welcome. stay connected with microsoft ireland technet ireland - resources

26
Welcome Welcome

Upload: frederick-hutchinson

Post on 05-Jan-2016

229 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

WelcomeWelcome

Page 2: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Stay Connected with Microsoft Ireland Stay Connected with Microsoft Ireland http://www.microsoft.com/ireland/techhttp://www.microsoft.com/ireland/technetnet TechNet Ireland - Resources for IT TechNet Ireland - Resources for IT

ProfessionalsProfessionals Irish TechNet NewsletterIrish TechNet Newsletter EventsEvents Microsoft technology user groups Microsoft technology user groups

(SQL/NIMTUG)(SQL/NIMTUG) Early access to betasEarly access to betas Community supportCommunity support

Don’t forget to hand back the evaluation Don’t forget to hand back the evaluation

formsforms

[email protected] / [email protected] /

[email protected]@microsoft.com

Page 3: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

AgendaAgenda

14:00 Setting the scene – IOI14:00 Setting the scene – IOI 14:15 Active Directory and IPSec14:15 Active Directory and IPSec 15.30 Tea / Coffee15.30 Tea / Coffee 15:45 MOM15:45 MOM 17:00 Refreshments17:00 Refreshments

Page 4: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

A Crisis Of ComplexityA Crisis Of Complexity

ValueValueCreationCreation

MaintenanceMaintenance& Delivery& Delivery

Page 5: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Solving The Challenge:Solving The Challenge:Infrastructure OptimizationInfrastructure Optimization

Page 6: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Cost Center Cost Center

Uncoordinated, Uncoordinated, manualmanual

infrastructure infrastructure

More Efficient More Efficient Cost CenterCost Center

Managed IT Managed IT Infrastructure Infrastructure

with limitedwith limited automationautomation

Managed and Managed and consolidated ITconsolidated IT InfrastructureInfrastructurewith maximum with maximum

automationautomation

Fully automated Fully automated management, management,

dynamic resource dynamic resource Usage , business Usage , business

linked SLA’slinked SLA’s

Business Business EnablerEnabler

Strategic Strategic AssetAsset

* Based on the Gartner IT Maturity Model* Based on the Gartner IT Maturity Model

Page 7: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Technology View of ModelTechnology View of Model

Page 8: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Technology View of ModelTechnology View of ModelOne ExampleOne Example

Data Protection & RecoveryData Protection & Recovery

Local user data Local user data stored randomly stored randomly and not backed and not backed up to networkup to network

Any backup Any backup happens locally happens locally

No user state No user state migration migration available for available for deployment deployment

Standards for Standards for local storage in local storage in “My Docs” but “My Docs” but not redirected or not redirected or backed upbacked up

Any backup Any backup happens at happens at workgroup level workgroup level

Backup/restore Backup/restore on critical on critical serversservers

Some Some automation of automation of user state user state migration migration available for available for deploymentdeployment

Users store data Users store data to “My Docs” and to “My Docs” and synched to synched to serverserver

Backup managed Backup managed at company levelat company level

Backup/restore of Backup/restore of all servers all servers with SLAswith SLAs

User state is User state is preserved and preserved and restored for restored for deploymentdeployment

Self managed Self managed backup and backup and restore on all restore on all servers and servers and desktop data desktop data with SLAswith SLAs

Page 9: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Translating IOI into actionTranslating IOI into action

Page 10: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Know what you haveKnow what you have

Page 11: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Measure impact of changeMeasure impact of change

Network

PointSolutions

WAN LAN RAS Internet

IntegrationStandards Based Common Tools

Strategically Aligned Exception Management

Platform

File\Print\Fax ServersServerSingle Manufacturer

Certified InstallsStandard Build

Managed

ClientSingle Manufacturer

Gold BuildVersion Control

Other devices (PDA, mobile, etc.)

Domain

CoreApplications

File\Print\Fax ServersServer

SAP DevFile Print

Messaging Web

ClientMessaging SAP

Antivirus Remote ControlOffice InternetFileNET Utilities

Suppor t

Management

Security

Network ServicesDHCP etc.

AuthenticationAD, SSO, etc

Name ServicesDNS, WINS Replication

Page 12: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

AD Forest, Domain and AD Forest, Domain and OU Design & GPOsOU Design & GPOs

Common Practices/Tips and Common Practices/Tips and TricksTricks

Page 13: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Forest/Domain DesignForest/Domain Design

Majority of Active Directory Forests Majority of Active Directory Forests being implemented are single being implemented are single forest/single domainforest/single domain separate development/pre-production separate development/pre-production

forestsforests Multiple NT4 production domains collapsed Multiple NT4 production domains collapsed

into single domaininto single domain Significant impact on administration – Significant impact on administration –

centralised (some delegation of tasks)centralised (some delegation of tasks) Tip: Always start from single Tip: Always start from single

forest/single domain when planningforest/single domain when planning Try to avoid non-technical influencesTry to avoid non-technical influences

Tip: Two things that “negatively affect” Tip: Two things that “negatively affect” ADAD Bad replication designBad replication design Bad Group PoliciesBad Group Policies

Page 14: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

OU DesignOU Design

OU creation based onOU creation based on Delegation of AdministrationDelegation of Administration Application of GPO’sApplication of GPO’s

Increasing use of security/WMI filtering of GPO’sIncreasing use of security/WMI filtering of GPO’s

Choice of 3 basic models reflectChoice of 3 basic models reflect ResourcesResources GeographyGeography BU StructureBU Structure

Tip: use a top level OUTip: use a top level OU Tip: moving objects between OU’s affectsTip: moving objects between OU’s affects

GPOs appliedGPOs applied ScriptsScripts

Tip: Naming ConventionsTip: Naming Conventions

Page 15: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

GPOsGPOs Minimum should be Minimum should be

Domain and Security policiesDomain and Security policies Automatic updatesAutomatic updates Windows FirewallWindows Firewall Remote Desktop/Remote Assistance/Remote ControlRemote Desktop/Remote Assistance/Remote Control Internet Explorer configurationInternet Explorer configuration Restricted GroupsRestricted Groups Office ADM’sOffice ADM’s

Tip: Take as much configuration out of the Tip: Take as much configuration out of the standard build process into Group Policy as standard build process into Group Policy as possiblepossible

Tip: netstat –anoTip: netstat –ano Tip: Disable unused portions of GPO’sTip: Disable unused portions of GPO’s Tip: Naming ConventionsTip: Naming Conventions Link: Link:

Group Policy Settings Reference for Windows SGroup Policy Settings Reference for Windows Server 2003 with Service Pack 1erver 2003 with Service Pack 1

Page 16: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

DemoDemo

Different OU StrategiesDifferent OU Strategies GPOs (Firewall, etc)GPOs (Firewall, etc)

Page 17: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

IPSecIPSec What’s it about?What’s it about?

Ensure only managed/known devices communicate Ensure only managed/known devices communicate with each otherwith each other

IPSec or 802.1x?IPSec or 802.1x? Gathering momentum with Networking teams – take Gathering momentum with Networking teams – take

control of the options!control of the options! What’s achievable in standard environments?What’s achievable in standard environments?

Domain Isolation (full or partial)Domain Isolation (full or partial) Server Isolation in Isolated DomainServer Isolation in Isolated Domain

What is an IPSec PolicyWhat is an IPSec Policy Filters to identify machines and protocols/portsFilters to identify machines and protocols/ports Actions to taken when traffic matches a filterActions to taken when traffic matches a filter

Tip: Mandatory - Ensure that core domain traffic Tip: Mandatory - Ensure that core domain traffic - Domain Controllers, WINS, DNS, DHCP etc. - Domain Controllers, WINS, DNS, DHCP etc. etc. is filtered out and always allowedetc. is filtered out and always allowed

Tip: Keep it simple, get comfortableTip: Keep it simple, get comfortable Link: Link:

IEEE 802.1X for Wired Networks and Internet PrIEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windowsotocol Security with Microsoft Windows

Page 18: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

DemoDemo

IPSecIPSec

Page 19: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Coffee BreakCoffee BreakBack @ 15:40Back @ 15:40

Page 20: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Microsoft Operations Microsoft Operations ManagerManager

Page 21: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Active Directory Application Center 2000 Automated Deployment Services (ADS) BizTalk Server 2002 Enterprise Edition Biztalk Server 2004 Commerce Server 2000 Domain Name Service (DNS) Dynamic Host Configuration Protocol (DHCP) Exchange Intelligent Message Filter Exchange Server 2000 and 2003 Exchange Server Best Practices Analyzer Exchange 5.5 Group Policy Host Integration Server 2000 Internet Information Services (IIS) Internet Security and Acceleration (ISA) Server Live Communications Server 2003 Live Communications Server 2005 Microsoft Baseline Security Analyzer Microsoft Distributed Transaction Coordinator Microsoft Identity Integration Server 2003 Microsoft Message Queuing (MSMQ) Microsoft Office Project Server 2003 Microsoft Server Clusters Microsoft SharePoint Portal Server 2003 Microsoft Transaction Server (MTS)

Microsoft Windows File Replication Service Microsoft Windows SharePoint Services Microsoft Operations Manager 2005 .NET FrameworkNetwork Load Balancing Password Change Notification Service Proxy Server 2.0 Routing & Remote Access Service for Windows 2000 Routing & Remote Access Service for Windows Server 2003 SNA Server 4.0 SQL Server Systems Management Server 2.0 Systems Management Server 2003 Terminal Services Virtual Server Web Sites and Web Services Windows Base Operating System Windows DFS Service Windows DHCP Service Windows File Replication Service Windows Internet Name Service (WINS) Windows Media Services Windows Print Server Windows Rights Management Services Windows System Resource Manager Windows Terminal Server

MOM 2005 Management PacksMOM 2005 Management Packs

Page 22: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

33rdrd Party MOM Management Packs Party MOM Management Packs3Com3ComAirDefenseAirDefenseAnti-Virus Applications Anti-Virus Applications APC UPSAPC UPSAVICode Intercept StudioAVICode Intercept StudioBayNetworks (Nortel)BayNetworks (Nortel)BindviewBindviewBlackBerry Enterprise ServerBlackBerry Enterprise ServerBrocadeBrocadeCiscoCiscoCisco PIX FirewallsCisco PIX FirewallsCisco RoutersCisco RoutersCisco SwitchesCisco SwitchesCisco VPN ConcentratorsCisco VPN ConcentratorsCitrix MetaFrame XP Citrix MetaFrame XP Debian Linux Debian Linux Dell OpenManageDell OpenManageEMCEMCEqualLogic SAN EqualLogic SAN Foundry Foundry FreeBSDFreeBSDGeneric SNMPGeneric SNMPHP Insight ManagerHP Insight ManagerHP IntegrityHP Integrity

Sun SolarisSun SolarisSuSe LinuxSuSe LinuxSynoptics (Nortel)Synoptics (Nortel)Tidal Enterprise SchedulerTidal Enterprise SchedulerVeritas Backup Exec Veritas Backup Exec VMWareVMWareWellfleet (Nortel)Wellfleet (Nortel)WindowsCEWindowsCE

CONNECTORSCONNECTORSAprisma SPECTRUM, BMC Impact Aprisma SPECTRUM, BMC Impact CA Solve for z/OS, CA Unicenter CA Solve for z/OS, CA Unicenter Clarify Amdocs, Fujitsu-Siemens ServerViewClarify Amdocs, Fujitsu-Siemens ServerViewHP Network Node Manager HP Network Node Manager HP OpenView Operations (OVO) HP OpenView Operations (OVO) Maranti Networks, Metilinx Connector Maranti Networks, Metilinx Connector Micromuse NetCool, NetIQ AppManager Micromuse NetCool, NetIQ AppManager OpalisRobot, Peregrine Service Center OpalisRobot, Peregrine Service Center Quest InTrust, Remedy ARS, Siebel HelpDesk Quest InTrust, Remedy ARS, Siebel HelpDesk SMARTS InCharge, Tivoli Enterprise ConsoleSMARTS InCharge, Tivoli Enterprise ConsoleTivoli Information/Management for z/OS Tivoli Information/Management for z/OS Tivoli Net View Connector, Tivoli Service DeskTivoli Net View Connector, Tivoli Service DeskTivoli Net View for OS/390, Vantive Tivoli Net View for OS/390, Vantive

HP ProLiant HP ProLiant HP Tru64HP Tru64HP-UXHP-UXIBM AIXIBM AIXIBM FastT storageIBM FastT storageiVision iVision LiebertLiebertLotus Domino Lotus Domino Mac OS XMac OS XMagellan-Passport (Nortel)Magellan-Passport (Nortel)Mandrake LinuxMandrake LinuxMiraPointMiraPointNetAppNetAppNetBSD NetBSD NetScreenNetScreenNiceNiceOpenBSDOpenBSDOpenVMSOpenVMSOracle RDBMS Oracle RDBMS Generic SyslogGeneric SyslogRedHat LinuxRedHat LinuxSAP R3 SAP R3 SCO UnixSCO UnixF5 Network BigIPF5 Network BigIP

Page 23: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

MOMMOM

Why MOM (from a field perspective?)Why MOM (from a field perspective?) Why implement any mission critical Why implement any mission critical

environment without MOM?environment without MOM? Always asked “What should we monitor in Always asked “What should we monitor in

AD, or Exchange, or SQL?”AD, or Exchange, or SQL?” Answer – what MOM monitorsAnswer – what MOM monitors

Knowledge driven – intended to supply the Knowledge driven – intended to supply the resolution with the problemresolution with the problem

SO easy to integrate with other management SO easy to integrate with other management toolstools Dell OpenManage Server Administrator, HP Insight Dell OpenManage Server Administrator, HP Insight

ManagerManager SLA evidence (Reporting)SLA evidence (Reporting) It isn’t expensiveIt isn’t expensive Tip: Check for MP’s regularlyTip: Check for MP’s regularly Tip: MOM on SQL SP4 gotchasTip: MOM on SQL SP4 gotchas

Page 24: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

DemoDemo

MOM install - guidanceMOM install - guidance Agent deployment Agent deployment MP importsMP imports ReportingReporting Create Management PacksCreate Management Packs MOM 2005 Resource Kit MOM 2005 Resource Kit Extending MOMExtending MOM

Page 25: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources
Page 26: Welcome. Stay Connected with Microsoft Ireland    TechNet Ireland - Resources

Additional LinksAdditional Links

Service overview and network port requirements for the Service overview and network port requirements for the Windows Server systemWindows Server system - http://support.microsoft.com/default.aspx?scid=kb;en- - http://support.microsoft.com/default.aspx?scid=kb;en-us;832017us;832017

MOM Management Packs - MOM Management Packs - http://www.microsoft.com/management/mma/catalog.asphttp://www.microsoft.com/management/mma/catalog.aspxx

Windows Server System Reference Architecture - Windows Server System Reference Architecture - http://www.microsoft.com/technet/itsolutions/wssra/raguihttp://www.microsoft.com/technet/itsolutions/wssra/raguide/default.mspxde/default.mspx

Windows XP Security Guide - Windows XP Security Guide - http://www.microsoft.com/technet/security/prodtech/windhttp://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx owsxp/secwinxp/default.mspx

Windows Server 2003 Security Guide - Windows Server 2003 Security Guide - http://www.microsoft.com/technet/security/prodtech/windowssehttp://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspxrver2003/w2003hg/sgch00.mspx

What's New in Windows Server 2003 R2What's New in Windows Server 2003 R2 - - http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspxmspx