Resource Guide Overview
This document provides a technology roadmap for implementing information technology (IT) capabilities highlighted in the Microsoft Infrastructure Optimization Model (explained in the following sections). We recommend that you use the steps outlined in this guide to become familiar with the tools, processes, and concepts in the Infrastructure Optimization Model.
These resource guides are not meant to be used to deploy new IT services or capabilities. Their purpose is to outline the high-level considerations, steps, processes, and Microsoft tools you can use to bring greater efficiency, organization, and profitability to your IT department as you implement those capabilities and services. You can use the information contained in this guide to help you move from the Standardized level to the Rationalized level.
On This Page
.gif "Audience"){kind=icon}
Audience
Infrastructure Optimization Concept
Core Infrastructure Optimization Capabilities
Core Infrastructure Optimization Model Levels
Core Infrastructure Optimization Capability Overview
Audience
This document is designed for IT professionals who are responsible for planning, deploying, and operating IT systems and data centers, and who want to implement the technology and procedural concepts of the Core Infrastructure Optimization Model.
Infrastructure Optimization Concept
Microsoft Infrastructure Optimization (IO) is structured around three information technology models: Core Infrastructure Optimization, Application Platform Infrastructure Optimization, and Business Productivity Infrastructure Optimization. Each of these IO models contains four levels of process maturity and capability classifications as logical groupings of requirements for each level of maturity. Core IO focuses on the foundational elements of IT services and components; Application Platform IO focuses on best practices for software development; and Business Productivity IO focuses on the infrastructure required to maximize communication, collaboration, and end-user productivity. The following table highlights the capabilities of each IO model.
Model |
Capabilities |
|---|---|
Core Infrastructure Optimization Model (Core IOM) |
Identity and Access Management Desktop, Device and Server Management Security and Networking Data Protection and Recovery IT and Security Process |
Application Platform Infrastructure Optimization Model (AP IOM) |
User Experience SOA and Business Process Data Management Development Business Intelligence |
Business Productivity Infrastructure Optimization Model (BP IOM) |
Collaboration and Communication Enterprise Content Management Business Intelligence |
The Infrastructure Optimization concept helps customers realize dramatic cost savings for their IT infrastructures by moving toward a secure, defined, and highly automated environment. It prescribes capabilities in a logical sequence to help organizations advance up the levels at a measurable and achievable pace. As a basic IT infrastructure matures, security improves from vulnerable to dynamically proactive, and administrative and managerial processes change from highly manual and reactive to highly automated and proactive.
Microsoft and its partners provide the technologies, processes, and procedures to help customers move along the infrastructure optimization path. Processes move from fragmented or nonexistent to optimized and repeatable. Customers' ability to use technology to improve their business agility and to deliver business value increases as they move from the Basic level to the Standardized level, to the Rationalized level, and finally to the Dynamic level. These levels are defined later in this guide.
The Infrastructure Optimization Model has been developed by industry analysts, the Massachusetts Institute of Technology (MIT) Center for Information Systems Research (CISR), and Microsoft's own experiences with its enterprise customers. A key goal for Microsoft in creating the Infrastructure Optimization Model was to develop a simple way to use a maturity framework that is flexible and can easily be used as the benchmark for technical capability and business value.
The first step in using the model is to evaluate the current maturity level of your IT infrastructure within the model. This helps to determine what capabilities your organization needs, and in what sequence these capabilities should be deployed.
This document focuses on moving from the Standardized level of IT infrastructure and processes to the Rationalized level in the Core Infrastructure Optimization Model. Other resource guides in this series focus on the capabilities necessary to move to the other levels in the Core Infrastructure Optimization Model.
Core Infrastructure Optimization Capabilities
The Core Infrastructure Optimization Model defines five capabilities that are initial requirements to build a more agile IT infrastructure. These five capabilities are the foundation of each of the maturity levels.
Identity and Access Management
Describes how customers should manage people and asset identities, how to implement solutions to manage and protect identity data, and how to manage access to resources from corporate mobile users, customers, and/or partners outside of a firewall.
Desktop, Device and Server Management
Describes how customers should manage desktops, mobile devices, and servers, in addition to how to deploy patches, operating systems, and applications across the network.
Security and Networking
Describes what customers should consider implementing in their IT infrastructures to help guarantee that information and communication are protected from unauthorized access. Also provides a mechanism to protect the IT infrastructure from denial attacks and viruses, while preserving access to corporate resources.
Data Protection and Recovery
Provides structured and disciplined backup, storage, and restore management. As information and data stores proliferate, organizations are under increasing pressure to protect information and provide cost-effective and time-efficient recovery when required.
IT and Security Process
Provides proven best practice guidance on how to cost-effectively design, develop, operate, and support solutions while achieving high reliability, availability, and security. Although rock-solid technology is necessary to meet demands for reliable, available, and highly secure IT services, technology alone is not sufficient; excellence in process and people (skills, roles, and responsibilities) is also needed. This document addresses Security Process and IT Process (ITIL/COBIT-based Management Process) in separate sections.
Core Infrastructure Optimization Model Levels
In addition to capabilities, the Core Infrastructure Optimization Model defines four optimization levels (Basic, Standardized, Rationalized, and Dynamic) for each capability. The characteristics of these optimization levels are described in the following sections.
Optimization Level 1: Basic
The Basic IT infrastructure is characterized by manual, localized processes; minimal central control; and nonexistent or unenforced IT policies and standards for security, backup, image management and deployment, compliance, and other common IT practices. Overall health of applications and services is unknown due to a lack of tools and resources. Generally, all patches, software deployments, and services are provided manually.
Optimization Level 2: Standardized
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; to control the way machines are introduced into the network; and by using Active Directory® directory service to manage resources, security policies, and access control. Customers in a Standardized state have realized the value of basic standards and some policies, yet still have room to improve. Generally, all patches, software deployments, and desktop service are provided through medium touch with medium to high cost. These organizations have a reasonable inventory of hardware and software and are beginning to manage licenses. Security measures are improved through a locked-down perimeter, but internal security may still be a risk.
Optimization Level 3: Rationalized
The Rationalized infrastructure is where the costs involved in managing desktops and servers are at their lowest, and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. Security is very proactive, and responding to threats and challenges is rapid and controlled. The use of zero touch deployment helps minimize cost, the time to deploy, and technical challenges. The number of images is minimal, and the process for managing desktops is very low touch. These customers have a clear inventory of hardware and software and only purchase the licenses and computers they need. Security is extremely proactive with strict policies and control, from the desktop to server to firewall to extranet.
Optimization Level 4: Dynamic
Customers with a Dynamic infrastructure are fully aware of the strategic value that their infrastructure provides in helping them run their business efficiently and staying ahead of competitors. Costs are fully controlled; there is integration between users and data, desktops, and servers; collaboration between users and departments is pervasive; and mobile users have nearly on-site levels of service and capabilities regardless of location. Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to business needs. Additional investments in technology yield specific, rapid, and measurable benefits for the business. The use of self-provisioning software and quarantine-like systems for ensuring patch management and compliance with established security policies allows the Dynamic infrastructure organization to automate processes, thus helping improve reliability, lower costs, and increase service levels.
Core Infrastructure Optimization Capability Overview
The following image lists the basic requirements for each capability to advance through the optimization levels.
.gif "Figure 1. Capability requirements of each optimization level")
Figure 1. Capability requirements of each optimization level
For more information, including customer case studies and business value information, visit https://www.microsoft.com/technet/infrastructure/default.mspx.
Self Assessment
Microsoft has developed a self-assessment tool that you can use to determine your current optimization level. We recommend that you use this tool before proceeding with this guide. The tool is based on the material presented in this guide. To access the self-assessment tool, visit: https://www.microsoft.com/business/peopleready/coreinfra/ac/default.mspx.
The following section presents questions for each of the core capabilities that direct you to relevant sections of this planning guide. Your answers to the questions will dictate which sections contain guidance applicable to your organization. Many requirements in the following section have minimum attributes associated with them. If your organization meets every requirement and requirement attribute outlined in this section, you have already achieved the Rationalized level and can proceed to the Dynamic level in Core Infrastructure Optimization. You can print this section as a scorecard for determining which requirements and attributes you need to implement in your organization.
Capability: Identity and Access Management
The Rationalized level of optimization requires a directory-based tool to centrally administer configurations and security on 80 percent or more desktops in your organization.
Requirement: Identity and Access Management |
Yes |
No |
|---|---|---|
Implemented a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops |
|
|
Attributes:
Identified which configurations should be monitored or enforced.
Selected tools for monitoring and enforcing configuration compliance.
Defined Group Policy objects for settings managed through Group Policy.
Implemented Group Policy Management Console to manage Group Policy objects.
Applied Group Policy to at least 80 percent of your desktops.
For more details, see Centralized Directory-based Configuration and Security in this document, or visit the following Web sites:
Additional information is available at Medium Business Solution for Client Configuration.
Capability: Desktop, Device and Server Management
The Rationalized level of optimization requires that your organization has procedures and tools in place to automate operating system deployment, track desktop assets, test application compatibility, streamline desktop deployment with a layered-image approach, automate server patch management, provide secure access to mobile devices, and explore server consolidation through virtualization technologies.
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
An automated software distribution solution for operating system deployment |
|
|
Attributes:
Identified tools and technologies required to enable automated operating system deployment.
Performed necessary pre-deployment tasks for application compatibility and packaging, infrastructure remediation, imaging, user-state migration, and desktop security.
Tested and validated Zero Touch Installation in a lab environment and pilot program.
Performed automated OS deployment to end users.
For more details, see Automated Operating System Distribution in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Automated tracking of hardware and software assets of 80 percent or more of your desktops |
|
|
Attributes:
Deployed tools and procedures to automate desktop asset inventory.
Implemented procedures and technologies to automate application and operating system deployment
Implemented tools and procedures to perform and analyze software usage tracking reporting.
Implemented best practice automated software update management.
Deployed tools and procedures to monitor desktop system status, including product compliance and system status monitoring.
For more details, see Automated Tracking of Hardware and Software for Desktops in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Eighty percent or more of your desktops running one of the two most recent operating system versions |
|
|
Attributes:
Inventoried existing production operating systems.
Determined new computer and refresh strategies in order to phase out older operating systems.
Deployed two most recent operating system versions to at least 80 percent of all desktops.
For more details, see Latest Two OS Versions and Service Packs on Desktops in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Eighty percent or more of your desktops running Microsoft Office 2003 or the 2007 Microsoft Office system |
|
|
Attributes:
Evaluated the latest versions of Office and defined plan to consolidate Office versions on production workstations.
Deployed latest versions of Office to desktops.
Defined plan for managing Office configurations
For more details, see Latest Versions of Microsoft Office on Desktops in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Tests and certifies application compatibility on 80 percent of new or updated applications before deploying them to desktops |
|
|
Attributes:
Collected and analyzed the application inventory in your organization to build your application portfolio.
Implemented standard testing of your mitigation strategies to create your application mitigation packages.
Implemented standard processes to resolve any outstanding compatibility issues to report compatibility mitigation to management.
Implemented automated deployment of all compatibility mitigation packages.
For more details, see Compatibility Testing and Certification of Software Distributionsin this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Patch management solution for 80 percent or more of your servers |
|
|
Attributes:
Implemented process and tools to inventory hardware and software assets.
Implemented process and tools to scan servers for software updates.
Established a process to automatically identify available patches.
Established standard testing for every patch.
Implemented patch distribution software.
For more details, see Patch Management for Servers in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Secured and guaranteed way to verify secure communications between your corporate network and mobile devices |
|
|
Attributes:
Inventoried mobile devices connecting to your network.
Determined a communication security strategy appropriate for your needs.
Implemented mobile device authentication to all connected devices.
For more details, see Guaranteed Secure Communications with Mobile Devices in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Access provided to Web applications via WAP or HTTP for mobile devices |
|
|
Attributes:
Inventoried mobile devices connecting to your network and Web applications currently consumed or potentially consumed by mobile device users.
Developed and implemented a strategy to optimize Web applications for mobile device users, update mobile device hardware, or both.
For more details, see Access to Web Applications Using WAP or HTTP for Mobile Devices in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Planning for server consolidation with virtualization |
|
|
Attributes:
Inventoried all IT services and LOB applications in your organization, including performance and traffic data.
Developed a plan to consolidate server infrastructure by implementing virtual machine technologies.
For more details, see Server Consolidation with Virtualization in this document, or visit the following Web sites:
Solution Accelerator for Consolidating and Migrating LOB Applications
Windows Server System™ Architecture Virtual Environments for Development and Test
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Implemented a layered-image strategy for managing your desktop images |
|
|
Attributes:
Inventoried and rationalized the current set of managed desktop images in your organization.
Developed and implemented a strategy to consolidate desktop images by using thin or hybrid layered imaging for desktop deployment.
For more details, see Layered Imaging for Desktops in this document, or visit the following Web sites:
Capability: Security and Networking
The Rationalized level of optimization requires that your organization has standard antivirus software installed on client computers, a centralized perimeter firewall, basic networking services, and availability monitoring for critical servers.
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Policy-managed firewall on 80 percent or more of your servers and desktops |
|
|
Attributes:
Inventoried your desktop and server computers to identify which hardware currently has host-based firewall technologies.
Deployed host-based firewall technology to hardware lacking firewall capabilities or updated servers to Windows Server 2003 SP1 or later.
Established policy enforcement to ensure host-based firewalls are always enabled and cannot be disabled.
For more details, see Policy-managed Firewalls on Servers and Desktops in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Secure remote access to internal resources and line-of-business (LOB) applications beyond e-mail (that is, VPN and/or Terminal Services) |
|
|
Attributes:
Evaluated remote access requirements for remote clients and branch offices.
Designed and implemented secure virtual private network or similar services to remote clients and branch office.
For more details, see Secure Remote Access to Internal Resources and LOB Applications in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Secured and guaranteed way to verify communication between critical servers, such as domain controllers and e-mail servers |
|
|
Attributes:
Assessed the current state of network infrastructure affected by Internet Protocol security (IPsec).
Identified organizational requirements to ensure secured and guaranteed communication between servers, including regulation and compliance impacts.
Developed and implemented a plan across the organization using IPsec to meet defined requirements.
For more details, see Secured and Guaranteed Communication Between Servers in this document, or visit the following Web sites:
Server and Domain Isolation Using IPsec and Group Policy Guide on Microsoft TechNet
Determining Your IPsec Need in the Windows Server 2003 Deployment Guide
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Monitoring and service level reporting for 80 percent or more of your servers to ensure a consistent and reliable user experience |
|
|
Attributes:
Defined your organization’s IT services in a service catalog.
Determined the baseline or current service levels for defined services.
Defined service levels appropriate for your organization and determined a plan for automating service level monitoring.
Implemented an automated availability monitoring solution.
For more details, see Service Level Agreement Monitoring and Reporting for Servers in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Providing a secured communication mechanism for presence |
|
|
Attributes:
Assessed any current unmanaged methods used for presence and instant communication.
Created a requirements specification for presence and instant messaging, aligning to industry or local regulations and policies.
Evaluated presence and instant technology and created plan to implement your selected solution.
Implemented presence at minimum through managed instant messaging and optionally through collaboration and e-mail infrastructure.
For more details, see Secure Communication Mechanism for Presence in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Deployed a secure wireless network using Active Directory and IAS/RADIUS for authentication and authorization |
|
|
Attributes:
Identified current wireless access and related topologies.
Evaluated wireless technologies, protocols, and standards.
Developed and implemented plans for secure wireless authentication infrastructure.
For more details, seeActive Directory and IAS/RADIUS for Wireless Network Authentication and Authorization * *in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Centrally managed certificate services infrastructure (PKI) |
|
|
Attributes:
Performed a network discovery to inventory all components.
Identified people, process, and technology design considerations for the certification authority and public key infrastructure (PKI).
Created a detailed deployment plan to enable the PKI.
Implemented PKI deployment plan.
For more details, see Centrally Managed Certificate Services in this document, or visit the following Web sites:
Windows Server System Reference Architecture Certificate Services
Windows Server 2003 Technical Library: Designing a Public Key Infrastructure
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Proactively managing bandwidth to branch offices |
|
|
Attributes:
Identified and documented branch office topology.
Created requirement specification based on the needs of all branch office types.
Created a plan and architecture for branch office service consolidation and identified performance thresholds for reexamination of branch office WAN requirements.
Implemented plan to optimize branch office services against WAN link limitations.
For more details, see Proactively Managed Bandwidth to Branch Offices in this document, or visit the following Web sites:
Branch Office Infrastructure Solution for Microsoft Windows Server 2003 Release 2 (BOIS R2)
Solution Accelerator for Consolidating and Migrating LOB Applications
Capability: Data Protection and Recovery
The Rationalized level of optimization requires that your organization has procedures and tools in place to manage backup and recovery of data on servers and to control centralized backup of branch office data.
Requirement: Data Protection and Recovery |
Yes |
No |
|---|---|---|
Centrally managing data backup for your branch offices |
|
|
Attributes:
Created a centralized data backup plan and a recovery plan for branch offices in your organization.
Implemented a backup and recovery plan for centralized control of backup and recovery operations, either via network-centralized tools or operational guidelines for local backup and recovery, with defined service levels.
For more details, see Centrally Managed Data Backup for Branch Offices in this document, or visit the following Web sites:
Requirement: Data Protection and Recovery |
Yes |
No |
|---|---|---|
Service level agreement (SLA) for system backup and restore, and defined recovery times for 80 percent of your servers |
|
|
Attributes:
Created a data backup plan and a recovery plan for 80 percent or more of all servers in your organization.
Used drills to test your plans and validate defined recovery times.
For more details, see Backup, Restore, and Defined Recovery Times for Servers in this document, or visit the following Web sites:
Capability: Security and ITIL/COBIT-based Management Process
The Rationalized level of optimization requires that your organization has defined procedures for risk management, incident management and response, application testing, problem management, user support, configuration management, and change management.
Requirement: Security and ITIL/COBIT-based Management Process |
Yes |
No |
|---|---|---|
Established security processes for two-factor user authentication, standard security review for new software acquisitions, and data classification |
|
|
Attributes:
Developed and implemented two-factor identity and access management policies.
Developed a process to manage security requirement testing on all acquired or developed software.
Established a standard and repeatable procedure for classifying sensitive data.
For more details, see Two-Factor User Authentication, Standard Security Review for New Software Acquisitions, and Data Classification Processes * *in this document, or visit the following Web sites:
Requirement: Security and ITIL/COBIT-based Management Process |
Yes |
No |
|---|---|---|
Implemented best practices for operating, optimizing, and change processes in your IT organization |
|
|
Attributes:
Implemented service level management across IT operations.
Implemented best practice release management.
Optimized network and system administration processes.
Implemented best practice job scheduling.
For more details, see Operating, Optimizing, and Change Processes in this document, or visit the following Web site:
Preparing to Implement Core IO Requirements
The detailed capability and requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized guide will expose you to the high-level context of the processes and technologies necessary to help implement the requirements of the Core Infrastructure Optimization Model at the Rationalized level. These sections provide contextual detail for areas to focus on, an introduction to processes and technologies, and links to relevant implementation guidance throughout.
Microsoft Core IO requires that directory services are based on Active Directory in Microsoft Windows Server products. Microsoft partner and third-party solutions can be used to meet all requirements in the model if functionality meets defined requirements.
Phased Approach
Microsoft recommends a phased approach to meeting the requirements of each of the IO capabilities. The four phases are shown in the following graphic.
.gif "Figure 2. Four phases of the IO capabilities")
Figure 2. Four phases of the IO capabilities
In the Assess phase you determine the current capabilities and resources within your organization.
In the Identify phase you determine what you need to accomplish and what capabilities you want to incorporate.
In the Evaluate and Plan phase you determine what you need to do to implement the capabilities outlined in the Identify phase.
In the Deploy phase you execute the plan that you built in the prior phase.
Solution Currency
The detailed Capability and Requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized guide highlight guidance and technologies available from Microsoft as of the release date of the document. We expect that these technologies will evolve, as will the accompanying guidance. Please visit Microsoft TechNet regularly for any updates to products and capabilities referred to in this document.
Implementation Services
Implementation services for the projects outlined in this document are provided by Microsoft partners and Microsoft Services. For assistance implementing Core Infrastructure Optimization projects highlighted in the Core Infrastructure Optimization Implementer Resource guides, contact a Microsoft partner near you or visit the Microsoft Services Web site for more details.