Upload
doandan
View
214
Download
0
Embed Size (px)
Citation preview
1
Created and Presented by:
Rand Morimoto, Ph.D., MCITP, CISSPAuthor, “Unleashed”-series / Sams PublishingPresident, Convergent Computinghttp://www.cco.com [email protected]
IT Strategies - 2014 I.T. is Struggling with 3 Major Things
• Lowering IT Costs
• Improving IT Efficiencies and Relevance
“Cloud Strategy”
“BYOD” / “MDM” / “VDI”
“Social Media Strategy”
• Addressing Security, Compliance, Privacy
• Protecting Intellectual Property
• Focusing on User Access to Information
• Improving User Experience
Cloud is ALL About Saving $$$(“a Money thing”)
• Use Box.net / Dropbox – Monthly cost, Access info anywhere
• Salesforce / Workday – Specialty applications, Cheaper / Easier
than setting up servers
• Amazon / Azure – Monthly cost, Pay as you need it
• Office 365 – Monthly cost, Cheaper / Easier than setting up
servers inhouse
Datacenters of the Past
Storage Network Compute
Today’s datacenter
Datacenter of the (New) Present“Datacenter without boundaries”
Service Provider(ie: Rackspace,
Latisys, etc)
Storage Network Compute
On-premises infrastructure
• CCO is working with some of the largest datacenters in the world
• “Server Pods” – 1160 16-core Host Servers in a shipping container
at 57% less cost than the deepest corporate discount for HP, Dell,
Fujitsu, IBM servers
• “Cheap Storage” – Instead of $2500/TB (times 2 for site
redundancy), storage costs in bulk (JBOD) now $300/TB (times 3 for
high availability and site redundancy), so $5,000/TB or $900/TB???
• “Virtual Networking” – Instead of appliances and devices, just
embed switching and internetworking within the Hosts, Pods,
Servers, and Apps (decrease of $10,000-$25,000 per site or per
connection)
• “Service Automation” – Spin up 2,350 VMs in 1-hour. Failover 1,000
VMs within a site in 30-seconds. Failover 1,000 VMs across sites in
3-minutes
• THIS hosted datacenter efficiency (now at $.46/$1, heading to
$.37/$1 within 6 months) will drive costs down, and put pressure on
internal IT departments to improve internal IT efficiencies…
Optimized Datacenter
2
Service ProviderOn-premises infrastructure
Where to Start…
Service Provider[Rackspace]
Storage Network Compute
On-premises infrastructure
Onsite (Existing) Datacenter
• Run Active Directory for identity
• Focus on Business Applications
(Accounting, HR, etc)
• Manage Compliance (on-premise and
cloud)
• Support Endpoint Devices
Extend to Azure Services as Needed
• Running simple servers (like
www.cco.com, file system storage, time
and billing entry server, etc)
• Extending the corporate network (so the
cloud is seen and managed just like a
virtual guest on the corporate network)
• Servers are geo-replicated (so 99.9%
guaranteed uptime)
• Leverage Azure AD for “shared directory”
between multiple orgs (SharePoint
scenarios, a better “file sharing” solution)
• Copy systems (HyperV
VHDs) to the cloud
• Remote (RDP) to the
guest session and
manage just as you
would a local virtual
guest, so 100% control
• Monthly cost $57/month
for a full running VM
http://www.networkworld.com/community/blog/virtual-networks-windows-2012-and-azure-vms
MANAGEMENT & AUATOMATION
NEW! Improve traditional storage with Storage Spaces with
Automated Tiering (SSD/SATA) and Disk Deduplication
Hyper-V Replica permits replication for
business continuity & failure recovery
NEW! Non-Windows support for Remote
Desktop Services (ie: Apple Mac, iOS, Android)
NEW! Hyper-V Replication (local), Site to Site Replication
(to cloud), Azure-based HyperVRecovery Mgr
NEW! Hyper-V – Grow & Expand Virtual Machines
while they are running
NEW! Multi-Tenant Site-to-Site VPN Gateway to
enable cross-premises connectivity
UPDATED! Non-Windows endpoint (Mobile Device
Management) support in ConfigMgr / Intune
NEW! WorkPlace Join (iOS, Win8.1), WorkFolders (folder sync
(tablets/phones)), Web Application Proxy (app
authentication)
UPDATED! Hyper-V Network Virtualization to
isolate network traffic on shared infrastructure
UPDATED! Monitor (SCOM) and Provision (VMM) VMs
seamlessly on-premise or in the cloud
Enterprise Systems Management• Single console to view on-
premise & cloud; servers & clients; Microsoft & non-Microsoft apps; router & switches; firewalls & storage
• Automate management and recovery
• Build capacity on-premise or in the cloud on demand and cost
• Consolidate capacity on-premise or in the cloud based on demand and cost
• Inventory, Patch, Update, Replace, Replicate, Restore –Servers, Desktops, Laptops, Tablets, Phones anywhere at any time
BYOD is Employees saying, “thanks, I can take care of my own system and apps…”
(“it’s an H.R. thing”)• Users have gotten tech savvy• Those entering in the workforce (in their 20s and 30s) grew up
with computers; they don’t know a world without Google or laptops• Older employees have been using PCs for 20-30 years now• Employees just want to get their work done• Workforce wants to be anywhere, use any system, and just
access their “stuff”• BUT, I.T. needs to address security, protecting privacy,
compliance…
Information Technology: 7-15 years ago“Datacenters” were centralizedApplications and data commonly distributed by sites / geographies at bestAll endpoints for the most part were Windows-based clientsEmergence of first Web-based Apps and “mobile” were Blackberries
From
Home
VPN
Server
3
Over the Past 4 years…Heavy focus on regulatory compliance and standardizationTighter management control over Windows PCs (locked down and highly managed Windows XP guest sessions)Tight controls on “firewalls” and central ITPut 100% of our focus on the “managed / locked down Windows XP PC”Let users sync their email with any mobile device they wanted to bring iniPhones, iPads, Android became more than just PDAs but common endpoint devicesApple’s domination in mobile phones and tablets along with lack of innovation in PC laptops / tablets let the MacBook and iPad proliferateLackluster economy has had businesses and IT focused on other things
SOX HIPAA 21CFR FISMA
Information Technology – Today
Endpoint is no longer just a Windows client (now Mac, iPad, Linux, Tablet)
Applications and data no longer in just 1 place (cloud-based applications (Salesforce.com; Box.com; Dropbox; etc), distributed apps)
Mobile users need access to more than just email (access to full apps from any place and from any device)
Options for IT Executives Today…
Option 1: Block the evolution of technologies (ie: no Macs, no Cloud, no Tablets, company owned mobile, locked down environment). Which is doing things the way we’ve been doing the past couple decades…
Option 2: Try to force a managed environment using new technologies to do things the old way (ie: VDI “Windows looking guests” on all devices, join Macs and Linux systems to AD just like we have done with Windows, Mobile Device Mgmt (MDM) to lock down devices) – Which are all small “point solutions” to a bigger problem…
Option 3: Outsource IT – Hoping that someone else can do Option 1 and Option 2 better and cheaper
Option 4: Rethink IT
Option 4: Rethink IT(the balancing act)
User wants and needs… The business needs…
Access to business applications
Access to data
Ability to communicate
Access any time / anywhere
Control who has access to info
Audit and report on access
Ability to deprovision users quickly
Protect data and users
Solving the Endpoint Management Challenge
1. Identity / Single Sign-on is Imperative - User must logon to a common directory (like Active Directory) before getting access to ANY other app (on-prem or cloud)
2. Encrypt All Data - Protect the data, and then you don’t have to worry if it “leaks” and ends up on Box, Google Apps, Skydrive, iPads, Mac Laptops that may not be secure
Step 1 – Focus on “Identity”Going from Multiple Passwords…
Enterprise Firewall
Active Directory
Internal Apps
eBusiness
Portal
4
…to a common Single Sign-on Solution
Access to public
cloud applications
Shared info access
with business
partners
Corp apps in
the Cloud
Client-facing
applications
Consumer-facing
applications
Active DirectoryInternal Apps
Step 2 - Encrypt All Data
Encrypting a device is good, but ineffective the minute the data leaves the device
Encrypting emails or encrypting communications is great, but only for emails or SL connectivity
Encrypt ALL DATA so you don’t have to worry about the device (laptop, thumbdrive), endpoint storage medium (ie: Box, DropBox), locality (China, N.Korea, Middle East), or transport (SSL, VPN)
Tie data encryption to Active Directory, so when you disable the AD account, all of the files associated with the AD user become inaccessible
Leverage automated encrypted technologies
Set Security Criteria on Content
Author of the document can define who can do the following:• View document• Edit document• Print document• Copy/Paste• Forward an email• and set doc expiration
Office 2011 Mac Natively Supports Microsoft Rights Management Services Encryption and Protection
Native support for Microsoft Rights Management Services (RMS) for document encryption / protection
Leveraging 3rd Party Plug-ins for RMS
5
Captures and Applies Encryption to Files in Transit in Exchange 2007/2010/2013 & SharePoint 2007/2010/2013
Providing a Common App for ALL Endpoints Types(ex: Microsoft Exchange 2013, SharePoint 2013, etc)
Exchange / SharePoint (2013) have native support for mobile phones and tablets
Exchange leverages Outlook Web App (OWA) and the “offline capabilities” in HTML5 built in to IE 10+, Safari 5.1+, Google Chrome 18+
Mobile Phone
“1 wide” formatTablet “2 wide” format
Normal Desktop/Laptop “3 wide” format
Remote Desktop Connection Clients (by Microsoft)for Apple Mac, iOS, Android (released Oct 17, 2013)
MacOS https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12&ls=1
iOS https://itunes.apple.com/us/app/microsoft-remote-desktop/id714464092?mt=8
Android https://play.google.com/store/apps/details?id=com.microsoft.rdc.android
Remote Desktop Client – Apple Mac
Remote Desktop Client – iPad
Focusing on User Access to Information
Improving User Experience
Enterprise social and your businessTransform your business from the inside out
EXTERNAL SOCIAL INTERNAL SOCIAL
6
Microsoft Office Servers & Microsoft Office 365Providing organizations Microsoft’s trusted business technologies (Exchange, SharePoint, Lync, Office)
on-premise, in the cloud, or both. Flagship “2013” versions with full support for non-Microsoft
endpoints (Macs, Android, iOS) with the exact same version in the cloud with Office 365
Work together Introducing Yammer:Integrating SharePoint, Yammer, SkyDrive, Lync…
83% of users feel
better connected
with their team
25% boost in
productivity in social
organizations
20% rise in
supplier & partner
satisfaction
67% of new
employees get up to
speed faster
78% of users
communicate more
effectively
41% of users are
more prone to share
feedback via
Yammer
50% of users can
locate relevant
information and
people faster
80% of users are
more informed with
what is happening
40% greater ROI
when using Yammer
and SharePoint
together
Sources: IBM Global CIO Study, 2011 - Yammer User Survey, 2010 - McKinsey, The Social Economy, July 2012 - Gallup Consulting “Employee Engagement, What’s Your Engagement Ratio?” 2008 - Yammer User Surveys,
2010 and 2013
Improve team alignment
- Collaborate across geos and functions
- Manage projects and events
- Drive competitive intelligence
Increase employee engagement
- Identify expertise
- Accelerate learning, development & onboarding
- Share best practices
Continue to evolve
- Innovate faster
- Adapt and respond to change
- Build a unified culture
• Getting employees engaged in business activities
• Getting management to communicate with staff (better transparency)
• Getting clients to share input and insight directly to the business
• Improving business processes and communications to a more collaborative solution
Yammer – Enhancing Communicationsand Collaboration
7
Yammer & SharePoint
Better Together
https://about.yammer.com/customers/nationwide/
Accessing Information from Any DeviceWindows, Apple Mac, iPhone, iPad, Android, Linux, Windows Mobile, etc
Like and Reply to others’ messages
Notify people immediately with a message
Post to a group on the go
Browse your network
Guidance
Developer Tools
SystemsManagement
IdentityManagement
Cloud
Information Protection
Client and Server OS
Server Applications
Edge
Unified (optimized) Datacenter whether On-premise or the Cloud Management and datacenter server tools that support Microsoft and non-Microsoft environments (ie:
cross-platform manage - Vmware, Linux, NetApp, EMC, Cisco, etc) Support for Microsoft and non-Microsoft endpoint client systems (ie: Macs, iPads, iPhones, Android) In the box (Office Servers 2013) client support for non-Microsoft endpoints with Apps on-premise
and in the cloud (Office 365) Social networking collaboration and communications, Improving existing communication processes
Created and Presented by:
Rand Morimoto, Ph.D., MCITP, CISSPAuthor, “Unleashed”-series / Sams PublishingPresident, Convergent Computinghttp://www.cco.com [email protected]
IT Strategies - 2014