Wrong confirmation ID

Email
Favorite
Favorited ×
Download
Embed
Private Content
Copy and paste this code into your blog or website Copy Customize… Close
We have emailed the verification/download link to "".
Login to your email and click the link to download the file directly.

To request the link at a different email address, update it here. Close
Validation messages. Success message. Fail message.

Check your bulk/spam folders if you can't find our mail.

Tweet

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Learning Gateway Conference: A look at live@edu

by pearce.alex on Jul 28, 2010

961 views

Accessibility

View text version

Tags

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

File a copyright complaint

5 Embeds 56

http://www.bfcnetworks.com	50
http://mdf-ro.blogspot.com	3
http://feeds.feedburner.com	1
http://ztb.ro	1
http://webcache.googleusercontent.com	1

Statistics

Favorites: 0
Downloads: 20
Comments: 0
Embed Views: 56
Views on SlideShare: 905
Total Views: 961

London Grid – RBC for schools across London – now have well over 100k students deployed on the service. They’ve been live on the service since the end of 2008.LGfL have deployed three services; StaffMail, LondonMail and SafeMail.StaffMail is what it sounds like – it’s for staff. LondonMail and SafeMail are both for students – the difference is that one is closed campus and one is open campus. At launch – SafeMail had a long waiting list of schools that wanted to deploy within a locked down environment.London Grid for Learning worked closely with some of the development teams to help inform some of the supervision policy capabilities that we now have within Outlook Live.
Slide Objective: Clearly define the core services that are part of the free Live@edu offer – email, storage, and collaboration services. Provide overview of the IT and end user experience. High level overview of business model – why are we doing this?Talking Points:Live@edu meets and supports your users where they already are – online. Live@edu starts with a school branded and managed Windows Live ID – providing access to both IT managed email services and self managed storage & collaboration services. They have access to their “digital campus” – co-branded email, storage, as well as access to collaboration and productivity services:With Outlook Live, users can have a 10GB inbox, calendar, and contacts that they canaccess anywhere. Outlook Live interoperates with Live Messenger to enable users to keep in touch with friends and family using communication methods they want to use (e-mail or chat)With SkyDrive they have an additional 25 GB in online storage space to share documents among devices and with others.Office Live Workspace enables students and faculty to create their own sites to store, access, and share documents and files. Specifically designed to work with Microsoft Office applications, Office Live Workspace has room for more than 1000 files and enhances a student’s ability to work efficiently and collaborate with peers. For end users, they can sign on with a single identity to access these services, as well school services you choose to integrate with. These services will be co-branded with your school logo and colors to be consistent with your brand and school identity. Students also want to share information seamlessly between services – for example, viewing a fellow student’s calendar or starting a live chat from their Outlook Live account – Live @edu facilitates these seamless interactions. Live@edu also provides a great experience for the IT organization. Live@edu is secure and reliable…see talking points from previous slide and review here. However, on the occasion you need assistance, we provide 24x7 phone support for your IT staff. ADD BUSINESS MODEL TALKING POINTSAnd it must be going through your minds: Why is a profit making company like Microsoft doing this?Answer: Point out that software usage in college/school drives long term preferences for students. And we want to provide both brand awareness and brand value to students around Microsoft. Point out education is always the trend setter in adopting new delivery mechanisms and school plays a important role in helping solidify their partnership with Microsoft, as Microsoft becomes a software and services companyPoint that we totally expect schools to see the value in adopting our premium service offerings for a certain segment. For example, we see tremendous value in schools adopting Unified Messaging and OCS for long term cost savings for faculty and staff. Similarly, data archiving is a requirement for faculty and staff – we want to ensure that we provide such capabilities through our premium service while providing the essential service to your students.
Slide Objective: Establish Microsoft as a serious cloud services playerSlide Overview/Detailed Notes:One area that we are very conscious of is the importance of security and availability. We want to ensure that customer feel confident that we are protecting their data and the service is highly available. Our service runs on a set of datacenters that are managed by a centralized organization within Microsoft that are making major investments in datacenter spaces and capabilities. We deploy our service on the latest hardware and network equipments in a N+1 architecture to enable failover capabilities as well as saving your data in a separate geo-redundant location. We are regularly tested by a third party CyberTrust to ensure our infrastructure is secure against attacks. We follow ITIL/MOF in our operational processes and we are in the process of getting our SAS-70 audit to ensure we have strictest level of control. Above all, we will provide 24x7 IT Pro support and we have target 99.9% uptime which we have met over the last 6 months for Outlook Live.Physical security is but one part it. When you look, we ultimately need to make sure that since we are providing an internet based service, we are protecting customer’s data in a variety of ways. We look at this as multiple layers of protection. Microsoft is actually providing 9 layers of logical security for our customers and their service and data. Filtering Routers: these are implemented to protect against any traffic we do not see as well constructed. One of the great benefits of providing a focused service like BPOS is we actually set up the routers to protect against any form of malform data. We block at an aggregate at the edge. Firewalls are set up as deny all. Behind the firewalls we have an Intrusion Detection System. We have a very sophisticated correlation engine for any intrusion alert that we’re tracking 24 hours a day. Below the IDS, we have a level System Level Security. When you look, the service operations organization actually has broad based, dual factor authentication. This means each individual within a support and service operations team have either some sort of secure ID card or a RSH secure ID token that is coupled with their role. Each individual must have a user ID and password and must apply a pin with their secure ID token. Based on the role they have, we grant access per individuals to the service. Application Authentication: when you get below the System Level Security, the customers actually have application level authentication. We have a very sophisticated mechanism by which we provide access to data. The structure of the service provides users access to only those capabilities they are designed to have. In the reseller model where a partner is actually providing the service to the customer, they have a level of application authentication that sits over top of that which the customers have. So we’re able to provide a very rich set of security protocols for our customers, as it relates to authentication to the different services.Microsoft, as most people know, has a good history as relates to security and trustworthy computing. Our services are actually designed to make sure that we apply those security methods not only to the software, but we also treat that software as a service. So when we do our threat walling and follow the Windows initiative, we’re thinking about our applications as if they are delivered through the Internet. We apply a significant level of counter measures, such as buffer overflows and SQL injection, we make sure that the applications we’re running are sandboxed so you can’t activate elevated levels of security or access a higher level of authentication when you’re actually doing work within our application. Virus Scanning is provided for multiple set of capabilities. We actually virus scan at all over our server levels, we have in place intrusion detection at the host and we’re scanning our content via Microsoft ForeFront.Then we have Separate Data Networks. When you look inside the data center, So what when we do our threat walling and follow the Windows initiative. These are implemented in a form that breaks it apart. For example, the data bases are on a separate sub net then from the actual content server or something that is an internet facing device.When you look, even though we are an internet facing service, very few devices have direct access to the internet. All of the servers are on some form of non-routable subnet space. Finally you are authenticated into the data. The data itself is never stored on the physical servers, we run separate data networks and the data is stored on dedicated storage devices. So when you look at the content, the content is actually being sent from dedicated storage devices, which allows us to provide significant levels of backup as well.
Structure choice and flexibility:Choices to make about:What domain you want to use? Do you want to have Shared Address Space? Sub Domains? Top-Level Domain (TLD)? Other domain of your choice (ourstudentemail.com)?How do you want to structure user names? Anonymously? First.last.enrollment?Do you want to migrate accounts? Just the accounts, or the mail as well?How do you want to administer the domains? Do you want a single tenancy with multiple accepted domains, or multiple tenancies.Provisioning Choices.
Slide Objective: Illustrate Live@edu’s ease of mgt with our mgt tool optionsTalking Points:We provide multiple ways to manage accounts, whether it be through web (manual), shell (programmatic or script) or through automated management agents (still not widely available but slated to come out this year). Available today, Live@edu has two management tools options for Outlook Live to help you provision and management your accounts with ease. These options provides different levels of capabilities around speed, programming required, and automation to provide options for each customer. Exchange Control PanelExchange Control Panel is a powerful web tool used to create, delete and modify user mailboxes, groups and external contacts. This tool is best fit for IT managers who don’t want any programming.Windows PowerShellWindows PowerShell is a command-line shell and scripting language you can use to manage your organization. This tool is the best fit for schools managing a larger user base (e.g., In addition, GALSync 2010 populates the shared address book in the corresponding Outlook Live domain. Requirements:On-premises Active Directory The user and group objects that you want to synchronize with Outlook Live will originate in your on-premises Active Directory.If you're running Exchange 2003 or later versions of Microsoft Exchange, you can use the native Exchange and Active Directory user management tools to auto-provision users. If you aren't running Active Directory on-premises, you can use components of the GALSync 2010 solution to automate address book synchronization and provisioning as part of your own customized solution. However, a customized solution isn't supported by GALSync2010 and requires expertise with ILM 2007.Identity Lifecycle Manager 2007 FP1 ILM is Microsoft's identity management software solution. To run ILM 2007 FP1, you may need to purchase the appropriate license.Windows Server 2008 for the installation of install ILM 2007 with the GALSync and auto-provisioning rule sets.Microsoft SQL Server ILM 2007 FP1 requires Microsoft SQL Server to store and manage the replicated data. To run SQL Server, you have to purchase the appropriate license.
Statement of Auditing Standards 70Type I assesses the description of the controls we have in placeType II assesses whether they were working correctly when assessed.ISO 27001Information Security Management System standardSystematically assess information security risks, threats, vulnerabilities and impactDesign and implement a coherent suite of information security contolsAdopt an overarching management process to ensure that the information security controls continue to meet the requirments.The Compliance Framework pictured gives us a scalable approach to managing online security and compliance, including audit, certification and attestations. It smooths the workload for Microsoft, while giving a rigourous and managed approach that works for multiple services.Microsoft Online Services Security and Compliance (OSSC) Team are responsible for this areaPlan, Do, Check , Act
Delivery Reports interface
We want to emphasize that the R4 process is streamlined and improved evolution of the R3 process…
These are the common activities around managing the lifecycle of user identities. As any other identity it has it’s beginning and it’s endAccent on dual-nature of educational sector. Students AND faculty are generally stored in a deferent data-repositories. Roles can blur between student and faculty member and can reverse on several occasions.

Learning Gateway Conference: A look at live@edu — Presentation Transcript

A look at Live@edu
Chris Rothwell
chris.rothwell@microsoft.com
@crothwell
14th July 2010
London Grid for Learning
“Amongst the 25,000 students we have been piloting the system with, we have enabled an increase in teamwork across schools, which is extremely positive. And, practically speaking, using this service has helped schools make significant savings. We estimate the average secondary school could save around £18,000 a year using London Mail, so across the 2,500 schools in London, it’s a multi-million-pound reduction in costs”
Brian Durrant, CEO of London Grid for Learning
Moving to the Cloud with Microsoft
Transformational Era
Mainframe
PC
ClientServer
Web Services
Cloud
New Tensions?
On Premise:
- Cost
- Device Access
- Pupil Experience
- Storage
- Latest and greatest version?
- Flexibility
- Strategy vs maintenance
Cloud Impact
REDUCED MANAGEMENT
NEW ECONOMICS
INCREASED PRODUCTIVITY
Pay for what you use
Lower and predictable costs
Shift from capital to operational cost
Accelerate speed of adoption
No patching, maintenance
Faster deployment
Robust multi-layered security
Reliability and fault-tolerance
Latest software for users
Internet collaboration
Anywhere access
Instant self-provisioning
New Tensions?
On Premise:
- Cost
- Device Access
- Pupil Experience
- Storage
- Latest and greatest version?
- Flexibility
- Strategy vs maintenance
The Cloud
- Data
- Security
- eSafety and Compliance
- Exit Strategy
- Integration
- Support
- Management and Control
Embracing the cloud
Consumer
Enterprise
Productivity
Microsoft Live@edu
No cost e-mail and collaboration services, co-branded
IT Experience
Secure and reliable platform
Simple to deploy and manage
24x7 support (phone + online)
Easy to build and extend
Staff and student Experience
Access Anywhere
Single Sign On
Familiar Tools
Information Shared Seamlessly
Live Messenger
Instant
- Text
- Voice
- Video
Windows Live Groups
Windows Live Spaces
Exchange 2010
- 10-GB Mailbox
- Calendar
- Contacts
- Presence
- IM
SkyDrive
25 GB of online storage
Private and Shared Folders
Office Web Apps
Self Managed
IT Managed
DemoLive@edu end-user features
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
IT Managed
EU Data Centre
Industry Leading Datacenters
Enhanced built-in security
Delivering highly secure, private, and reliable computing experiences based on sound business practices
Enterprise Class Reliability and Security
Filtering Routers
Key Features
- N+1 architecture
- 9 layers data security
- Secure access via SSL
- ITIL/MOF operational practices
- 24x7x365 phone and online support
Firewalls
Intrusion Detection System
System Level Security
Application Authentication
Application Level Counter-measures
Virus Scanning
Separate Data Networks
Authentication to Data
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
Data Access and Integration
POP
IMAP
MAPI
Active
Sync
Windows Live
Power
Shell
Exchange Web Services
DemoLive@edu Portal Integration
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
Regulation and Compliance
Roles and responsibilities outlined in the Terms of Use
Managed: Customer – data controller, Microsoft – data processor
Consumer: Relationship is direct between Microsoft and the Students
Email and SharePointdata stored within the EU
Signed up to the Safe Harbour Agreement
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
Support and Uptime
End-user support
http://help.outlook.com
Email support
IT Support
24x7 Phone Support
Web submissions
Initial Response SLA based on severity
Target Uptime:
99.9%
No financially backed SLA
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
DemoLive@edu Management and Compliance Tools
Easy to
Manage
Live@edu has three management tool options to help you provision and manage your accounts
Exchange
Control Panel
Windows
PowerShell
GALSync 2010
(OLMA R4)
Fast
Fast
Fast
Amount of programming
Amount of programming
Amount of programming
Automated
Automated
Automated
Simple
Automated
A powerful web tool used to create, delete and modify user mailboxes, groups and external contacts.
A command-line shell and scripting language you can use to manage your organization.
Management and deployment
A highly automated tool, GALSync 2010 synchronizes your domain with your Active Directory on premises
But….
Data Storage?
Management and Control?
Integration?
Exit Strategies?
Complianceand eSafety?
Support? SLA?
What’s next?
IT
End User
- Federation
- Migration
- Forefront Online Protection for Exchange
- SharePoint 2010
- Outlook Live
- Windows Live
- SharePoint 2010
Questions?
New Tensions?
On Premise:
- Cost
- Device Access
- Pupil Experience
- Storage
- Latest and greatest version?
- Flexibility
- Strategy vs maintenance
The Cloud
- Data
- Security
- eSafety and Compliance
- Exit Strategy
- Integration
- Support
- Management and Control
Improve Student Services
AND
Save money
Without losing
Control
© 2008 Microsoft Corporation. All rights reserved. Active Directory, ActiveSync, Encarta, Forefront, Microsoft, Outlook, Windows, Windows Live, Windows Mobile, Windows Server, Windows Vista, SharePoint, Silverlight, SkyDrive, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Appendix
Microsoft Compliance Framework
- Access Control
- Information Systems Acquisition, Development, and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Risk Management.
- Compliance.
- Privacy
- General Information
- Information Security
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf
1. Enroll
Domain Registrar
microsoft.com/liveatedu
Register
domain
Enroll
Specify Administrator
Email Invite With Link
2. Registration
eduadmin.live.com
Create DNS Records
Select Outlook Live
Create Windows Live
Accept Terms of Use (ToU)
Wait for DNS to propagate
Verify Domain Ownership
3. Configuration
Configure domain
outlook.com/ecp
Domain Settings
Co-branding
Users & Groups
Membership type
SDK
Mail Controls
Accounts
Reporting
Reporting
Active Directory
New User:
- User ID creation
- Credentials issuance
- Access rights
- Application Access/Roles
Account Changes:
- Promotions
- Transfers
- New Privileges
- Attribute Changes
Password Management:
- Strong password
- Lost password
- Password Reset
Retire User:
- Delete/Freeze Accounts
- Delete/Freeze Entitlements
- Manage files & shares