation; knowledge captured and re-used Fully automated management; dynamic resource usage; business- linked service level agreements (SLAs); knowledge capture and use automated Business Enabler Strategic Asset Core IO Progression to Dynamic IT Cost CenterEfficient Cost Center Business Enabler Strategic Asset Uncoordinated, manual Infrastructure Managed IT infrastructure with limited automation and knowledge capture Managed and consolidated IT infrastructure with extensive automation; knowledge captured and reused Fully automated management dynamic resource usage, business linked SLAs; knowledge capture automated BasicStandardizedRationalizedDynamic Identity and Access Management Manage Identities and Access to Resources * Protect Identities Data Protection and Recovery Provide Backup * Protect Information * Recover Data Quickly Desktop, Device, and Server Management Manage Desktops and Mobile Devices * Deploy Applications Security and Networking Protect Information * Protect Infrastructure * Provide Access to Resources Infrastructure Optimization Improves IT Efficiency PCs managed per IT FTE Organization $1, $ $230 Avg PCs per/IT FTE IT Labor/PC Source:IDC data analyzed by Microsoft %60%20% BasicStandardizedRationalizedDynamic Benefits of Desktop Optimization Gains in service levels and agility are significant Benefits of Desktop Optimization Labor efficiencies with optimized desktop infrastructure World Wide IO Analysis 12,034 Customers Analyzed (>500 Employees) EMEA IO Analysis 3,342 Customers Analyzed (>500 Employees) Control Cost Simplify, automate and centralize IT operations to optimize resource utilization Improve Service Levels Integrate management and security tools to maximize system uptime Drive Agility Adapt the IT infrastructure rapidly according to business needs Cost Agility Infrastructure Maturity Service Levels Kuidas alustada? Andke endale ise hinnang: Kontakteeruge Microsofti partneriga, et lbi viia phjalikum anals ja saada soovitused jtkamiseks! Partnerid Eestis: GT Tarkvara Uptime Systems IT Grupp MarkIT MicroLink Eesti PC Expert Identity and Access Management Standardized to Rationalized Projects Architecture S to RS to R BACK Difficult to manage user and resource settings and configurations Users have multiple identities across heterogeneous systems No solution to protect user data from unauthorized access Concern over unauthorized access to sensitive information No solution to allow users to protect content for being copied, printed, distributed without proper rights/permissions Identities are stored in different application directories IT Enable potential for rapid change and configuration Provide consistent user experience across computers based on business roles Protect user data Mitigate risk associated with unauthorized access Safeguard digital information from unauthorized useboth online and offline Reduce operations and desktop support costs IT Fundamental Deploy a solution to synchronize identity stores with non-Windows application directories Advanced Deploy a metadirectory solution for identity synchronization, and deploy a smartcard and certificate management solution Deploy full-drive encryption and persistent data protection technologies Deploy a federated trust- based authentication system for external applications, and Enable personal information card access for non-federated users Deploy a multi-factor authentication solution for access control to high-risk systems, and deploy certificate-based authenticationChallengesProjectsBenefitsBUSINESSBUSINESS Projects Fundamental Implement Active Directory forest with one instance of trust in the organizationResources Identity and Access Management Standardized to Rationalized Projects Architecture S to RS to R BACK Windows 2003 Active Directory Introduction Windows 2003 Active Directory Introduction Designing and Deploying Active Directory Best Practice Guide for Securing Active Directory Installations Best Practice Guide for Securing Active Directory Installations Active Directory Web Casts Series Training Simulation (AD, ADMT) V-Labs Fundamental Deploy a solution to synchronize identity stores with non-Windows application directories Deploy a metadirectory solution for identity synchronization, and deploy a smartcard and certificate management solution Microsoft Identity Lifecycle Manager 2007 Product OverviewMicrosoft Identity Lifecycle Manager 2007 Product Overview Identity Lifecycle Manager 2007 (ILM 2007) Technical LibraryIdentity Lifecycle Manager 2007 (ILM 2007) Technical Library Microsoft Certificate Lifecycle Manager 2007 (CLM 2007)Microsoft Certificate Lifecycle Manager 2007 (CLM 2007) Microsoft Identity Integration Server 2003 (MIIS 2003) Technical LibraryMicrosoft Identity Integration Server 2003 (MIIS 2003) Technical Library Case Studies: MIIS MIIS Walkthrough Scenarios MIIS Virtual Labs Projects Advanced Deploy a federated trust-based authentication system for external applications, and Enable personal information card access for non- federated usersResources Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2 ADFS Concepts ADFS Design Guide ADFS Deployment Guide Identity and Access Management Standardized to Rationalized Projects Architecture S to RS to R BACK Deploy a multi-factor authentication solution for access control to high-risk systems, and deploy certificate-based authentication Implementing Multifactor Authentication Using Smart CardsImplementing Multifactor Authentication Using Smart Cards Public Key Infrastructure for Windows Server 2003 Active Directory Certificate Services Designing a Public Key Infrastructure Microsoft Certificate Lifecycle Manager Overview ILM Certificate management ArchitectureProjects BACK Identity and Access Management Standardized to Rationalized Technologies Active Directory Group Policy Objects (GPO)Active Directory Group Policy Objects (GPO) Microsoft Identity Lifecycle Manager 2007Microsoft Identity Lifecycle Manager 2007 Active Directory Lightweight Directory Services (ADLDS)Active Directory Lightweight Directory Services (ADLDS) Windows Vista - EFS Rights Management Services Windows Vista Enterprise (For Bitlocker)Windows Vista Enterprise (For Bitlocker) Windows Mobile 6 IRM enabled Pocket Office and Pocket InboxWindows Mobile 6 IRM enabled Pocket Office and Pocket Inbox Microsoft Identity Lifecycle Manager Smart Card Lifecycle ManagementMicrosoft Identity Lifecycle Manager Smart Card Lifecycle Management Windows Certificate Services Resources S to RS to R Windows Server 2003 R2 Helps Simplify Identity and Access Management Windows Server 2003 R2 Helps Simplify Identity and Access Management Network Architecture Blueprint Microsoft's Vision for an Identity Metasystem Microsoft's Vision for an Identity Metasystem Ksimused? Tnan!