A look at Live@edu<br />Chris Rothwell<br />chris.rothwell@microsoft.com<br />@crothwell<br />14th July 2010<br />
London Grid for Learning<br />“Amongst the 25,000 students we have been piloting the system with, we have enabled an incre...
Moving to the Cloud with Microsoft<br />
Transformational Era<br />Mainframe<br />PC<br />ClientServer<br />Web Services<br />Cloud<br />
New Tensions?<br />On Premise:<br /><ul><li>Cost
Device Access
Pupil Experience
Latest and greatest version?
Strategy vs maintenance</li></li></ul><li>Cloud Impact<br />REDUCED MANAGEMENT<br />NEW ECONOMICS<br />INCREASED PRODUCTIV...
New Tensions?<br />On Premise:<br /><ul><li>Cost
Device Access
Pupil Experience
Latest and greatest version?
Strategy vs maintenance</li></ul>The Cloud<br /><ul><li>Data
eSafety and Compliance
Exit Strategy
Management and Control</li></li></ul><li>Embracing the cloud<br />Consumer<br />Enterprise<br />Productivity<br />
Microsoft Live@edu<br />No cost e-mail and collaboration services, co-branded<br />IT Experience<br />Secure and reliable ...
Video</li></ul>Windows Live Groups<br />Windows Live Spaces<br />Exchange 2010<br /><ul><li>10-GB Mailbox
IM</li></ul>SkyDrive<br />25 GB of online storage <br />Private and Shared Folders<br />Office Web Apps<br />Self Managed<...
DemoLive@edu end-user features<br />
But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<...
IT Managed<br />EU Data Centre<br />
Industry Leading Datacenters<br />Enhanced built-in security<br />Delivering highly secure, private, and reliable computin...
9 layers data security
Secure access via SSL
Upcoming SlideShare
Loading in...5

Learning Gateway Conference: A look at live@edu


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • London Grid – RBC for schools across London – now have well over 100k students deployed on the service. They’ve been live on the service since the end of 2008.LGfL have deployed three services; StaffMail, LondonMail and SafeMail.StaffMail is what it sounds like – it’s for staff. LondonMail and SafeMail are both for students – the difference is that one is closed campus and one is open campus. At launch – SafeMail had a long waiting list of schools that wanted to deploy within a locked down environment.London Grid for Learning worked closely with some of the development teams to help inform some of the supervision policy capabilities that we now have within Outlook Live.
  • Slide Objective: Clearly define the core services that are part of the free Live@edu offer – email, storage, and collaboration services. Provide overview of the IT and end user experience. High level overview of business model – why are we doing this?Talking Points:Live@edu meets and supports your users where they already are – online. Live@edu starts with a school branded and managed Windows Live ID – providing access to both IT managed email services and self managed storage &amp; collaboration services. They have access to their “digital campus” – co-branded email, storage, as well as access to collaboration and productivity services:With Outlook Live, users can have a 10GB inbox, calendar, and contacts that they canaccess anywhere. Outlook Live interoperates with Live Messenger to enable users to keep in touch with friends and family using communication methods they want to use (e-mail or chat)With SkyDrive they have an additional 25 GB in online storage space to share documents among devices and with others.Office Live Workspace enables students and faculty to create their own sites to store, access, and share documents and files. Specifically designed to work with Microsoft Office applications, Office Live Workspace has room for more than 1000 files and enhances a student’s ability to work efficiently and collaborate with peers. For end users, they can sign on with a single identity to access these services, as well school services you choose to integrate with. These services will be co-branded with your school logo and colors to be consistent with your brand and school identity. Students also want to share information seamlessly between services – for example, viewing a fellow student’s calendar or starting a live chat from their Outlook Live account – Live @edu facilitates these seamless interactions. Live@edu also provides a great experience for the IT organization. Live@edu is secure and reliable…see talking points from previous slide and review here. However, on the occasion you need assistance, we provide 24x7 phone support for your IT staff. ADD BUSINESS MODEL TALKING POINTSAnd it must be going through your minds: Why is a profit making company like Microsoft doing this?Answer: Point out that software usage in college/school drives long term preferences for students. And we want to provide both brand awareness and brand value to students around Microsoft. Point out education is always the trend setter in adopting new delivery mechanisms and school plays a important role in helping solidify their partnership with Microsoft, as Microsoft becomes a software and services companyPoint that we totally expect schools to see the value in adopting our premium service offerings for a certain segment. For example, we see tremendous value in schools adopting Unified Messaging and OCS for long term cost savings for faculty and staff. Similarly, data archiving is a requirement for faculty and staff – we want to ensure that we provide such capabilities through our premium service while providing the essential service to your students.
  • Slide Objective: Establish Microsoft as a serious cloud services playerSlide Overview/Detailed Notes:One area that we are very conscious of is the importance of security and availability. We want to ensure that customer feel confident that we are protecting their data and the service is highly available. Our service runs on a set of datacenters that are managed by a centralized organization within Microsoft that are making major investments in datacenter spaces and capabilities. We deploy our service on the latest hardware and network equipments in a N+1 architecture to enable failover capabilities as well as saving your data in a separate geo-redundant location. We are regularly tested by a third party CyberTrust to ensure our infrastructure is secure against attacks. We follow ITIL/MOF in our operational processes and we are in the process of getting our SAS-70 audit to ensure we have strictest level of control. Above all, we will provide 24x7 IT Pro support and we have target 99.9% uptime which we have met over the last 6 months for Outlook Live.Physical security is but one part it. When you look, we ultimately need to make sure that since we are providing an internet based service, we are protecting customer’s data in a variety of ways. We look at this as multiple layers of protection. Microsoft is actually providing 9 layers of logical security for our customers and their service and data. Filtering Routers: these are implemented to protect against any traffic we do not see as well constructed. One of the great benefits of providing a focused service like BPOS is we actually set up the routers to protect against any form of malform data. We block at an aggregate at the edge. Firewalls are set up as deny all. Behind the firewalls we have an Intrusion Detection System. We have a very sophisticated correlation engine for any intrusion alert that we’re tracking 24 hours a day. Below the IDS, we have a level System Level Security. When you look, the service operations organization actually has broad based, dual factor authentication. This means each individual within a support and service operations team have either some sort of secure ID card or a RSH secure ID token that is coupled with their role. Each individual must have a user ID and password and must apply a pin with their secure ID token. Based on the role they have, we grant access per individuals to the service.  Application Authentication: when you get below the System Level Security, the customers actually have application level authentication. We have a very sophisticated mechanism by which we provide access to data. The structure of the service provides users access to only those capabilities they are designed to have. In the reseller model where a partner is actually providing the service to the customer, they have a level of application authentication that sits over top of that which the customers have. So we’re able to provide a very rich set of security protocols for our customers, as it relates to authentication to the different services.Microsoft, as most people know, has a good history as relates to security and trustworthy computing. Our services are actually designed to make sure that we apply those security methods not only to the software, but we also treat that software as a service. So when we do our threat walling and follow the Windows initiative, we’re thinking about our applications as if they are delivered through the Internet. We apply a significant level of counter measures, such as buffer overflows and SQL injection, we make sure that the applications we’re running are sandboxed so you can’t activate elevated levels of security or access a higher level of authentication when you’re actually doing work within our application. Virus Scanning is provided for multiple set of capabilities. We actually virus scan at all over our server levels, we have in place intrusion detection at the host and we’re scanning our content via Microsoft ForeFront.Then we have Separate Data Networks. When you look inside the data center, So what when we do our threat walling and follow the Windows initiative. These are implemented in a form that breaks it apart. For example, the data bases are on a separate sub net then from the actual content server or something that is an internet facing device.When you look, even though we are an internet facing service, very few devices have direct access to the internet. All of the servers are on some form of non-routable subnet space. Finally you are authenticated into the data. The data itself is never stored on the physical servers, we run separate data networks and the data is stored on dedicated storage devices. So when you look at the content, the content is actually being sent from dedicated storage devices, which allows us to provide significant levels of backup as well.
  • Structure choice and flexibility:Choices to make about:What domain you want to use? Do you want to have Shared Address Space? Sub Domains? Top-Level Domain (TLD)? Other domain of your choice (ourstudentemail.com)?How do you want to structure user names? Anonymously? First.last.enrollment?Do you want to migrate accounts? Just the accounts, or the mail as well?How do you want to administer the domains? Do you want a single tenancy with multiple accepted domains, or multiple tenancies.Provisioning Choices.
  • Slide Objective: Illustrate Live@edu’s ease of mgt with our mgt tool optionsTalking Points:We provide multiple ways to manage accounts, whether it be through web (manual), shell (programmatic or script) or through automated management agents (still not widely available but slated to come out this year). Available today, Live@edu has two management tools options for Outlook Live to help you provision and management your accounts with ease. These options provides different levels of capabilities around speed, programming required, and automation to provide options for each customer. Exchange Control PanelExchange Control Panel is a powerful web tool used to create, delete and modify user mailboxes, groups and external contacts. This tool is best fit for IT managers who don’t want any programming.Windows PowerShellWindows PowerShell is a command-line shell and scripting language you can use to manage your organization. This tool is the best fit for schools managing a larger user base (e.g., &lt;10K mailboxes) and do not want to pay for any software/management tools. GAL Sync 2010GAL Sync 2010 is a setup-once automated solution to provision accounts from your on premises system into Outlook Live. This tool is best fit for school managing a large user base and wanting limited ongoing maintenance updates for provisioning.More on GALSync. GALSync 2010 pulls user, contact, group, and dynamic distribution group data from your on premises Active Directory and replicates and synchronizes it with your Outlook Live domain Benefits of GALSync2010:GALSync2010 utilizes Microsoft Identity Lifecycle Manager (ILM) and allows you to “set it and forget it,” eliminating the hassles of manual directory synchronization. After GALSync 2010 pulls in the data, it creates, manages, and deletes accounts in Outlook Live, a process called &quot;auto-provisioning.&quot; In addition, GALSync 2010 populates the shared address book in the corresponding Outlook Live domain. Requirements:On-premises Active Directory   The user and group objects that you want to synchronize with Outlook Live will originate in your on-premises Active Directory.If you&apos;re running Exchange 2003 or later versions of Microsoft Exchange, you can use the native Exchange and Active Directory user management tools to auto-provision users. If you aren&apos;t running Active Directory on-premises, you can use components of the GALSync 2010 solution to automate address book synchronization and provisioning as part of your own customized solution. However, a customized solution isn&apos;t supported by GALSync2010 and requires expertise with ILM 2007.Identity Lifecycle Manager 2007 FP1    ILM is Microsoft&apos;s identity management software solution. To run ILM 2007 FP1, you may need to purchase the appropriate license.Windows Server 2008   for the installation of install ILM 2007 with the GALSync and auto-provisioning rule sets.Microsoft SQL Server   ILM 2007 FP1 requires Microsoft SQL Server to store and manage the replicated data. To run SQL Server, you have to purchase the appropriate license.
  • Statement of Auditing Standards 70Type I assesses the description of the controls we have in placeType II assesses whether they were working correctly when assessed.ISO 27001Information Security Management System standardSystematically assess information security risks, threats, vulnerabilities and impactDesign and implement a coherent suite of information security contolsAdopt an overarching management process to ensure that the information security controls continue to meet the requirments.The Compliance Framework pictured gives us a scalable approach to managing online security and compliance, including audit, certification and attestations. It smooths the workload for Microsoft, while giving a rigourous and managed approach that works for multiple services.Microsoft Online Services Security and Compliance (OSSC) Team are responsible for this areaPlan, Do, Check , Act
  • Delivery Reports interface
  • We want to emphasize that the R4 process is streamlined and improved evolution of the R3 process…
  • These are the common activities around managing the lifecycle of user identities. As any other identity it has it’s beginning and it’s endAccent on dual-nature of educational sector. Students AND faculty are generally stored in a deferent data-repositories. Roles can blur between student and faculty member and can reverse on several occasions.
  • Learning Gateway Conference: A look at live@edu

    1. 1. A look at Live@edu<br />Chris Rothwell<br />chris.rothwell@microsoft.com<br />@crothwell<br />14th July 2010<br />
    2. 2. London Grid for Learning<br />“Amongst the 25,000 students we have been piloting the system with, we have enabled an increase in teamwork across schools, which is extremely positive. And, practically speaking, using this service has helped schools make significant savings. We estimate the average secondary school could save around £18,000 a year using London Mail, so across the 2,500 schools in London, it’s a multi-million-pound reduction in costs”<br />Brian Durrant, CEO of London Grid for Learning<br />
    3. 3. Moving to the Cloud with Microsoft<br />
    4. 4. Transformational Era<br />Mainframe<br />PC<br />ClientServer<br />Web Services<br />Cloud<br />
    5. 5. New Tensions?<br />On Premise:<br /><ul><li>Cost
    6. 6. Device Access
    7. 7. Pupil Experience
    8. 8. Storage
    9. 9. Latest and greatest version?
    10. 10. Flexibility
    11. 11. Strategy vs maintenance</li></li></ul><li>Cloud Impact<br />REDUCED MANAGEMENT<br />NEW ECONOMICS<br />INCREASED PRODUCTIVITY<br />Pay for what you use<br />Lower and predictable costs<br />Shift from capital to operational cost<br />Accelerate speed of adoption<br />No patching, maintenance<br />Faster deployment<br />Robust multi-layered security<br />Reliability and fault-tolerance<br />Latest software for users<br />Internet collaboration <br />Anywhere access<br />Instant self-provisioning <br />
    12. 12. New Tensions?<br />On Premise:<br /><ul><li>Cost
    13. 13. Device Access
    14. 14. Pupil Experience
    15. 15. Storage
    16. 16. Latest and greatest version?
    17. 17. Flexibility
    18. 18. Strategy vs maintenance</li></ul>The Cloud<br /><ul><li>Data
    19. 19. Security
    20. 20. eSafety and Compliance
    21. 21. Exit Strategy
    22. 22. Integration
    23. 23. Support
    24. 24. Management and Control</li></li></ul><li>Embracing the cloud<br />Consumer<br />Enterprise<br />Productivity<br />
    25. 25. Microsoft Live@edu<br />No cost e-mail and collaboration services, co-branded<br />IT Experience<br />Secure and reliable platform<br />Simple to deploy and manage<br />24x7 support (phone + online)<br />Easy to build and extend<br />Staff and student Experience<br />Access Anywhere <br />Single Sign On<br />Familiar Tools<br />Information Shared Seamlessly <br />Live Messenger<br />Instant <br /><ul><li>Text
    26. 26. Voice
    27. 27. Video</li></ul>Windows Live Groups<br />Windows Live Spaces<br />Exchange 2010<br /><ul><li>10-GB Mailbox
    28. 28. Calendar
    29. 29. Contacts
    30. 30. Presence
    31. 31. IM</li></ul>SkyDrive<br />25 GB of online storage <br />Private and Shared Folders<br />Office Web Apps<br />Self Managed<br />IT Managed<br />
    32. 32. DemoLive@edu end-user features<br />
    33. 33. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    34. 34. IT Managed<br />EU Data Centre<br />
    35. 35. Industry Leading Datacenters<br />Enhanced built-in security<br />Delivering highly secure, private, and reliable computing experiences based on sound business practices<br />Enterprise Class Reliability and Security<br />Filtering Routers<br />Key Features<br /><ul><li>N+1 architecture
    36. 36. 9 layers data security
    37. 37. Secure access via SSL
    38. 38. ITIL/MOF operational practices
    39. 39. 24x7x365 phone and online support</li></ul>Firewalls<br />Intrusion Detection System<br />System Level Security<br />Application Authentication<br />Application Level Counter-measures<br />Virus Scanning<br />Separate Data Networks<br />Authentication to Data<br />
    40. 40. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    41. 41. Data Access and Integration<br />POP<br />IMAP<br />MAPI<br />Active<br />Sync<br />Windows Live<br />Power<br />Shell<br />Exchange Web Services<br />
    42. 42. DemoLive@edu Portal Integration<br />
    43. 43. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    44. 44. Regulation and Compliance<br />Roles and responsibilities outlined in the Terms of Use<br />Managed: Customer – data controller, Microsoft – data processor<br />Consumer: Relationship is direct between Microsoft and the Students<br />Email and SharePointdata stored within the EU<br />Signed up to the Safe Harbour Agreement<br />
    45. 45. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    46. 46. Support and Uptime<br />End-user support<br />http://help.outlook.com<br />Email support<br />IT Support<br />24x7 Phone Support<br />Web submissions<br />Initial Response SLA based on severity<br />Target Uptime:<br />99.9%<br />No financially backed SLA<br />
    47. 47. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    48. 48.
    49. 49. DemoLive@edu Management and Compliance Tools<br />
    50. 50. Easy to <br />Manage<br />Live@edu has three management tool options to help you provision and manage your accounts <br />Exchange <br />Control Panel<br />Windows <br />PowerShell<br />GALSync 2010<br />(OLMA R4)<br />Fast<br />Fast<br />Fast<br />Amount of programming<br />Amount of programming<br />Amount of programming<br />Automated<br />Automated<br />Automated<br />Simple<br />Automated<br />A powerful web tool used to create, delete and modify user mailboxes, groups and external contacts.<br />A command-line shell and scripting language you can use to manage your organization.<br />Management and deployment<br />A highly automated tool, GALSync 2010 synchronizes your domain with your Active Directory on premises<br />
    51. 51. But….<br />Data Storage?<br />Management and Control?<br />Integration?<br />Exit Strategies?<br />Complianceand eSafety?<br />Support? SLA?<br />
    52. 52. What’s next?<br />
    53. 53. IT<br />End User<br /><ul><li>Federation
    54. 54. Migration
    55. 55. Forefront Online Protection for Exchange
    56. 56. SharePoint 2010
    57. 57. Outlook Live
    58. 58. Windows Live
    59. 59. SharePoint 2010</li></li></ul><li>Questions?<br />
    60. 60. New Tensions?<br />On Premise:<br /><ul><li>Cost
    61. 61. Device Access
    62. 62. Pupil Experience
    63. 63. Storage
    64. 64. Latest and greatest version?
    65. 65. Flexibility
    66. 66. Strategy vs maintenance</li></ul>The Cloud<br /><ul><li>Data
    67. 67. Security
    68. 68. eSafety and Compliance
    69. 69. Exit Strategy
    70. 70. Integration
    71. 71. Support
    72. 72. Management and Control</li></li></ul><li>Improve Student Services<br />AND<br />Save money<br />Without losing<br />Control<br />
    73. 73. © 2008 Microsoft Corporation. All rights reserved. Active Directory, ActiveSync, Encarta, Forefront, Microsoft, Outlook, Windows, Windows Live, Windows Mobile, Windows Server, Windows Vista, SharePoint, Silverlight, SkyDrive, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />
    74. 74. Appendix<br />
    75. 75. Microsoft Compliance Framework<br /><ul><li>Access Control
    76. 76. Information Systems Acquisition, Development, and Maintenance
    77. 77. Information Security Incident Management
    78. 78. Business Continuity Management
    79. 79. Risk Management.
    80. 80. Compliance.
    81. 81. Privacy
    82. 82. General Information
    83. 83. Information Security
    84. 84. Organization of Information Security
    85. 85. Asset Management
    86. 86. Human Resources Security
    87. 87. Physical and Environmental Security
    88. 88. Communications and Operations Management</li></ul>http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf<br />
    89. 89.
    90. 90. 1. Enroll<br />Domain Registrar<br />microsoft.com/liveatedu<br />Register<br /> domain<br />Enroll<br />Specify Administrator<br />Email Invite With Link<br />2. Registration<br />eduadmin.live.com<br />Create DNS Records<br />Select Outlook Live<br />Create Windows Live<br />Accept Terms of Use (ToU)<br />Wait for DNS to propagate<br />Verify Domain Ownership<br />3. Configuration<br />Configure domain<br />outlook.com/ecp<br />Domain Settings<br />Co-branding<br />Users & Groups<br />Membership type<br />SDK<br />Mail Controls<br />Accounts<br />Reporting<br />Reporting<br />
    91. 91.
    92. 92. Active Directory<br />
    93. 93. New User:<br />- User ID creation<br />- Credentials issuance<br />- Access rights<br />- Application Access/Roles<br />Account Changes:<br />- Promotions<br />- Transfers<br />- New Privileges<br />- Attribute Changes<br />Password Management:<br />- Strong password<br />- Lost password<br />- Password Reset<br />Retire User:<br />- Delete/Freeze Accounts<br />- Delete/Freeze Entitlements<br />- Manage files & shares<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.