CINFINITY

  Branch Office Infrastructure
Identifying and Resolving The Real Problems

                   Aidan Finn
     ...
ABOUT ME
• Working in IT since 1996: consulting,
  contracting and administration
• Worked in large infrastructures, e.g.
...
ABOUT C INFINITY
• In operation for 2 years
• Provides professional outsourcing services
• Data security services:
       ...
AGENDA
• Why is branch office infrastructure difficult
  and expensive?
• Identifying the real enemies
• Resolving the iss...
SOME QUICK QUESTIONS

• How many CD’s for Windows Server 2003 R2?
       a)   1
       b)   2
       c)   3
       d)   4
...
BEFORE YOU ATTACK A PROBLEM

Tsun Tzu, The Art Of War:

“If you know your enemy and know yourself, you
   need not fear th...
BOI DIFFICULTIES

• Servers in every office
• Sharing information is slow
• Security is not sufficient
• Administrator tim...
BOI AMBITIONS

•   Reduce server numbers and complexity
•   Use server skills in central offices
•   Provide collaboration...
ENEMY #1

Q) Users in a branch office complain about slow
  cross-WAN application performance. What do
  you? What do you ...
REVEALING ENEMY #1
NETWORK LATENCY




       Give Me Data

           Ack
LATENCY VS BANDWIDTH

• Adding bandwidth:
       – Does not change the laws of physics. A packet still
         takes the ...
NEXT GENERATION TCP

• Introduced with Windows Vista and Windows
  Server 2008
        –   Compound TCP: Fewer ACK’s
     ...
LATENCY STILL LIMITS US

• Next Generation TCP and SMBv2 improve things
• 100% server centralisation still not possible
• ...
REAL ENEMY #2
COMPLEXITY

• There are servers in every office. Costs:
          –   Administrative
          –   Licensing
          –  ...
SERVER CONSOLIDATION

Use fewer physical servers:
• Does not mean install more applications on one
  installation
• Use x6...
SERVER CENTRALISATION

Have fewer servers in the Branch Office:
• Deploy servers in HQ and regional head
  quarters
• Plac...
CENTRALISATION IS NOT FOR ALL

•   Not always possible
•   Regulators
•   Data Protection
•   Local law enforcement, e.g. ...
BRANCH OFFICE SERVERS

• Branch office virtualisation
• Manage using System Center
        –   Ops Mgr for health and perf...
BRANCH OFFICE BUDGET APPROACH

• DFS Namespace and DFS Replication to
  replicate file shares for centralised backup
• WSU...
BRANCH OFFICE VIA OUTSOURCING

• MS Business Productivity Online Suite (BPOS)
        –   Exchange
        –   SharePoint
...
COLLABORATION

•   Data is scattered all over the WAN
•   Access control is complicated
•   Backup is a nightmare
•   User...
CENTRALISE DATA

• Centralised servers and optimal TCP enable
  this
• Use fewer, but higher spec SQL servers
• Use fewer ...
SHAREPOINT

• Use centralised and/or regional SharePoint
  farms
• Scalable collaboration solution
• Document control, wor...
ACCESSING CENTRALISED DATA

• WAN latency solutions
• Use web based architectures
• This presents an opportunity to simpli...
TERMINAL SERVICES

• All applications and data in fewer data centres
• RDP client, web interface, application
  publishing...
TERMINAL SERVICES COMPLEXITY

• Terminal Services relies on compatible
  applications – See App-V (requires SA)
• Simple H...
VIRTUAL DESKTOP INFRASTRUCTURE

• VDI
• Run desktop OS in a virtual machine in the data
  centre
• User client connects to...
PC’S

• Make use of what you have: Active Directory –
  OU’s, Group Policy and delegation
• Have you deployed Terminal Ser...
SECURITY

• All IT security starts at the front door
        – Who has the most access in your building?
        – Is it e...
DIRECTORS AND ADMINISTRATORS

They always want security exemptions:
• Have the most access to sensitive data
• Should have...
ACTIVE DIRECTORY DESIGN

• A domain is not a security boundary –
  contrary to Windows 2000 AD training.
• If you cannot t...
LAPTOPS

• Sometimes feels like no one has heard about
  device encryption and Data Protection
        – Software Assuranc...
ADMINISTRATORS

• Too many people doing the same job
        – Look at AD design and delegation model

• The wrong people ...
USE WHAT YOU HAVE

You already have them so use them:
• Active Directory – OU’s, Group Policy and
  delegation
• Folder re...
PRINTERS

• I hate printers and I think I’m not alone
• Too many helpdesk calls
• Standardise your brands and models
     ...
REMOVE IT FROM THE EQUATION

• Allow users to help themselves
• Self-Service:
        –   OS deployment using WDS / Config...
OPTIMISED INFRASTRUCTURE

Build automation into the network:
• Configuration Manager: build, deploy
  software to, patch a...
CHANGE BUSINESS OPINION OF IT

• Reduce costs and complexity with
  centralisation and virtualisation
• Increase collabora...
BEFORE YOU PLAN ANYTHING

• Win management support by working with
  them
• Gather business requirements – don’t build
  s...
WHAT ARE MICROSOFT DOING?

• Windows Server 2008 R2 – successor to
  Windows Server 2008
• Windows 7 – successor to Window...
THE FINAL ENEMY
COMPANY POLITICS

• Prepare to challenge “fiefdoms” on your network
• All sense of reason and logic out the window
• Use f...
... HERE
THANK YOU

• This is where I hand over to the lads ...
CINFINITY
The experts in data protection and infrastructure hosting services


Aidan Finn
afinn@cinfinity.ie
http://www.ci...
Upcoming SlideShare
Loading in...5
×

Branch Office Infrastructure

2,493

Published on

This presentation discusses the problems faced with managing a branch office infrastructure. It looks at current technologies for resolving these issues and gives a quick introduction of what to expect in the near future with Windows 7 and Windows Server 2008 R2.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,493
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Branch Office Infrastructure

  1. 1. CINFINITY Branch Office Infrastructure Identifying and Resolving The Real Problems Aidan Finn MCSE, MVP Systems and Infrastructure Manager afinn@cinfinity.ie http://www.cinfinity.ie
  2. 2. ABOUT ME • Working in IT since 1996: consulting, contracting and administration • Worked in large infrastructures, e.g. government, finance and transport • MCSE, MVP and leader of Windows User Group • Systems and Infrastructure Manager at C Infinity
  3. 3. ABOUT C INFINITY • In operation for 2 years • Provides professional outsourcing services • Data security services: – Secure online backup – Laptop and USB device encryption • Managed server hosting: – Using the best data centre in Ireland (Data Electronics) – Enterprise class equipment and support – Enterprise class management and services
  4. 4. AGENDA • Why is branch office infrastructure difficult and expensive? • Identifying the real enemies • Resolving the issues using current technologies • What is possible with Windows 7 Enterprise and Windows Server 2008 R2? • The SOHO
  5. 5. SOME QUICK QUESTIONS • How many CD’s for Windows Server 2003 R2? a) 1 b) 2 c) 3 d) 4 • What are some of the features added in Windows Server 2003 R2?
  6. 6. BEFORE YOU ATTACK A PROBLEM Tsun Tzu, The Art Of War: “If you know your enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.quot;
  7. 7. BOI DIFFICULTIES • Servers in every office • Sharing information is slow • Security is not sufficient • Administrator time is wasted • IT is seen as a non-contributing cost centre that delays business • Politics
  8. 8. BOI AMBITIONS • Reduce server numbers and complexity • Use server skills in central offices • Provide collaboration systems that work • Increase security • Change the business view of IT • Politics: I’ll come to that later
  9. 9. ENEMY #1 Q) Users in a branch office complain about slow cross-WAN application performance. What do you? What do you do? A) We throw more bandwidth at it. WRONG!
  10. 10. REVEALING ENEMY #1
  11. 11. NETWORK LATENCY Give Me Data Ack
  12. 12. LATENCY VS BANDWIDTH • Adding bandwidth: – Does not change the laws of physics. A packet still takes the same time to transmit between A and B – Only allows more people to have the same bad performance. • Removing latency: – Bypasses the effect of physics on interactive applications. – Doesn’t reduce bandwidth requirements.
  13. 13. NEXT GENERATION TCP • Introduced with Windows Vista and Windows Server 2008 – Compound TCP: Fewer ACK’s – Auto Scaling Receive Side Window: Larger data packets – GPO Controlled QoS: Manage bandwidth usage – SMBv2 – Explorer metadata cached • Continues with Windows 7 and Windows Server 2008 R2 • Updated independent study by the Tolly Group with lots of metric comparisons: http://tinyurl.com/ddrqdx • See chapter in Mastering Windows Server 2008: Essential Technologies
  14. 14. LATENCY STILL LIMITS US • Next Generation TCP and SMBv2 improve things • 100% server centralisation still not possible • Hardware solutions: – Riverbed Steelhead – Citrix WanScaler • Block level optimisation of TCP traffic • Expensive • Scalable • They work: e.g. UK Royal Navy command system
  15. 15. REAL ENEMY #2
  16. 16. COMPLEXITY • There are servers in every office. Costs: – Administrative – Licensing – Hardware – Networking – Power – Maintenance • Backups are not easy – are they being done? • Applications of all kinds • Licensing is a nightmare • Uncontrolled and unaudited security
  17. 17. SERVER CONSOLIDATION Use fewer physical servers: • Does not mean install more applications on one installation • Use x64 and more RAM for greater loads, e.g. Exchange 2007 and IIS7 • Use virtualisation, e.g. Hyper-V, to deploy fewer physical machines • Control VM mushrooming using VMM 2008 • Reduced power, hardware, maintenance, racking costs
  18. 18. SERVER CENTRALISATION Have fewer servers in the Branch Office: • Deploy servers in HQ and regional head quarters • Place servers near expertise • Reduce the risk of physical attack • More reliable backup and recovery • Reduced DR site costs and complexity • Easier for users to share data
  19. 19. CENTRALISATION IS NOT FOR ALL • Not always possible • Regulators • Data Protection • Local law enforcement, e.g. Italy
  20. 20. BRANCH OFFICE SERVERS • Branch office virtualisation • Manage using System Center – Ops Mgr for health and performance – DPM for centralised backup – ConfigMgr for configuration, patching and audit – VMM for virtualisation • Lack of Physical Security: Read Only Domain Controllers / BitLocker* • Look at branch office blade servers, e.g. IBM Blade Centre S* or HP C7000
  21. 21. BRANCH OFFICE BUDGET APPROACH • DFS Namespace and DFS Replication to replicate file shares for centralised backup • WSUS for patching • Consider the System Center Enterprise CAL (4 for the price of 2) for System Center
  22. 22. BRANCH OFFICE VIA OUTSOURCING • MS Business Productivity Online Suite (BPOS) – Exchange – SharePoint – Microsoft Live Meeting – Microsoft Communications Server – Integrate with WAN Active Directory for centralised management • Managed Server Hosting – Use existing local expertise for a “pay as you go” approach – Find one that offers services, not “tin” • Secure Online Backup – Don’t rely on the receptionist to change tapes and send them offsite – Seek regulatory compliance and scalability (storage and recovery)
  23. 23. COLLABORATION • Data is scattered all over the WAN • Access control is complicated • Backup is a nightmare • Users can’t find data • Email becomes the real sharing tool – Slow – Many versions – Information is lost • Business becomes inefficient
  24. 24. CENTRALISE DATA • Centralised servers and optimal TCP enable this • Use fewer, but higher spec SQL servers • Use fewer file servers • Centralise application servers • Consider SaaS and Cloud Computing: – The future is now! – Remove the need for unwanted servers on your network • Use SharePoint
  25. 25. SHAREPOINT • Use centralised and/or regional SharePoint farms • Scalable collaboration solution • Document control, workflow, basic applications, surveys, blogs, RSS, wiki, Exchange integration, shared contacts, digital form libraries, etc • Browser based and WAN friendly
  26. 26. ACCESSING CENTRALISED DATA • WAN latency solutions • Use web based architectures • This presents an opportunity to simplify complexity at the desktop • Replace the PC with the terminal
  27. 27. TERMINAL SERVICES • All applications and data in fewer data centres • RDP client, web interface, application publishing, secure remote access (better than VPN) • Printing: Easy Print • Consider Citrix or similar for extended features • In some ways TS is simpler, some it’s more complex
  28. 28. TERMINAL SERVICES COMPLEXITY • Terminal Services relies on compatible applications – See App-V (requires SA) • Simple Helpdesk can require change control • Change can become slow • Much different client experience for users • Might be useful for some, but not all
  29. 29. VIRTUAL DESKTOP INFRASTRUCTURE • VDI • Run desktop OS in a virtual machine in the data centre • User client connects to desktop via broker • Dedicated or pooled VM’s • Required VECD licensing from MS • Currently VMware, Provision Networks and Citrix • Same boundaries as desktop OS • Consumes more resources than Terminal Services
  30. 30. PC’S • Make use of what you have: Active Directory – OU’s, Group Policy and delegation • Have you deployed Terminal Services or VDI? • Manage PC’s using Configuration Manager 2007: complete management • Otherwise use free WSUS and WDS • Look at free solutions, e.g. PSTools and MS Baseline Security Analyser • Software Assurance Microsoft Desktop Optimization Pack (MDOP)
  31. 31. SECURITY • All IT security starts at the front door – Who has the most access in your building? – Is it easier for me to walk in the door or get past your firewall? • Centralise as many servers/applications as possible – Less physical insecurities – Less logical insecurities • Employ BitLocker on vulnerable servers • Keep reliable and encrypted offsite backups • Use access auditing, e.g. OpsMgr 2007 ACS
  32. 32. DIRECTORS AND ADMINISTRATORS They always want security exemptions: • Have the most access to sensitive data • Should have the greatest security • Get exceptions for directors in writing from directors – Cover your a** – Make them think twice about the importance of this • Play hardball with political branches, e.g. Firewall and seperate forest.
  33. 33. ACTIVE DIRECTORY DESIGN • A domain is not a security boundary – contrary to Windows 2000 AD training. • If you cannot trust someone – put them in different forest.
  34. 34. LAPTOPS • Sometimes feels like no one has heard about device encryption and Data Protection – Software Assurance: BitLocker – 3rd Party: SafeBoot, Iron Mountain DataDefense • Road Warriors: look at secure online data backup, e.g. Iron Mountain Connected
  35. 35. ADMINISTRATORS • Too many people doing the same job – Look at AD design and delegation model • The wrong people doing the wrong job – Juniors managing servers or domain controllers • Centralisation – Allows the right people to manage servers – Refocus branch staff towards local services • Employ Optimised Infrastructure
  36. 36. USE WHAT YOU HAVE You already have them so use them: • Active Directory – OU’s, Group Policy and delegation • Folder redirection and offline files • On the file servers: Turn on Volume Shadow Copy and educate power users • WSUS: patch deployment • WDS: OS deployment • Free stuff: MDT, BDD, WAIK
  37. 37. PRINTERS • I hate printers and I think I’m not alone • Too many helpdesk calls • Standardise your brands and models – Use vendor’s management software • Print Management Console: – Deploy printers via Group Policy – Centrally monitor via console
  38. 38. REMOVE IT FROM THE EQUATION • Allow users to help themselves • Self-Service: – OS deployment using WDS / Configuration Manager 2007 – Software deployment using App-V – Replace operational backups with VSS – Sharing/Collaboration using SharePoint • Key is to do two types of training: – Pilot with power users – win them over – General training and document handover with users – reuse existing MS materials
  39. 39. OPTIMISED INFRASTRUCTURE Build automation into the network: • Configuration Manager: build, deploy software to, patch and audit PC’s and servers • Operations Manager: Manage health and security This stuff does work, e.g. • 3 people managing 170+ servers • 2-3 hours a day of maintenance
  40. 40. CHANGE BUSINESS OPINION OF IT • Reduce costs and complexity with centralisation and virtualisation • Increase collaboration by centralising data • Increase fault tolerance with centralised and reliable backups • Increase responsiveness to business with SharePoint, OS Deployment and App-V • You’ll see how future technologies add more
  41. 41. BEFORE YOU PLAN ANYTHING • Win management support by working with them • Gather business requirements – don’t build something that needs to be changed • Consult company lawyers – Local/International regulatory compliance – Employment law • Beware of the unions – You’d be surprised what will start a walkout!
  42. 42. WHAT ARE MICROSOFT DOING? • Windows Server 2008 R2 – successor to Windows Server 2008 • Windows 7 – successor to Windows Vista • Work better together: – Windows 7 Enterprise (SA Only)/Windows 7 Ultimate and Windows Server 2008 R2 offer remote computing and WAN optimisation – Federated Search – BranchCache – RemoteAccess – Remote Desktop Services – BitLocker To Go
  43. 43. THE FINAL ENEMY
  44. 44. COMPANY POLITICS • Prepare to challenge “fiefdoms” on your network • All sense of reason and logic out the window • Use financial arguments - technology does not win – A branch office with unskilled workers once wanted Domain Admin – I gave them a solution: firewalled network, their own forest, their own Internet link and firewalls, their own applications, systems management, etc – I won • Be ready for fighting “vertical battles” • If I had the solution, I would be ....
  45. 45. ... HERE
  46. 46. THANK YOU • This is where I hand over to the lads ...
  47. 47. CINFINITY The experts in data protection and infrastructure hosting services Aidan Finn afinn@cinfinity.ie http://www.cinfinity.ie My Blog: http://joeelway.spaces.live.com

×