200 likes | 369 Views
Desired Configuration Management. Kevin Parr , PMP Principal System Center Technology Specialist Heartland District Microsoft Corporation kparr@microsoft.com. Agenda. Discuss Microsoft's Systems Management Strategy with System Center
E N D
Desired Configuration Management • Kevin Parr, PMP • Principal System Center Technology Specialist • Heartland District • Microsoft Corporation • kparr@microsoft.com
Agenda • Discuss Microsoft's Systems Management Strategy with System Center • Learn how to use DCM to assess and report on compliance with System Center Configuration Manager 2007 • Design configuration items and baselines for an organization
Dynamic IT Management • Improve visibility and control through integrated management • Manage multi-hypervisor technologies and monitor cross-platform environments • Use knowledge-based, automated in-line tasks to deliver rapid, high quality service • Maximize the use of the IT department’s existing Windows Server expertise Time to Value Desktop to Data Center Physical and Virtual Knowledge Driven • Out of the box, build on deep domain knowledge from both Microsoft and our strong partner community • Implement templated best practices through Solution Accelerators • Reduce complexity through seamless management of logical IT environments • Manage your virtual environments down to the application level
System Center Solutions: People, Process, & Technology Management Packs Connectors for Interoperability Knowledge Solution Accelerators Microsoft Operations Framework (MOF/ITIL) Partner Ecosystem Microsoft Consulting Services Data Center Management Products Solutions Desktop & Device Management Windows Platform Infrastructure Virtualization Technology Open Standards Mid-Market
Live host level virtual machine backup • In guest consistency • Rapid recovery • Virtual machine management • Server consolidation and resource utilization optimization • Conversions: P2V and V2V • End to end service management • Server and application health monitoring & management • Performance reporting and analysis • Patch management and deployment • OS and application configuration management • Software upgrades
The ChallengeRegulatory Compliance • IT organizations spend between 5,000 and 20,000 person-hours a year trying to stay compliant with Sarbanes-Oxley’s requirements Source: Survey on Sarbanes-Oxley Compliance Practices Within IT Organizations and Businesses by French Caldwell, Christine Adams, and John Bace (Gartner, September 2006) • … but almost 1/3 of U.S. organizations still say they are not compliant Source: “The Global State of Information Security 2006” (CIO and PricewaterhouseCoopers, September 15, 2006)
The ChallengeConfiguration Drift • 40% of unplanned downtime is caused by Application failure (primarily configuration) Source: “Tearing down the Wall” (Gartner, 2002) • … and 82% of organizations reported downtime significant enough to impact their business • Average cost of more than $10,000/hour • Average duration of 3-4 hours Source: “Executives say software to blame for most IT downtime” (IndustryWeek, July 2007)
Data Security with Microsoft – PCI Perspective 1 ISA Server, IPSec, Windows Firewall, Group Policy, Configuration Manager DCM, Operations Manager ACS Build and Maintain a Secure Network 2 Protect CustomerData Rights Management Server, Encrypted File System, Certificates/ PKI, VISTA Bitlocker 3 Forefront Client & Server, Windows Defender, Malicious Software Removal Tool,Security Development Lifecycle, Threat Modeling, Writing Secure Code Maintain a Vulnerability Management Program 4 Active Directory, Right Management Server, SQL Server, SharePoint Server, Microsoft Identity and Integration Server, Smart Cards, Certificate Lifecycle Manager Strong Access Control Measures 5 Configuration Manager DCM, Operations Manager, Audit Collection Service (ACS); Forefront Client, Server & Edge, SQL Server, VISTA Event Log Manager Regularly Monitor and Test Networks 6 Securing the Store Whitepaper, Regulatory Compliance Planning Guide, Security Awareness Material, Templates, Solution Deployment Guides & Accelerators Maintain an Information Security Policy
System Center Data Center Focus Areas Configuration Management End to End Monitoring Server Compliance Data Protection and Recovery • Automated Provisioning and Updating of Physical and Virtual Environments • Server Consolidation Through Virtualization • Proactive Platform Monitoring • Application & Service Level Monitoring • Interoperable and Extensible Platform • Configuration Controls and Reporting • Centralized Security Auditing • Comprehensive Security & Identity and Access Mgmt • Business Continuity Through Virtualization Mgmt • Backup and Recovery of Physical and Virtual Resources • Disaster Recovery
Enabling the Mobile Enterprise Network Access Protection Enterprise Vulnerability assessment Securely managing devices across the Internet Key Investments inSystem Center Configuration Manager 2007 Reduce Configuration Management Infrastructure Costs • Simplified UI and Installation • Branch office support • Greater levels of control (Scheduling, WoL) • Built on Windows Management Infrastructure Simplicity Unified delivery of Windows Operating System for Clients and Servers • One worldwide image to manage with Vista • Built on Windows Vista Deployment Technologies • Vista and Office 12 upgrade assessment and resolution planning • Secure Online and Offline Provisioning • Secure network storage of user state during Operating System deployment Deployment Security Knowledge Driven Configuration Management • IT policies for analyzing corporate and regulatory compliance • Out of the box configuration policies for server workloads e.g. Exchange • License and asset inventory • Based on the Service Modeling Language (SML) Configuration
The DCM SolutionRegulatory Compliance Knowledge • Microsoft supplied Configuration Packs • Regulations covered • Sarbanes-Oxley (SOX) • European Union Data Protection Directive (EUDPD) • Gramm-Leach Bliley Act (GLBA) • Federal Information Security Management Act (FISMA) • Health Insurance Portability and Accountability Act (HIPAA) • Products covered • Windows Server 2000 and 2003 • Windows XP and Vista • SQL Server 2000 and 2005 • Exchange Server 2003 • Author, duplicate, or extend to meet individualorganization policies
Compliance Packs • Microsoft licensed technology from Brabeion that provides a baseline of IT Controls for Microsoft platforms • Aids in mapping these controls to required IT regulatory compliance frameworks: • COBIT • Control Objectives for Information and related Technology • ISO 17799 • International ISO 27001 and ISO 27002
Desired Configuration Management • Identify required and prohibited configurations for clients, servers and applications and report on compliance against those definitions • Improve availability, security, and performance by reducing problems associated with configuration drift • Improve the help-desk’s ability to troubleshoot by providing defined configuration baselines • Remediate non-compliance by deploying software, scripts, updates or task-sequences to corresponding dynamically created collections
The DCM SolutionConfiguration Drift • Create corporate policy and custom application configuration items (CIs) and baselines • Basic authoring UI for authoring by IT professionals • Published XML schema definition for authoring by LOB application developers • Homegrown or custom applications represent up to 90% of applications within large companies' infrastructure Source: “Executives say software to blame for most IT downtime” (IndustryWeek, July 2007)
Configuration Packs Desired Configuration Management Configuration Packs
Server Compliance Configuration controls and centralized audit of system security • Increasing compliance and audit requirements associated with business policies and regulatory requirements • Security pressures in the data center Challenges Addressed • Create, maintain and report on configuration controls for the data center environment • Gather and report security related events • Manage identities and access and improve security in the data center Key Capabilities SAS 70 is a huge initiative for us with regard to our data centers and all of our applications, and SOX is obviously important as well. With [System Center] my team has reduced the amount of time that we spend collecting security log information. For example, we just completed an investigation and pulled the security report in less than 5 minutes. In the past it would have taken days.” Jeff Skelton, Manager, Enterprise Management Center, Stewart
Data Center Management Solutions Configuration Management End to End Monitoring Server Compliance Data Protection and Recovery Automated Provisioning and Updating of Physical and Virtual Environments Server Consolidation Through Virtualization • Proactive Platform Monitoring • Application & Service Level Monitoring • Interoperable and Extensible Platform • Configuration Controls and Reporting • Centralized Security Auditing • Comprehensive Security & Identity and Access Mgmt • Business Continuity Through Virtualization Mgmt • Backup and Recovery of Physical and Virtual Resources • Disaster Recovery Physical Virtual
System Center Roadmap 2008 2009 2010 2008 V3 Rollup/SP1 V3 2007 SP1/R2 V5 2007 SP1 2007 R2 V4 V1 2008 2009 2010 2008 2008 SP1 SP1