mission critical

Mission Critical

Capability Discussion Presentation

Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities

2. Position the Integrated Enterprise Platform approach

Busi

ness

exe

cuti

ves

1. Understand business needs and priorities

2. Discuss range of potential solution capabilities

ITexe

cuti

ves

Arc

hit

ect

s IT

pro

/dev

exe

cuti

ves

AgendaAgenda

Recap Business Discussions

Integrated Enterprise Platform Approach

Summary and Next Steps

Needed Integrated Capabilities

Business Driver

Phase 1 Phase 2 Phase 3

IMPROVE BUSINESS EFFICIENCY WITHOUT ADDED COMPLEXITY

Improve workload management to support applications and services and provide maximum flexibility and scalability via quick and easy configuration of servers and rapid provisioning of applications and services with the ability to scale environments up and outBack up server data that supports critical services in accordance with standard IT practices and help ensure recovery from damaged or lost data, hardware failures, and disaster via identifying critical applications and services based on value of data, cost of outage, and other business-driven metrics and via optimized techniques to ensure successful backup of all critical servers, applications, and services according to outlined recovery goalsProvide the ability to scale environments up and out to meet performance objectives for applications, even under increasing loads via tools for performance monitoring, troubleshooting, and auto-tuning to manage and monitor performance of mission-critical applications and services

Help ensure business agility by enabling a dynamic IT infrastructure to support applications and services, balance loads, and maximize resource usage for improved flexibility, scalability, and reliability via virtualization to consolidate multiple, underused physical servers; reconfigure virtual machines; provide flexible resource control; enable quick migration; and make server, networking, and storage more efficientProvide support to accommodate planned downtime and reduce unplanned downtime without affecting availability of mission-critical applications via failover clustering and streamlined maintenance and disaster recovery options to eliminate single points of failureCentrally monitor and manage the operation of critical server infrastructure, end-user systems, and services to adhere to service-level agreements (SLAs) via remote management of servers through the command line, automated scripts, and remote management servicesProactively manage performance by identifying potential performance issues and monitoring service levels across applications and services via defined resource limits and priorities for workloads that support predictable performance across workloads

Help ensure a stable and controlled environment for business-critical applications to meet service levels and to remain flexible and scalable to support, manage, and secure applications that are increasingly critical to business goals via a dynamic, reliable, and scalable virtualization platform combined with a single set of integrated management tools to manage both physical and virtual resourcesProvide the ability to build, modify, and distribute scalable applications with minimal on-premises resources via cloud-based development, service hosting, and a service management environment that provides on-demand computing and storage to host, scale, and manage web applications on the InternetHelp ensure continual backup and archiving of data to speed up recovery and to enable rapid restoration across data centers that are located at multiple sites to achieve the appropriate level of availability defined by SLAs via continual or near-continual data backup and archiving based on workload, including multiple recovery points for fast rollback and recovery of essential services and one-touch application restoration across geographies and multiple data centersProactively plan for performance optimization initiatives by monitoring the performance and utilization metrics of servers, databases, applications, and services across the organization via centralized storage of performance data from across the organization in a performance management data warehouse to help monitor key performance metrics, and via configuring customized alerts that display when metric thresholds are crossed

Support for Priority Business Capabilities

Note to presenter: This is a template.Prune, add, and prioritize per BDM and TDM feedback.Ensure consistency with the “Business Priorities Guide” and the “Capability Discussion Guide”.

Business Driver


PROTECT BUSINESS ASSETS AND INTELLECTUAL PROPERTY

Help secure the IT infrastructure from attacks while preserving access to corporate resources, including applications and services via a secured environment through integrated identity and access management, policy validation, network restriction, and ongoing monitoring of network health that includes defense-in-depth policies across endpoints, servers, and the network

Provide more secure remote access to applications and services while enabling IT administrators to centrally manage network access and to control and monitor system health policies via enabling policy-based access and standardized security, management, and configuration controls; and centralized audits of system security for collecting, storing, and analyzing security event data

Enforce security measures and centrally monitor key security events to help identify and audit security breaches and compliance failures for all servers, applications, and services via reports and dashboards, flexible custom views, and configurable event logs to help IT investigate the causes of non-compliance and to take measures to establish appropriate policies, procedures, and controls

Help secure and manage users' internal and external access across systems, from virtually anywhere and any device across the organization via enforced security policies that provide robust protection and can flexibly support the connectivity needs of an increasing number of internal and external users, devices, system configurations, and network connection types

Help ensure automatic identification of security and compliance threats and automated mitigation of all deviations from security policy

via detailed configuration auditing and reporting, measurement of security metrics, and performance of event analysis and correlation in real time

Provide a versatile and interoperable platform to enable more secure access to applications across multiple systems, networks, and organizations in different trust realms via federated security that provides a more secure and scalable service architecture across organizational boundaries



Business Driver


ACHIEVE RAPID TIME-TO-MARKET FOR COMPETITIVE ADVANTAGE

Lower barriers to build composite applications, scalable and custom web applications, and packaged line-of-business applications via an integrated and extensible application development environment that consistently supports various phases of the development cycle across diverse teams Provide the ability to extend and unlock the value in existing line-of-business systems and enable future updates and replacements of these systems with minimal impact to the applications that consume them via implementing a services layer on top of line-of-business systems to make these systems available to other systems, applications, and business processes

Provide integrated tools for developing mission-critical applications that target multiple devices including desktop systems, hand-held devices, smart phones, web, and mobile devices via next-generation tools that support development of applications across a variety of devices, application types, and programming tasks and include the highest quality user experienceAggregate individual services into composite services to provide a range of new capabilities focused on building robust, connected, mission-critical applications via an enterprise service bus that supports messaging patterns that enable dynamic service aggregation, message routing, validation, transformation, exception management, and fault toleranceProvide the ability to form composite services from collections of individual services to help accelerate adoption, management, and reuse of services across the organization via implementing an enterprise-wide service catalog that has a well-defined, coarse-grained, business centric, and reusable shared services architecture that includes more secure accessProvide the ability to transfer or convert legacy applications and data from less cost-effective systems to systems based on Microsoft Windows via an integrated, robust, and extensible solution that includes consistent servers, clients, applications, and database managementProvide a full range of supported and fully integrated cross-platform network services to support interoperability while extending UNIX-based applications to Windows systems via enabling seamless access to information that is stored on multiple platforms, consolidating network management across platforms, integrating custom and legacy UNIX-based applications, and providing the ability to reuse UNIX applications and scripts in WindowsProvide the ability to integrate data from diverse sources that include legacy systems, and help present the data in a consistent way throughout the organization via enterprise-class data integration solutions to extract, transform, and load data from a wide array of data sources and the ability to share, secure, and manage interactive reports

Enable organizations to rapidly create more secure, manageable, and reliable mission-critical applications that include integrated workflows that better align with business processes and have enterprise-wide strategic impact via powerful and robust development tools that provide security advancements, management tools, and enhancements to build, test, and deploy highly reliable and secure mission-critical applications that include complex workflowsProvide a consistent development and management experience across customer premises and cloud environments via a reliable, secure, and trustworthy platform that enables on-premises and off-premises applications to work togetherAggregate business services into a set of dynamic, mission-critical business applications that extend beyond the firewall or organizational boundaries and enable proactive management of SLAs via adopting a standards-based, interoperable, reliable platform to help effectively manage heterogeneous systems by using dynamic versioning, control, updates, redeployments, and workload adaptabilityDeploy a systematic and secure solution in the cloud that integrates with existing on-premises assets via a cloud-based solution that supports creating, prototyping, and deploying applications and integrates with the existing on-premises environment



Agenda





IT Business

Today Future

Dynamic business agilityand low TCO

Optimizing Finance Operations

Multiple Enterprise Solutions

Point solutions

Siloed, disconnectedtechnology

investments

High TCO | Low agility

Sales Effectiveness

Improving Customer Service

Integrated capabilities

Why the Integrated Enterprise Platform Approach?

Supporting Microsoft Technologies

Client Capabilities

Business Solutions

Solution Areas

Infrastructure Capability Integration

Infr

astr

uctu

re O

pti

miz

ati

on

Infrastructure Optimization Models


Business Productivity Infrastructure Optimization Model

Collaboration

Messaging

Unified Communications

Content Creation and Management

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Application Platform Optimization Model

BI and Analytics Platform

Database and LOB Platform

Custom Development

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Core Infrastructure Optimization Model

Datacenter Management and Virtualization

Device Deployment and Management

Identity and Security Services

IT Process and Compliance

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Business Solutions

Solution Areas


Infr

astr

uctu

re O

pti

miz

ati

on




Collaboration

Messaging



DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC




Custom Development

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC






DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Client Capabilities

Relationships Between Integrated Capabilities

Business Solutions

Solution Areas


Infr

astr

uctu

re O

pti

miz

ati

on




Collaboration

Messaging



DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC




Custom Development

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC






DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Application Platform Optimization

Integrated Enterprise Platform

Client Capabilities

Business Productivity Infrastructure Optimization

Core Infrastructure Optimization

Each capability has four levels of maturity:

BasicStandardizedRationalizedDynamic

What are these used for?Profiling integrated capabilities, leading to model common capabilitiesUnderstanding dependenciesPlanning advancement in services provided to lead to enterprise-class capabilities

Optimization Model Capability Maturity Levels




Collaboration

Messaging


Content Creation and ManagementD

YN

AM

IC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC




Custom Development

DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC






DY

NA

MIC

RA

TIO

NA

LIZ

ED

STA

ND

AR

DIZ

ED

BA

SIC

Infr

astr

uctu

re O

pti

miz

ati

on

Multiple Solutions, One PlatformUse integrated capabilities for all of your business needs

Application Platform Optimization

Business Productivity Infrastructure Optimization

Core Infrastructure Optimization

Application Platform

OptimizationBusiness Productivity

Infrastructure

OptimizationCore Infrastructure

Optimization

Improve business efficiency without added

complexity

Achieve rapid time-to-market for competitive

advantage

Protect business assets and intellectual

property



Infrastructure


Optimization

Operations

Human Resources SalesFinance

Multiple Solutions, One PlatformUse integrated capabilities for all of your business needs



Infrastructure


Optimization

Business Benefits IT Benefits

FamiliarityHigh user familiarityFaster adoption rateLower time to value

AgilityFast, efficient deploymentGreater integration

RobustnessConsistent featuresData integrationProcess integration

ScalablePerformance and reliabilitySecuritySupport skills and processes

Lower TCOCommon support skills and processesLower integration costsLow cost software

SustainableContinuity and long-term viability

Value of Integrated Capabilities from Microsoft

Agenda





IT Challenge: Align with Business Goals

IT Strategy and Business

Alignment

OperationsManagement

InnovationEnablement

Business Strategy and

Goals

Cost center More efficient cost center

Business enabler Strategic asset

Time

Valu

eOptimizing the Integrated Enterprise Platform

Sophistication of the Solution

Phase 1

Provides basic support for the most critical elements of the business driver

Phase 2

Provides adequate, typical support for critical and priority elements of the business driver

Phase 3

Provides thorough, streamlined support for the business driver that enables differentiated levels of performance

PROTECT BUSINESS ASSETS AND

INTELLECTUAL PROPERTY

ACHIEVE RAPID TIME-TO-MARKET FOR COMPETITIVE ADVANTAGE

IMPROVE BUSINESS EFFICIENCY WITHOUT ADDED COMPLEXITY

B S R D

Datacenter Mgt and

Virtualization

Data Center Mgt & Virtualization

A defined software library exists. Automated build with defined deployment and provisioning processes. Deployment and management of software updates are tool based. Capacity management processes are manual and reactive, resource utilization and capacity are monitored periodically. The organization actively uses virtualization to consolidate resources for production workloads. Some Production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. IT services are audited for compliance based on documented company and industry-standard policies (HIPAA, SOX, and PCI); reports are generated monthly. Services are available during server failure (e.g. server clustering, hot spares, and/or virtualization recovery solution).

Server Security

Malware protection is centrally managed across server operating systems within organizations, including host firewall, host IPS/vulnerability shielding, and quarantine, with defined SLAs. Protection is deployed and centrally managed for all applications and services. Integrated perimeter firewall, IPS, Web security, gateway anti-virus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across datacenter, application, organization, and cloud boundaries.

Networking

Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and with support for auto configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. Wide area network traffic health and performance are monitored and reported. IPv4 for main transport services, using IPv6 for some transport services (eg. to achieve larger address range).

StorageIf a single disk or system component fails, no data is lost but data availability may be interrupted. Storage is managed and allocated on highly available servers using virtual disks or dynamic disk volumes. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements.

Device Deploymen

t and Manageme

nt

Device Mgt & Virtualization

The majority of the installed client base has a minimum of one year of mainstream support remaining. Some applications are virtualized, but most are installed as packages or are included in the standard image. A solution is in place to configure and update devices. Mobile devices are managed by security policy provisioning (such as personal identification numbers) and remote wipe.

Device Security Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.

Identity & Security Services

Identity & Access

To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods, and machines; access control is role-based. Password policies are set within a directory service to enable single sign on across boundaries for most applications. Password resets through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.

Information Protection & Control

Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as documents and e-mail); policy templates are used to standardize rights and control access to information. Reporting is predefined for select server and back-office waypoints.

IT Process & Compliance

IT service portfolio aligns with individual business units; the IT service costs, returns, capacity, availability, continuity, and integrity are reported. IT policies are documented for each IT service. Each IT service has a formal definition of reliability. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Each IT service has its own change and configuration management process; standard changes are identified for each IT service. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service. Self service objectives and/or agreement exists, IT Service request process exists, fulfillment is manual. Defined orchestration with scripted processes to support manual execution.

Phase 1: Core IOBasic Standardized Rationalized Dynamic

B S R D

Collaboration

Workspaces Workspaces are managed at the departmental level and are available from individual productivity applications.

Portals Multiple portals exist; directory services, authentication, and authorization are not uniform across portals, requiring users to sign in multiple times; user management methods are redundant.

Social Computing

Project Mgt

Information access

Interactive experience and navigation

Messaging Secure, remote, online and offline access to rich mailbox and calendar functionality exists inside and outside the firewall. IT manages mailbox provisioning by using a single directory.

Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring

Multi-Device Support

Interoperability

User Accessibility

Phase 1: BPIOBasic Standardized Rationalized Dynamic

B S R D


Business Intelligence

IT provides access for users to sanctioned data sources as database connections, data feeds, or static data dumps, upon which users can easily perform ad-hoc queries and data analysis using Excel or other analysis tools. Users can share their analyses via a BI portal. Users may have access to more advanced self-service analytics tools to perform data mining or predictive analysis without dependence on IT or a Data Analyst. Some level of automation is in place to render data pulled from enterprise systems on dashboards, but is used for only strategic or high profile projects. Dashboards have integrated interfaces to allow users to roll-up and drill-down on live data.

Data Warehouse Management

Big Data

Information Services and Marketplaces


Transaction Processing

Data Management

Key high-value data has associated formal data management policies and processes. Data governance may be recognized on a siloed basis, but not as a corporate discipline. Data and asset inventories and dependency relationships are manually documented periodically. Access policies for data and objects in databases are defined but not centralized, and do not reference data classifications. Administrative tasks are still performed using an over-privileged account. Security management is performed on a server-by-server basis. Systems are in place for retention backup. Organizational/departmental policies exist for how long items are stored and what is stored.

Application Infrastructure

Application messaging services used by development are aligned with standard application operating environments. Development and operations teams have the skills required to effectively and consistently make use of these technologies. Limited application component and service reuse strategies exist at the departmental or project level. Orchestration and workflow between applications is typically implemented via custom integrations. Applications are beginning to adopt web services or other standards implemented in operating environments to allow application components and common application services to interoperate as needed. Common application services and middleware component frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Limited application component and service reuse strategies exist at the departmental or project level. Common application services and runtime application frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Operations is beginning to rationalize to the standard common services and consolidate runtime platforms. Deploying applications is complex and process varies by application. Monitoring of applications uses IT infrastructure components and tools to monitor business process steps, workflow instances, health of applications and services, and the entire process at a summary level. The organization leverages application servers, and developers write very little system and management code. Management tools consist of utilizing included management software more fully. Built-in diagnostics exist for domain connectivity, services health, firewall settings, network connectivity, and for SOA runtime infrastructure.

Custom Developme

nt

Internet Applications User experience is considered as an afterthought, if at all during site development. Basic integration of rich technology (Silverlight, Flash, Java, etc.) exists, but is inconsistent throughout the site, and is generally used to provide islands of richness.

Component and Service Composition

Some use of reusable assets is supported by high-value services, components, and modules. Composition by IT departments requires advanced coding skills. Use of composition frameworks and tools happens on a project-by-project basis. SOA and portal components are not coordinated. Central IT provides managed and secure data services to some of the most commonly needed enterprise entities and provides business units with standard services to some key enterprise systems and for some standard needs like reporting and dashboards. LOB applications expose pre-built web parts that integrate with the company portal and are easily used by users. Developers are beginning to create components and services for the designated portal platform, though the efforts are exploratory in nature or focused on individual projects. The composite application portal has basic integration with existing business productivity desktop and enterprise applications (such as desktop applications and email). No discoverability of services is in place. Application models are highly descriptive of the application components and dependencies. Manual checks against the application map are in place to avoid impacts on services by component changes. Components and low-level services are documented manually, though the culture of management of those components has not been pervasive across the organization.

Enterprise Integration Reusable integration components are developed for custom development on an ad hoc basis. Project management is centralized for application integrations.

Development Platform

The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization. Application customization is performed through customization support offered by the application, on an isolated project basis with no standard approaches or consideration for future maintenance or integration.

Application Lifecycle Management

Work-breakdown structures map estimated work to business value. Rudimentary metrics are used to manage project progress. Project managers aggregate data from standard status updates. Effective change management processes are in place. Testing has test harnesses and some automation, formal unit testing with good code coverage, and defined test strategy and processes. Explicit use of code quality tools typically occurs at the end of the development cycle. An explicit version control and software configuration management strategy exists. Builds are automated. Some branching and merging occurs. Continuous integration or nightly builds are supported for most applications. Labs for testing and development have environment specifications that are defined and tested with environment build procedures and application build deployment procedures. Processes are defined for debugging production defects and incidents, with a standard set of defect artifacts.

Phase 1: APOBasic Standardized Rationalized Dynamic

B S R D

Datacenter Mgt and

Virtualization


Software and configuration library is maintained at current update levels with version control and auditing on demand. Automated build and deployment with consistent provisioning processes integrated with software and configuration library that includes virtual images; on demand reporting; self service portal for IT or end users to deploy. Software update management and auditing are policy-driven and monitored, including automated vulnerability detection. Isolation and remediation of vulnerable and non-compliant systems are automated. Service capacity and resource utilization are monitored continuously; analysis tools are used to predict the impact of proposed changes (software, hardware, usage, and topology); Workloads can be relocated manually. Chargeback is consumption based. The organization has a consolidated view and a consolidated management process across heterogeneous virtual environments, including branch offices. Majority of production server resources are virtualized. Resource pooling implementation supports compliance and cost management strategies, such as Auditing and Reporting, Policy Management, Metered Usage, Multi-Tenancy and Process Automation. Performance monitoring of applications as well as physical and virtual hardware pools with enforceable SLAs; Service health monitoring with consistent reporting across heterogeneous environments. Policy enforcement occurs in near real time based on company and industry-standard polices that allow for immediate quarantine of non-compliant systems, and consistent compliance reporting and standards exist across all IT services. There are multiple levels of service availability clustering or load balancing. Virtualization and management is used to dynamically move applications and services when issues arise with datacenter compute, storage and network resources.

Server Security Remote access is secure, standardized, and available to end users across the organization.

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Wide area network traffic health and performance is monitored and reported centrally, providing real time visibility with integration into service management tools. Using IPv6 with IPSec for secure private communication over public network.

StorageIf a storage node fails, data access transparently fails over with no interruption in availability. Storage is managed and allocated dynamically from a highly available pool of physical space based on capacity required, and within limits set by policy quotas. Critical data is backed up by taking snapshots using a centralized, application-aware system.

Device Deploymen

t and Manageme

nt


The majority of the installed client base has a combination of current and recently released operating systems. Applications are distributed on demand for the majority of traditional desktop environments and productivity applications. A solution is in place to automatically identify devices to deploy, configure, and update while maintaining device security. Mobile devices are managed by enforceable application and hardware policies (such as device encryption and hardware access).

Device Security Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.


Identity & Access

Provisioning and de-provisioning of user and super-user accounts, certificates, and/or multi-factor authentication is automated. Federation exists for selected applications. For consumer facing applications, federating with public providers (such as Facebook). Multi-factor and certificate-based authentication are applied in some scenarios, such as remote access across boundaries (such as On Prem and Cloud). Self service password resets supported. A centralized, group/role based access policy is defined for business resources, applications, and information resources, managed through industry accepted processes. A scalable directory that is integrated and automatically synchronizes with all remaining directories across multiple geographies and isolated domains for all applications with connectivity to cloud when applicable.

Information Protection & Control

Persistent information protection helps to enforce policy on sensitive data across boundaries, including data on mobile devices. Reporting for server, back-office, and end-user waypoints; analysis capabilities exist to provide investigation of critical incidents.


The IT service portfolio is aligned with the organization; management regularly reviews how the service portfolio and strategy align, and reports costs and returns across IT services. IT policies are integrated across all IT services, enabling or restricting use of resources as appropriate. Definitions of reliability for IT services are integrated across IT services and enforceable. IT service issues and design changes are tracked by using formal processes; testing is automated where possible. IT service release processes are uniform across IT services; deployment is automated and offers self service where possible; management reviews each service for readiness to release before deployment. Service-level and operational-level agreements are integrated for IT services; management reviews operational health regularly; some tasks are automated. Monitoring and flexible, tenant/service reporting are aggregated across individual areas for protection against malware, protection of information, and identity and access technologies. The change and configuration management process is integrated across IT services; standard changes are identified across IT services and automated with self service where possible. Risk and vulnerability analysis is integrated across all IT services; IT compliance objectives and activities are integrated across IT services and automated where possible; management regularly audits to review policy and compliance. A self service catalog is defined with SLAs/SLOs and consumed via a self service portal supported by some automated fulfillment. Comprehensive service life cycle orchestration that is automated for some workloads.


B S R D

Collaboration


Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Information access



Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


B S R D


Business IntelligenceDashboards are consistently used to provide operational and strategic views of the business from real time or periodically refreshed data. BI portal experience has rich visualizations, dashboards and scorecards with full data interactivity (slicing, filtering, etc.) consistent with self service reporting and analysis tools. Users have the ability to create unique personal and/or shared views of data that are actually combinations of multiple views (i.e. mashups).


Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.


A common application messaging services infrastructure is in place and well managed for larger mission-critical applications. Standard service-based application architectures are being rationalized and implemented with appropriate governance. Applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. Applications use web services to communicate across application boundaries. Processes and infrastructure for managing service endpoints, service discovery, and routing of application messages is in place. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems. Components and services are explicitly tagged for reuse. A range of application services and infrastructure is provided across operating environments with central governance. A central engineering practices group co-sponsored by development and operations has formed and is providing valuable guidance to application development teams. Application developers consistently build applications using these application frameworks, so hosting, application services requirements, and management are predictable. Operating systems provide support for multiple application frameworks. Applications' deployment standards are consistently followed. A consistent platform for running and managing applications is implemented, and applications are designed with consistent approaches to health monitoring. Operations proactively monitors applications and back-end services using a shared thresholds/alerting infrastructure, and a centralized management tool and/or self-service interface is used to manage applications, services, and physical and virtual assets. Application and service monitoring data may be rendered on process performance dashboards.

Custom Developme

nt

Internet ApplicationsUser experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation). Pages are dynamic and database-driven, and may use some templates for replication of content across them. Custom coding is needed to work on different browsers.


Developers have tools that allow them to automate the creation of components usable by end users out of low-level services, and to publish them to the central repository and obtain basic metrics of usage. Tooling for solution assembly is simplified. A single platform is designated for portal infrastructure. Point solutions enable simple UI customization by end users. Business units are beginning to implement programs to migrate many of their solutions to the new standard platform. Tooling is difficult, as different stakeholders (analysts, developers, end users, etc.) have allegiance to their tools and the tools do not integrate well. Some independent end-user composition happens as a result of the portal deployment. Along with IT, business units are becoming suppliers of reusable assets and realize that they can empower their users by connecting services and experience, building upon the assets that the central IT team provides and by creating their own. Creation of LOB extension applications can be accomplished without a lot of custom code and through the assembly of existing components. There is a designated tool for the creation of composite LOB extension in addition to the integration with advanced developer tools. However, other tools continue to exist for different functional purposes like workflow, UI creation, etc. Business productivity and collaboration applications, features, and infrastructure can be easily leveraged as components to integrate powerful and familiar capabilities into the context of a composite application interface. The organization overall realizes that services and UI needs to blend, start rationalizing which UI standard they will be driving to, and move to a point where every service has a “face” that is consumable for composing new applications. End users can share their created solutions back to the repository. Mechanisms exist to allow for ranking and rating of solutions and components. A managed central repository of all configuration items, assets, and systems provides dependency maps, reporting, and metrics for development and operations teams across the organization to manage integrations, performance, and scale.

Enterprise Integration

Use of standardized processes for data integration is at the project level and technologies are used to improve back-end integration. The business leverages an integration broker running on-premises to connect to cloud applications using adapters. Application integrations leverage standard application messaging protocols and infrastructure to connect various applications running on-premises and in the cloud, connecting mission-critical data and transactions across enterprise applications. Centralized data integration strategies and tools are used across the enterprise.


Developed applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. A repeatable release process is in place with integrated configuration management, work item tracking, and automated builds with BVTs. A defined code promotion strategy that minimizes disruptions is followed and a gated check-in protects key code lines. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.


B S R D

Datacenter Mgt and

Virtualization


Automated build, deployment and provisioning processes with orchestration to configure new instances of services based on a template that can be composed of multiple virtual images; real time reporting. Resource provisioning and deprovisioning occurs dynamically and is elastic. Workloads are relocated dynamically. The organization uses virtualization to manage resource allocation dynamically for running workloads and services including moving workloads from server to server based on resource needs or business rules. Service performance monitoring with automated remediation and centralized view across all SLAs; consolidated view across all management tools. Real-time policy enforcement and reporting are based on company and industry-standard polices with automated non-compliance resolution for all IT services. Services are available during complete site outage (via geo-clustering and automated management).

Server Security Network security is automated and proactive, with centralized alerting and reporting to meet network protection service-level agreements. Secure remote access is integrated with quarantine for compliance with corporate policy.

Networking

Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Wide area network traffic health and performance is monitored and reported centrally, providing real time visibility with integration into service management tools. Using IPv6 with IPSec for secure private communication over public network.

Storage

Critical data can be replicated with failover between geographical or virtual locations or services to provide business continuity in the event of a site failure. Critical data across the enterprise is protected continuously by replicating it at a separate location or by using a cloud-based service; data backups can be recovered by using a self-service recovery process. Data archiving is managed based on storage location by using automated compliance and retention policies such as rights management, read-only storage, and file expiration; Archiving capacity is elastic across boundaries with automatic capacity expansion within limits set by business policy.

Device Deploymen

t and Manageme

nt


There is an automated solution for federated management of all devices. Mobile devices are managed and integrated with core infrastructure services for policy configuration and enforcement including multi-factor authentication.

Device Security Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.


Identity & Access Centralized IT offering of Federation services. Multiple Federation and trust relations between separate organizations 1 to 1 relationship.

Information Protection & Control Persistent information protection is automatically identified and encrypted according to policy across environment and devices


Definitions of reliability for IT services have formal, predictive models. Reporting on service-level and operational-level agreements occurs in real time across the organization; IT services are provisioned dynamically to provide the required levels of reliability and scalability; all tasks that can be automated are automated. Monitoring, reporting, and auditing are automated with event correlation, notification of incidents that matter, and remediation for protection against malware, protection of information, and identity and access technologies. Risks and vulnerabilities are analyzed across all IT services against developed models; compliance objectives and activities are automated, and then updated automatically based on changes to IT policies.


B S R D

Collaboration


Portals Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services.

Social Computing

Project Mgt

Information access



Unified Communic

ations

IM/Presence

Conferencing

Voice

Content Creation

and Manageme

nt

Information Mgt

Process Efficiency

Compliance

Authoring


Interoperability

User Accessibility


B S R D


Business IntelligenceData Analysts use powerful data management workbench with integrated access to tools for data preparation, cleansing, multi-variate analysis, and a sophisticated set of data mining algorithms with extensibility and tuning options. Data Analysts can easily publish their findings and data sets for access by business users.


EDW is refreshed on a near real-time basis so that information is readily available to mission-critical applications, analytics, and reporting systems. A high degree of concurrency exists, with many users running complex queries and interacting with complex analytics tools simultaneously with data loading. Management and maintenance of storage, hardware, and supporting software is manual and ad hoc.

Big Data




Data Management

Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores.


Use of standard application services supported by the operating application infrastructure environment is maximized. Engineering of infrastructure, shared application services, and application frameworks is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Many application characteristics can be modified by changing application configuration instead of code. Deployment of applications is simplified, consistent, and supported by automation. On-demand capabilities exist to add/change/remove application components without risk of downtime. Application blueprints do not have physical dependencies. Application and cross-application end-to-end process health management is proactive, with sophisticated SLAs and alerting structures in place.

Custom Developme

nt

Internet Applications

User experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation). Pages are dynamic and database-driven, and may use some templates for replication of content across them. Custom coding is needed to work on different browsers.


User solutions can be promoted to IT-managed services. Policies and support exist to manage the data from these solutions in a safe and secure manner. Central IT can easily discover, monitor, and analyze business unit solutions for compliance. IT can easily leverage the dependency web to analyze relationships with business and technical assets to minimize service disruptions. IT measures usage and dependencies, and can invest in innovations based on usage. User experiences for composed applications are delivered through multiple channels (web, desktop, and mobile) systematically.

Enterprise Integration Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities.


Use of standard application services supported by the operating application infrastructure environment is maximized. Architectural layering is enforced as part of code delivery and build automation. Engineering of infrastructure and central application services is performed jointly by development and operations teams, resulting in complete symmetry between development and operating environments. Development work management tools are integrated with operations incident management systems.


Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. A repeatable release process is in place with integrated configuration management, work item tracking, and automated builds with BVTs. A defined code promotion strategy that minimizes disruptions is followed and a gated check-in protects key code lines. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.






Agenda

IT Benefits of the Integrated Enterprise Platform Approach

Dynamic IT infrastructure that has scalable workloads

Cost-effective and time-efficient data recovery

Integrated custom and legacy applications

Effective management of multiple identities across organizations

Security management across the organization that includes flexible, diverse user scenarios

Compliance of IT operations and asset management with requirements

Is a key driver of business productivity and growth

Fuels profitable revenue growth

Gives managers more insight and control

Encourages employee productivity

Benefits of Optimizing IT Capabilities

Grow revenue 6.8% faster per year than their peers in the bottom 25% of IT capability.

Enjoy 23% higher revenue per employee than their peers in the bottom 25% of IT capability.

Achieve superior productivity (a company’s IT infrastructure is a key determinant).

Have significantly better insight into, and control over, key dimensions of their business.

Source: Enterprise IT Capabilities and Business Performance, Marco Iansiti, David Sarnoff Professor of Business Administration, Harvard Business School George Favaloro, Principal, Keystone Strategy, Inc-March 2006, http://www.microsoft.com/business/enterprise/itdrivesgrowth.mspx

Optimized IT… Companies in the top 25% of IT capability…

http://www.microsoft.com/business/enterprise/itdrivesgrowth.mspx

Engagement Approach

Audience

Solution road map

Solution areas Industry Horizontal

Business strategy

Integrated Capability Analysis => Projects, architecture, products

1. Present relevant integrated capabilities

2. Position the Integrated Enterprise Platform approach

Busi

ness

exe

cuti

ves

1. Understand business needs and priorities

2. Discuss range of potential solution capabilities

ITexe

cuti

ves

Arc

hit

ect

s IT

pro

/dev

exe

cuti

ves

Integrated Capability Analysis

Ensure target business capabilities cover process improvement priorities

Translate business capabilities into required infrastructure capabilities

Assess current infrastructure maturity

Determine gaps to target integrated capabilities

Build a road map for integrating capabilities and implementing solutions

Specify required platform architecture, technologies, and services

Baseline the Microsoft platform road map

Next Steps

Integrated capability analysisExplore the Integrated Enterprise Platform

Create a high-level implementation road map

Identify resources in your organization

Business analysts

Solution architects

Platform architects

Infrastructure architects

IT infrastructure managers

IT operations managers

Review the technology road map

Translate into a solution capability road map to review with the business

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

mission critical

Documents

businesscritical applications

critical services

critical servers

secure applications

business efficiency

business agility

business goals

performance monitoring