Infrastructure Optimization Model In FY06 Microsoft account teams completed the discovery process on nearly 9,000 customers worldwide and found, for example, that 85 percent (firewall) and 7 percent (secure domain isolation and quarantine) of customers do not have adequate security capabilities today—making security one of the fastest growing sales opportunities in the enterprise. The Core IO Model defines four optimization levels (basic, standardized, rationalized, and dynamic) for each of the capabilities described above. The characteristics of these optimization levels are as follows: Basic – The basic IT infrastructure is characterized by manual, localized processes; minimal central control; and non-existent or un-enforced IT policies and standards regarding security, backup, image management and deployment, compliance, and other common IT standards. There is a general lack of knowledge regarding the details of the infrastructure that is currently in place or which tactics will have the greatest impact to improve upon it. The overall health of applications and services is unknown because there is a lack of tools and resources. There is no vehicle for sharing accumulated knowledge across IT. Customers with basic infrastructures find their environments extremely hard to control, have very high desktop and server management costs, are generally very reactive to security threats, and have very little positive impact on the ability of the business to benefit from IT. Generally all patches, software deployments, and services are provided high touch and high cost. Standardized – The standardized infrastructure introduces controls through the use of standards and policies to manage desktops, mobile devices, and servers and how machines are introduced to the network. They now use the Microsoft Active Directory® directory service to manage resources, security policies, and access control. Customers in a standardized state have realized the value of basic standards and some policies yet are still quite reactive. Generally all patches, software deployments, and desktop services are provided through medium touch with medium to high cost. However, these customers have a reasonable inventory of hardware and software and are beginning to manage licenses. Security measures are improved with a locked down perimeter, though internal security may still be a risk. Rationalized – The rationalized infrastructure is where the costs involved in managing desktops and servers are at their lowest and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. Security is very proactive and responding to threats and challenges is rapid and controlled. The use of zero-touch deployment helps minimize cost, the time to deploy, and technical challenges. The number of images is minimal and the process for managing desktops is very low touch. These customers have a clear inventory of hardware and software and only purchase those licenses and computers that they need. Security is extremely proactive with strict policies and control from the desktop to server to firewall to extranet. Dynamic – Customers with a dynamic infrastructure are fully aware of the strategic value that their infrastructure provides in helping them run their business efficiently and staying ahead of competitors. Costs are fully controlled; there is integration between users and data, desktops, and servers; collaboration between users and departments is pervasive; and mobile users have nearly on-site levels of service and capabilities regardless of location. Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to the business needs. Additional investments in technology yield specific, rapid, measurable benefits for the business. The use of self-provisioning software and quarantine-like systems for ensuring patch management and compliance with established security policies allows the dynamic organization to automate processes, thus helping improve reliability, lower costs, and increase service levels
Dynamic Systems Initiative A dynamic system is Microsoft’s vision for what an agile business looks like—where IT works closely with business in order to meet the demands of a rapidly changing and adaptable environment. The Dynamic Systems Initiative (DSI) is Microsoft’s technology strategy for products and solutions that help businesses enhance the dynamic capability of its people, process, and IT infrastructure using technology. People For the CIO, it’s a journey. If you run your shop well, earn your stripes, then you get a seat at the table with the CEO. This is where IT drives business growth. You have to start somewhere—so start with us and our vision to enable infrastructure for the people-ready business: Dynamic Systems Initiative. We will help you get your IT shop fit, keep it fit, and give you the platform to innovate. Process Using the IT life cyle, DSI provides the process guidance that businesses need to be successful in the journey towards the dynamic system. Through a continuous cycle of process improvement, design processes are dedicated to planning and implementing enhancements to the IT environment. By reducing incompatible or conflicting changes and streamlining release efforts, deployment processes help businesses manage changes to their IT infrastructure. By protecting IT infrastructure assets, operating processes provide ongoing maintenance, monitoring and control. And through the resolution of user and system-generated issues, processes and practices required to fully support efficient use of an IT infrastructure are instituted. Technology Microsoft’s blueprint for the Dynamic Systems Initiative has three parts: virtualized infrastructure, design for operations, and knowledge-driven management. Virtualized Infrastructure With infrastructure virtualization, businesses will attain greater flexibility and agility with the ability to draw upon resources, as needed, from a virtual service pool. Server consolidations, rapid provisioning, and live migrations will reduce incremental costs while providing a level of business readiness and scalability unattainable within a purely physical infrastructure. Design for Operations With design for operations, businesses will improve knowledge-sharing between application architects, IT managers, and information workers by embedding information about system structure, constraints, policies, and best practices in the IT infrastructure itself though the use of common software models. Knowledge-driven Management With knowledge-driven management, businesses will create systems that abide by best practices and maintain Service Level Agreements, detecting potential problems, self-diagnosing, and ultimately, self-healing. By comparing the actual state of systems to their desired states as defined in models, systems will automatically detect inconsistencies before they become problems, minimizing manual monitoring efforts, and preventing unnecessary downtime.
Microsoft’s System Center An animated slide that depicts the ‘ecosystem’. First focus is on the ‘disciplines’ or areas of IT management that System Center covers. Note, for simplicity sake, not all disciplines are covered. Second, the System Center products are mapped to the ‘disciplines’. Third, the Microsoft platforms and technologies. Fourth, the Microsoft applications – remember System Center is best for windows. Fifth, leading business applications that we cover. Finally, added platforms – our heterogeneous capabilities that the portfolio affords via technology (SML, WS Management) or via ISV or OEM partner solutiions.
System Center Virtual Machine Manager Microsoft System Center Virtual Machine Manager is the latest addition to the System Center family of management products and provides centralized management of Windows Virtual Machine infrastructure. Virtual Machine Manager enables increased physical server utilization, centralized management of virtual infrastructure and rapid provisioning of new virtual machines by the administrator and end users. Microsoft System Center Virtual Machine Manager is an enterprise management application for a virtualized data center. It enables increased physical server utilization, centralized management of virtual machine infrastructure and rapid provisioning of new virtual machines by the administrator and users. Virtual Machine Manager is fully integrated with the System Center product family. Resource Optimization Virtual Machine Manager delivers simple and complete support for consolidating physical hardware on virtual infrastructure and optimizing utilization. Rapid Provisioning and Agility Virtual Machine Manager provides rapid provisioning of virtual machines from physical machines, templates in the image library, or by users.
System Center Investments Slide depicts Microsoft's strong commitment to IT management. A strong technology base, a well thought out portfolio of offerings, based on well accepted industry practices. At base is technology elements being created by the System Center team, or leveraged from other parts of the Windows software stack. Surrounding circles represent the ITIL/MOF based orientation of product offerings available today , or soon to be available.
System Center Road Map Note: This is a public roadmap. For the most current release information please visit http://systemcenterweb
Notebooks with Intel ® Centrino ® with vPro™ technology and desktops with Intel ® Core™2 processor with vPro™ technology deliver unique, hardware-assisted technologies that help enable a revolutionary computing experience second to none. Discover. With built-in manageability, IT can discover assets even while PCs are powered-off. Diagnose. Providing out-of-band management capabilities, IT can remotely isolate and recover systems reducing downtime. Verify. Hardware-based agent presence checking proactively detects that software agents are running while missing agents are automatically detected and alerts are sent to the management console. Isolate. Proactively blocking incoming threats, these PCs contain infected clients before they impact the network while alerting IT when critical software agents are removed. Update. Help keep software and virus protection up-to-date with enabled third-party software to store version numbers or policy data in non-volatile memory for off-hours retrieval or updates.
Intel ® vPro™ technology is a platform brand enabling business-class PCs with new capabilities to help address the needs and requirements faced by business today. Intel ® vPro™ technology comprises a processor, chipset, networking, and other components working together to enable enhanced remote management capabilities for PCs. With Intel ® vPro™ technology, IT personnel can use a third-party manageability and/or security software controller (e.g., Microsoft ® SMS, Altiris*, LANDesk…) to collect inventory information, remotely diagnose problems, and provide many types of service remotely even to PCs that are turned off or have an inoperable OS. Administrators can also better protect individual PCs and the network from threats. Intel ® vPro™ technology makes use of a small manageability engine and persistent nonvolatile flash memory at the chipset level, where critical system information can be safely stored, plus a remote communication channel that is always available to authorized IT personnel. As long as the PC is plugged into a power source and connected to the network, administrators can access the computer and collect information, even if the computer is powered down, reconfigured, or inoperative.
As part of SCCM 2007 SP1, Microsoft has included native support for several of the core vPro Out of Band Management use cases. Security-based management: Through the use of public key infrastructure (PKI), SCCM 2007 SP1 allows for remote provisioning and out of band management communication through Kerberos authentication and Transport Layer Security (TLS) Channels. Activities are also recorded and auditable to ensure traceability and compliance. AMT Provisioning: SCCM SP1 provides native provisioning capabilities for vPro Base clients through both bare metal (agent-less) and Configuration Manager 2007 SP1 client (agent based). Inventory Data: SCCM 2007 SP1, through the use of core vPro capability, provides enhanced support for hardware base inventory. Inventory data such as BIOS UUID, power states, memory, process, hard drive information, etc that can all be retrieved out of band and independent of power state. Power Control: SCCM 2007 SP1 enables you to perform both in and out of band power controls for vPro Clients such as power on, power off, and restart capabilities for a single computer or a selection of vPro clients in the collection. Out of Band Manager Console: Within SCCM 2007 SP1, you are able to interaction directly with each vPro client and invoke AMT use cases through the Out of Band Manager Console. This capability allows you leverage additional power control options including the use of Serial over LAN (SOL), IDE Redirect (IDER), and detail vPro Audit / Event logs. SOL allows you to perform terminal emulation to the vPro client and perform character-based commands and/or interact with the systems BIOS. IDER enables you to boot from a remote or local image to take advantage of alternate boot environment or diagnosing / repair tools.
Through a more secure, out-of-band management channel, Intel ® vPro technology and Intel ® AMT deliver the following core features: On demand and scheduled remote power on/off/restart IDE redirection to remote device or boot media Redirection of console for remote interaction with BIOS/boot up screens On demand, anytime access to BIOS information, hardware inventory and system power state Persistent UUID with both Intel ® AMT and system BIOS
Results from the Pilot show that based on current processes, automated software upgrades were successful on average 81% of the time. Based on the capabilities enabled by Intel ® vPro™ technology companies felt automated software upgrades would be successful 98% of the time, representing a 21% improvement. In addition, with current processes, performing an upgrade on an installed base of 5000 PCs would take days or weeks. Customers who participated in the pilot believed deploying the same upgrade or patch to an equivalent number of PCs could be accomplished in a matter of hours. Generally, all participants thought the ability to securely power up a PC and apply software patches and upgrades during off hours would improve the success rate for deployments. People will not be around to &quot;defer&quot; updates nor will they see system slow down because of patching during work hours. The ability to patch more machines for the same effort and have better success on patching is an important feature, and has a measurable benefit. One customer estimated that PCs requiring a desk-side visit to deploy a patch or upgrade would drop from approximately 10% down to 2%.
Objective: Explain the reseller values to selling and supporting the solution. There is a huge amount of growth and opportunity available to you. Because this solution allows Enterprise IT departments to manage their entire network, you can sell other products and services. In the future, Microsoft and Intel will continue to expand the integration of their products.
“ Garanti Teknoloji-Garanti Bankasi en son masaustu bilgisayar alim projelerinde vPro sistemlerini inceledi iAMT, VT gibi teknolojilerin getirdigi faydalari ve katma degerleri gorerek secimini vPro platformundan yana kullandi ve bundan sonrasinda da prensip olarak vPro platformlari ile gitme kararini aldi.”
System Center ile Yönetim Mümin ÇİÇEK / MCT [email_address] ÇözümPark
Altyapı Optimizasyon Modeli İş Yaratıcı Merkez ~70% ~28% ~2% Masraf Merkezi Verimli Masraf Merkezi <1% Stratejik Varlık Koordine olmayan , otomasyona geçmemiş altyapı Belirli otomasyon araçları ile yönetilen altyapı Yönetilebilen ve birleştirilmiş altyapı Tümüyle otomatik yönetim, dinamik kaynak kullanımı Temel Standart Verimli Dinamik
D i nami k S istem Girişimi Her Katmanda : işletim sistemleri , uygulamalar Bilgiyi modelleyerek edinin ITIL- temelli Süreç ve Bilgiler V irtualized Infrastructure D esign for Operations K nowledge-driven Management Bilgi Odaklı Yönetim Operasyon Odaklı Tasarım Sanallaştırılmış Altyapı WS- Management
Windows Servis leri : Active Directory, MS.NET, Virtualization, Powershell Microsoft Windows Platform u Depolama Yönetimi Servis Yönetimi Konfigürasyon ve Sürüm Yönetimi Olay ve Performan s Yönetimi Diğer Platformlar: Linux, UNIX, CISCO, F5, Intel, AMD Business Applications Windows Uygulamaları
BT Sistemleri Konfigürasyon Yaşam Döngüsü Yazılım Dağıtımı İşletim Sistemi Dağıtımı Envanter Yönetimi Lisans Yönetimi Uzaktan Kontrol Yazılım Güncelleştirmeleri Konfigürasyon Yönetimi
OS Dağıtım Mimarisi DP MP SCCM 2007 İstemci Admin OS İmajını ve Boot imajını hazırlar ve DP ’e kopyalar . Admin Görev Sıralaması oluşturur ve bunu istemcilere bildirir İstemci MP’den Görev Sıralamasını alır ve çalıştırır İstemci Görev Sıralayıcısında tanımlanan boot ve OS imajını alır İstemci Görev Sıralayıcısı çalıştırılırken durum bilgisi gönderir
İstenen Konfigürasyon Yönetimi Configuration Packs ConfigMgr Yönetici Konsolu ConfigMgr S unucusu Windows Server 2003 CI İş Uygulaması CI Antivirus Yazılımı CI ConfigMgr Veri Tabanı Configuration Manager İstemcisi Yönetilen İstemci WMI XML Registry IIS MSI 1 Oluşturulan Konfigürasyon Öğeleri İmport Edilen Konfigürasyon Öğeleri 3 Konfigürasyon Referans Noktaları Konfigürasyon Referans Noktası Makine gruplarına uygulanır 4 DCM CI’ları keşfeder ve kurallara göre doğrular ConfigMgr Veritabanına Uyumluluk durumu aktarılır Script SQL Software Updates File Active Directory Uyumluluk Durumu Tabloları İş Uygulaması Sunucusu Konfigürasyonu Referans Noktası 2 5 6
Ayar Yönetimi – Şifre Politikası Yönetimi , Güvenlik Politikası Yönetimi
OTA (over the air) Cihaz Yönetimi
Internet Tabanlı Yönetim
Fallback Status Point
Otomatik istemci dağıtımı
OTA istemci yükseltimi
NAP ve S CCM Birlikte Nasıl Çalışıyor IAS Sunucusu İstemci Ağ Erişimi Cihazı (DHCP, VPN) SCCM 2007 Sunucusu SCCM 2007 Sunucusu Erişim yetkisi alabilir miyim . Bu istemci kısıtlanmalı mıdır? Bu istemci güncel mi? İstemci güncel değil. Yama geçmesi gerekir Yamalarınız yükleninceye kadar erişiminiz engellendi. Yama paketi isteniyor Yama paketi veriliyor Yamalar yüklendi, erişim isteniyor İstemciyi karantinaya al ve yamaları geçmesini iste Kurumsal Ağ Kısıtlanmış Ağ İstemci politikalara uygun Erişim verildi . İstemcinin tüm Intranet’e erişimi sağlandı .
Zaman Çizelgesi Güncelleme Adımları Yayınlama Test Güncelleme Yetkilendirme Son Dağıtım Tarihi NAP Uyumluluk Politikasının Belirlenmesi NAP Yasaklama İstemciyi sınırlama ve iyileştirme X Deployments in Progress NAP Adımları
Windows Uygulamaları ve Dosya Sunucuları için Kesintisiz Veri Koruması
Kaset yerine diskten güvenilir ve hızlı geri dönüş
Farklı büyüklükte kurumlar için gelişmiş yedekleme teknolojisi
System Center Data Protection Manager Entegre Disk ve Kaset Her 15 dakikada bir DPM 2007 Çevrimiçi Görüntü Disk Tabanlı Geri Dönüş Çevrimdışı Kaset Kaset Tabanlı Arşiv Active Directory® Sistem Durumu Windows Server 2003 Windows Server 2008 paylaştırılmış dosyalar ve dizinler Windows XP Windows Vista
Microsoft ve Sanallaştırma Sunucu Sanallaştırma Uygulama Sanallaştırma Masaüstü Sanallaştırma Görsel Sanallaştırma
Processor CPU + Energy Efficient Performance w/ Dual core and Quad Core HW-enabled virtualization Intel® Virtualization Technology Intel® Trusted Execution Technology What is Intel ® vPro™ Technology? 1 Intel® Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network hardware and software, as well as connection with a power source and a corporate network connection. With regard to notebooks, Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. For more information, see http://www.intel.com/technology/manage/iamt. Chipset Network
Energy Efficient Performance
Intel ® Core™2 Duo processor
Intel ® Core™2 Quad processor (desktops)
Intel ® Virtualization Technology
Intel ® Trusted Execution Technology
Security and Manageability
Manageability Engine 1
Intel ® Active Management Technology 1
Independent Network Access
Intel ® Active Management Technology 1
Key Benchmarks unintended PC downtime due to software issues¹ success rate of automatic PC inventories¹ Up to in software related desk-side visits¹ reduction 91 Up to Up to improved 16 % less 83 % % 1 Results shown are from the 2007 EDS Case Studies with Intel® vPro™ Technology, by LeGrand and Salamasick, 3rd party audit commissioned by Intel, of various enterprise IT environments. The studies compare test environments of Intel® vPro™ Technology equipped PCs vs non-Intel® vPro™ Technology environments. Tested PCs were in multiple OS and power states to mirror a typical working environment. Actual results may vary. The study is available at www.intel.com/vpro and www.eds.com in patch deployment time 1 Up to improved 85 % energy consumed 1 Up to less 66 %
Native Support for Intel ® vPro™ Technology Out-of-Band Management
On-demand and scheduled remote power on/off/restart
IDE redirection to remote device or boot media
Redirection of console for remote interaction with BIOS/boot-up screens
On-demand, anytime access to BIOS information, hardware inventory, and system power state
Intel ® vPro™ technology
Provides integrated graphics support for Windows ® Aero
No separate graphics card needed
Microsoft SCCM 2007 SP1 ve İntel Vpro Teknolojisi
Expedites Software Upgrades and Patch Deployment 1 According to “Case Studies with Intel vPro Processor Technology: http://www.intel.com/business/casestudies/intel_case_studies.pdf Metric Average with Current process 1 Average With Intel® vPro™ Technology 1 Average time to update a typical software application for 5000 PCs 253 hours 11.65 hours Success rate for automated software application upgrades 80% 97%
PCs Based on Intel ® vPro™ Technology OEM Form Factor PC Model Chipset More Info Dell Desktop Tower Optiplex 745c Intel ® Q965 (CH8DO) • Pre-provisioning is available for desktops and notebooks. See Custom Factory Integration. SFF Optiplex 755 Intel ® Q35 (CH9DO) DT Optiplex 755 Intel ® Q965 (CH9DO) USFF Optiplex 755 Intel ® Q965 (CH9DO) Notebook Full Size Optiplex 755 Intel ® Q965 (CH9BDO) Latitude 630c Intel ® GM965 Express FSC Desktop Tower ESPRIMO P5925 IQ35 IQ35 vPRO www.fujitsu-siemens.com • Pre-provisioning is available for desktops and notebooks. • Available in the Europe/Middle East/Africa (EMEA) region. SFF ESPRIMO E5925 IQ35 IQ35 vPRO Notebook Workstation CELSIUS H250 Intel ® GM965 Express Full Size LIFEBOOK E8410 Intel ® GM965 or PM965 HP Desktop Tower HP/Compaq dc7700p Intel ® Q965 Express • Pre-provisioning is available for desktops. See HP Factory Express. HP/Compaq dc7800p Intel ® Q 35 Express SFF HP/Compaq dc7700p Intel ® Q965 Express HP/Compaq dc7800p Intel ® Q 35 Express USDT HP/Compaq dc7700p Intel ® GM965 Express HP/Compaq dc7800p Intel ® Q 35 Express
PCs Based on Intel ® vPro™ Technology OEM Form Factor PC Model Chipset More Info HP Notebook Thin/Light HP/Compaq 2510p HP/Compaq 2710p Mobile Intel® GM965 • Pre-provisioning is not yet available for notebooks. • For notebooks, Centrino Pro technology is optional in North America. When you order, verfity that you are getting vPro. Mainstream HP/Compaq 6910p Mobile Intel® GM965 Mobile Intel® PM965 Performance HP/Compaq 8510p, HP/Compaq 8510w, HP/Compaq 8710, HP//Compaq 870w Mobile Intel® PM965 Lenovo Desktop Tower ThinkCentre M57p Intel® Q35 Express www.thinkvpro.com • Pre-provisioning is available for desktops and notebooks • ThinkCentre M55p is ready for USB provisioning • ThinkCentre M57p is ready for remote configuration or USB provisioning. • vPro-capable systems are equipped with Intel® 4965 wireless. SFF ThinkCentre M55p Intel®Q965 ThinkCentre M57p Intel® Q35 Express Desktop ThinkCentre M57p Intel® Q35 Express USFF ThinkCentre M57p Intel® Q35 Express Notebook Thin/Light X61, X61S Mobile Intel® GM965 Express Full Size T61,T61P Intel® PM965 Express Tablet X61 Intel® GM965 LG Notebook Full Size R500 Intel® PM965 Express • Available in Korea only. Samsung Desktop Tower Magic Station DB-P70 Intel® Q35 Express • Available in Korea only. Magic Station DB-P70 Intel® Q35 Express • Available in Korea only. Notebook Full Size SENS P55 Intel® PM965 Express • Available in EMEA and PRC.
30 million Intel ® vPro™ technology PCs ship this year
25% of Microsoft ® SMS install base already moving to Microsoft ® SCCM
Microsoft ® System Center market share is growing at 13.2% versus 7.5% industry average
Microsoft: 4 th largest system management vendor and growing!
Money in your pocket!
“ Garanti Teknoloji-Garanti Bankası en son masaüstü bilgisayar alım projelerinde vPro sistemlerini inceledi; iAMT, VT gibi teknolojilerin getirdiği faydaları ve katma değerleri görerek seçimini vPro platformundan yana kullandı ve bundan sonrasında da prensip olarak vPro platformları ile gitme kararını aldı.”
Mümin ÇİÇEK Microsoft Certificate Professional (MCP) on W2K Microsoft Certified Systems Administrator (MCSA) on W2K & W2K3 Microsoft Certified Systems Engineer (MCSE) on W2K & W2K3 Microsoft Certified Trainer (MCT) (2004/2005/2006/2007/2008) Microsoft Certified Technology Specialist (MCTS) : Windows Vista Configuration Microsoft Certified Technology Specialist (MCTS) : Exchange Server 2007 Configuration MCTS : Windows Server 2008 Active Directory : Configuration MCTS : Windows Server 2008 Network Infrastructure : Configuration MCTS : Windows Server 2008 Application Infrastructure : Configuration Microsoft Certified IT Professional : Enterprise Administrator (Windows Server 2008) Microsoft Certified IT Professional : Server Administrator (Windows Server 2008) Çalıştığı Kurum : Akademinet Bursa Gold Certified Partner Learning Solutions Görevi : Sistem & Netowk Eğitmeni (MCT) / Proje Sorumlusu ÇözümPark : Yönetici ve Yazar Sertifika Bilgilerim