MBL362MBL362微软微软 ITIT 部门部署部门部署 60,000 60,000 Windows MobileWindows Mobile 的策略 的策略 崔 海崔 海haicui@microsoft.comhaicui@microsoft.com

Program ManagerProgram ManagerMobile and Embedded Device Mobile and Embedded Device DivisionDivisionMicrosoft CorporationMicrosoft Corporation

主要议程主要议程MicrosoftMicrosoft 的的 ITIT 策略策略ITIT 部门的移动应用部门的移动应用Windows Mobile 5.0 beta Windows Mobile 5.0 beta ProgramProgramQ&AQ&A

Microsoft IT Microsoft IT 策略策略1.1. Empower Empower – Empower our– Empower our

customers, clients and partnerscustomers, clients and partnerswith great services, guidancewith great services, guidanceand solutionsand solutions

2.2. SimplifySimplify – Simplify our – Simplify our technology environment and technology environment and focus investments in core areasfocus investments in core areas

3.3. Protect Protect – No hacks or impacting – No hacks or impacting attacks and total complianceattacks and total compliance

ObjectivesObjectives Strategy PillarsStrategy Pillars

Run Run World ClassWorld Class Managed Solutions & ITManaged Solutions & IT

Be Microsoft’s Be Microsoft’s First and First and BestBest Customer Customer

ProtectProtect Microsoft Digital Microsoft Digital AssetsAssets

Drive Drive valuevalue for Microsoft for Microsoft and our customersand our customers

Mobile Messaging Service in Mobile Messaging Service in 20022002

Microsoft IT FY02 service offeringMicrosoft IT FY02 service offeringCurrent pull requests for MMISCurrent pull requests for MMIS

User base: 4,050 Total: 550 Asia; 2,500 EMEA; User base: 4,050 Total: 550 Asia; 2,500 EMEA; 1,000 SPAR1,000 SPARUser locations: USField, UK, Ireland, Germany, User locations: USField, UK, Ireland, Germany, Nordic, Amsterdam, Hong Kong, Korea, and Nordic, Amsterdam, Hong Kong, Korea, and JapanJapanMIS site locations: Redmond, UK, Germany, MIS site locations: Redmond, UK, Germany, Hong Kong, JapanHong Kong, Japan

Next DeliverablesNext Deliverables Due DateDue DateService Architecture Review for Exchange Service Architecture Review for Exchange 20032003

August 28, 2002August 28, 2002

Service Plan ReviewService Plan Review October 11, 2002October 11, 2002Deploy MIS to Hong Kong (40 users)Deploy MIS to Hong Kong (40 users) November 1 , 2002November 1 , 2002Support Readiness ReviewSupport Readiness Review November 15, 2002November 15, 2002Begin Phase 1 deployment of MIS in US Begin Phase 1 deployment of MIS in US FieldField

December 6, 2002December 6, 2002

Begin Phase 1 deployment of MIS in EMEABegin Phase 1 deployment of MIS in EMEA December 6, 2002December 6, 2002Service Readiness ReviewService Readiness Review December 29, 2002December 29, 2002

Typical Pre-Consolidation Typical Pre-Consolidation Exchange SiteExchange Site

Tail Site

Outlook 2003Users

Global CatalogServer

MailboxServer

Public FolderServer

Router

Switch

`

`

WAN Connection

Remote AccessServer (RAS)

(where required)

Microsoft IT Mobile Microsoft IT Mobile Messaging TodayMessaging Today

Topology:Topology:Over the past 12 months Microsoft has Over the past 12 months Microsoft has consolidated Exchange from dozens of consolidated Exchange from dozens of access points to the access points to the 5 below5 below

1 main access point (1 main access point (https://https://mail.microsoft.commail.microsoft.com))4 regional access points (i.e., 4 regional access points (i.e., https://https://emea.mail.microsoft.comemea.mail.microsoft.com))

Sao Paulo, Dublin, Singapore, ChofuSao Paulo, Dublin, Singapore, ChofuMicrosoft IT has multiple production Windows forests / Microsoft IT has multiple production Windows forests / Exchange organizationsExchange organizations

1 additional access point per Exchange organization 1 additional access point per Exchange organization (Forest)(Forest)

Design:Design:2 2 Exchange Front End servers per access point Exchange Front End servers per access point

(For redundancy and load balancing)(For redundancy and load balancing)Multiple ISA servers performing Web publishingMultiple ISA servers performing Web publishingSplit-brain configuration for internal/external DNS Split-brain configuration for internal/external DNS namespacesnamespaces

Typical Post-Consolidation Typical Post-Consolidation Exchange SiteExchange Site

Tail Site

Outlook 2003Users

Router

Switch

`

`

WAN Connection

Remote AccessServer (RAS)

(where required)

TokyoTokyo

DublinDublin

SingaporeSingapore

22,000 active22,000 activemobile usersmobile users

RedmondRedmondTukwilaTukwila

CharlotteCharlotte

3M+ e-mail messages 3M+ e-mail messages per day internallyper day internally99.99% Exchange availability99.99% Exchange availability

92,000 end users92,000 end users57,500 full time employee57,500 full time employee

300,000+ PCs300,000+ PCs45,000+ Windows Mobile devices45,000+ Windows Mobile devices

400+ sites400+ sitesworldwide inworldwide in89 countries89 countries

Silicon ValleySilicon Valley

7,000,000 remote 7,000,000 remote connections/monthconnections/month

JohannesburgJohannesburg

Mobile Messaging TodayMobile Messaging Today

Mobile Device Support Mobile Device Support TrendTrend

Nov

embe

r

Dec

embe

r

Janu

ary

Febr

uary

Mar

ch

Apr

il

Helpdesk Tech DispatchedTier 2 Escalations

Tier 1 Resolved0

100

200

300

400

500

600

CategoryCategoryAverage per Average per

monthmonthTier 1 ResolvedTier 1 Resolved 339339Helpdesk Tech DispatchedHelpdesk Tech Dispatched 3636Tier 2 EscalationsTier 2 Escalations 6060

Support Call GeneratorsSupport Call Generators

15%15%

11%11%

7%7%

4%4%

63%63%

Help configure installHelp configure install

Other SymptomOther Symptom

Corp WLANCorp WLANconfigurationconfiguration

Request forRequest forinformationinformation

Mobile OperatorMobile Operatorconnectivity failureconnectivity failure

Device StandardizationDevice StandardizationIT IT 部门当今最大的挑战部门当今最大的挑战

What does this mean?What does this mean?Process for selecting hardware for Process for selecting hardware for internal employees to utilize within the internal employees to utilize within the companycompanyIncluding requirements for internal Including requirements for internal Beta programsBeta programs

What are some of the benefits?What are some of the benefits?Documentation/educationDocumentation/educationHelpdesk supportHelpdesk supportPricing and availabilityPricing and availabilityEnterprise warrantyEnterprise warrantyInfrastructure interoperability (WLAN – Infrastructure interoperability (WLAN – 802.1X)802.1X)

内部网站内部网站

Internal Web Sites DEMOInternal Web Sites DEMO

Improving the Mobile Device Improving the Mobile Device ExperienceExperience

Internally-built Web tool provides end users with a Internally-built Web tool provides end users with a streamlined method for configuring their mobile streamlined method for configuring their mobile device out-of-the-box (OOB)device out-of-the-box (OOB)

This drives down unnecessary setup related calls to This drives down unnecessary setup related calls to helpdeskhelpdesk

Easy to navigate Web interface also simplifies other Easy to navigate Web interface also simplifies other tasks for that user by providing over the air (OTA) tasks for that user by providing over the air (OTA) features for:features for:

ConfigurationConfigurationPatching / Updating Patching / Updating Installing applicationsInstalling applicationsCustomization (wallpapers, skins and ring tones)Customization (wallpapers, skins and ring tones)

What devices are supported?What devices are supported?All WM 2002+ OS devices are supportedAll WM 2002+ OS devices are supported

How can I give this a try?How can I give this a try?Although new features in Windows Mobile 2005 make Although new features in Windows Mobile 2005 make many of these tasks easier, our existing solution was many of these tasks easier, our existing solution was developed for internal usedeveloped for internal use

Windows Mobile DEMOWindows Mobile DEMO

Pocket Expense – LOB Pocket Expense – LOB (Line of Business) (Line of Business) Application DEMOApplication DEMO

Customer Explorer Mobile Customer Explorer Mobile DemoDemo

PPCPE ScreensPPCPE Screens

Microsoft IT RequirementsMicrosoft IT Requirements

SecuritySecurityRemoval of user credentialsRemoval of user credentialsLocal PIN enforcementLocal PIN enforcementCertificate authentication – Certificate authentication – SmartCard support in the futureSmartCard support in the futureRemote wipe Remote wipe

ManagementManagementDetailed statisticsDetailed statisticsOS updatesOS updatesConfiguration push Configuration push

Protected Mobile OperationProtected Mobile Operation

Enforced use of the power on Enforced use of the power on PIN/passwordPIN/passwordPocket PC/Smartphone 2003 DPAPI to Pocket PC/Smartphone 2003 DPAPI to encrypt corporate credentialsencrypt corporate credentialsSoft certificates usedSoft certificates used

Corp Web Proxy

Windows Mobile 5.0 Devices

Corp WLANIT CERT

WLAN PPC

CERT AUTH

NTLM

CERT-BASED AUTH

RADIUS

INTERNET

.NETApplications

Exchange

INTRANET sites

ISA WEB Front End

Windows Mobile 5.0 Windows Mobile 5.0 Internal Beta ProgramInternal Beta Program

Windows Mobile 5.0 OSWindows Mobile 5.0 OSEnterprise security model requirementsEnterprise security model requirements

Application securityApplication securityPocket PC platformPocket PC platform

1-Tier1-TierPrompt for unsignedPrompt for unsignedAllow for unsigned installAllow for unsigned install

Smartphone platformSmartphone platform2-Tier2-TierPrompt for unsignedPrompt for unsignedAllow for unsigned installAllow for unsigned install

CertificatesCertificatesIT Management certificatesIT Management certificates

Certificate based through cab/cpf updatesCertificate based through cab/cpf updatesApplication signingApplication signingIT Management related tasksIT Management related tasks

Corporate certificatesCorporate certificatesSSLSSLCorporate delegated CA for WiFiCorporate delegated CA for WiFiMobile 2 Market (M2M) can be revoked to disallow applications Mobile 2 Market (M2M) can be revoked to disallow applications outside of the environment from being installedoutside of the environment from being installed

Enterprise BenefitsEnterprise Benefits

First time MDPG/MED dogfood First time MDPG/MED dogfood program in large scale program in large scale environmentenvironmentMDPG and user experience early MDPG and user experience early on in development lifecycle on in development lifecycle outside of laboutside of labMicrosoft IT influence on new Microsoft IT influence on new features for enterprise – security, features for enterprise – security, management, device management, device provisioning, corporate imaging, provisioning, corporate imaging, etc.etc.

Windows Mobile 5.0 Windows Mobile 5.0 StatisticsStatistics

Employee participationEmployee participation1,200+ Smartphone users at B21,200+ Smartphone users at B21,900 at RC81,900 at RC82,200 participants at RTM2,200 participants at RTM

Feedback and bug reportingFeedback and bug reportingOver 1,070 filed in product studioOver 1,070 filed in product studio

Helpdesk call volumeHelpdesk call volume~125 calls in 7 months~125 calls in 7 months

Less than 5% rolling back to Less than 5% rolling back to 2002 OS2002 OS

Summary – RecapSummary – Recap

Global presenceGlobal presenceComplex infrastructure – 40,000 + Complex infrastructure – 40,000 + devicesdevices

Microsoft IT mission: Microsoft IT mission: First and best customerFirst and best customerFeedback to product group during SDLCFeedback to product group during SDLCRun world class utility (support, cost, Run world class utility (support, cost, availability)availability)

Windows Mobile 5.0 Windows Mobile 5.0 First Dogfood experienceFirst Dogfood experienceIncorporated MSIT feedback on device Incorporated MSIT feedback on device management and security featuresmanagement and security features

Mobility Challenges Mobility Challenges

Remote access to messaging Remote access to messaging resources is a form of remote access resources is a form of remote access to datato dataNew security risks are introduced – New security risks are introduced – the key is to understand these risks the key is to understand these risks and manage themand manage themSecurity concerns/challenges:Security concerns/challenges:

Infrastructure exposureInfrastructure exposureDevice managementDevice managementSingle factor authentication / password exposureSingle factor authentication / password exposureData exposureData exposureDevice provisioningDevice provisioningPer user restrictionsPer user restrictionsClient/device configuration validationClient/device configuration validation

Microsoft Portugal Microsoft Portugal (Living the dream)(Living the dream)

Objectives:Objectives:Integrated voice and data solution, Integrated voice and data solution, that each employee can that each employee can demonstratedemonstrate20% reduction in global 20% reduction in global communication costscommunication costsImprove response time and CPE Improve response time and CPE due to better availability near due to better availability near customerscustomersTechnological showroom of Technological showroom of Microsoft mobility solutionsMicrosoft mobility solutions

Microsoft Portugal (cont’d)Microsoft Portugal (cont’d)

Results:Results:Calls between employee through Calls between employee through extension number no matter where extension number no matter where they are in the country. Call they are in the country. Call transfer on GSM implemented.transfer on GSM implemented.Device bought directly from Device bought directly from manufacturer, although cost manufacturer, although cost financed by mobile operator (free financed by mobile operator (free from MO)from MO)2 GB GPRS/month, sharable by 250 2 GB GPRS/month, sharable by 250 usersusersAll employees in the sub with All employees in the sub with Windows Mobile devices, with Windows Mobile devices, with access to:access to:

E-mail , Calendar, Internet, MSN MessengerE-mail , Calendar, Internet, MSN Messenger

Microsoft Portugal ResultsMicrosoft Portugal Results

Results:Results:Each Microsoft employee is an Each Microsoft employee is an ambassador to this technologyambassador to this technologyAlways in contact with the Always in contact with the customerscustomersExtensive usage of MSN Messenger, Extensive usage of MSN Messenger, essentially when abroad, reducing essentially when abroad, reducing costscostsConf Calls using VoIP to the US Conf Calls using VoIP to the US through the usage of a simple through the usage of a simple extension wherever you are!extension wherever you are!End of waiting times due to the End of waiting times due to the permanent access to e-mailpermanent access to e-mail

Regional Data Center Regional Data Center DesignDesign

SAN

Public FolderServer

GlobalCatalog

Regional Data Center

Public FolderServer

ClusteredMailboxServer

Internet MailConnector

Internet MailConnector

WAN

Direct Push: Under the Direct Push: Under the hoodhood

4. Server issues PING response indicating that changes have occurred in the user’s mailbox.

2. Server holds the request pendinguntil heartbeat interval expires.

1. Device issues PING request to EAS running on Exchange front-end.

Exchange Servers5. Device immediately issues SYNC request. Upon completion of SYNC, we go to step 1.

Device/Server Interaction: New Mail

3. New mail arrives before heartbeat interval expires.

Policy Provisioning: Admin Policy Provisioning: Admin ViewView

ResourcesResources

Additional content on Microsoft IT deployments and best Additional content on Microsoft IT deployments and best practices can be found on Microsoft TechNet: practices can be found on Microsoft TechNet: http://www.microsoft.com/technet/itshowcase

Trustworthy Messaging at Microsoft:Trustworthy Messaging at Microsoft: http://www.microsoft.com/technet/itsolutions/msit/operations/trustmes.mspx

Exchange Server 2003 Transport and Routing GuideExchange Server 2003 Transport and Routing Guide::http://www.microsoft.com/downloads/details.aspx?FamilyId=C092B7A7-9034-4401-949C-B29D47131622&displaylang=en

最后最后……

相关的相关的 Session Session MBL201 - How Microsoft Ships MBL201 - How Microsoft Ships Windows Mobile 5.0 SoftwareWindows Mobile 5.0 Software

请您填写请您填写 SurveySurvey ，给与我宝贵的反馈，给与我宝贵的反馈

Thank You Very Much!Thank You Very Much!

Q & AQ & A