mbl362 微软 it 部门部署 60,000 windows mobile 的策略
DESCRIPTION
MBL362 微软 IT 部门部署 60,000 Windows Mobile 的策略. 崔 海 [email protected] Program Manager Mobile and Embedded Device Division Microsoft Corporation. 主要议程. Microsoft 的 IT 策略 IT 部门的移动应用 Windows Mobile 5.0 beta Program Q&A. - PowerPoint PPT PresentationTRANSCRIPT
MBL362MBL362微软微软 ITIT 部门部署部门部署 60,000 60,000 Windows MobileWindows Mobile 的策略 的策略 崔 海崔 海[email protected]@microsoft.com
Program ManagerProgram ManagerMobile and Embedded Device Mobile and Embedded Device DivisionDivisionMicrosoft CorporationMicrosoft Corporation
主要议程主要议程MicrosoftMicrosoft 的的 ITIT 策略策略ITIT 部门的移动应用部门的移动应用Windows Mobile 5.0 beta Windows Mobile 5.0 beta ProgramProgramQ&AQ&A
Microsoft IT Microsoft IT 策略策略1.1. Empower Empower – Empower our– Empower our
customers, clients and partnerscustomers, clients and partnerswith great services, guidancewith great services, guidanceand solutionsand solutions
2.2. SimplifySimplify – Simplify our – Simplify our technology environment and technology environment and focus investments in core areasfocus investments in core areas
3.3. Protect Protect – No hacks or impacting – No hacks or impacting attacks and total complianceattacks and total compliance
ObjectivesObjectives Strategy PillarsStrategy Pillars
Run Run World ClassWorld Class Managed Solutions & ITManaged Solutions & IT
Be Microsoft’s Be Microsoft’s First and First and BestBest Customer Customer
ProtectProtect Microsoft Digital Microsoft Digital AssetsAssets
Drive Drive valuevalue for Microsoft for Microsoft and our customersand our customers
Mobile Messaging Service in Mobile Messaging Service in 20022002
Microsoft IT FY02 service offeringMicrosoft IT FY02 service offeringCurrent pull requests for MMISCurrent pull requests for MMIS
User base: 4,050 Total: 550 Asia; 2,500 EMEA; User base: 4,050 Total: 550 Asia; 2,500 EMEA; 1,000 SPAR1,000 SPARUser locations: USField, UK, Ireland, Germany, User locations: USField, UK, Ireland, Germany, Nordic, Amsterdam, Hong Kong, Korea, and Nordic, Amsterdam, Hong Kong, Korea, and JapanJapanMIS site locations: Redmond, UK, Germany, MIS site locations: Redmond, UK, Germany, Hong Kong, JapanHong Kong, Japan
Next DeliverablesNext Deliverables Due DateDue DateService Architecture Review for Exchange Service Architecture Review for Exchange 20032003
August 28, 2002August 28, 2002
Service Plan ReviewService Plan Review October 11, 2002October 11, 2002Deploy MIS to Hong Kong (40 users)Deploy MIS to Hong Kong (40 users) November 1 , 2002November 1 , 2002Support Readiness ReviewSupport Readiness Review November 15, 2002November 15, 2002Begin Phase 1 deployment of MIS in US Begin Phase 1 deployment of MIS in US FieldField
December 6, 2002December 6, 2002
Begin Phase 1 deployment of MIS in EMEABegin Phase 1 deployment of MIS in EMEA December 6, 2002December 6, 2002Service Readiness ReviewService Readiness Review December 29, 2002December 29, 2002
Typical Pre-Consolidation Typical Pre-Consolidation Exchange SiteExchange Site
Tail Site
Outlook 2003Users
Global CatalogServer
MailboxServer
Public FolderServer
Router
Switch
`
`
WAN Connection
Remote AccessServer (RAS)
(where required)
Microsoft IT Mobile Microsoft IT Mobile Messaging TodayMessaging Today
Topology:Topology:Over the past 12 months Microsoft has Over the past 12 months Microsoft has consolidated Exchange from dozens of consolidated Exchange from dozens of access points to the access points to the 5 below5 below
1 main access point (1 main access point (https://https://mail.microsoft.commail.microsoft.com))4 regional access points (i.e., 4 regional access points (i.e., https://https://emea.mail.microsoft.comemea.mail.microsoft.com))
Sao Paulo, Dublin, Singapore, ChofuSao Paulo, Dublin, Singapore, ChofuMicrosoft IT has multiple production Windows forests / Microsoft IT has multiple production Windows forests / Exchange organizationsExchange organizations
1 additional access point per Exchange organization 1 additional access point per Exchange organization (Forest)(Forest)
Design:Design:2 2 Exchange Front End servers per access point Exchange Front End servers per access point
(For redundancy and load balancing)(For redundancy and load balancing)Multiple ISA servers performing Web publishingMultiple ISA servers performing Web publishingSplit-brain configuration for internal/external DNS Split-brain configuration for internal/external DNS namespacesnamespaces
Typical Post-Consolidation Typical Post-Consolidation Exchange SiteExchange Site
Tail Site
Outlook 2003Users
Router
Switch
`
`
WAN Connection
Remote AccessServer (RAS)
(where required)
TokyoTokyo
DublinDublin
SingaporeSingapore
22,000 active22,000 activemobile usersmobile users
RedmondRedmondTukwilaTukwila
CharlotteCharlotte
3M+ e-mail messages 3M+ e-mail messages per day internallyper day internally99.99% Exchange availability99.99% Exchange availability
92,000 end users92,000 end users57,500 full time employee57,500 full time employee
300,000+ PCs300,000+ PCs45,000+ Windows Mobile devices45,000+ Windows Mobile devices
400+ sites400+ sitesworldwide inworldwide in89 countries89 countries
Silicon ValleySilicon Valley
7,000,000 remote 7,000,000 remote connections/monthconnections/month
JohannesburgJohannesburg
Mobile Messaging TodayMobile Messaging Today
Mobile Device Support Mobile Device Support TrendTrend
Nov
embe
r
Dec
embe
r
Janu
ary
Febr
uary
Mar
ch
Apr
il
Helpdesk Tech DispatchedTier 2 Escalations
Tier 1 Resolved0
100
200
300
400
500
600
CategoryCategoryAverage per Average per
monthmonthTier 1 ResolvedTier 1 Resolved 339339Helpdesk Tech DispatchedHelpdesk Tech Dispatched 3636Tier 2 EscalationsTier 2 Escalations 6060
Support Call GeneratorsSupport Call Generators
15%15%
11%11%
7%7%
4%4%
63%63%
Help configure installHelp configure install
Other SymptomOther Symptom
Corp WLANCorp WLANconfigurationconfiguration
Request forRequest forinformationinformation
Mobile OperatorMobile Operatorconnectivity failureconnectivity failure
Device StandardizationDevice StandardizationIT IT 部门当今最大的挑战部门当今最大的挑战
What does this mean?What does this mean?Process for selecting hardware for Process for selecting hardware for internal employees to utilize within the internal employees to utilize within the companycompanyIncluding requirements for internal Including requirements for internal Beta programsBeta programs
What are some of the benefits?What are some of the benefits?Documentation/educationDocumentation/educationHelpdesk supportHelpdesk supportPricing and availabilityPricing and availabilityEnterprise warrantyEnterprise warrantyInfrastructure interoperability (WLAN – Infrastructure interoperability (WLAN – 802.1X)802.1X)
内部网站内部网站
Internal Web Sites DEMOInternal Web Sites DEMO
Improving the Mobile Device Improving the Mobile Device ExperienceExperience
Internally-built Web tool provides end users with a Internally-built Web tool provides end users with a streamlined method for configuring their mobile streamlined method for configuring their mobile device out-of-the-box (OOB)device out-of-the-box (OOB)
This drives down unnecessary setup related calls to This drives down unnecessary setup related calls to helpdeskhelpdesk
Easy to navigate Web interface also simplifies other Easy to navigate Web interface also simplifies other tasks for that user by providing over the air (OTA) tasks for that user by providing over the air (OTA) features for:features for:
ConfigurationConfigurationPatching / Updating Patching / Updating Installing applicationsInstalling applicationsCustomization (wallpapers, skins and ring tones)Customization (wallpapers, skins and ring tones)
What devices are supported?What devices are supported?All WM 2002+ OS devices are supportedAll WM 2002+ OS devices are supported
How can I give this a try?How can I give this a try?Although new features in Windows Mobile 2005 make Although new features in Windows Mobile 2005 make many of these tasks easier, our existing solution was many of these tasks easier, our existing solution was developed for internal usedeveloped for internal use
Windows Mobile DEMOWindows Mobile DEMO
Pocket Expense – LOB Pocket Expense – LOB (Line of Business) (Line of Business) Application DEMOApplication DEMO
Customer Explorer Mobile Customer Explorer Mobile DemoDemo
PPCPE ScreensPPCPE Screens
Microsoft IT RequirementsMicrosoft IT Requirements
SecuritySecurityRemoval of user credentialsRemoval of user credentialsLocal PIN enforcementLocal PIN enforcementCertificate authentication – Certificate authentication – SmartCard support in the futureSmartCard support in the futureRemote wipe Remote wipe
ManagementManagementDetailed statisticsDetailed statisticsOS updatesOS updatesConfiguration push Configuration push
Protected Mobile OperationProtected Mobile Operation
Enforced use of the power on Enforced use of the power on PIN/passwordPIN/passwordPocket PC/Smartphone 2003 DPAPI to Pocket PC/Smartphone 2003 DPAPI to encrypt corporate credentialsencrypt corporate credentialsSoft certificates usedSoft certificates used
Corp Web Proxy
Windows Mobile 5.0 Devices
Corp WLANIT CERT
WLAN PPC
CERT AUTH
NTLM
CERT-BASED AUTH
RADIUS
INTERNET
.NETApplications
Exchange
INTRANET sites
ISA WEB Front End
Windows Mobile 5.0 Windows Mobile 5.0 Internal Beta ProgramInternal Beta Program
Windows Mobile 5.0 OSWindows Mobile 5.0 OSEnterprise security model requirementsEnterprise security model requirements
Application securityApplication securityPocket PC platformPocket PC platform
1-Tier1-TierPrompt for unsignedPrompt for unsignedAllow for unsigned installAllow for unsigned install
Smartphone platformSmartphone platform2-Tier2-TierPrompt for unsignedPrompt for unsignedAllow for unsigned installAllow for unsigned install
CertificatesCertificatesIT Management certificatesIT Management certificates
Certificate based through cab/cpf updatesCertificate based through cab/cpf updatesApplication signingApplication signingIT Management related tasksIT Management related tasks
Corporate certificatesCorporate certificatesSSLSSLCorporate delegated CA for WiFiCorporate delegated CA for WiFiMobile 2 Market (M2M) can be revoked to disallow applications Mobile 2 Market (M2M) can be revoked to disallow applications outside of the environment from being installedoutside of the environment from being installed
Enterprise BenefitsEnterprise Benefits
First time MDPG/MED dogfood First time MDPG/MED dogfood program in large scale program in large scale environmentenvironmentMDPG and user experience early MDPG and user experience early on in development lifecycle on in development lifecycle outside of laboutside of labMicrosoft IT influence on new Microsoft IT influence on new features for enterprise – security, features for enterprise – security, management, device management, device provisioning, corporate imaging, provisioning, corporate imaging, etc.etc.
Windows Mobile 5.0 Windows Mobile 5.0 StatisticsStatistics
Employee participationEmployee participation1,200+ Smartphone users at B21,200+ Smartphone users at B21,900 at RC81,900 at RC82,200 participants at RTM2,200 participants at RTM
Feedback and bug reportingFeedback and bug reportingOver 1,070 filed in product studioOver 1,070 filed in product studio
Helpdesk call volumeHelpdesk call volume~125 calls in 7 months~125 calls in 7 months
Less than 5% rolling back to Less than 5% rolling back to 2002 OS2002 OS
Summary – RecapSummary – Recap
Global presenceGlobal presenceComplex infrastructure – 40,000 + Complex infrastructure – 40,000 + devicesdevices
Microsoft IT mission: Microsoft IT mission: First and best customerFirst and best customerFeedback to product group during SDLCFeedback to product group during SDLCRun world class utility (support, cost, Run world class utility (support, cost, availability)availability)
Windows Mobile 5.0 Windows Mobile 5.0 First Dogfood experienceFirst Dogfood experienceIncorporated MSIT feedback on device Incorporated MSIT feedback on device management and security featuresmanagement and security features
Mobility Challenges Mobility Challenges
Remote access to messaging Remote access to messaging resources is a form of remote access resources is a form of remote access to datato dataNew security risks are introduced – New security risks are introduced – the key is to understand these risks the key is to understand these risks and manage themand manage themSecurity concerns/challenges:Security concerns/challenges:
Infrastructure exposureInfrastructure exposureDevice managementDevice managementSingle factor authentication / password exposureSingle factor authentication / password exposureData exposureData exposureDevice provisioningDevice provisioningPer user restrictionsPer user restrictionsClient/device configuration validationClient/device configuration validation
Microsoft Portugal Microsoft Portugal (Living the dream)(Living the dream)
Objectives:Objectives:Integrated voice and data solution, Integrated voice and data solution, that each employee can that each employee can demonstratedemonstrate20% reduction in global 20% reduction in global communication costscommunication costsImprove response time and CPE Improve response time and CPE due to better availability near due to better availability near customerscustomersTechnological showroom of Technological showroom of Microsoft mobility solutionsMicrosoft mobility solutions
Microsoft Portugal (cont’d)Microsoft Portugal (cont’d)
Results:Results:Calls between employee through Calls between employee through extension number no matter where extension number no matter where they are in the country. Call they are in the country. Call transfer on GSM implemented.transfer on GSM implemented.Device bought directly from Device bought directly from manufacturer, although cost manufacturer, although cost financed by mobile operator (free financed by mobile operator (free from MO)from MO)2 GB GPRS/month, sharable by 250 2 GB GPRS/month, sharable by 250 usersusersAll employees in the sub with All employees in the sub with Windows Mobile devices, with Windows Mobile devices, with access to:access to:
E-mail , Calendar, Internet, MSN MessengerE-mail , Calendar, Internet, MSN Messenger
Microsoft Portugal ResultsMicrosoft Portugal Results
Results:Results:Each Microsoft employee is an Each Microsoft employee is an ambassador to this technologyambassador to this technologyAlways in contact with the Always in contact with the customerscustomersExtensive usage of MSN Messenger, Extensive usage of MSN Messenger, essentially when abroad, reducing essentially when abroad, reducing costscostsConf Calls using VoIP to the US Conf Calls using VoIP to the US through the usage of a simple through the usage of a simple extension wherever you are!extension wherever you are!End of waiting times due to the End of waiting times due to the permanent access to e-mailpermanent access to e-mail
Regional Data Center Regional Data Center DesignDesign
SAN
Public FolderServer
GlobalCatalog
Regional Data Center
Public FolderServer
ClusteredMailboxServer
Internet MailConnector
Internet MailConnector
WAN
Direct Push: Under the Direct Push: Under the hoodhood
4. Server issues PING response indicating that changes have occurred in the user’s mailbox.
2. Server holds the request pendinguntil heartbeat interval expires.
1. Device issues PING request to EAS running on Exchange front-end.
Exchange Servers5. Device immediately issues SYNC request. Upon completion of SYNC, we go to step 1.
Device/Server Interaction: New Mail
3. New mail arrives before heartbeat interval expires.
Policy Provisioning: Admin Policy Provisioning: Admin ViewView
ResourcesResources
Additional content on Microsoft IT deployments and best Additional content on Microsoft IT deployments and best practices can be found on Microsoft TechNet: practices can be found on Microsoft TechNet: http://www.microsoft.com/technet/itshowcase
Trustworthy Messaging at Microsoft:Trustworthy Messaging at Microsoft: http://www.microsoft.com/technet/itsolutions/msit/operations/trustmes.mspx
Exchange Server 2003 Transport and Routing GuideExchange Server 2003 Transport and Routing Guide::http://www.microsoft.com/downloads/details.aspx?FamilyId=C092B7A7-9034-4401-949C-B29D47131622&displaylang=en
最后最后……
相关的相关的 Session Session MBL201 - How Microsoft Ships MBL201 - How Microsoft Ships Windows Mobile 5.0 SoftwareWindows Mobile 5.0 Software
请您填写请您填写 SurveySurvey ,给与我宝贵的反馈,给与我宝贵的反馈
Thank You Very Much!Thank You Very Much!
Q & AQ & A