Remote Infrastructure Optimization

Size: px
Start display at page:

Download "Remote Infrastructure Optimization"


1 Four best practices that lead towards an optimized remote site infrastructure Remote Infrastructure Optimization Four best practices to streamline front-line IT capabilities Remote Infrastructure empowers the frontline of your organization: Stores Bank Branches Medical Facilities Hotels Restaurants Factories Schools Utility Sites Field Offices REMOTE INFRASTRUCTURE OPTIMIZATION

2 Introduction Today, your remote sites are more important than ever. In banking, 80 percent of new products or services are obtained at the branch. Yet many organizations (like stores, banks, hotels, schools, factories, and field offices) must catch up from reduced remote infrastructure investments resulting from the Internet wave. Adding to the challenge, Internet offerings have increased pressure on Remote Infrastructure is margins and expectations for click and mortar integration of information across channels (Web, The front line of the organization. local, and phone). To spread fixed physical costs, remote locations are pressured to offer more solutions and services (often with partners) and to increase responsiveness to ever-changing A critical customer interface, business conditions. where business is won or lost. As customers demand better, faster, tailored products and services at the lowest possible cost, Distributed and distant from businesses with large networks of remote locations are pressed to optimize their IT infrastructures the data center. to meet these demands in order to succeed. Critical challenges that CIOs face are: Workplace of 80 percent Cost Control Remote infrastructure is becoming increasingly complex, distributed, and of employees. expensive. IT management and support costs are outpacing hardware and software expenses. Yet IT staff is increasingly centralized and budget constrained, on-site technical support is rare to nonexistent, and local technicians are very expensive. 1/3 of IT spending. Home to 25 percent of servers. Security Threats of data breach, targeted attacks, and viral system disruption are multiplying in frequency, type, and damage impact. Regulatory and disaster preparedness requirements are growing; the risks are increasing, and more frequent updates are required for protection. Agility Competition in the digital age produces an ever-growing need to deliver, use, and capture information at the point of service about customers, products, partners, and processes that is fresh, actionable, and integrated. IT must respond by delivering these capabilities within a tightening timeframe, before they are commoditized. Faced with these challenges, many IT managers undertake point-solution projects aimed at solving the most pressing needs while incrementally adding to overall system complexity and cost. These managers often focus on short-term measures of performance like hardware and software costs, overlooking longer-term TCO and IT management costs. Many companies are taking a more structured approach to IT infrastructure optimization one that allows for step-rate improvements while considering the impacts on the system as a whole. The Microsoft Infrastructure Optimization Model One way to do this is through the Microsoft Infrastructure Optimization (IO) Model, which helps enterprises understand the current state of their IT infrastructure and devise a roadmap to increase business capabilities and agility. The Microsoft Infrastructure Optimization Model has been used to profile thousands of large organizations across all industries and geographies. By assessing the maturity of specific infrastructure capabilities, Microsoft identifies the process and strategic value in moving from a basic level of maturity (cost center) toward a more dynamic level where IT becomes a strategic asset and true business enabler. Basic Standardized Rationalized Dynamic Uncoordinated, manual infrastructure Managed IT infrastructure with some automation Managed and consolidated IT infrastructure Fully automated management, dynamic resources usage Cost Center Efficient Cost Center Business Enabler Strategic Asset Early progressions are accompanied by significant cost savings and improved service levels. As IT infrastructure is optimized for cost, the focus then shifts to enabling business competitiveness, with IT becoming a key strategic asset for the organization. The IO model addresses business productivity optimization, application platform optimization, and core infrastructure optimization (Core IO) REMOTE INFRASTRUCTURE OPTIMIZATION

3 Benefits of Infrastructure Optimization Progression The impact of infrastructure optimization can be dramatic. A recent IDC study 1 focused on server operational efficiencies in (remote) branch offices. While there is high variation between and within industries, based on customers surveyed, it identified: U.S. $67,957 per site savings in hardware and software. $8,014 per site savings from reduced bandwidth. 2.1 percent average user productivity increase percent reduction in IT support requirements (such as storage, setup, help desk). A separate study focused on desktops found that the cost of hardware and software is typically only 24 to 28 percent of the total expense. The labor associated with provisioning and managing PCs in a typical large organization is estimated by IDC 2 to be U.S.$1,320 per PC. However, by adopting certain best practices, this study found that this figure could be reduced to $230 a savings of 80 percent. In addition, service desk calls were reduced by 8 percent, and business applications were deployed 20 percent faster. Remote Infrastructure Optimization Benefits Within the Core IO Model, Remote Infrastructure Optimization outlines elements that are tailored to remote sites to help develop a progression roadmap. Against the remote infrastructure challenges outlined above (cost control, security, and agility), Remote Infrastructure Optimization offers the following benefits: Cost Control Security Agility Reduce onsite support by centralizing remote infrastructure management Simplify backup and restore with a centralized, automated, near-continuous backup of server and desktop data to disk Use site hardware and bandwidth more efficiently with server and application virtualization Increase remote data and access security through centralized security management and tight integration with existing infrastructure Help protect systems by preventing misconfiguration and deploying security pervasively Support secure connectivity by gaining a unified view into network security Improve existing infrastructure by consolidating hardware and integrating to existing systems Deliver new capabilities quickly by building an extensible environment Establish a platform for future by enhancing server capabilities to extend life of existing hardware These benefits are supported by the four best practices discussed in this paper. Each best practice incorporates several specific projects from the Microsoft Core IO Model, which provide a bridge between IO maturity levels and are detailed at Best Practices This document explains how the four best practices below increase Core IO maturity for Remote Infrastructure and deliver benefits in controlling costs, strengthening security, and driving agility. 1. Centralize remote infrastructure management. 2. Automate central backup. 3. Establish comprehensive integrated security. 4. Integrate remote hardware infrastructure. Each best practice has specific Core IO projects appropriate to each level of the IO model maturity progression. Profiling your organization may assist in prioritizing which best practices should be addressed most urgently. Combined with the right software tools, well-defined policies, and documented processes, these best practices support a well-managed, secure remote IT infrastructure and streamline efforts to maintain it. Each best practice is explored in turn, outlining the issue it addresses, leading practices, benefits, and evidence. The following pages also show how Microsoft products support each practice. 1 IDC white paper Addressing Operational Efficiencies in Branch Offices, May 2006, Jean S Bozman, et. al. 2 IDC white paper Optimizing Infrastructure: The Relationship between IT Labor Costs and Best Practices for Managing the Windows Desktop, October 2006, Al Gillen, et. al. REMOTE INFRASTRUCTURE OPTIMIZATION

4 1. Centralize Remote Infrastructure Management Minimize site visits, deploy faster, and take advantage of up-to-date software Site Visits Deployment Speed Awareness & Response Patch & Configuration Security The Remote Infrastructure Management Challenge Typically, remote sites have few or no local IT skills on-site, and need remote technical assistance to add, update, or repair computer resources, to access key operational data, and to resolve system outages. As a consequence, remote infrastructure support consists of site visits, non-technical employees, and local consultants. Site visits by central or regional IT create require travel time and expense. They may require a day or more per site, depending on travel time and density of locations visited. Non-technical employees may be used as the eyes and hands of IT, guided by phone, written instructions, or auto-install disks. Effectiveness and risk are the issues here, with potential for avoidance, confusion, mistakes, noncompliance, or disaster. VARs, system integrators, or consultants may be called in, particularly for distant sites. High cost and low consistency across sites are the major difficulties with this approach. As a result, upgrades, patches, and maintenance are delayed until a business need justifies the cost of rollout. This delay opens the door to security risk and keeps front-line employees from using the most up-todate tools: a lack of agility. Visibility into the remote system health is also limited, with user-reported failure often the first indication of trouble, and limited ability to respond quickly. Local stopgap fixes may hide potentially immobilizing problems. In addition, site actions can, over time, create marked variation in local configuration. Benefits Site visits will be reduced, saving IT pro labor, travel expense, and in-store support. The amount of savings depends upon frequency and cost of site visits today. In addition, automating software installation and upgrades increases each user s productivity by 5.6 hours per year, according to IDC 3. Perhaps even more valuable are benefits from decoupling software upgrades from an IT rollout schedule, providing applications, upgrades, and patches to employees as soon as they are available. System Center Management and Reporting Console Remote Infrastructure Management Asia Pacific Servers Software and Patch Deployment Monitoring and Response User Support All Servers Europe Servers Best Practice North AmericaServers Centralizing remote infrastructure management provides deployment, configuration, monitoring, and support solutions for remote servers and PCs. Deploy: From a central console, IT can deploy and configure applications, updates, patches, even operating systems. Monitor: Real-time feedback on the status of servers, networks, on-site devices, and operating performance can alert enterprise IT operations to problems, often before they affect remote users. Respond: Central IT can act on error codes; for example, resetting print servers, managing file space, responding to storage limits, and monitoring application health. Support: When users do have difficulty, the central help desk can help troubleshoot and support them with shared screen views and shared control to explain issues, or take direct administrator control without user input for advanced troubleshooting. Assess: By providing a log of failures and recoveries, IT may often determine in advance whether the problem can be dealt with by phone, through additional training of site personnel, or by on-site maintenance, repair, or replacement as necessary. Melborne Servers Singapore Servers Beijing Servers Hongkong Servers Vancouver Servers LA Servers NYC Servers Danver Servers Dellas Servers London London Servers Paris Servers Servers Rome Servers 3 IDC white paper Addressing Operational Efficiencies in Branch Offices, May 2006, Jean S Bozman, et. al REMOTE INFRASTRUCTURE OPTIMIZATION

5 Implement Remote Infrastructure Management with Microsoft Technologies Effective remote infrastructure management can be achieved with Microsoft System Center and Windows Server Microsoft Management Console products. Here is how: Microsoft System Center Configuration Manager 2007 Deploy: Provides comprehensive remote deployment and update capabilities to operating systems and applications, across physical and virtual clients, servers, and mobile devices throughout the distributed enterprise. Enhances control of the IT infrastructure with tools that help IT translate inventory data into rich reports to monitor deviation from a desired or standardized configuration. Microsoft System Center Operations Manager 2007 Monitor and Assess: Provides detailed remote monitoring and status reporting on servers (including SLA monitoring and business process monitoring), error reporting on PCs to track problem applications, and device error codes, supporting a proactive rather than a reactive response, and saving resources in IT and in the field. Windows Server 2008 Respond and Support: The Microsoft Management Console supports remote control of day-to-day administrative tasks, including print management, file share management, device management, network management, and other snap-in modules through a common interface. For example, the Print Management snap-in provides the status of printers and print servers on the network, Retailers can monitor the misread rate of tens of thousands of magnetic strip card readers in stores, alerting central IT of a device requiring maintenance well before the device fails. identifies error conditions, installs printers on PCs, runs scripts, and can even monitor toner and paper levels of some printers. Manage and Secure: The new Server Manager console eases the task of managing and securing multiple server roles across the enterprise, by providing a single source for managing a server s identity and system information, displaying system status, identifying problems, and managing all roles installed on the server. It also automatically configures default security settings for server roles as new servers are deployed. Case Study: Garanti Bank Centralizes Remote IT Management Organization Profile Garanti is one of the largest private banks in Turkey. Business Situation Garanti needed a centralized administration tool to help IT staff monitor some 800 servers, including more than 400 in branch offices. Garanti has a large IT infrastructure that includes extensive use of the Windows Server operating system and Microsoft SQL Server database software. Business Solution The company s technology subsidiary, Garanti Technology, uses System Center Operations Manager 2007 to provide event and performance management, proactive monitoring, alerting, and reporting on systems and applications. Benefits Garanti is benefiting because Operations Manager provides centralized management, enterprise-level performance, support for service level agreements, and ease of customization, so that internally developed applications can also be monitored. Before Operations Manager we didn t have a centralized tool. We now can monitor and manage the entire network and all of the servers from one location including applications. If a line-of-business application isn t working, people throughout the bank, including more than 400 branch offices, can t be working and helping their customers. Hakan Acu Systems Support Specialist Garanti Technology REMOTE INFRASTRUCTURE OPTIMIZATION

6 2. Automate Central Backup Reduce the cost of backup, simplify recovery for users, and enable disaster recovery Cost & Complexity Risk of Data Loss Recovery Time End-User Productivity The Challenge of Data Remote Backup IT managers find local backup and recovery to be one of the most complex, time-consuming, error-prone, and costly storage operations, in part because localized backup traditionally involves expensive hardware, software, tape or disk drives, and tape or disk media at each site; furthermore it requires people trained to manage the process. Data may be stored on-site or sent to storage (at risk of loss). Restoration is so difficult and time-consuming that it is rarely worth recovery for a single file. As a result, many remote sites have no backup solution or only sporadic, incomplete data capture. This exposes the enterprise to great risks, including compliance issues. Previous solutions are limited in providing effective backup for remote sites. Most enterprises don t have a disaster recovery strategy for their branch offices. - Forrester 4 These challenges, and best practices to address them, are explored in more depth in the table below. Remote Backup Challenges Local backup is expensive, time consuming, too technical, and error prone. It is a major driver of costs and complexity at branch offices and as a result local backups may not run regularly or successfully. Tape backup, local or centralized, is unwieldy and carries added risk of data loss. 97% of all tape restores are single files and 85% are less than 30 days old but this takes hours of IT professionals time and puts user productivity on hold. Best Practice Central backup reduces capital expenses as well as the operational expenses of local backup and recovery. IT can configure remote backup from a central console and because today s systems transmit only the data which changes, this is possible even with limited bandwidth. Automatic disk-based backup replaces tape, enabling recovery in seconds rather than hours, often by the end users themselves, with tape solutions reserved for much less frequent long-term archiving (a significant ongoing savings in tape media alone). Backup window/frequency is limited. Backups only run outside of operating hours, on a daily or weekly basis and many hours of work or transactions may be unrecoverable (leading to irate customers or end users). Near continuous backup, including open files, allows data to be preserved throughout the business day with multiple recall points as frequent as every 15 minutes. Benefits A centralized, automated, near-continuous backup of server and desktop data to disk, with capability for end-user initiated restore, will pay dividends on a daily basis and may even save the business, if disaster recovery becomes necessary at remote sites. An IDC survey 5 found: IT Labor Savings: 34 percent in file repair and restoration 34 percent in storage management 28 percent in disaster planning and recovery End-User Savings (a 1.3-percent productivity gain): 7.6 hours per year in backing up files 2.3 hours per year in restoring files 4 Forrester, The Evolving Branch Office: Intelligently Reducing your Network Infrastructure Footprint, 10/4/2006 Robert Whiteley, Stephanie Balaouras 5 IDC white paper Addressing Operational Efficiencies in Branch Offices, May 2006, Jean S Bozman, et. al REMOTE INFRASTRUCTURE OPTIMIZATION

7 Enterprises could solve many backup headaches by simply eliminating local backups and the requisite hardware infrastructure in favor of remote backups to a central site. - Leading analyst 2006 Implement Central, Automatic, Disk-based, Near-Continuous Backup with Microsoft Technologies Active Directory Domain Services Every 15 minutes online snapshots (up to 512) disk-based recovery tape-based archive Microsoft System Center Data Protection Manager 2007 Seamlessly automates integrated backup between disk and tape media, enabling IT to set and forget. Provides near continuous data protection with snapshots saved as often as every 15 minutes, eliminating the backup window (and supporting archive-to-tape anytime). Allows end users to recover their own files in seconds, simply by right-clicking the lost file in Windows Explorer or the Microsoft Office system, instead of burdening the help desk, and waiting hours to recover it from the previous night s tape. Protects Windows servers by continuously replicating data changes with application-aware agents, providing an easyto-manage and robust disk/tape data protection solution, and near zero data loss and application recovery, which is optimized for Microsoft Exchange Server, SQL Server, Microsoft Office SharePoint Server, and file and virtual server environments. Makes an ideal disaster recovery solution for distributed sites. Windows Windows file servers Desktops Microsoft Exchange Server Microsoft SQL Server Microsoft Office SharePoint Server Windows Server 2008 Hyper-V including clusters DPM 2007 server with tape library offline tape Case Study: San Francisco Unified School District Adopts New File Backup System, to Save $100,000 Organization Profile Among the largest school districts in the United States with about 58,000 students, the San Francisco Unified School District (SFUSD) employs more than 7,100 people, at over 160 schools. Business Situation The San Francisco Unified School District needed a reliable method for backing up important files. The district had used tape backups, which relied on schools to manually change tapes and check data. But even when files were recorded properly, tapes often failed. Business Solution To backup users files reliably and inexpensively, SFUSD adopted Microsoft System Center Data Protection Manager Monitoring from a central console helps administrators see potential problems before files are lost. Lesson plans and homework that previously took days to recover if they could be recovered at all are now easily retrieved in minutes by teachers and students, reducing the need for support calls. Because it won t have to hire additional staff or use tapes, the district expects to save U.S.$100,000 in the first year. It will save thousands more by combining System Center Data Protection Manager 2007 with other IT projects and repurposing hardware. Benefits: Saves an expected $100,000 Enables users to restore files easily Increases reliability and credibility Centralizes server-maintenance tasks DPM just solved problems. It didn t really have any problems that came with it amazing... We ll be spending less on backups than we actually would have without the product. We look at this project, and it s going to be saving money from day one. Eric Boutwell CIO, San Francisco Unified School District. REMOTE INFRASTRUCTURE OPTIMIZATION

8 3. Establish Comprehensive Integrated Security Reduce risk, by making security an integrated part of operations Risk of Data Breach Malware & Network Protection Security Management Cost Security Policy Compliance Remote Security Challenges Remote locations face multiple threats, increasing security requirements, and have limited help or oversight in managing a patchwork of complex security solutions. Particularly challenging issues for remote sites include the following: Limited Physical Security (theft or access) Protecting sensitive data in the event of hardware theft. Managing access control beyond traditional device- or location based security (such as Microsoft Public Key Infrastructure [PKI]), requiring solutions such as access cards or other strong authentication measures. Internal separation if hot-spot or other guest Internet or network access is made available to customers. Identity/Employee Turnover High employee turnover and temporary employees in some industries require quick, easy, secure identity management to avoid idling employees without access, or ID-sharing workarounds. - ID creation - Enabling/disabling system access - Password reset - Location transfers Simplify configuration of who has access to what. Network Connectivity/Edge Security Remote sites require secure and efficient connectivity to resources located in the corporate headquarters or data center. Remote sites connected to the Internet need to be protected from malware and other external security threats. Client Security Local PCs need antivirus, antispyware/malware, and antispam software; patching (OS and application); security updates; virus removal tools; and controls for phishing, content filtering, Web sites, and instant messaging. Server Protection Attacks target intrusions at the application layer, such as , Web servers, and online collaboration software. Increased threat motivated by criminal profit, targeting names, addresses, Social Security numbers, and financial data. Historically, IT security includes disparate products from several vendors, which requires multiple tools for management, reporting, and analysis. Many security products have poor interoperability and integration with the existing security and IT infrastructure. Properly deploying and configuring these complex security solutions can be challenging and time-consuming. A leading analyst found that 65 percent of all security breaches were due to mismanagement and misconfiguration. Facing these threats with a growing array of point-solutions and add-on tools is becoming increasingly time-consuming, expensive, and difficult to monitor. Without central management or reporting, central IT has little control or visibility into the remote network s overall security state. Best Practice and Benefits The business-critical nature of security calls for effective management and centralized policy control. Leading companies are pursuing an integrated, comprehensive, designed-in approach to security with centralized policy management, enforcement, and visibility. Security administration must become an integral, easy-to-manage part of IT operations. The benefits of comprehensive integrated security appear in: Reduced administration costs Meeting compliance requirements Avoiding the expensive nightmare of security breach IDC found that comprehensive client security can reduce costs by U.S.$130 per PC. This proactive approach to protect PCs with firewalls, antispyware, antivirus, mandated patching, and network quarantines will dramatically reduce IT labor costs and improve service levels. 6 Compliance with industry regulation, partner mandates, and audit requirements (SOX, PCI DSS, COBIT, Basel II, HIPAA, DOD , and others) adds to the security pressure. For example, the payment card industry (PCI DSS) now requires systems that transact credit card data to be secure and separate from all other processing. A single, significant breach may run into millions or even billions of dollars. Forrester 7 Estimates of the average cost of a security breach run from $167,000 8 to $4.8 million. 9 Integrate Security with Microsoft Technologies Microsoft is addressing the operational aspects of security through comprehensive, integrated, and simplified management the end-to-end securability of remote infrastructure: Centralize security management. Tighten integration with existing infrastructure. Prevent misconfiguration. Deploy security pervasively. Gain a unified view into network security REMOTE INFRASTRUCTURE OPTIMIZATION

9 The following products help provide this capability. Microsoft Forefront Microsoft Forefront Client Security detects and removes viruses, spyware, rootkits, and other emerging threats. Forefront Server Security products utilize a multi-engine architecture to protect specific server applications from malware. Microsoft Internet Security and Acceleration Server 2006 (ISA) and Microsoft Intelligent Application Gateway (IGA) 2007 offer a broad array of firewall, virtual private networking (VPN), and encryption technologies, to connect securely and cost-effectively over the public Internet. Forefront integrated management consoles offer familiar interfaces, ease of use, and integration with Microsoft tools like Windows Server Update Services. Forefront centralizes the collection and analysis of security management information. Microsoft System Center System Center Configuration Manager 2007 centralizes distribution of configurations, policies, and operating system updates. It reduces threat exposure with rapid automated patch and update, and provides Forefront deployment and antivirus updates for server and client hosts. System Center Operations Manager 2007 integrates Forefront outbreak reporting for threat analysis, and efficiently supports compliance monitoring. Windows Server 2008 Built-in capabilities for virtualizing servers establish secure compliant separation of the processing environment without adding a separate box (like PCI credit card processing). Virtualization can also protect logon access between guest (customer) users and employees. Data stored on servers can be encrypted to protect against confidentiality breach in the event of hardware theft. Microsoft Identity Lifecycle Manager 2007 integrates employee identity data for rapid changes in access control, to address the security impact of employee turnover. The Microsoft Active Directory Domain Service allows simplified Group Policy creation for remote users with Advanced Group Policy Manager and Active Directory Domain Services. Local logon enables access if the network connection is down. Read-Only Doman Controller increases security by providing delegated management for branch offices. Windows BitLocker Drive Encryption allows you to exercise additional control over data on a server s hard drive in less secure branch locations. Server Core provides options for installing select server roles, which consequently reduces the attack surface and the need for software updates. Addressing these issues makes the network more secure. It helps deploy security on the front lines where it needs to be, instead of simply where it is easiest to do so. Finally, the security administration console helps clarify what is happening across the network. IAG 2007 with Application Optimizers provides secure socket layer virtual private network, a Web application firewall, and endpoint security management that enable access control, authorization, and content inspection for a wide variety of line-of-business applications. Internet Security and Acceleration Server 2006 provides an integrated edge security gateway that helps protect IT environments from Internet-based threats while providing users with fast and secure remote access to applications and data. IT Security Scenario: Integrated Security Management Don, an IT security administrator for a 300-store electronics retailer, logged on to System Center Operations Manager 2007 to check the security status of the remote network. A new virus alert was reported and he wanted to ensure that the network was protected end-to-end. Viewing a few screens, he could see that patches and Forefront antivirus engine updates had gone out automatically, using System Center Configuration Manager 2007 to protect all servers and client PCs on the network. He could also review where this virus and other threats had been identified. The new WiFi network for customers had recognized the virus on customer PCs, but the servers were protected against the threat, and virtualization created full separation of the guest network from business applications. In addition, credit card processing ran in a separate virtual instance, which included Windows BitLocker Drive Encryption-encrypted storage drives. Don also reviewed the identities created for temporary Christmas hires. Last year configuring thousands of these accounts was a big time sink, but Identity Lifecycle Manager enabled these accounts in Active Directory Domain Services when approved by the HR system, and Group Policy Manager automatically configured access based on role, so Don now received no more calls from store managers about the backlog in adding or deleting employees. By integrating security and management, Don could focus on strategic new business capabilities rather than playing defense against the threat of the day. For example, a new buy on the Web, pick up in the store offering required store employees to have Web access; thankfully the Web-caching ability of Microsoft Internet Security and Acceleration Server (ISA) allowed this offering to be added without increasing store bandwidth requirements. Management was also quite pleased to learn that ISA allowed in-store PCs to be restricted to relevant corporate Web sites to sustain productivity. Security had become a true business enabler. 6 IDC white paper Optimizing Infrastructure: The Relationship between IT Labor Costs and Best Practices for Managing the Windows Desktop, October 2006, Al Gillen, et. al. 7 Forrester, Calculating The Cost Of A Security Breach, 4/10/2007 Khalid Kark 8 CSI/FBI Computer Crime and Security Survey Trusted Strategies, commissioned by Phoenix Technologies, Network Attacks: Analysis of Department of Justice Prosecutions , August 28, 2006 REMOTE INFRASTRUCTURE OPTIMIZATION

10 4. Integrate Remote Hardware Infrastructure Reduce cost, complexity, and risk of managing multiple boxes Hardware Related Costs System Capability Corporate Integration Business Agility & Interoperability Challenges in Remote Hardware Architecture Remote infrastructure is often a piecemeal, difficult-to-manage constraint to technical capabilities, but it can be transformed into a powerful strategic advantage. Remote architecture is often the result of a history of tactical, pointproduct solutions to specific business needs. Each site may be different, increasing complexity and reducing manageability. Many depend on legacy applications, which may be difficult or expensive (in development and employee training) to migrate to new platforms. Limitations in the existing environment are the most often cited barrier to delivering solutions to the critical point of customer interaction. The challenge grows as local use of information and devices increases and accelerates wireless devices, RFID, self-service kiosks, dynamic electronic/ video displays, and VoIP are just a few examples. This ever-increasing complexity is the outcome of solving tactical pains with tactical solutions. Nonetheless, branch locations demand choice a wide selection of best of breed solutions, along with the option to create their own solutions with a flexible interoperable platform. Best Practice Transforming remote infrastructure into a source of strategic advantage requires cutting through the complexity with hardware consolidation, and integration to existing systems and to new capabilities. Virtualize to consolidate hardware: Virtualization allows what today runs on multiple boxes from different vendors, with different operating systems and vintages, to be hosted on a single server. This reduces the costs of IT support, maintenance, licensing, and hardware upgrade; it increases reliability; and it simplifies the network. Application reliability increases, and testing is reduced by using separate virtual instances to avoid application incompatibility. Performance improves as prioritized tasks increase utilization on a more powerful, load-balanced processor. Virtualization enables applications to be independent of deployed hardware, establishing a flexible, responsive foundation for future capabilities. Consolidation to one or more servers also supports backup, disaster recovery, and extreme service level solutions such as clustering with failover. Integrate to existing systems: IT managers must bridge today s hardware to a future platform. A compatible solution which makes use of existing hardware (such as aging desktops) may defer capital expenditures by enhancing local capabilities for example, added file storage, application processing on servers using desktops as terminals, as well as wide-area network (WAN) management for low-bandwidth environments. This may provide a path to platform standardization across diverse sites (often the result of acquisitions) to reduce network complexity. Integrate to new capabilities: In establishing a common platform, extensibility is key to strategic advantage. Decision-makers and technical implementers must ask which systems host best-of-breed solutions, support new devices, incorporate industry standards, and provide ease of use for employees, to ensure advantage for years to come. Benefits Web Servers Domain Controller Remote Site Servers Server Virtualization Application Servers Remote Site Servers Web Servers Application Servers Domain Controller Virtual Server Microsoft-based operating systems are installed on 73 percent of retail point-of-sale systems in North America, and have risen to 77 percent of annual shipments. Consolidating remote infrastructure provides both short-term financial benefits in cost savings as well as long-term strategic benefits in business agility. IDC estimated over three years, the hardware and software cost savings would average $67,957 per branch office annually [in addition to saving] an average of $8,014 annually in bandwidth costs. 11 Having a flexible, interoperable, remote infrastructure in place may be of even greater value strategically in rapid business enablement. This provides the ability to experiment with and deploy new business tools, sales systems, and partnership offerings, on a short cycle time, without having to justify a major hardware investment. Integrate Remote Hardware with Microsoft Technologies In addition to the Core IO Model, the Microsoft Branch Office Infrastructure Solution (BOIS) guide provides detailed guidance on streamlining remote infrastructure, specifically in system architecture, application hosting considerations, and management processes. Find more information at: 10 IHL Consulting Group 2005 North American Retail POS Terminal Market Study 11 IDC May Microsoft POS device redirection is supported only if the terminal server is running an x86-based version of Windows Server You can download Microsoft POS 1.11 from the Microsoft Download Center at // REMOTE INFRASTRUCTURE OPTIMIZATION

11 Choosing the Windows Server platform supports this best practice and utilizes the following products: Windows Server 2008 Interoperable by design, with a rich partner ecosystem, widely used developer tools, commitment to standards, and plug-and-play support to devices and peripherals. Provides a common platform between corporate headquarters and remote sites, with efficient data replication to reduce bandwidth requirements. Provides installation options for implementing select server roles such as Windows Server 2008 Hyper-V. Consistent, easy-to-use interface for reduced training, customer familiarity (such as self-service kiosks and devices), and potential connection to consumer devices (for example, the PDA). Built-in virtualization allows for multiple operating systems Windows, Linux, and others to run on the same server. Easy remote access and applications integration with local desktops enabling highly secure and seamless application deployment without the need for a VPN. Hosts most x86 operating systems, so custom applications on legacy OS (such as Windows NT Server 4.0 and Windows 2000 Server) or Linux can run on new hardware using Windows Server Microsoft System Center Microsoft System Center Virtual Machine Manager 2007 manages host configuration, virtual machine creation, library management, intelligent virtual machine placement, monitoring, rapid recovery, self-provisioning, and automation. System Center Operations Manager 2007 can monitor virtual or physical servers in the same environment. System Center Virtual Machine Manager 2007 reports virtual-tophysical machine relationships. System Center Data Protection Manager 2007 provides backup and restore to complete virtual machines while ensuring data consistency within the virtual environments during backup, often with zero downtime Windows Server 2008 Terminal Services Virtualizes presentation of entire desktops or specific applications hosted on the local server or data center, with enhanced desktop display capabilities that enable IT managers to make the remote computer look and feel more like the user s local Windows Vista desktop experience. Redirects Windows portable devices such as media players, based on the Media Transfer Protocol, and digital cameras, based on the Picture Transfer Protocol. Redirects devices that use Microsoft Point of Services (POS) for Microsoft.NET Installs line-of-business applications on a terminal server, makes them available through Remote Desktop Connection 6.0, and gives users a better experience with single-signon capabilities that eliminate the need to enter credentials each time a remote session is initiated. Microsoft Desktop Optimization Pack Microsoft Application Virtualization Microsoft Application Virtualization virtualizes applications and delivers them as an on-demand streaming service to desktop users. Microsoft Partner Solution ishaper TM ishaper from Packeteer accelerates delivery of applications and provides security, with management through a Windows-based wide area file service (WAFS) and a WAN optimization appliance. The ishaper appliance by Packeteer marries the best of real-time WAN optimization, monitoring, and shaping with WAFS, and provides key Microsoft services in one easy-to-manage unified branch office appliance to deliver great performance for every application voice, video, and data. Case Study: 7-Eleven On-Site Servers Provide Speed, Support and Savings Organization Profile 7-Eleven is the world s largest convenience store chain, with over 5,800 stores in the U.S. and Canada, and 19,500 licensed stores worldwide. Business Situation North American convenience store giant, 7-Eleven, needed to upgrade the server platform and application infrastructure of the core retail information system for its 5,800 stores. Business Solution At the heart of 7-Eleven s business is a distributed retail information system that runs on Microsoft Windows NT Server 4.0. Each store uses the system to evaluate and report sales, order inventory, and relay information to suppliers. To complicate matters, the array of devices in each store that the system must support credit card scanners, point-of-sale systems, check scanners, and even handheld computers to order merchandise. The system must integrate all of these devices and support new interfaces as stores adopt new hardware. Stores routinely add new devices, which developers must integrate into this retail information system. Benefits A detailed analysis led the company to conclude that a Windows-based platform would save 20 percent over Linux in total cost of ownership and reduce new-capability deployment time by 50 percent. These advantages, along with the partner community and device compatibility, made the choice of Windows Server an easy one. The needs of convenience customers change all the time so we needed a retail information system that enabled our IT and development staff to quickly introduce new products and services out to our stores... Reducing development time by half will allow us to anticipate customer demand, not just respond to it. Keith Morrow, Chief Information Officer, 7-Eleven, Inc. REMOTE INFRASTRUCTURE OPTIMIZATION

12 Achieving Remote Infrastructure Optimization Employing these best practices across your company will move your organization closer to infrastructure optimization, to control costs, boost security, and increase business agility. Site visits will be reduced with remote control management from central IT. Software will be be more up-to-date with automated patching, central configuration, and application rollout/update independent of site-visit requirements. Monitoring remote infrastructure will enable IT to be proactive in responding to issues, and more informed in providing solutions, leading to increased service levels. Automated central backup will reduce administration for IT and local sites, reduce risk of data loss, allow users to restore their own files, and support a disaster recovery solution for remote site data. IT security at remote sites will increase, reducing risk of malware disruption and data breach, as well as supporting compliance requirements. Remote site hardware may be consolidated, reducing costs and increasing capabilities. Business agility will increase with an integrated, interoperable, integrated platform. Getting Started Ask your Microsoft or partner representative to help you assess your Core IO maturity with the Infrastructure Optimization Assessment at: Jointly evaluate remote infrastructure opportunities for your organization. Prioritize infrastructure practices for your organization and identify specific Core IO projects for these practices to get started in moving toward a more dynamic infrastructure; find details at: Quantify the savings potential using the Remote Infrastructure Savings Calculator. For more information: Contact your Microsoft or partner representative, visit the product Web sites (above), or see the Remote Infrastructure Web site which includes: Remote Infrastructure Savings Calculator: Analyze your current IT investments with a customized savings report for implementing a Microsoft remote infrastructure solution. Planning Guide: Branch Office Infrastructure Solution (BOIS) for Microsoft Windows Server 2003 Release 2: In-depth guidance for decisions on whether to centralize services, standardize infrastructure, or consolidate servers. Integrating the branch office with Windows Server 2008: Learn about the underlying technology to simplify integration of branch office servers into your larger enterprise IT environment. Microsoft Technologies for Remote Infrastructure Optimization Remote server administration Server consolidation through virtualization with application OS neutrality Identity and access management Persistent information protection PC terminal services Systems monitoring Change and configuration management Backup and recovery Virtual machine management Client security Application server security Network edge security Secure remote access Microsoft Partner Solution WAFS and WAN optimization appliance The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred Microsoft Corporation. All rights reserved. Microsoft, Active Directory Domain Services, BitLocker, Forefront, SharePoint, SQL Server, Windows, Windows NT, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners REMOTE INFRASTRUCTURE OPTIMIZATION

Optimizing Your Server Infrastructure

Optimizing Your Server Infrastructure Optimizing Your Server Infrastructure Dynamic IT for the People-Ready Business 2008-2009 1 Executive Summary Intended Audience This white paper is best suited for information-technology (IT) directors

More information

Product Overview for Windows Small Business Server 2011. December 2010

Product Overview for Windows Small Business Server 2011. December 2010 Product Overview for Windows Small Business Server 2011 December 2010 Abstract Microsoft offers Windows Small Business Servers as a business solution for small businesses by providing a simplified setup,

More information

Windows 7 Reviewer s Guide. A First Look at Windows 7 DRAFT

Windows 7 Reviewer s Guide. A First Look at Windows 7 DRAFT m Windows 7 Reviewer s Guide A First Look at Windows 7 DRAFT 2 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication.

More information

Desktop Virtualization Strategy

Desktop Virtualization Strategy Choosing the right solution for your needs ABSTRACT Several forms of desktop virtualization can help organizations satisfy users needs for mobility and flexibility, while relieving pressure on information

More information

Protect. Manage. Access. Solve.

Protect. Manage. Access. Solve. annual report 2012 Protect. Manage. Access. Solve. A Message from the Chairman of the Board Dear Stockholders, CommVault had an outstanding fiscal year 2012 with strong performance in all aspects of our

More information

Server Infrastructure Optimization

Server Infrastructure Optimization Best Practices to Reduce IT Operational Costs Abstract This paper shows technical decision makers and IT managers how organizations can reduce costs and improve their IT efficiency by optimizing their

More information

Using Network Attached Storage for Reliable Backup and Recovery

Using Network Attached Storage for Reliable Backup and Recovery Microsoft Corporation and HP Using Network Attached Storage for Reliable Backup and Recovery Microsoft Corporation Published: March 2010 Abstract Tape-based backup and restore technology has for decades

More information

The Definitive Guide To. Identity Management. Archie Reed

The Definitive Guide To. Identity Management. Archie Reed The Definitive Guide To tm Identity Management Archie Reed Introduction Introduction By Sean Daily, Series Editor The book you are about to enjoy represents an entirely new modality of publishing and a

More information



More information

Best Practices for Cloud-Based Information Governance. Autonomy White Paper

Best Practices for Cloud-Based Information Governance. Autonomy White Paper Best Practices for Cloud-Based Information Governance Autonomy White Paper Index Introduction 1 Evaluating Cloud Deployment 1 Public versus Private Clouds 2 Better Management of Resources 2 Overall Cloud

More information


BEST PRACTICES: EVENT LOG MANAGEMENT FOR SECURITY AND COMPLIANCE INITIATIVES. By Ipswitch, Inc. Network Managment Division BEST PRACTICES: EVENT LOG MANAGEMENT FOR SECURITY AND COMPLIANCE INITIATIVES By Ipswitch, Inc. Network Managment Division July 2010 Table of Contents Executive Summary... 1 Event Log

More information

The Microsoft Office 365 Buyer s Guide for the Enterprise

The Microsoft Office 365 Buyer s Guide for the Enterprise The Microsoft Office 365 Buyer s Guide for the Enterprise Guiding customers through key decisions relative to online communication and collaboration solutions. Version 2.0 April 2011 Note: The information

More information


EXECUTIVE SUMMARY. Situation Mi c r os of tgl obalsec ur i t y Mi cr osof tgl obalsecur i t yshowcase Physi calsecur i t yatmi cr osof t Taki ngadvant ageofst r at egi ci TConver gence Techni calwhi t epaper Publ i shed:apr i l2009

More information

An Introduction to Symantec Email Security and Availability for Microsoft Exchange

An Introduction to Symantec Email Security and Availability for Microsoft Exchange An Introduction to Symantec Email Security and Availability for Microsoft Exchange A Comprehensive Approach to Effectively Managing Email Environments Overview of email security, availability, and resilience

More information

Customer Cloud Architecture for Big Data and Analytics

Customer Cloud Architecture for Big Data and Analytics Customer Cloud Architecture for Big Data and Analytics Executive Overview Using analytics reveals patterns, trends and associations in data that help an organization understand the behavior of the people

More information

Addressing HIPAA Security and Privacy Requirements in the Microsoft Cloud

Addressing HIPAA Security and Privacy Requirements in the Microsoft Cloud Addressing HIPAA Security and Privacy Requirements in the Microsoft Cloud Authors Mohamed Ayad, Microsoft Corporation Hector Rodriguez, Microsoft Corporation John Squire, Microsoft Corporation Contributing

More information

Mobile Device Management

Mobile Device Management With the compliments of Sybase ianywhere Mobile Device Management Sybase ianywhere Limited Edition Securely manage your data, devices, and applications Mobile Device Management FOR DUMmIES By Mike Oliver,

More information

Outsourcing Network Support:

Outsourcing Network Support: Outsourcing Network Support: The Surprising Strategy That Helps You Spend Less for Higher Uptime How small and medium-sized businesses (SMBs) are outsourcing network support to reduce spending, improve

More information

Three guiding principles to improve data security and compliance

Three guiding principles to improve data security and compliance Three guiding principles to improve data security and compliance Sarah Cucuz IBM Software October 2012 Thought Leadership White Paper Three guiding principles to improve data security

More information

IT Security Trends. A strategic overview featuring Gartner content. In this issue

IT Security Trends. A strategic overview featuring Gartner content. In this issue In this issue 1. Introduction: Virtualization Security Strategies for Today s Businesses 2. Strategies for Protecting Virtual Servers and Desktops: Balancing Protection with Performance 7. A Practical

More information

Best Practices for Building an Enterprise Private Cloud

Best Practices for Building an Enterprise Private Cloud IT@Intel White Paper Intel IT IT Best Practices Private Cloud and Cloud Architecture December 2011 Best Practices for Building an Enterprise Private Cloud Executive Overview As we begin the final phases

More information

The Benefits of Cloud Networking

The Benefits of Cloud Networking THE BENEFITS OF CLOUD NETWORKING 1 White Paper The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity 2 THE BENEFITS OF CLOUD NETWORKING Table of Contents Introduction

More information

Communications, Protection, Readiness (CPR) NPower s Nonprofit Guide to Business Continuity and Disaster Recovery

Communications, Protection, Readiness (CPR) NPower s Nonprofit Guide to Business Continuity and Disaster Recovery Communications, Protection, Readiness (CPR) NPower s Nonprofit Guide to Business Continuity and Disaster Recovery CONTENTS Introduction 1 How to Use This Tool 3 SECTION I: PREPARING FOR THE IMMEDIATE CRISIS

More information

These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited.

These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited. Enterprise Mobility 2nd Edition by Carolyn Fitton, Tom Badgett, and Corey Sandler Enterprise Mobility For Dummies, 2nd Edition Published by: John Wiley & Sons Canada, Ltd. 6045 Freemont Blvd. Mississauga,

More information

Meeting Backup and Archive Challenges Today and Tomorrow

Meeting Backup and Archive Challenges Today and Tomorrow WHITE PAPER Meeting Backup and Archive Challenges Today and Tomorrow Sponsored by: Fujitsu Nick Sundby November 2014 IDC OPINION IDC's end-user surveys show data integrity and availability remains a top

More information

A Microsoft U.S. Public Sector White Paper by Ken Page and Shelly Bird. January 2009. government

A Microsoft U.S. Public Sector White Paper by Ken Page and Shelly Bird. January 2009. government Federal Server Core Configuration (FSCC) A high-level overview of the value and benefits of deploying a single, standard, enterprise-wide managed server environment A Microsoft U.S. Public Sector White

More information

The Definitive Guide to BYOD

The Definitive Guide to BYOD The Definitive Guide to BYOD 7 27 3 1 9 2 16 Table of Contents preface What BYOD is and what it isn t Why should I care? Section 1 BYOD the big picture What is the impact of BYOD? 8 Who s getting the

More information

Securing Microsoft s Cloud Infrastructure

Securing Microsoft s Cloud Infrastructure Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for

More information

Introduction to Windows Storage Server 2003 Architecture and Deployment

Introduction to Windows Storage Server 2003 Architecture and Deployment Introduction to Windows Storage Server 2003 Architecture and Deployment Microsoft Corporation Published: July 2003 Abstract Microsoft Windows Storage Server 2003 is the latest version of Windows Powered

More information