private cloud: data center transformation solution implementer guide

Private Cloud: Data Center Transformation

Solution Implementer Guide

Agenda

Recap Discussions to Date

Next Steps

Solution Guidance

• Phase 1• Phase 2• Phase 3

Customize the Solution Requirements

Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities

2. Position the Integrated Enterprise Platform approach

Busi

ness

exe

cuti

ves

1. Understand business needs and priorities

2. Discuss range of potential solution capabilities

ITexe

cuti

ves

Arc

hit

ect

s IT

pro

/dev

exe

cuti

ves

Integrated Capability Analysis

Ensure target business capabilities cover process improvement priorities

Translate business capabilities into required infrastructure capabilities

Assess current infrastructure maturity

Determine gaps to target integrated capabilities

Build a road map for integrating capabilities and implementing solutions

Specify required platform architecture, technologies, and services

Baseline the Microsoft platform road map

Business Driver

Phase 1 Phase 2 Phase 3

TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS

Improve maintainability and simplify integration with other applications and services via refactoring of applications with service-oriented architecture (SOA), which is supported by program management processes and toolsEnsure alignment with business governance requirements via a definition of IT governance processes aligned with business governance processesProvide a nimble IT services delivery engine that supports business needs as they arise and drives down costs via a definition and implementation of mature, distinct roles for IT service management processesEnable measurement of usage in predetermined units of measurement for each IT service offered via implementation of tools to measure IT usageAllow for increased business agility by enabling a flexible IT infrastructure to improve performance and scalability for applications and services in the data center and at branch offices via virtualization to consolidate multiple, underused physical servers; provide continual availability; quickly scale environments up and out; and recover quickly from disaster, while reducing IT hardware and operating costs for serversEnable faster response to business needs for the provisioning of new IT services via well-defined and consistent provisioning processes with service-level agreements (SLAs)Manage credentials to allow only legitimate users access to devices, applications, and data via strong authentication and aggregation of identities across the enterprise into a single view

Improve return on development investments and promote consistency across applications and application platform services via consolidation and reuse of application platform services that support service-oriented architecture (SOA) principles, using portfolio and resource management processes and toolsEnable faster and more consistent support for new business initiatives while maintaining security, privacy, and compliance via a definition of and compliance with mature, centralized IT governance processes supported by reporting and analysis toolsProvide consistent IT services delivery across the entire organization via pooled and consistent IT service management across systems and data centers supported by reporting and analysis Bill business units based on allocated percentage of overall IT costs based on percentage of overall IT use via a central taxonomy and supporting tools to aggregate IT usage measurement and charge back allocated costs to business unitsReduce capital expense allocation to business units via the ability to scale capacity and resources up or down to respond to business demands with on-premises or outsourced private cloud infrastructureReduce IT labor costs for provisioning of new IT services on request from business units via automated provisioning processesEasily and automatically provision and de-provision users' rights to access services in accordance with defined policies via managing the entire life cycle of user identities and their associated credentials, identity synchronization, certificates, and passwords

Increase business agility, reduce time-to-value, and lower application maintenance costs while improving ubiquity and consistency of application services via applications' use of application platform services available from outsourced (hosted) cloud providersEnable the IT department to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor via compliance with well-defined interfaces between IT governance processes and all other IT service management processes, which are supported by portfolio and resource management processes and tools to enable private cloudTransition from allocating fixed capital expenses to business units to charging back operational expenses to business units based on usage via strategic sourcing of outsourced (hosted) cloud infrastructureAllow for almost immediate provisioning of new IT services without the need for significant, if any, IT labor intervention via self-service provisioning processesEnable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications via federated identity and access management to enable the sharing of identity information more securely across organizational boundaries—including to cloud environments—which enables private cloudImplement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies via digital certificates and smart cards

Support for Priority Business Capabilities

Note to presenter: This is a template.Prune, add, and prioritize per BDM and TDM feedback.Ensure consistency with the “Business Priorities Guide” and the “Capability Discussion Guide”.


Next Steps

Solution Guidance



Agenda

Sophistication of the Solution

Phase 1

Provides basic support for the most critical elements of the business driver

Phase 2

Provides adequate, typical support for critical and priority elements of the business driver

Phase 3

Provides thorough, streamlined support for the business driver that enables differentiated levels of performance


Solution GuidanceCONCEPTUAL

ARCHITECTUREMAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURECONCEPTUAL

ARCHITECTURE

MAPPINGPHASE

DEFINITION TECHNOLOGIESLOGICAL

ARCHITECTURE

Phase DefinitionFor each business driver, list the business challenges, solution features, and business benefits for this solution phase. Use this information and the “Support for Priority Business Capabilities” slides to structure the conversation with IT professional(s) for capturing, refining, and baselining business problems and solution functionality priorities.

MappingThe Optimization mapping indicates the maturity level required for each capability of the solution to fully support the features specified in this solution phase. Use the mapping as a starting point to determine appropriate maturity levels for the solution. After mapping the solution, assess the gap between the current and desired infrastructure to:

• Understand the scope and sequencing of work required• Organize a deployment road map

TechnologiesUse the results of the Optimization mapping to determine the technologies required for the features and supporting capabilities specified in this solution phase.

Conceptual ArchitectureUse this high-level, use case diagram to provide the “black box” definition of this solution phase. Customize to your solution definition during the integrated capability analysis.

Logical ArchitectureUse this logical, component-level architecture view to show all software components and how they interact to support this solution phase. Tailor to fit your particular solution definition during the integrated capability analysis.

Note: Physical architecture is covered in the Architecture Guide also used during the integrated capability analysis.

Agenda


Next Steps

Solution Guidance



Phase 1 CONCEPTUAL ARCHITECTURETECHNOLOGIES

LOGICAL ARCHITECTURE

MAPPING

PHASE DEFINITION

Business Driver Needs Business Capabilities


Provide a data center environment that supports service-oriented architecture (SOA) principles, enabling applications that are portable, have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integratedProvide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory complianceProvide predictable and stable IT costs by enabling the move from an allocated capital expenditures model of charging for IT services to a chargeback model that charges for IT services used Ensure a scalable, reliable platform and extend the data center to the cloud, and respond more quickly to the changing needs of the business while driving down hardware and facilities costsSimplify identity and access management across multiple systems, applications, and users

Improve maintainability and simplify integration with other applications and servicesEnsure alignment with business governance requirementsProvide a nimble IT services delivery engine that supports business needs as they arise and drives down costs Enable measurement of usage in predetermined units of measurement for each IT service offeredAllow for increased business agility by enabling a flexible IT infrastructure to improve performance and scalability for applications and services in the data center and at branch officesEnable faster response to business needs for the provisioning of new IT servicesManage credentials to allow only legitimate users access to devices, applications, and data

Phase 1: Core IOB S R D

Datacenter Mgt and

Virtualization

Data Center Mgt & Virtualization

A defined software library exists. Automated build with defined deployment and provisioning processes. Physical and virtual hardware, software, and consumption unit assets are reconciled and reported on demand (manual or automated), and tools and data repository are in place to track and audit assets. Capacity management processes are manual and reactive, resource utilization and capacity are monitored periodically. The organization actively uses virtualization to consolidate resources for production workloads. Some Production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. IT services are audited for compliance based on documented company and industry-standard policies (HIPAA, SOX, and PCI); reports are generated monthly. Services are available during server failure (e.g. server clustering, hot spares, and/or virtualization recovery solution). Process in place to assign costs for static Service allocations back to business groups; based on capacity not usage, or based on show-back reporting.

Server Security

Malware protection is centrally managed across server operating systems within organizations, including host firewall, host IPS/vulnerability shielding, and quarantine, with defined SLAs. Protection is deployed and centrally managed for all applications and services. Integrated perimeter firewall, IPS, Web security, gateway anti-virus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across datacenter, application, organization, and cloud boundaries.

NetworkingRedundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and with support for auto configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. IPv4 for main transport services, using IPv6 for some transport services (eg. to achieve larger address range).

Storage Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and

Management

Device Mgt & Virtualization A solution is in place to configure and update devices.

Device Security

Identity & Security Services

Identity & Access

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods, and machines; access control is role-based. Password policies are set within a directory service to enable single sign on across boundaries for most applications. Password resets through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control

IT Process & Compliance

IT service portfolio aligns with individual business units; the IT service costs, returns, capacity, availability, continuity, and integrity are reported. IT policies are documented for each IT service. Each IT service has a formal definition of reliability. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Each IT service has its own change and configuration management process; standard changes are identified for each IT service. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service. Self service objectives and/or agreement exists, IT Service request process exists, fulfillment is manual. Defined orchestration with scripted processes to support manual execution. Location of data is known and auditable.

MAPPINGCONCEPTUAL

ARCHITECTURETECHNOLOGIESLOGICAL

ARCHITECTURE

PHASE DEFINITION

Phase 1: BPIOB S R D

Collaboration

Workspaces Workspaces are managed at the departmental level and are available from individual productivity applications.

Portals Multiple portals exist; directory services, authentication, and authorization are not uniform across portals, requiring users to sign in multiple times; user management methods are redundant.

Social Computing

Project Mgt Teams plan, track, and share tasks in lists by using collaboration tools; multiple baselines exist. Teams can upload and share documents and files; project workspaces are integrated with desktop productivity applications.

Information access

Interactive experience and navigation

Messaging Secure, remote, online and offline access to rich mailbox and calendar functionality exists inside and outside the firewall. IT manages mailbox provisioning by using a single directory.

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring

Multi-Device Support

Interoperability

User Accessibility

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION

Phase 1: APOB S R D

BI and Analytics Platform

Business IntelligenceReports are generated on a scheduled basis or on demand by IT and are then shared on reporting portals. Users have some ability to subscribe to reports. Some level of automation is in place to render data pulled from enterprise systems on dashboards, but is used for only strategic or high profile projects. Dashboards have integrated interfaces to allow users to roll-up and drill-down on live data.

Data Warehouse Management

Big Data

Information Services and Marketplaces

Database and LOB Platform

Transaction Processing

Data Management

Application Infrastructure

Application messaging services used by development are aligned with standard application operating environments. Development and operations teams have the skills required to effectively and consistently make use of these technologies. Limited application component and service reuse strategies exist at the departmental or project level. Orchestration and workflow between applications is typically implemented via custom integrations. Applications are beginning to adopt web services or other standards implemented in operating environments to allow application components and common application services to interoperate as needed. Common application services and middleware component frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Limited application component and service reuse strategies exist at the departmental or project level. Common application services and runtime application frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Operations is beginning to rationalize to the standard common services and consolidate runtime platforms.

Custom Developme

nt

Internet Applications

Component and Service Composition

Enterprise Integration Reusable integration components are developed for custom development on an ad hoc basis. Project management is centralized for application integrations.

Development Platform

Standard application frameworks, messaging, and other application services aligned with standard application operating environments are appropriately and consistently employed by application development teams. Tools for major development activities are standardized across the organization, though practices and versions are not.

Application Lifecycle Management

Work-breakdown structures map estimated work to business value. Rudimentary metrics are used to manage project progress. Project managers aggregate data from standard status updates. Effective change management processes are in place. Testing has test harnesses and some automation, formal unit testing with good code coverage, and defined test strategy and processes. Explicit use of code quality tools typically occurs at the end of the development cycle.

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION


Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Server Consolidation); Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Server Consolidation); Hyper-V Server 2008 R2 Standard; Hyper-V Server 2008 Standard; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Assessment and Planning Toolkit 6.0; Microsoft Assessment and Planning Toolkit 6.5; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Microsoft Software Inventory Analyzer 5.0; Microsoft Software Inventory Analyzer 5.1; Opalis; Security Compliance Management Toolkit; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Automated Installation Kit; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2008 R2 Standard / Enterprise (Hyper-V); Windows Server 2012

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; Windows Azure; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy, and Access Services); Windows Server 2012

NetworkingWindows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012

StorageMicrosoft Online Backup Service; System Center 2012 Data Protection Manager; System Center Data Protection Manager 2010; Windows Server 2008 R2 (Backup and recovery); Windows Server 2012 (Backup/Recovery, Hyper-V Replica); Windows Storage Server 2008 (Backup and recovery); Windows Storage Server 2008 R2 (Backup and recovery)

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization

Exchange Server 2007; Exchange Server 2010; System Center 2012 Configuration Manager; System Center 2012 Mobile Device Manager; System Center Configuration Manager 2007 R3; System Center Mobile Device Manager 2008; Windows Embedded Device Manager 2011; Windows Intune

Device Security


Identity & Access Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2012



Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Opalis; PowerShell 2.0; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012

TECHNOLOGIESCONCEPTUAL

ARCHITECTURELOGICAL


DEFINITION TECHNOLOGIES


Collaboration

Workspaces Office 2007 (client integration with SharePoint); Office 2010 (client integration with SharePoint); Office SharePoint Server 2007 (document workspaces); SharePoint Server 2010 (document workspaces)

Portals Office SharePoint Server 2007 (Active Directory Domain Services integration with SharePoint); SharePoint Server 2010 (Active Directory Domain Services integration with SharePoint)

Social Computing

Project Mgt Project 2007; Project 2010; SharePoint Foundation 2010

Information access


Messaging Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Web Access 2007; Outlook Web Access 2010

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL



Phase 1: APOB S R D


Business Intelligence Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PowerPivot; Report Builder; SharePoint 2010 Standard; SharePoint Foundation 2010; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010


Big Data




Data Management


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Excel 2010, Outlook 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt



Enterprise Integration BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office SharePoint Server 2007; SharePoint 2010

Development Platform Visual Studio Team Foundation Server 2010

Application Lifecycle Management Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Premium; Visual Studio Team Foundation Server 2010


ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREPhase 1

MAPPING TECHNOLOGIESLOGICAL

ARCHITECTURE

PHASE DEFINITION

CONCEPTUAL ARCHITECTURE

Phase 1 LOGICAL ARCHITECTURE

CONCEPTUAL ARCHITECTURETECHNOLOGIES

MAPPING

PHASE DEFINITION


Agenda


Next Steps

Solution Guidance




LOGICAL ARCHITECTUREMAPPING

PHASE DEFINITION




Improve return on development investments and promote consistency across applications and application platform servicesEnable faster and more consistent support for new business initiatives while maintaining security, privacy, and complianceProvide consistent IT services delivery across the entire organizationBill business units based on allocated percentage of overall IT costs based on percentage of overall IT useReduce capital expense allocation to business unitsReduce IT labor costs for provisioning of new IT services on request from business unitsEasily and automatically provision and de-provision users' rights to access services in accordance with defined policies

Phase 2


Datacenter Mgt and

Virtualization


Software and configuration library is maintained at current update levels with version control and auditing on demand. Automated build and deployment with consistent provisioning processes integrated with software and configuration library that includes virtual images; on demand reporting; self service portal for IT or end users to deploy. The IT asset life cycle is automated, and managed using policies, procedures, and tools; management of assets and thresholds are based on automated inventory information. Service capacity and resource utilization are monitored continuously; analysis tools are used to predict the impact of proposed changes (software, hardware, usage, and topology); Workloads can be relocated manually. Chargeback is consumption based. The organization has a consolidated view and a consolidated management process across heterogeneous virtual environments, including branch offices. Majority of production server resources are virtualized. Resource pooling implementation supports compliance and cost management strategies, such as Auditing and Reporting, Policy Management, Metered Usage, Multi-Tenancy and Process Automation. Performance monitoring of applications as well as physical and virtual hardware pools with enforceable SLAs; Service health monitoring with consistent reporting across heterogeneous environments. Policy enforcement occurs in near real time based on company and industry-standard polices that allow for immediate quarantine of non-compliant systems, and consistent compliance reporting and standards exist across all IT services. There are multiple levels of service availability clustering or load balancing. Virtualization and management is used to dynamically move applications and services when issues arise with datacenter compute, storage and network resources. Charge back based on cost of resources allocated and consumed, charged in aggregated or abstracted units using a defined Service Catalog (e.g., VM months).

Server Security Support service or application segmentation on the same physical infrastructure (servers, storage, networks).

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Using IPv6 with IPSec for secure private communication over public network.

Storage Critical data is backed up by taking snapshots using a centralized, application-aware system.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization A solution is in place to automatically identify devices to deploy, configure, and update while maintaining device security.

Device Security


Identity & Access

Provisioning and de-provisioning of user and super-user accounts, certificates, and/or multi-factor authentication is automated. Centralized IT offering of Federation services. Multiple Federation and trust relations between separate organizations 1 to 1 relationship. Multi-factor and certificate-based authentication are applied in some scenarios, such as remote access across boundaries (such as On Prem and Cloud). Self service password resets supported. A centralized, group/role based access policy is defined for business resources, applications, and information resources, managed through industry accepted processes. A scalable directory that is integrated and automatically synchronizes with all remaining directories across multiple geographies and isolated domains for all applications with connectivity to cloud when applicable.



The IT service portfolio is aligned with the organization; management regularly reviews how the service portfolio and strategy align, and reports costs and returns across IT services. IT policies are integrated across all IT services, enabling or restricting use of resources as appropriate. Definitions of reliability for IT services are integrated across IT services and enforceable. IT service issues and design changes are tracked by using formal processes; testing is automated where possible. IT service release processes are uniform across IT services; deployment is automated and offers self service where possible; management reviews each service for readiness to release before deployment. Service-level and operational-level agreements are integrated for IT services; management reviews operational health regularly; some tasks are automated. Monitoring and flexible, tenant/service reporting are aggregated across individual areas for protection against malware, protection of information, and identity and access technologies. The change and configuration management process is integrated across IT services; standard changes are identified across IT services and automated with self service where possible. Risk and vulnerability analysis is integrated across all IT services; IT compliance objectives and activities are integrated across IT services and automated where possible; management regularly audits to review policy and compliance. A self service catalog is defined with SLAs/SLOs and consumed via a self service portal supported by some automated fulfillment. Comprehensive service life cycle orchestration that is automated for some workloads. Location of data is compliant to local regulations.

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION


Collaboration

Workspaces Workspaces are centrally managed, customizable, and reusable, and provide users the capability to collaborate through Web browsers and mobile devices; offline synchronization is supported.

Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Task assignments, task splitting, delegation, and reporting are automated; teams can plan against complex baselines. Project tasks and calendars are closely integrated with users’ online presence; teams can communicate with a single click; timely updates are available for accurate reporting. Collaboration happens across different mobile devices. Portfolios are analyzed in graphical views that include status, resource allocations, and financial details.

Information access


Messaging Secure, policy-driven access to a unified inbox from PCs, phones, and Web browsers exists inside and outside the firewall. Provisioning of user inboxes is driven by business demand, uses a single directory, and provides features based on user needs.

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION

Phase 2: APOB S R D


Business Intelligence

Portals exist for dynamic reporting that supports rich report formats. Reports are generated with group or individual filter parameters and delivered via direct push or subscription and can vary by device. Users have the ability to share alerts and subscriptions with other users via limited collaboration and social networking. Dashboards are consistently used to provide operational and strategic views of the business from real time or periodically refreshed data. BI portal experience has rich visualizations, dashboards and scorecards with full data interactivity (slicing, filtering, etc.) consistent with self service reporting and analysis tools. Users have the ability to create unique personal and/or shared views of data that are actually combinations of multiple views (i.e. mashups).


Big Data




Data Management


A common application messaging services infrastructure is in place and well managed for larger mission-critical applications. Standard service-based application architectures are being rationalized and implemented with appropriate governance. Applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. Applications use web services to communicate across application boundaries. Processes and infrastructure for managing service endpoints, service discovery, and routing of application messages is in place. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems. Components and services are explicitly tagged for reuse. A range of application services and infrastructure is provided across operating environments with central governance. A central engineering practices group co-sponsored by development and operations has formed and is providing valuable guidance to application development teams. Application developers consistently build applications using these application frameworks, so hosting, application services requirements, and management are predictable. Operating systems provide support for multiple application frameworks.

Custom Developme

nt



Enterprise Integration

Use of standardized processes for data integration is at the project level and technologies are used to improve back-end integration. The business leverages an integration broker running on-premises to connect to cloud applications using adapters. Application integrations leverage standard application messaging protocols and infrastructure to connect various applications running on-premises and in the cloud, connecting mission-critical data and transactions across enterprise applications. Centralized data integration strategies and tools are used across the enterprise.


The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly.

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION


Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self Service Portal 2.0; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2012

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); System Center 2012 Endpoint Protection; System Center 2012 Virtual Machine Manager; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy, and Access Services); Windows Server 2012

Networking

Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012

Storage System Center 2012 Data Protection Manager; System Center Data Protection Manager 2010; Windows Server 2012 (Hyper-V Replica)

Device Deploymen

t and Manageme

nt



Device Security


Identity & Access

Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 (User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Federation Services); Windows Server 2012



Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Opalis; PowerShell 2.0; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; SharePoint 2010; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL




Collaboration

WorkspacesOffice 2007 (Groove 2007: offline collaborative workspaces); Office 2010 (SharePoint Workspace 2010: offline collaborative workspaces); Office SharePoint Server 2007 (offline collaborative workspaces); SharePoint Server 2010 (offline collaborative workspaces, Web applications and companions, mobile-device view)

Portals Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)

Social Computing

Project Mgt

Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007 (document collaboration); Office SharePoint Server 2007 (document workspaces); Project 2007; Project 2007 (Gantt charts, calendars, task sheets, and visual reports); Project 2010; Project 2010 (Gantt charts, calendars, task sheets, visual reports, resource scheduling view, user-controlled scheduling, top-down summary tasks, task inspector, timeline view, incremental/granular leveling, synchronize with SharePoint task lists); Project Server 2007 (resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2007 (task creation and delegation, status reports, timesheets); Project Server 2007 (visual reports, resource availability graphs, and budget tracking); Project Server 2010 (enhanced collaboration and reporting, resource management, resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2010 (schedule management, financial management, time and task management); Project Server 2010 (task creation and delegation, status reports, timesheets, time tracking improvements, user delegation); SharePoint Server 2010 (document collaboration); SharePoint Server 2010 (document workspaces)

Information access


Messaging Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Mobile 2007; Outlook Mobile 2010; Outlook Web Access (premium experience)

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL



Phase 2: APOB S R D



Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Activity Feeds, Visio Services); SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SQL Azure; SQL Azure Reporting; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2007/2010; Visio 2010


Big Data




Data Management


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt



Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional

Development Platform Visual Studio 11; Visual Studio Team Foundation Server 2010


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010


ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTUREMAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION


* Recommended, not required

Phase 2

Agenda


Next Steps

Solution Guidance





MAPPING

PHASE DEFINITIONPhase 3




Increase business agility, reduce time-to-value, and lower application maintenance costs while improving ubiquity and consistency of application servicesEnable the IT department to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor Transition from allocating fixed capital expenses to business units to charging back operational expenses to business units based on usageAllow for almost immediate provisioning of new IT services without the need for significant, if any, IT labor interventionEnable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applicationsImplement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies


Datacenter Mgt and

Virtualization


The organization uses virtualization to manage resource allocation dynamically for running workloads and services including moving workloads from server to server based on resource needs or business rules. Resource pooling supports process and quality improvement programs (Process Excellence, Business Continuity etc.) and agility (real time elasticity, self service automation etc…) strategies. Integrated management across physical and virtual resources and Workloads. Real-time monitoring of IT systems with charge back of actual resource utilization to business groups consuming IT Services (e.g., CPU, storage, & network utilization).

Server Security Network security is automated and proactive, with centralized alerting and reporting to meet network protection service-level agreements. Service segmentation and isolation that provides information security allowing multiple tenants to safely share the same infrastructure (one service can not affect another).

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Using IPv6 with IPSec for secure private communication over public network.

Storage Critical data is backed up by taking snapshots using a centralized, application-aware system.

Device Deploymen

t and

Management

Device Mgt & Virtualization A solution is in place to automatically identify devices to deploy, configure, and update while maintaining device security.

Device Security


Identity & Access Provisioning and de-provisioning of all resources, certificates, and smart cards is automated for all users; roles and entitlement are managed and access control is policy-driven. Centralized IT offering of Federation services that integrates public identities and services. Offers 1 to many collaboration.



All IT services are described in the service portfolio; services align with business strategy; IT service costs and returns can be modeled and predicted. Risks and vulnerabilities are analyzed across all IT services against developed models; compliance objectives and activities are automated, and then updated automatically based on changes to IT policies. Self service portal in place with full automation or orchestration for IT services in the Service Catalog with reporting and notification capabilities.

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION


Collaboration

Workspaces Workspaces are centrally managed, customizable, and reusable, and provide users the capability to collaborate through Web browsers and mobile devices; offline synchronization is supported.

Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Task assignments, task splitting, delegation, and reporting are automated; teams can plan against complex baselines. Project tasks and calendars are closely integrated with users’ online presence; teams can communicate with a single click; timely updates are available for accurate reporting. Collaboration happens across different mobile devices. Portfolios are analyzed in graphical views that include status, resource allocations, and financial details.

Information access


Messaging Secure, policy-driven access to a unified inbox from PCs, phones, and Web browsers exists inside and outside the firewall. Provisioning of user inboxes is driven by business demand, uses a single directory, and provides features based on user needs.

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION

Phase 3: APOB S R D



Portals exist for dynamic reporting that supports rich report formats. Reports are generated with group or individual filter parameters and delivered via direct push or subscription and can vary by device. Users have the ability to share alerts and subscriptions with other users via limited collaboration and social networking. Dashboards are consistently used to provide operational and strategic views of the business from real time or periodically refreshed data. BI portal experience has rich visualizations, dashboards and scorecards with full data interactivity (slicing, filtering, etc.) consistent with self service reporting and analysis tools. Users have the ability to create unique personal and/or shared views of data that are actually combinations of multiple views (i.e. mashups).


Big Data




Data Management


Business processes follow a model-driven, dynamic approach. IT manages a SOA-based application infrastructure, comprised of LOB back ends and composite applications that extend them and has complete monitoring of integration scenarios across the cloud and on-premises applications.

Custom Developme

nt



Enterprise Integration Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities.


The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly.

MAPPINGCONCEPTUAL


ARCHITECTURE

PHASE DEFINITION


Datacenter Mgt and

Virtualization


Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Live Migration); Hyper-V Server 2008 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Live Migration); Hyper-V Server 2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self Service Portal 2.0; System Center Virtual Machine Manager Self Service Portal 2.0 plus partner solutions (e.g. V-Kernel); Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2012

Server Security

Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Intelligent Application Gateway 2007; Internet Security and Acceleration Server 2006 (Multi-Networking); Opalis; System Center 2012 Endpoint Protection; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Service Manager 2010; Windows Server 2008 R2; Windows Server 2008 R2 Enterprise (Network Policy and Access Services); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy, and Access Services); Windows Server 2012

Networking

Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012

Storage System Center 2012 Data Protection Manager; System Center Data Protection Manager 2010; Windows Server 2012 (Hyper-V Replica)

Device Deploymen

t and Manageme

nt



Device Security


Identity & Access

Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 (User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Azure Platform (Windows Identity Foundation, Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Federation Services); Windows Server 2012



Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Opalis; PowerShell 2.0; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; SharePoint 2010; SharePoint 2010 (Lists); System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012


ARCHITECTURELOGICAL




Collaboration

WorkspacesOffice 2007 (Groove 2007: offline collaborative workspaces); Office 2010 (SharePoint Workspace 2010: offline collaborative workspaces); Office SharePoint Server 2007 (offline collaborative workspaces); SharePoint Server 2010 (offline collaborative workspaces, Web applications and companions, mobile-device view)

Portals Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)

Social Computing

Project Mgt

Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007 (document collaboration); Office SharePoint Server 2007 (document workspaces); Project 2007; Project 2007 (Gantt charts, calendars, task sheets, and visual reports); Project 2010; Project 2010 (Gantt charts, calendars, task sheets, visual reports, resource scheduling view, user-controlled scheduling, top-down summary tasks, task inspector, timeline view, incremental/granular leveling, synchronize with SharePoint task lists); Project Server 2007 (resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2007 (task creation and delegation, status reports, timesheets); Project Server 2007 (visual reports, resource availability graphs, and budget tracking); Project Server 2010 (enhanced collaboration and reporting, resource management, resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2010 (schedule management, financial management, time and task management); Project Server 2010 (task creation and delegation, status reports, timesheets, time tracking improvements, user delegation); SharePoint Server 2010 (document collaboration); SharePoint Server 2010 (document workspaces)

Information access


Messaging Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Mobile 2007; Outlook Mobile 2010; Outlook Web Access (premium experience)

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


ARCHITECTURELOGICAL



Phase 3: APOB S R D



Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Activity Feeds, Visio Services); SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SQL Azure; SQL Azure Reporting; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010


Big Data




Data Management


.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office PerformancePoint Server; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2008R2; Windows Server 2008R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric

Custom Developme

nt



Enterprise Integration .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric

Development Platform Visual Studio 11; Visual Studio Team Foundation Server 2010


Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010


ARCHITECTURELOGICAL



CONCEPTUAL ARCHITECTURE

MAPPING TECHNOLOGIES


PHASE DEFINITION




MAPPING

PHASE DEFINITION

LOGICAL ARCHITECTUREPhase 3

* Recommended, not required

Agenda


Next Steps

Solution Guidance



Example: Steps to Customize the Solution

Identify your top-priority business drivers

Identify the business capabilities in the Capability Discussion Guide that match your priorities (see below)

Choose the phase (Phase 1, Phase 2, or Phase 3) that corresponds to your priorities

Add, remove, or adjust capabilities

Customize the pre-defined solutions (Phase 1, Phase 2, or Phase 3) by doing the following:

Understand your priorities

Choose a starting point

Adjust the mapping

Example Solution Area: Phase 1 B S R D

Datacenter Mgt and Virtualizat

ion


Deployment and management of software updates are tool based. The organization actively uses virtualization to consolidate resources for production workloads. Some production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. Services are available during server failure (for example, server clustering, hot spares, and virtualization recovery solution).

Server Security

Protection against malware is centrally managed across server operating systems within organizations, including the host firewall. Protection for select mainstream/non-custom applications and services (such as email, collaboration and portal applications, and instant messaging), if available, is centrally managed. Integrated perimeter firewall, IPS, web security, gateway antivirus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across data center, application, organization, and cloud boundaries. Remote access is secure, standardized, and available to end users across the organization.

Networking

Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and include support for automatic configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. IPv4 is present for main transport services, using IPv6 for some transport services (for example, to achieve a larger address range).

Storage If a single disk or system component fails, no data is lost but data availability may be interrupted. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deployme

nt and Managem

ent

Device Mgt & Virtualization ? Mobile device access configuration is automated and is pushed over-the-air. A solution is in place to configure and update

devices. Mobile phones are used for over-the-air synchronization with email, calendar, and contacts.

Device Security Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.

Identity & Security

Services

Identity & Access ?

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods and machines; access control is role-based. Password policies are set within a directory service to enable single sign-on across boundaries for most applications. Password resets occur through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as

documents and email); policy templates are used to standardize rights and control access to information.


IT policies are documented for each IT service. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Processes to manage incidents are in place for each IT service. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Problem management processes are in place for each IT service, with self-service access to knowledge base. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service.

Example: Customized Solution Requirements

Example: Tips to Customize the Solution

Server Security helps protect and secure the server infrastructure at the data center from viruses, spam, malware, and other intrusions.

Consider using an alternate maturity level that corresponds to your requirements

Identify, document, and discuss how a capability may be relevant

Keep a capability if you are unsure whether you need it

Agenda


Next Steps

Solution Guidance



Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities

2. Position the Integrated Enterprise Platform approach

Busi

ness

exe

cuti

ves

1. Understand business needs and priorities

2. Discuss range of potential solution capabilities

ITexe

cuti

ves

Arc

hit

ect

s IT

pro

/dev

exe

cuti

ves

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

private cloud: data center transformation solution implementer guide

Documents

business needs

target business capabilities

business driverphase

business governance

increased business agility

solution requirements

steps solution guidance

service management processes