Branch Office Infrastructure

2,963 views

Published on

This presentation discusses the problems faced with managing a branch office infrastructure. It looks at current technologies for resolving these issues and gives a quick introduction of what to expect in the near future with Windows 7 and Windows Server 2008 R2.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,963
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Branch Office Infrastructure

  1. 1. CINFINITY Branch Office Infrastructure Identifying and Resolving The Real Problems Aidan Finn MCSE, MVP Systems and Infrastructure Manager afinn@cinfinity.ie http://www.cinfinity.ie
  2. 2. ABOUT ME • Working in IT since 1996: consulting, contracting and administration • Worked in large infrastructures, e.g. government, finance and transport • MCSE, MVP and leader of Windows User Group • Systems and Infrastructure Manager at C Infinity
  3. 3. ABOUT C INFINITY • In operation for 2 years • Provides professional outsourcing services • Data security services: – Secure online backup – Laptop and USB device encryption • Managed server hosting: – Using the best data centre in Ireland (Data Electronics) – Enterprise class equipment and support – Enterprise class management and services
  4. 4. AGENDA • Why is branch office infrastructure difficult and expensive? • Identifying the real enemies • Resolving the issues using current technologies • What is possible with Windows 7 Enterprise and Windows Server 2008 R2? • The SOHO
  5. 5. SOME QUICK QUESTIONS • How many CD’s for Windows Server 2003 R2? a) 1 b) 2 c) 3 d) 4 • What are some of the features added in Windows Server 2003 R2?
  6. 6. BEFORE YOU ATTACK A PROBLEM Tsun Tzu, The Art Of War: “If you know your enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.quot;
  7. 7. BOI DIFFICULTIES • Servers in every office • Sharing information is slow • Security is not sufficient • Administrator time is wasted • IT is seen as a non-contributing cost centre that delays business • Politics
  8. 8. BOI AMBITIONS • Reduce server numbers and complexity • Use server skills in central offices • Provide collaboration systems that work • Increase security • Change the business view of IT • Politics: I’ll come to that later
  9. 9. ENEMY #1 Q) Users in a branch office complain about slow cross-WAN application performance. What do you? What do you do? A) We throw more bandwidth at it. WRONG!
  10. 10. REVEALING ENEMY #1
  11. 11. NETWORK LATENCY Give Me Data Ack
  12. 12. LATENCY VS BANDWIDTH • Adding bandwidth: – Does not change the laws of physics. A packet still takes the same time to transmit between A and B – Only allows more people to have the same bad performance. • Removing latency: – Bypasses the effect of physics on interactive applications. – Doesn’t reduce bandwidth requirements.
  13. 13. NEXT GENERATION TCP • Introduced with Windows Vista and Windows Server 2008 – Compound TCP: Fewer ACK’s – Auto Scaling Receive Side Window: Larger data packets – GPO Controlled QoS: Manage bandwidth usage – SMBv2 – Explorer metadata cached • Continues with Windows 7 and Windows Server 2008 R2 • Updated independent study by the Tolly Group with lots of metric comparisons: http://tinyurl.com/ddrqdx • See chapter in Mastering Windows Server 2008: Essential Technologies
  14. 14. LATENCY STILL LIMITS US • Next Generation TCP and SMBv2 improve things • 100% server centralisation still not possible • Hardware solutions: – Riverbed Steelhead – Citrix WanScaler • Block level optimisation of TCP traffic • Expensive • Scalable • They work: e.g. UK Royal Navy command system
  15. 15. REAL ENEMY #2
  16. 16. COMPLEXITY • There are servers in every office. Costs: – Administrative – Licensing – Hardware – Networking – Power – Maintenance • Backups are not easy – are they being done? • Applications of all kinds • Licensing is a nightmare • Uncontrolled and unaudited security
  17. 17. SERVER CONSOLIDATION Use fewer physical servers: • Does not mean install more applications on one installation • Use x64 and more RAM for greater loads, e.g. Exchange 2007 and IIS7 • Use virtualisation, e.g. Hyper-V, to deploy fewer physical machines • Control VM mushrooming using VMM 2008 • Reduced power, hardware, maintenance, racking costs
  18. 18. SERVER CENTRALISATION Have fewer servers in the Branch Office: • Deploy servers in HQ and regional head quarters • Place servers near expertise • Reduce the risk of physical attack • More reliable backup and recovery • Reduced DR site costs and complexity • Easier for users to share data
  19. 19. CENTRALISATION IS NOT FOR ALL • Not always possible • Regulators • Data Protection • Local law enforcement, e.g. Italy
  20. 20. BRANCH OFFICE SERVERS • Branch office virtualisation • Manage using System Center – Ops Mgr for health and performance – DPM for centralised backup – ConfigMgr for configuration, patching and audit – VMM for virtualisation • Lack of Physical Security: Read Only Domain Controllers / BitLocker* • Look at branch office blade servers, e.g. IBM Blade Centre S* or HP C7000
  21. 21. BRANCH OFFICE BUDGET APPROACH • DFS Namespace and DFS Replication to replicate file shares for centralised backup • WSUS for patching • Consider the System Center Enterprise CAL (4 for the price of 2) for System Center
  22. 22. BRANCH OFFICE VIA OUTSOURCING • MS Business Productivity Online Suite (BPOS) – Exchange – SharePoint – Microsoft Live Meeting – Microsoft Communications Server – Integrate with WAN Active Directory for centralised management • Managed Server Hosting – Use existing local expertise for a “pay as you go” approach – Find one that offers services, not “tin” • Secure Online Backup – Don’t rely on the receptionist to change tapes and send them offsite – Seek regulatory compliance and scalability (storage and recovery)
  23. 23. COLLABORATION • Data is scattered all over the WAN • Access control is complicated • Backup is a nightmare • Users can’t find data • Email becomes the real sharing tool – Slow – Many versions – Information is lost • Business becomes inefficient
  24. 24. CENTRALISE DATA • Centralised servers and optimal TCP enable this • Use fewer, but higher spec SQL servers • Use fewer file servers • Centralise application servers • Consider SaaS and Cloud Computing: – The future is now! – Remove the need for unwanted servers on your network • Use SharePoint
  25. 25. SHAREPOINT • Use centralised and/or regional SharePoint farms • Scalable collaboration solution • Document control, workflow, basic applications, surveys, blogs, RSS, wiki, Exchange integration, shared contacts, digital form libraries, etc • Browser based and WAN friendly
  26. 26. ACCESSING CENTRALISED DATA • WAN latency solutions • Use web based architectures • This presents an opportunity to simplify complexity at the desktop • Replace the PC with the terminal
  27. 27. TERMINAL SERVICES • All applications and data in fewer data centres • RDP client, web interface, application publishing, secure remote access (better than VPN) • Printing: Easy Print • Consider Citrix or similar for extended features • In some ways TS is simpler, some it’s more complex
  28. 28. TERMINAL SERVICES COMPLEXITY • Terminal Services relies on compatible applications – See App-V (requires SA) • Simple Helpdesk can require change control • Change can become slow • Much different client experience for users • Might be useful for some, but not all
  29. 29. VIRTUAL DESKTOP INFRASTRUCTURE • VDI • Run desktop OS in a virtual machine in the data centre • User client connects to desktop via broker • Dedicated or pooled VM’s • Required VECD licensing from MS • Currently VMware, Provision Networks and Citrix • Same boundaries as desktop OS • Consumes more resources than Terminal Services
  30. 30. PC’S • Make use of what you have: Active Directory – OU’s, Group Policy and delegation • Have you deployed Terminal Services or VDI? • Manage PC’s using Configuration Manager 2007: complete management • Otherwise use free WSUS and WDS • Look at free solutions, e.g. PSTools and MS Baseline Security Analyser • Software Assurance Microsoft Desktop Optimization Pack (MDOP)
  31. 31. SECURITY • All IT security starts at the front door – Who has the most access in your building? – Is it easier for me to walk in the door or get past your firewall? • Centralise as many servers/applications as possible – Less physical insecurities – Less logical insecurities • Employ BitLocker on vulnerable servers • Keep reliable and encrypted offsite backups • Use access auditing, e.g. OpsMgr 2007 ACS
  32. 32. DIRECTORS AND ADMINISTRATORS They always want security exemptions: • Have the most access to sensitive data • Should have the greatest security • Get exceptions for directors in writing from directors – Cover your a** – Make them think twice about the importance of this • Play hardball with political branches, e.g. Firewall and seperate forest.
  33. 33. ACTIVE DIRECTORY DESIGN • A domain is not a security boundary – contrary to Windows 2000 AD training. • If you cannot trust someone – put them in different forest.
  34. 34. LAPTOPS • Sometimes feels like no one has heard about device encryption and Data Protection – Software Assurance: BitLocker – 3rd Party: SafeBoot, Iron Mountain DataDefense • Road Warriors: look at secure online data backup, e.g. Iron Mountain Connected
  35. 35. ADMINISTRATORS • Too many people doing the same job – Look at AD design and delegation model • The wrong people doing the wrong job – Juniors managing servers or domain controllers • Centralisation – Allows the right people to manage servers – Refocus branch staff towards local services • Employ Optimised Infrastructure
  36. 36. USE WHAT YOU HAVE You already have them so use them: • Active Directory – OU’s, Group Policy and delegation • Folder redirection and offline files • On the file servers: Turn on Volume Shadow Copy and educate power users • WSUS: patch deployment • WDS: OS deployment • Free stuff: MDT, BDD, WAIK
  37. 37. PRINTERS • I hate printers and I think I’m not alone • Too many helpdesk calls • Standardise your brands and models – Use vendor’s management software • Print Management Console: – Deploy printers via Group Policy – Centrally monitor via console
  38. 38. REMOVE IT FROM THE EQUATION • Allow users to help themselves • Self-Service: – OS deployment using WDS / Configuration Manager 2007 – Software deployment using App-V – Replace operational backups with VSS – Sharing/Collaboration using SharePoint • Key is to do two types of training: – Pilot with power users – win them over – General training and document handover with users – reuse existing MS materials
  39. 39. OPTIMISED INFRASTRUCTURE Build automation into the network: • Configuration Manager: build, deploy software to, patch and audit PC’s and servers • Operations Manager: Manage health and security This stuff does work, e.g. • 3 people managing 170+ servers • 2-3 hours a day of maintenance
  40. 40. CHANGE BUSINESS OPINION OF IT • Reduce costs and complexity with centralisation and virtualisation • Increase collaboration by centralising data • Increase fault tolerance with centralised and reliable backups • Increase responsiveness to business with SharePoint, OS Deployment and App-V • You’ll see how future technologies add more
  41. 41. BEFORE YOU PLAN ANYTHING • Win management support by working with them • Gather business requirements – don’t build something that needs to be changed • Consult company lawyers – Local/International regulatory compliance – Employment law • Beware of the unions – You’d be surprised what will start a walkout!
  42. 42. WHAT ARE MICROSOFT DOING? • Windows Server 2008 R2 – successor to Windows Server 2008 • Windows 7 – successor to Windows Vista • Work better together: – Windows 7 Enterprise (SA Only)/Windows 7 Ultimate and Windows Server 2008 R2 offer remote computing and WAN optimisation – Federated Search – BranchCache – RemoteAccess – Remote Desktop Services – BitLocker To Go
  43. 43. THE FINAL ENEMY
  44. 44. COMPANY POLITICS • Prepare to challenge “fiefdoms” on your network • All sense of reason and logic out the window • Use financial arguments - technology does not win – A branch office with unskilled workers once wanted Domain Admin – I gave them a solution: firewalled network, their own forest, their own Internet link and firewalls, their own applications, systems management, etc – I won • Be ready for fighting “vertical battles” • If I had the solution, I would be ....
  45. 45. ... HERE
  46. 46. THANK YOU • This is where I hand over to the lads ...
  47. 47. CINFINITY The experts in data protection and infrastructure hosting services Aidan Finn afinn@cinfinity.ie http://www.cinfinity.ie My Blog: http://joeelway.spaces.live.com

×