Resource Guide Overview
On This Page
Audience
Infrastructure Optimization Concept
Core Infrastructure Optimization Capabilities
Core Infrastructure Optimization Model Levels
Audience
This document is designed for IT professionals who are responsible for planning, deploying, and operating IT systems and data centers, and who want to implement the technology and procedural concepts of the Core Infrastructure Optimization Model.
Infrastructure Optimization Concept
Microsoft Infrastructure Optimization (IO) is structured around three information technology models: Core Infrastructure Optimization, Application Platform Infrastructure Optimization, and Business Productivity Infrastructure Optimization. Each of these IO models contains four levels of process maturity and capability classifications as logical groupings of requirements for each level of maturity. Core IO focuses on the foundational elements of IT services and components, Application Platform IO focuses on best practices for software development, and Business Productivity IO focuses on the infrastructure required to maximize communication, collaboration, and end-user productivity. The following table highlights the capabilities of each IO model.
Model |
Capabilities |
|---|---|
Core Infrastructure Optimization Model (Core IOM) |
Identity and Access Management Desktop, Device and Server Management Data Protection and Recovery Security and Networking IT and Security Process |
Application Platform Infrastructure Optimization Model (AP IOM) |
User Experience SOA and Business Process Data Management Development Business Intelligence |
Business Productivity Infrastructure Optimization Model (BP IOM) |
Collaboration and Communication Enterprise Content Management Business Intelligence |
The Infrastructure Optimization concept helps customers realize dramatic cost savings for their IT infrastructure by moving toward a secure, defined, and highly automated environment. It prescribes capabilities in a logical sequence to help organizations advance up the levels at a measurable and achievable pace. As a basic IT infrastructure matures, security improves from vulnerable to dynamically proactive, and administrative and managerial processes change from highly manual and reactive to highly automated and proactive.
Microsoft and its partners provide the technologies, processes, and procedures to help customers move along the infrastructure optimization path. Processes move from fragmented or nonexistent to optimized and repeatable. Customers' ability to use technology to improve their business agility and to deliver business value increases as they move from the Basic level to the Standardized level, to the Rationalized level, and finally to the Dynamic level. These levels are defined later in this guide.
The Infrastructure Optimization Model has been developed by industry analysts, the Massachusetts Institute of Technology (MIT) Center for Information Systems Research (CISR), and Microsoft's own experiences with its enterprise customers. A key goal for Microsoft in creating the Infrastructure Optimization Model was to develop a simple way to use a maturity framework that is flexible and can easily be used as the benchmark for technical capability and business value.
The first step in using the model is to evaluate the current maturity level of your IT infrastructure within the model. This helps to determine what capabilities your organization needs, and in what sequence these capabilities should be deployed.
This document focuses on moving from the Basic level of IT infrastructure and processes to the Standardized level in the Core Infrastructure Optimization Model. Other resource guides in this series focus on the capabilities necessary to move to the other levels in the Core Infrastructure Optimization Model.
Core Infrastructure Optimization Capabilities
The Core Infrastructure Optimization Model defines five capabilities that are initial requirements to build a more agile IT infrastructure. These five capabilities are the foundation of each of the maturity levels.
Identity and Access Management
Describes how customers should manage people and asset identities, solutions that should be implemented to manage and protect identity data, and how to manage access to resources from corporate mobile users, customers, and/or partners outside of a firewall.
Desktop, Device and Server Management
Describes how customers should manage desktops, mobile devices, and servers, in addition to how to deploy patches, operating systems, and applications across the network.
Data Protection and Recovery
Provides structured and disciplined backup, storage, and restore management. As information and data stores proliferate, organizations are under increasing pressure to protect information and provide cost-effective and time-efficient recovery when required.
Security and Networking
Describes what customers should consider implementing in their IT infrastructure to help guarantee that information and communication are protected from unauthorized access. Also provides a mechanism to protect the IT infrastructure from denial attacks and viruses, while preserving access to corporate resources.
IT and Security Process
Provides proven best practice guidance on how to cost-effectively design, develop, operate, and support solutions while achieving high reliability, availability, and security. Although rock-solid technology is necessary to meet demands for reliable, available, and highly secure IT services, technology alone is not sufficient; excellence in process and people (skills, roles, and responsibilities) is also needed. This document addresses Security Process and IT Process (ITIL/COBIT-Based Management Process) in separate sections.
Core Infrastructure Optimization Model Levels
In addition to capabilities, the Core Infrastructure Optimization Model defines four optimization levels (Basic, Standardized, Rationalized, and Dynamic) for each capability. The characteristics of these optimization levels are as follows:
Optimization Level 1: Basic
The Basic IT infrastructure is characterized by manual, localized processes; minimal central control; and nonexistent or unenforced IT policies and standards for security, backup, image management and deployment, compliance, and other common IT practices. Overall health of applications and services is unknown due to a lack of tools and resources. Generally, all patches, software deployments, and services are provided manually.
Optimization Level 2: Standardized
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; to control the way machines are introduced into the network; and by using Active Directory® directory service to manage resources, security policies, and access control. Customers in a Standardized state have realized the value of basic standards and some policies, yet still have room to improve. Generally, all patches, software deployments, and desktop service are provided through medium touch with medium to high cost. These organizations have a reasonable inventory of hardware and software and are beginning to manage licenses. Security measures are improved through a locked-down perimeter, but internal security may still be a risk.
Optimization Level 3: Rationalized
The Rationalized infrastructure is where the costs involved in managing desktops and servers are at their lowest and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. Security is very proactive and responding to threats and challenges is rapid and controlled. The use of zero touch deployment helps minimize cost, the time to deploy, and technical challenges. The number of images is minimal and the process for managing desktops is very low touch. These customers have a clear inventory of hardware and software and only purchase the licenses and computers they need. Security is extremely proactive with strict policies and control, from the desktop to server to firewall to extranet.
Optimization Level 4: Dynamic
Customers with a Dynamic infrastructure are fully aware of the strategic value that their infrastructure provides in helping them run their business efficiently and staying ahead of competitors. Costs are fully controlled; there is integration between users and data, desktops, and servers; collaboration between users and departments is pervasive; and mobile users have nearly on-site levels of service and capabilities regardless of location. Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to business needs. Additional investments in technology yield specific, rapid, measurable benefits for the business. The use of self-provisioning software and quarantine-like systems for ensuring patch management and compliance with established security policies allows the Dynamic infrastructure organization to automate processes, thus helping improve reliability, lower costs, and increase service levels.
Core Infrastructure Optimization Capability Overview
The following image lists the basic requirements for each capability to advance through the optimization levels.
.gif "im_io1_fig1_capability_overview.gif")
For more information, including customer case studies and business value information, visit https://www.microsoft.com/technet/infrastructure/default.mspx.
Self Assessment
Microsoft has developed a self assessment tool that you can use to determine your current optimization level. We recommend that you use this tool before proceeding with this guide. The tool is based on the material presented in this guide. To access the self assessment tool, visit: https://www.microsoft.com/business/peopleready/coreinfra/ac/default.mspx.
The following section presents questions for each of the core capabilities that direct you to relevant sections of this planning guide. Your answer to the questions will dictate which sections contain guidance applicable to your organization. Many requirements in the following section have minimum attributes associated with them. If your organization meets every requirement and requirement attribute outlined in this section, you have already achieved the Standardized level and can proceed to the Rationalized level in Core Infrastructure Optimization. You can print this section as a scorecard for determining which requirements and attributes you need to implement in your organization.
Capability: Identity and Access Management
The Standardized level of optimization requires that an Active Directory directory service be in place in your organization and is used to authenticate 80 percent or more of your users.
Requirement: Identity and Access Management |
Yes |
No |
|---|---|---|
Implemented Active Directory directory service for authentication of 80 percent or more of connected users |
|
|
For more details, see Directory Services for Authentication of Users in this document, or visit the following Web sites:
Capability: Desktop, Device and Server Management
The Standardized level of optimization requires that your organization has procedures and tools in place to automate patch distribution, manage and consolidate standard desktop images, and centrally manage connected mobile devices.
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Automated patch distribution covering 80 percent or more of your desktops |
|
|
Attributes:
Implemented process and tools to inventory hardware and software assets.
Implemented process and tools to scan client computers for software updates.
Established a process to automatically identify available patches
Established standard testing for every patch.
Implemented patch distribution software.
For more details, see Automated Patch Distribution in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
A defined set of standard, basic images for 80 percent or more of your desktops and laptops |
|
|
Attributes:
Defined a strategy for standard images.
Used tools to capture a standard image.
Defined a standard set of disk images (OS and applications) for all hardware types
Established deployment tools for network-based or offline image installation.
For more details, see Standardized Computer Images in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
A centralized solution to track, manage, and upgrade your mobile devices |
|
|
Attributes:
Installed software to discover and track the mobile devices in your organization.
Implemented password-controlled access.
Established centralized data and software synchronization.
Ensured that decommissioned devices are free of company information
For more details, see Centralized Management of Mobile Devices in this document, or visit the following Web sites:
Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2
Systems Management Server 2003 Device Management Feature Pack (DMFP)
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
A solution for user identity validation and data protection, if lost, for your mobile devices |
|
|
Attributes:
Established and are enforcing a password-access policy or using public key certificates for user identification.
Encrypted all transfers for data distribution to, and data backup from, mobile devices.
Implemented device lockout on mobile devices.
Ensured that company information can be removed with remote wipe in case a mobile device is lost or stolen
For more details, see Identity Validation, Data Protection, and Data Backup of Mobile Devices in this document, or visit the following Web sites:
Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2
Systems Management Server 2003 Device Management Feature Pack (DMFP)
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
A maximum of two operating system versions on 80 percent of your desktops |
|
|
Attributes:
Implemented an image-consolidation strategy.
Reduced the number of production operating systems to no more than two.
For more details, see Consolidation of Desktop Images to Two Operating System Versions in this document, or visit the following Web sites:
Capability: Security and Networking
The Standardized level of optimization requires that your organization has standard antivirus software installed on client computers, a centralized perimeter firewall, basic networking services, and availability monitoring for critical servers.
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Antivirus software (with automated signature updating) running on 80 percent or more your desktops |
|
|
Attributes:
Installed all operating system and software application security updates.
Enabled available host-based firewalls
Installed antivirus software on eighty percent or more of your desktop computers.
For more details, see Antivirus Software for Desktops in this document, or visit the following Web site:
The Antivirus Defense-in-Depth Guide
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Firewall (not per desktop) for your organization protecting 80 percent or more of your systems |
|
|
For more details, see Centralized Firewall Services in this document, or visit the following Web sites:
Windows Server System Reference Architecture Firewall Services Implementation Guide
Microsoft TechNet Internet Security and Acceleration Server TechCenter
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Internal servers for basic networking services (DNS, DHCP, WINS) |
|
|
Attributes:
Implemented DNS services on servers or other devices within your organization.
Implemented DHCP services on servers or other devices within your organization.
Implemented WINS services for older operating systems on servers or other devices within your organization.
For more details, see Internally Managed Basic Networking Services (DNS, DHCP, WINS) in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Monitoring for 80 percent or more of your critical servers to ensure a consistent and reliable user experience |
|
|
Attributes:
Installed availability monitoring software such as Microsoft Operations Manager (MOM).
Are monitoring 80 percent of your critical servers for performance, events, and alerts.
For more details, see Availability Monitoring of Critical Servers in this document, or visit the following Web sites:
Capability: Data Protection and Recovery
The Standardized level of optimization requires that your organization has procedures and tools in place to manage backup and recovery of data on critical servers.
Requirement: Data Protection and Recovery |
Yes |
No |
|---|---|---|
Backup and restore solution for 80 percent or more of your business-critical servers |
|
|
Attributes:
Created a data backup plan and a recovery plan for eighty percent or more of your critical servers.
Used drills to test your plans.
For more details, seeDefined Backup and Restore Services for Critical Servers in this document, or visit the following Web sites:
Capability: Security and ITIL/COBIT-Based Management Process
The Standardized level of optimization requires that your organization has defined procedures for risk management, incident management and response, application testing, problem management, user support, configuration management, and change management.
Requirement: Security and ITIL/COBIT-Based Management Process |
Yes |
No |
|---|---|---|
Risk assessment methodology and incident response plan, consistent security policy compliance, and evaluation and testing of all acquired software |
|
|
Attributes:
Named a dedicated person for security strategy and policy.
Established a risk assessment methodology.
Established an incident response plan.
Established a process to manage user, device, and service identities.
Established consistent processes to identify security issues, including all network-connected devices.
Established consistent security policy compliance on network devices.
Established a plan to evaluate and test all acquired software for security compliance.
Established a consistent policy to classify data.
For more details, see Security Policies, Risk Assessment, Incident Response, and Data Security in this document, or visit the following Web site:
Microsoft TechNet Security Center
Requirement: Security and ITIL/COBIT-Based Management Process |
Yes |
No |
A defined process for problem, incident, service, configuration, and change management |
|
|
Attributes:
Implemented Problem Management techniques.
Implement Incident Management techniques.
Improved end-user support services.
Implemented Change Management best practices
For more details, see Support and Change Management Process in this document, or visit the following Web site:
Microsoft Operations Framework (MOF) on Microsoft TechNet
Preparing to Implement Core IO Requirements
The detailed capability and requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized guide will expose you to the high-level context of the processes and technologies necessary to help implement the requirements of the Core Infrastructure Optimization Standardized level. These sections provide contextual detail for areas to focus on, an introduction to processes and technologies, and links to relevant implementation guidance throughout.
Microsoft Core IO requires that directory services are based on Active Directory in Microsoft Windows Server products. Microsoft partner and third-party solutions can be used to meet all requirements in the model, if functionality meets defined requirements.
Phased Approach
Microsoft recommends a phased approach to meeting the requirements of each of the IO capabilities. The four phases are shown in the following graphic.
.gif "Phased Approach")
In the Assess phase you determine the current capabilities and resources within your organization.
In the Identify phase you determine what you need to accomplish and what capabilities you want to incorporate.
In the Evaluate and Plan phase you determine what you need to do to implement the capabilities outlined in the Identify phase.
In the Deploy phase you execute the plan that you built in the prior phase.
Solution Currency
The detailed Capability and Requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized guide highlight guidance and technologies available from Microsoft as of the release date of the document. We expect that these technologies will evolve, as will the accompanying guidance. Please visit Microsoft TechNet regularly for any updates to products and capabilities referred to in this document.
Implementation Services
Implementation services for the projects outlined in this document are provided by Microsoft partners and Microsoft Services. For assistance in implementing Core Infrastructure Optimization projects highlighted in the Core Infrastructure Optimization Implementer Resource Guides, contact a Microsoft partner near you or visit the Microsoft Services Web site for more details.