Developing an IT Strategy in the 21 st Century Rand Morimoto President Convergent Computing President, Convergent Computing Series Lead Author of over 30 bestselling books Windows 2012 Unleashed Exchange Server 2013 Unleashed System Center 2012 Unleashed Network Security for Corporate Executives Project Management in Enterprise Environments Keynote and Session Speaker at Over 50 Conferences and Conventions around the world each year Cyber-Security Advisor to President Bush (2002-2007) Y2K Advisor to President Clinton (1997-2000) Created and Presented by: Rand Morimoto, Ph.D., MCITP, CISSP Author, Unleashed -series / Sams Publishing President, Convergent Computing http://www.cco.com randm@cco.com Convergent Computing Oakland, CA Founded in 1986 65+ Employees (over 35 published author/experts) Early adopter for every major Microsoft product (2-3 years experience before product launch) Consulting firm for small, medium, and enterprise organizations HQ d in the SF Bay Area with offices around the globe We no longer work in IT environments where organizations simply upgrade to the latest version just because a new version is out Organizations strategically implement technologies when the technologies meet core business needs Common Business Needs and Initiatives Lowering IT Costs Improving IT Efficiencies and Relevance Addressing Security, Compliance, Privacy Protecting Intellectual Property Focusing on User Access to Information Improving User Experience Data Collection and Consolidation Information Analysis & Data Utilization Cloud Strategy BYOD / MDM / VDI Social Media Strategy Big Data / B.I. Datacenters of the Past Cloud Strategy Lowering IT Costs Improving IT Efficiency and Relevance Storage Network Compute Today s datacenter 1
Datacenter of the (New) Present Datacenter without boundaries On-premises infrastructure Storage Network Compute Service Provider (ie: Rackspace, Latisys, etc) Optimized Datacenter CCO is working with some of the largest datacenters in the world Server Pods 1160 16-core Host Servers in a shipping container at 57% less cost than the deepest corporate discount for HP, Dell, Fujitsu, IBM servers Cheap Storage Instead of $2500/TB (times 2 for site redundancy), storage costs in bulk (JBOD) now $300/TB (times 3 for high availability and site redundancy), so $5,000/TB or $900/TB??? Virtual Networking Instead of appliances and devices, just embed switching and internetworking within the Hosts, Pods, Servers, and Apps (decrease of $10,000-$25,000 per site or per connection) Service Automation Spin up 2,350 VMs in 1-hour. Failover 1,000 VMs within a site in 30-seconds. Failover 1,000 VMs across sites in 3-minutes THIS hosted datacenter efficiency (now at $.46/$1, heading to $.37/$1 within 6 months) will drive costs down, and put pressure on internal IT departments to improve internal IT efficiencies Where to Start Storage Network Compute On-premises infrastructure Service Provider Service Provider Extend to Azure Services as Needed [Rackspace] On-premises infrastructure Running simple servers (like www.cco.com, file system storage, time Onsite (Existing) Datacenter and billing entry server, etc) Run Active Directory for identity Extending the corporate network (so the Copy systems (HyperV Focus on Business Applications cloud is seen and managed just like a VHDs) to the cloud (Accounting, HR, etc) virtual guest on the corporate network) Remote (RDP) to the Manage Compliance (on-premise and Servers are geo-replicated (so 99.9% guest session and cloud) guaranteed uptime) manage just as you Support Endpoint Devices Leverage Azure AD for shared directory would a local virtual between multiple orgs (SharePoint guest, so 100% control scenarios, a better file sharing solution) Monthly cost $57/month for a full running VM http://www.networkworld.com/community/blog/virtual-networks-windows-2012-and-azure-vms NEW! Improve traditional storage with Storage Spaces with Automated Tiering (SSD/SATA) and Disk Deduplication NEW! Hyper-V Replication (local), Site to Site Replication (to cloud), Azure-based HyperV Recovery Mgr Hyper-V NEW! Non-Windows Replica permits support replication for Remote for business Desktop continuity Services &(ie: Apple failure Mac, recovery ios, Android) NEW! Hyper-V Grow & Expand Virtual Machines while they are running NEW! Multi-Tenant Site-to- Site VPN Gateway to enable cross-premises connectivity UPDATED! Non-Windows endpoint (Mobile Device Management) support in ConfigMgr / Intune MANAGEMENT & AUATOMATION UPDATED! Hyper-V Network Virtualization to isolate network traffic on shared infrastructure UPDATED! Monitor (SCOM) and Provision (VMM) VMs seamlessly on-premise or in the cloud NEW! WorkPlace Join (ios, Win8.1), WorkFolders (folder sync (tablets/phones)), Web Application Proxy (app authentication) Enterprise Systems Management Single console to view onpremise & cloud; servers & clients; Microsoft & non- Microsoft apps; router & switches; firewalls & storage Automate management and recovery Build capacity on-premise or in the cloud on demand and cost Consolidate capacity on-premise or in the cloud based on demand and cost Inventory, Patch, Update, Replace, Replicate, Restore Servers, Desktops, Laptops, Tablets, Phones anywhere at any time 2
BYOD Mobile Device Mgmt VDI Addressing Security, Compliance, Privacy Protecting Intellectual Property Information Technology: 7-15 years ago Datacenters were centralized Applications and data commonly distributed by sites / geographies at best All endpoints for the most part were Windows-based clients Emergence of first Web-based Apps and mobile were Blackberries From Home VPN Server Over the Past 4 years Heavy focus on regulatory compliance and standardization Tighter management control over Windows PCs (locked down and highly managed Windows XP guest sessions) Tight controls on firewalls and central IT Put 100% of our focus on the managed / locked down Windows XP PC Let users sync their email with any mobile device they wanted to bring in iphones, ipads, Android became more than just PDAs but common endpoint devices Apple s domination in mobile phones and tablets along with lack of innovation in PC laptops / tablets let the MacBook and ipad proliferate Lackluster economy has had businesses and IT focused on other things SOX HIPAA 21CFR FISMA Endpoint is no longer just a Windows client (now Mac, ipad, Linux, Tablet) Applications and data no longer in just 1 place (cloud-based applications (Salesforce.com; Box.com; Dropbox; etc), distributed apps) Mobile users need access to more than just email (access to full apps from any place and from any device) Information Technology Today Options for IT Executives Today Option 1: Block the evolution of technologies (ie: no Macs, no Cloud, no Tablets, company owned mobile, locked down environment). Which is doing things the way we ve been doing the past couple decades Option 2: Try to force a managed environment using new technologies to do things the old way (ie: VDI Windows looking guests on all devices, join Macs and Linux systems to AD just like we have done with Windows, Mobile Device Mgmt (MDM) to lock down devices) Which are all small point solutions to a bigger problem Option 3: Outsource IT Hoping that someone else can do Option 1 and Option 2 better and cheaper Option 4: Rethink IT User wants and needs Access to business applications Access to data Ability to communicate Access any time / anywhere Option 4: Rethink IT (the balancing act) The business needs Control who has access to info Audit and report on access Ability to deprovision users quickly Protect data and users 3
Solving the Endpoint Management Challenge 1. Identity / Single Sign-on is Imperative - User must logon to a common directory (like Active Directory) before getting access to ANY other app (on-prem or cloud) 2. Encrypt All Data - Protect the data, and then you don t have to worry if it leaks and ends up on Box, Google Apps, Skydrive, ipads, Mac Laptops that may not be secure Step 1 Focus on Identity Going from Multiple Passwords Enterprise ebusiness Firewall Internal Apps Portal Active Directory Corp apps in the Cloud Client-facing applications to a common Single Sign-on Solution Internal Apps Active Directory Access to public cloud applications Shared info access with business partners Step 2 - Encrypt All Data Encrypting a device is good, but ineffective the minute the data leaves the device Encrypting emails or encrypting communications is great, but only for emails or SL connectivity Encrypt ALL DATA so you don t have to worry about the device (laptop, thumbdrive), endpoint storage medium (ie: Box, DropBox), locality (China, N.Korea, Middle East), or transport (SSL, VPN) Tie data encryption to Active Directory, so when you disable the AD account, all of the files associated with the AD user become inaccessible Leverage automated encrypted technologies Consumer-facing applications Set Security Criteria on Content Author of the document can define who can do the following: View document Edit document Print document Copy/Paste Forward an email and set doc expiration 4
Office 2011 Mac Natively Supports Microsoft Rights Management Services Encryption and Protection Native support for Microsoft Rights Management Services (RMS) for document encryption / protection Leveraging 3 rd Party Plug-ins for RMS Captures and Applies Encryption to Files in Transit in Exchange 2007/2010/2013 & SharePoint 2007/2010/2013 Providing a Common App for ALL Endpoints Types (ex: Microsoft Exchange 2013, SharePoint 2013, etc) Exchange / SharePoint (2013) have native support for mobile phones and tablets Exchange leverages Outlook Web App (OWA) and the offline capabilities in HTML5 built in to IE 10+, Safari 5.1+, Google Chrome 18+ Tablet 2 wide format Mobile Phone 1 wide format Normal Desktop/Laptop 3 wide format 5
Remote Desktop Connection Clients (by Microsoft) for Apple Mac, ios, Android (released Oct 17, 2013) MacOS https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12&ls=1 ios https://itunes.apple.com/us/app/microsoft-remote-desktop/id714464092?mt=8 Android https://play.google.com/store/apps/details?id=com.microsoft.rdc.android Remote Desktop Client Apple Mac Remote Desktop Client ipad Going Mobile with Windows Your Apps and Data Always With You Workfolders Pro Great, consistent Mobile app consistency experience across devices Productive and connected on the go Shared Windows Core and Security Architecture Unified device management Lost Windows or Damaged Device Device Replacement User Settings Data Device on on Replacement Device Social Media Strategy Enterprise social and your business Transform your business from the inside out Focusing on User Access to Information Improving User Experience EXTERNAL SOCIAL INTERNAL SOCIAL 6
Providing organizations Microsoft s trusted business technologies (Exchange, SharePoint, Lync, Office) on-premise, in the cloud, or both. Flagship 2013 versions with full support for non-microsoft endpoints (Macs, Android, ios) with the exact same version in the cloud with Office 365 Introducing Yammer: Integrating SharePoint, Yammer, SkyDrive, Lync Accessing Yammer from Any Device Windows, Apple Mac, iphone, ipad, Android, Linux, Windows Mobile, etc Improve team alignment - Collaborate across geos and functions - Manage projects and events - Drive competitive intelligence 83% of users feel better connected with their team 25% boost in productivity in social organizations 20% rise in supplier & partner satisfaction Browse your network Increase employee engagement Post to a group on the go - Identify expertise - Accelerate learning, development & onboarding - Share best practices Continue to evolve - Innovate faster 67% of new employees get up to speed faster 78% of users communicate more effectively 41% of users are more prone to share feedback via Yammer Notify people immediately with a message Like and Reply to others messages - Adapt and respond to change - Build a unified culture 50% of users can locate relevant information and people faster 80% of users are more informed with what is happening 40% greater ROI when using Yammer and SharePoint together Sources: IBM Global CIO Study, 2011 - Yammer User Survey, 2010 - McKinsey, The Social Economy, July 2012 - Gallup Consulting Employee Engagement, What s Your Engagement Ratio? 2008 - Yammer User Surveys, 2010 and 2013 7
Big Data Business Intelligence Data Collection and Consolidation Information Analysis and Data Utilization Move fast. Move first. What more could your business do with the data available? Uncover new insights with the world s data Yahoo! can now provide more relevant advertising data which has increased advertising spending and campaign effectiveness. We have achieved this by combining Hadoop and Hive technologies that handle large data sets with the powerful analytic insight provided by the Microsoft BI platform. Yahoo Industry Impact & Opportunity Gaining competitive advantage leveraging data analysis and optimization Churn analysis IT infrastructure optimization Legal discovery Natural resource exploration Social network analysis Weather forecasting Traffic flow optimization Healthcare outcomes Web app optimization Data Analytics with SQL 2012 R2, Excel 2013, SharePoint B.I. Power suite Power Query Power View Power Q&A Power Map Power BI Fraud detection Life sciences research Performance analysis Equipment monitoring Smart meter monitoring Cloud Edge Server Applications Client and Server OS Information Protection Identity Management Systems Management Guidance Developer Tools Unified (optimized) Datacenter whether On-premise or the Cloud Management and datacenter server tools that support Microsoft and non-microsoft environments (ie: cross-platform manage - Vmware, Linux, NetApp, EMC, Cisco, etc) Support for Microsoft and non-microsoft endpoint client systems (ie: Macs, ipads, iphones, Android) In the box (Office Servers 2013) client support for non-microsoft endpoints with Apps on-premise and in the cloud (Office 365) Social networking collaboration and communications, Improving existing communication processes Leveraging data tools and data analytics to be fast and be first 8