Branch Office Infrastructure


Published on

This presentation discusses the problems faced with managing a branch office infrastructure. It looks at current technologies for resolving these issues and gives a quick introduction of what to expect in the near future with Windows 7 and Windows Server 2008 R2.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Branch Office Infrastructure

  1. 1. CINFINITY Branch Office Infrastructure Identifying and Resolving The Real Problems Aidan Finn MCSE, MVP Systems and Infrastructure Manager
  2. 2. ABOUT ME • Working in IT since 1996: consulting, contracting and administration • Worked in large infrastructures, e.g. government, finance and transport • MCSE, MVP and leader of Windows User Group • Systems and Infrastructure Manager at C Infinity
  3. 3. ABOUT C INFINITY • In operation for 2 years • Provides professional outsourcing services • Data security services: – Secure online backup – Laptop and USB device encryption • Managed server hosting: – Using the best data centre in Ireland (Data Electronics) – Enterprise class equipment and support – Enterprise class management and services
  4. 4. AGENDA • Why is branch office infrastructure difficult and expensive? • Identifying the real enemies • Resolving the issues using current technologies • What is possible with Windows 7 Enterprise and Windows Server 2008 R2? • The SOHO
  5. 5. SOME QUICK QUESTIONS • How many CD’s for Windows Server 2003 R2? a) 1 b) 2 c) 3 d) 4 • What are some of the features added in Windows Server 2003 R2?
  6. 6. BEFORE YOU ATTACK A PROBLEM Tsun Tzu, The Art Of War: “If you know your enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.quot;
  7. 7. BOI DIFFICULTIES • Servers in every office • Sharing information is slow • Security is not sufficient • Administrator time is wasted • IT is seen as a non-contributing cost centre that delays business • Politics
  8. 8. BOI AMBITIONS • Reduce server numbers and complexity • Use server skills in central offices • Provide collaboration systems that work • Increase security • Change the business view of IT • Politics: I’ll come to that later
  9. 9. ENEMY #1 Q) Users in a branch office complain about slow cross-WAN application performance. What do you? What do you do? A) We throw more bandwidth at it. WRONG!
  10. 10. REVEALING ENEMY #1
  11. 11. NETWORK LATENCY Give Me Data Ack
  12. 12. LATENCY VS BANDWIDTH • Adding bandwidth: – Does not change the laws of physics. A packet still takes the same time to transmit between A and B – Only allows more people to have the same bad performance. • Removing latency: – Bypasses the effect of physics on interactive applications. – Doesn’t reduce bandwidth requirements.
  13. 13. NEXT GENERATION TCP • Introduced with Windows Vista and Windows Server 2008 – Compound TCP: Fewer ACK’s – Auto Scaling Receive Side Window: Larger data packets – GPO Controlled QoS: Manage bandwidth usage – SMBv2 – Explorer metadata cached • Continues with Windows 7 and Windows Server 2008 R2 • Updated independent study by the Tolly Group with lots of metric comparisons: • See chapter in Mastering Windows Server 2008: Essential Technologies
  14. 14. LATENCY STILL LIMITS US • Next Generation TCP and SMBv2 improve things • 100% server centralisation still not possible • Hardware solutions: – Riverbed Steelhead – Citrix WanScaler • Block level optimisation of TCP traffic • Expensive • Scalable • They work: e.g. UK Royal Navy command system
  15. 15. REAL ENEMY #2
  16. 16. COMPLEXITY • There are servers in every office. Costs: – Administrative – Licensing – Hardware – Networking – Power – Maintenance • Backups are not easy – are they being done? • Applications of all kinds • Licensing is a nightmare • Uncontrolled and unaudited security
  17. 17. SERVER CONSOLIDATION Use fewer physical servers: • Does not mean install more applications on one installation • Use x64 and more RAM for greater loads, e.g. Exchange 2007 and IIS7 • Use virtualisation, e.g. Hyper-V, to deploy fewer physical machines • Control VM mushrooming using VMM 2008 • Reduced power, hardware, maintenance, racking costs
  18. 18. SERVER CENTRALISATION Have fewer servers in the Branch Office: • Deploy servers in HQ and regional head quarters • Place servers near expertise • Reduce the risk of physical attack • More reliable backup and recovery • Reduced DR site costs and complexity • Easier for users to share data
  19. 19. CENTRALISATION IS NOT FOR ALL • Not always possible • Regulators • Data Protection • Local law enforcement, e.g. Italy
  20. 20. BRANCH OFFICE SERVERS • Branch office virtualisation • Manage using System Center – Ops Mgr for health and performance – DPM for centralised backup – ConfigMgr for configuration, patching and audit – VMM for virtualisation • Lack of Physical Security: Read Only Domain Controllers / BitLocker* • Look at branch office blade servers, e.g. IBM Blade Centre S* or HP C7000
  21. 21. BRANCH OFFICE BUDGET APPROACH • DFS Namespace and DFS Replication to replicate file shares for centralised backup • WSUS for patching • Consider the System Center Enterprise CAL (4 for the price of 2) for System Center
  22. 22. BRANCH OFFICE VIA OUTSOURCING • MS Business Productivity Online Suite (BPOS) – Exchange – SharePoint – Microsoft Live Meeting – Microsoft Communications Server – Integrate with WAN Active Directory for centralised management • Managed Server Hosting – Use existing local expertise for a “pay as you go” approach – Find one that offers services, not “tin” • Secure Online Backup – Don’t rely on the receptionist to change tapes and send them offsite – Seek regulatory compliance and scalability (storage and recovery)
  23. 23. COLLABORATION • Data is scattered all over the WAN • Access control is complicated • Backup is a nightmare • Users can’t find data • Email becomes the real sharing tool – Slow – Many versions – Information is lost • Business becomes inefficient
  24. 24. CENTRALISE DATA • Centralised servers and optimal TCP enable this • Use fewer, but higher spec SQL servers • Use fewer file servers • Centralise application servers • Consider SaaS and Cloud Computing: – The future is now! – Remove the need for unwanted servers on your network • Use SharePoint
  25. 25. SHAREPOINT • Use centralised and/or regional SharePoint farms • Scalable collaboration solution • Document control, workflow, basic applications, surveys, blogs, RSS, wiki, Exchange integration, shared contacts, digital form libraries, etc • Browser based and WAN friendly
  26. 26. ACCESSING CENTRALISED DATA • WAN latency solutions • Use web based architectures • This presents an opportunity to simplify complexity at the desktop • Replace the PC with the terminal
  27. 27. TERMINAL SERVICES • All applications and data in fewer data centres • RDP client, web interface, application publishing, secure remote access (better than VPN) • Printing: Easy Print • Consider Citrix or similar for extended features • In some ways TS is simpler, some it’s more complex
  28. 28. TERMINAL SERVICES COMPLEXITY • Terminal Services relies on compatible applications – See App-V (requires SA) • Simple Helpdesk can require change control • Change can become slow • Much different client experience for users • Might be useful for some, but not all
  29. 29. VIRTUAL DESKTOP INFRASTRUCTURE • VDI • Run desktop OS in a virtual machine in the data centre • User client connects to desktop via broker • Dedicated or pooled VM’s • Required VECD licensing from MS • Currently VMware, Provision Networks and Citrix • Same boundaries as desktop OS • Consumes more resources than Terminal Services
  30. 30. PC’S • Make use of what you have: Active Directory – OU’s, Group Policy and delegation • Have you deployed Terminal Services or VDI? • Manage PC’s using Configuration Manager 2007: complete management • Otherwise use free WSUS and WDS • Look at free solutions, e.g. PSTools and MS Baseline Security Analyser • Software Assurance Microsoft Desktop Optimization Pack (MDOP)
  31. 31. SECURITY • All IT security starts at the front door – Who has the most access in your building? – Is it easier for me to walk in the door or get past your firewall? • Centralise as many servers/applications as possible – Less physical insecurities – Less logical insecurities • Employ BitLocker on vulnerable servers • Keep reliable and encrypted offsite backups • Use access auditing, e.g. OpsMgr 2007 ACS
  32. 32. DIRECTORS AND ADMINISTRATORS They always want security exemptions: • Have the most access to sensitive data • Should have the greatest security • Get exceptions for directors in writing from directors – Cover your a** – Make them think twice about the importance of this • Play hardball with political branches, e.g. Firewall and seperate forest.
  33. 33. ACTIVE DIRECTORY DESIGN • A domain is not a security boundary – contrary to Windows 2000 AD training. • If you cannot trust someone – put them in different forest.
  34. 34. LAPTOPS • Sometimes feels like no one has heard about device encryption and Data Protection – Software Assurance: BitLocker – 3rd Party: SafeBoot, Iron Mountain DataDefense • Road Warriors: look at secure online data backup, e.g. Iron Mountain Connected
  35. 35. ADMINISTRATORS • Too many people doing the same job – Look at AD design and delegation model • The wrong people doing the wrong job – Juniors managing servers or domain controllers • Centralisation – Allows the right people to manage servers – Refocus branch staff towards local services • Employ Optimised Infrastructure
  36. 36. USE WHAT YOU HAVE You already have them so use them: • Active Directory – OU’s, Group Policy and delegation • Folder redirection and offline files • On the file servers: Turn on Volume Shadow Copy and educate power users • WSUS: patch deployment • WDS: OS deployment • Free stuff: MDT, BDD, WAIK
  37. 37. PRINTERS • I hate printers and I think I’m not alone • Too many helpdesk calls • Standardise your brands and models – Use vendor’s management software • Print Management Console: – Deploy printers via Group Policy – Centrally monitor via console
  38. 38. REMOVE IT FROM THE EQUATION • Allow users to help themselves • Self-Service: – OS deployment using WDS / Configuration Manager 2007 – Software deployment using App-V – Replace operational backups with VSS – Sharing/Collaboration using SharePoint • Key is to do two types of training: – Pilot with power users – win them over – General training and document handover with users – reuse existing MS materials
  39. 39. OPTIMISED INFRASTRUCTURE Build automation into the network: • Configuration Manager: build, deploy software to, patch and audit PC’s and servers • Operations Manager: Manage health and security This stuff does work, e.g. • 3 people managing 170+ servers • 2-3 hours a day of maintenance
  40. 40. CHANGE BUSINESS OPINION OF IT • Reduce costs and complexity with centralisation and virtualisation • Increase collaboration by centralising data • Increase fault tolerance with centralised and reliable backups • Increase responsiveness to business with SharePoint, OS Deployment and App-V • You’ll see how future technologies add more
  41. 41. BEFORE YOU PLAN ANYTHING • Win management support by working with them • Gather business requirements – don’t build something that needs to be changed • Consult company lawyers – Local/International regulatory compliance – Employment law • Beware of the unions – You’d be surprised what will start a walkout!
  42. 42. WHAT ARE MICROSOFT DOING? • Windows Server 2008 R2 – successor to Windows Server 2008 • Windows 7 – successor to Windows Vista • Work better together: – Windows 7 Enterprise (SA Only)/Windows 7 Ultimate and Windows Server 2008 R2 offer remote computing and WAN optimisation – Federated Search – BranchCache – RemoteAccess – Remote Desktop Services – BitLocker To Go
  44. 44. COMPANY POLITICS • Prepare to challenge “fiefdoms” on your network • All sense of reason and logic out the window • Use financial arguments - technology does not win – A branch office with unskilled workers once wanted Domain Admin – I gave them a solution: firewalled network, their own forest, their own Internet link and firewalls, their own applications, systems management, etc – I won • Be ready for fighting “vertical battles” • If I had the solution, I would be ....
  45. 45. ... HERE
  46. 46. THANK YOU • This is where I hand over to the lads ...
  47. 47. CINFINITY The experts in data protection and infrastructure hosting services Aidan Finn My Blog: