Microsoft Active Directory Project Simcoe County District School Board Project Kick-off Meeting Rami Wehbe (Solution Architect) January 18, 2012
Agenda Introductions Project objectives and drivers Approach (MSF Phases) Key Activities & Deliverables Technical Overview (High Level) Project Management Expectations & Assumptions Shared Lessons Learned Acceptance Criteria Next Steps
Introductions Introduce the Team Members from: - SCDSB - Vince Garrett, Project Coordinator - Technology - Itergy - Abdallah Chammas, Services Director - Rami Wehbe, Solution Architect - Riyaz Lalani, Senior Account Manager Education Sector
Project Drivers Key Driver - AD Project driven from recent Audit recommendation and upcoming business needs and newer Platform deployment (IPPS.Net & SharePoint) Common, Active Directory Service Environment this directory service will then be used to facilitate authentication capabilities for common Board applications, services, and centralized management of identities. Delegated Data Management for ICT Team to manage their directory objects and services in the most efficient management. Centrally Managed Directory Services Taking advantage of a corporate center of excellence team to deliver authentication, replication and directory read/write access to the broad base of users and business groups.
Project Objectives Reduced Cost and Complexity Creating centers of expertise and consolidated device management will enable the Board to broadly leverage inhouse expertise as well as investments in hardware and software providing common business services using fewer resources and devices. Fewer servers Centered in strategic data center locations. Fewer Technologies providing a single location for all standard directory and authentication. One team providing services at a reduced cost to operate and maintain. Authentication and Improved Security Delivering common authentication services provides a common security model for sharing and protecting data. One Logon: The Microsoft Active Directory Domain will provide authentication for Windows integrated services, such as Microsoft SharePoint, Office 365 for Education, Microsoft Office SQL Server, as well as third-party applications. Single sign-on ability to all application resources will become closer to reality and improve user experience and overall security of the environment
Approach and Phases
Project Approach Envisioning Planning Development Stabilization Deployment Operations Microsoft Solutions Framework (MSF) Overview The following sections describe the tasks and deliverables to be completed in the course of the project. Envisioning Phase creating business vision and defining the scope of work Planning Phase developing the functional requirements and solution architecture Developing Phase developing the implementation and operational guides, as the proofof-concept Stabilizing Phase validate the production environment, piloting the solution and developing deployment plan Deployment Phase deploying the solution Operations Phase Training and handover to the operational team 7
Design and Implementation for Active Directory Deliverables Phase Deliverable Description Envision Vision and Scope Document A word document with a definition of the vision, the requirements, and the scope of the solution. Also includes high-level architecture diagram(s) (with alternatives) a description of components involved in the system, a risk matrix, and a project roadmap. Envision Project Plan (Draft) Microsoft Office Project.MPP document describing the complete execution of the effort Plan Functional Specification A word document and Microsoft Office Visio diagrams defining all components included in the solution and their definitions. Plan Project Plan (Baseline) Microsoft Project.MPP document describing the complete execution of the effort, used to track project progress. Plan Sponsor Presentations PowerPoint presentation at major design review milestone meetings with the steering committee. Develop Build and Configuration Guide Word Document and Visio Diagrams describing the process of configuring the end state architecture. Stabilize Production Pilot Deployed, fully configured pilot of end-state directory on the production network for a representative user population selected in the Plan Phase. Deployment Production Deployment (Migration) Deployment and Migration of Active Directory based on design and migration document. Then Decommissioning identified AD Servers
Solution Phase - Envisioning Envisioning Phase Key Itergy Activities: Kick Off Meeting: Project Team Assembled Project vision, objectives, approach and deliverables Change & Communication Process defined Identify, prioritize risk, and plan risk mitigation (Show Sample Project Status Report & Change Order) Conduct workshops with project stakeholders and infrastructure teams to review Requirements and conceptual future architecture. Review the current Active Directory deployments and current state. (Questionnaire) Examine the pros and cons of different architectures and migration processes. Review the network and datacenter architectures Review & document user demographics and account management Outline Conceptual future state Confirm project approach and objectives Create & review conceptual designs with the sponsors Document the results and findings into the Vision & Scope document. Review Vision & Scope with Project team to gain consensus Update project plan 9
Solution Phase Envisioning Envisioning Phase Key SCDSB Activities: Project Governance Document (Main) Assist with completion of Vision & Scope activities Participate in the workshops Engage your subject matter experts during the envisioning sessions Provide all necessary information regarding the existing environments: Current active directory implementations Physical environment characteristics Application and system dependencies Provide requirements for future Active Directory (IPPS.Net & SharePoint) Provide information on applications currently using Active Directory authentication/services Approve the Vision & Scope document 10
Solution Phase - Planning Planning Phase Key Itergy Activities: Conduct Active Directory Planning Sessions and Workshops to define the End-State, documenting the results in the Functional Specification Document. Design the Active Directory architecture consisting of the following topics: Authentication (domain and forest design) Name Resolution (DNS, WINS) OU Design and delegation of administration Policy-based management (Group Policies Objects) Physical Architecture/Topology including domain controller sizing and placement Migration and coexistence of the new Active Directory structure & current state systems Processes for redirecting (migrating) users and resources (e.g. groups, user accounts, workstations) from current directories to the new directory. Develop test lab requirements and provide guidance on test plan development Understand SCDSB Backup and Recovery requirements Review Active Directory Management Tools Provide Recommendations (Solution Briefing) Conduct AD Design milestone review meeting Finalize specifications for all hardware and software for pilot and production 11
Solution Phase - Planning Planning Phase Key SCDSB Activities: Engagement and scheduling of your staff to participate in the planning sessions Review and approve project deliverables. Obtain your executive sponsor approval of the deliverables Create the Communications Plan for all external communication activities, content, and media used by the project Procure lab hardware Set up the test lab prior to the start of the Development phase (Base OS & Patches) Document the Test Plan and acceptance criteria Validate and approve designs 12
TECHNICAL OVERVIEW (HIGH LEVEL)
Current Architecture State Schools Active Directory Forest and the Admin Active Directory Forest SCHOOLS FOREST ADMIN FOREST 4 DCs: Roots03 Roots06 Roots07 Tersimcoegc 2 DCs: Adminroot01 Adminroot02 SIMCOE.PRI SCDSB.PRI 19200 Students/Teachers 34000 Students/Teachers 900 Administrative Staff 5700 Desktops/Laptops 5100 Desktops/Laptops 1150 Desktops/Laptops 4 DCs: DNSS01 SCHOOLSPDC SECAMSS01 SCHOOLVDC SCHOOLS.SIMCOE.PRI 4 DCs: Elemamss01 Elems03 Elems04 Terelembdc ELEM.SIMCOE.PRI 4 DCs: Teradminbdc Netvs03 Nets02 Nets01 ADMIN.SCDSB.PRI
Migration Options Options (main) Pros Cons Option 1: Admin Active Directory Forest Merging to Schools Active Directory Forest Option 2: Admin Child Domain Merged with the Schools Active Directory Forest No change required in Exchange infrastructure Migration can be planed during Holidays, no impact as we are only touching the School Forest / Domain not the Admin Forest / Domain Moving Smaller Forest/Domain to bigger Forest/Domain Moving bigger Forest / Domain to smaller Forest / Domain Moving the Exchange infrastructure and its objects from one forest to another is more complex requiring more planning
End State Option 1/2 ADMIN FOREST Note: Capacity Planning to determine the number of Domain Controllers that will be required from the decommissioned forest To become the Active Directory Forest Root Domain 4 DCs: Roots03 Roots06 Roots07 Tersimcoegc 2 DCs: Adminroot01 Adminroot02 SCDSB.PRI 19200 Students/Teachers 34000 Students/Teachers 900 Administrative Staff 5700 Desktops/Laptops 5100 Desktops/Laptops 1150 Desktops/Laptops 4 DCs: DNSS01 SCHOOLSPDC SECAMSS01 SCHOOLVDC SCHOOLS.SCDSB.PRI 4 DCs: Elemamss01 Elems03 Elems04 Terelembdc ELEM.SCDSB.PRI 4 DCs: Teradminbdc Netvs03 Nets02 Nets01 ADMIN.SCDSB.PRI
Migration tools high level overview Factors Option 1 Option 2 Tool name ADMT(Active Directory Migration Tool) Advantage Free tool from Microsoft Good documentation from MStechnet Third Party Migration tools (e.g. DMM from Quest) Big list of Server infrastructure update Continuous synchronization Statistics & Reporting Disadvantage Limited undo No Clean-up SIDHistory Cost of the license (TBD, check with vendor, around $ 8.58 per username) Limited Server infrastructure update Statistics and reporting (limited) Time Need more time for preparation and migration Risk Higher risk Lower risk Need time for preparation, but less time in migration
PROJECT MANAGEMENT
Project Team SCDSB Active Directory Project Steering Committee Itergy Project Manager Main Communication Channel SCDSB Project Manager Itergy Solution Architect Itergy Senior Consultant Itergy Consultant Migrator SCDSB Project Team SCDSB Operations Team
Weekly Project Management Activities Communication Management Weekly coordination meeting Weekly Status Report (Sample) Risk and Issue tracking and Management Resource and time management Change Management Quality Management Link
Timeline Overview The project will be divided into phases as depicted below. This timeline is based on our current planning assumptions and may change during the course of the project. Detail Project Schedule (Link) 21
Expectations & Assumptions Before starting the engagement Itergy assumes the following requirements are ready or a plan is in place: The required Lab hardware will be ready for Operating System Deployment. There are no network (LAN, WAN) problems that may stop the Lab creation. Provide access to the existing documentation (if any) Work with Itergy consultants during the project as required. Provide physical access to site as required during the project. Provide a work area for on-site, with telephone & access internet connectivity. Some tasks may be performed remotely or off-site. Availability and access to pertinent IT personnel and project stakeholders (e.g. Operations, representatives from Technical Support groups). Itergy will provide weekly status updates to SCDSB project manager and key stakeholders. Current Active Directory Infrastructure is healthy without any major issue that may impact the migration or integration Active Directory Infrastructure core components are functional. Start date to be mutually agreed upon
Share Lessons Learned Key Success factors Communication Hardware readiness ( servers for migration) Information Gathering (Envisioning) Solutions Prepare communication package (standard) Share information with people on time Coordination Notification Make sure you order hardware on time Specify how to distribute the hardware Prepare standard environment Prepare configuration checklist Use virtualization and cloning Site Survey document (standard) Sites contact lists Information should be ready on time Analyzing collected information Consider custom configurations (E.g. Auto logon)
Share Lessons Learned(Cont) Key Success Factors Servers readiness Computers/Accounts readiness Migrating Management Infra (SMS/SCCM/SCOM) Manage end users incidents Mobile devices authentication (Wi-Fi) Solutions List of services Contact of servers administrators Maintenance Windows List of in-scope computers Complete Decryption (if required) Quest Agent installation (if required) Schedule the migration Dependency Specify required features Set new design and migration plan Incident Management plan Support Email/telephone numbers Support time (Schedule) Build a new Wi-Fi authentication infrastructure Simplicity
Acceptance Criteria (PM) Criteria Acceptance Create and review Project governance document that explains how to manage the project Send weekly project status report to project stakeholders to share the project status, decisions, changes, risk, and issues Conduct weekly coordination meeting to review project status and manage any risk or issue. Minimize the impact of AD migration on the educational processes and IT operations. Efficiently utilize SCDSB resources and time during the project life cycle Set migration process based on Microsoft recommended practices Set clear detailed project plan for the migration that shows phases and milestones Follow the change management process for any change to the scope or deliverables.
Next Steps Tasks Schedule Owner Specify timeline of the project and resource management option Communication; announce project kick-off (send email to all project stakeholders) TBD (preferable this week) Today Itergy and SCDSB Project Owner SCDSB Project PM Set Project Communication Plan This week SCDSB and Itergy PMs Logistics; arrange location for Itergy team TBD SCDSB PM Envisioning: start preparing the required information (Questionnaire) Conduct internal meeting with SCDSB technical team (kick-off the envisioning phase) Start today Mid of next week Itergy Consultant SCDSB and Itergy technical team
OPEN DISCUSSION