Resource Guide Overview
This document provides a technology roadmap for implementing IT capabilities highlighted in the Microsoft Infrastructure Optimization Model (explained in the following sections). We recommend that you use the steps outlined in this guide to become familiar with the tools, processes, and concepts in the Infrastructure Optimization Model.
These resource guides are not meant to be used to deploy new IT services or capabilities. Their purpose is to outline the high-level considerations, steps, processes, and Microsoft tools you can use to bring greater efficiency, organization, and profitability to your IT department as you implement those capabilities and services.
On This Page
.gif "Audience"){kind=icon}
Audience
Infrastructure Optimization Concept
Core Infrastructure Optimization Capabilities
Core Infrastructure Optimization Model Levels
Core Infrastructure Optimization Capability Overview
Audience
This document is designed for IT professionals who are responsible for planning, deploying, and operating IT systems and data centers, and who want to implement the technology and procedural concepts of the Infrastructure Optimization Model.
Infrastructure Optimization Concept
Microsoft Infrastructure Optimization (IO) is structured around three information technology models: Core Infrastructure Optimization, Application Platform Infrastructure Optimization, and Business Productivity Infrastructure Optimization. Each of these IO models contains four levels of process maturity and capability classifications as logical groupings of requirements for each level of maturity. Core IO focuses on the foundational elements of IT services and components; Application Platform IO focuses on best practices for software development; and Business Productivity IO focuses on the infrastructure required to maximize communication, collaboration, and end-user productivity. The following table highlights the capabilities of each IO model.
Model |
Capabilities |
|---|---|
Core Infrastructure Optimization Model (Core IOM) |
Identity and Access Management Desktop, Device and Server Management Data Protection and Recovery Security and Networking Security Process |
Application Platform Infrastructure Optimization Model(AP IOM) |
User Experience SOA and Business Process Data Management Development Business Intelligence |
Business Productivity Infrastructure Optimization Model(BP IOM) |
Collaboration and Communication Enterprise Content Management Business Intelligence |
The Infrastructure Optimization concept helps customers realize dramatic cost savings for their IT infrastructure by moving toward a secure, defined, and highly automated environment. It prescribes capabilities in a logical sequence to help organizations advance up the levels at a measurable and achievable pace. As a basic IT infrastructure matures, security improves from vulnerable to dynamically proactive, and administrative and managerial processes change from highly manual and reactive to highly automated and proactive.
Microsoft and its partners provide the technologies, processes, and procedures to help customers move along the infrastructure optimization path. Processes move from fragmented or nonexistent to optimized and repeatable. Customers' ability to use technology to improve their business agility and to deliver business value increases as they move from the Basic level to the Standardized level, to the Rationalized level, and finally to the Dynamic level. These levels are defined later in this guide.
The Infrastructure Optimization Model has been developed by industry analysts, the Massachusetts Institute of Technology (MIT) Center for Information Systems Research (CISR), and Microsoft's own experiences with its enterprise customers. A key goal for Microsoft in creating the Infrastructure Optimization Model was to develop a simple way to use a maturity framework that is flexible and can easily be used as the benchmark for technical capability and business value.
The first step in using the model is to evaluate the current maturity level of your IT infrastructure within the model. This helps to determine what capabilities your organization needs, and in what sequence these capabilities should be deployed.
This document focuses on moving from the Rationalized level of IT infrastructure and processes to the Dynamic level in the Core Infrastructure Optimization Model. Other resource guides in this series focus on the capabilities necessary to move from lower levels in the Core Infrastructure Optimization Model.
Core Infrastructure Optimization Capabilities
The Core Infrastructure Optimization Model defines five capabilities that are initial requirements to build a more agile IT infrastructure. These five capabilities are the foundation of each of the maturity levels.
Identity and Access Management
Describes how customers should manage people and asset identities, how to implement solutions to manage and protect identity data, and how to manage access to resources from corporate mobile users, customers, and/or partners outside of a firewall.
Desktop, Device and Server Management
Describes how customers should manage desktops, mobile devices, and servers, in addition to how to deploy patches, operating systems, and applications across the network.
Data Protection and Recovery
Provides structured and disciplined backup, storage, and restore management. As information and data stores proliferate, organizations are under increasing pressure to protect information and provide cost-effective and time-efficient recovery when required.
Security and Networking
Describes what customers should consider implementing in their IT infrastructure to help guarantee that information and communication are protected from unauthorized access. Also provides a mechanism to protect the IT infrastructure from denial attacks and viruses, while preserving access to corporate resources.
Security Process
Provides proven best practice guidance on how to cost-effectively design, develop, operate, and support solutions while achieving high reliability, availability, and security. Although rock-solid technology is necessary to meet demands for reliable, available, and highly secure IT services, technology alone is not sufficient; excellence in process and people (skills, roles, and responsibilities) is also needed. This document addresses Security Process and IT Process (ITIL/COBIT-based Management Process) in separate sections.
Core Infrastructure Optimization Model Levels
In addition to capabilities, the Core Infrastructure Optimization Model defines four optimization levels (Basic, Standardized, Rationalized, and Dynamic) for each capability. The characteristics of these optimization levels are as follows:
Optimization Level 1: Basic
The Basic IT infrastructure is characterized by manual, localized processes; minimal central control; and nonexistent or unenforced IT policies and standards for security, backup, image management and deployment, compliance, and other common IT practices. Overall health of applications and services is unknown due to a lack of tools and resources. Generally, all patches, software deployments, and services are provided manually.
Optimization Level 2: Standardized
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; to control the way machines are introduced into the network; and by using Active Directory® directory service to manage resources, security policies, and access control. Customers in a Standardized state have realized the value of basic standards and some policies, yet still have room to improve. Generally, all patches, software deployments, and desktop service are provided through medium touch with medium to high cost. These organizations have a reasonable inventory of hardware and software and are beginning to manage licenses. Security measures are improved through a locked-down perimeter, but internal security may still be a risk.
Optimization Level 3: Rationalized
The Rationalized infrastructure is where the costs involved in managing desktops and servers are at their lowest and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. Security is very proactive and responding to threats and challenges is rapid and controlled. The use of zero touch deployment helps minimize cost, the time to deploy, and technical challenges. The number of images is minimal, and the process for managing desktops is very low touch. These customers have a clear inventory of hardware and software and only purchase the licenses and computers they need. Security is extremely proactive with strict policies and control, from the desktop to server to firewall to extranet.
Optimization Level 4: Dynamic
Customers with a Dynamic infrastructure are fully aware of the strategic value that their infrastructure provides in helping them run their business efficiently and staying ahead of competitors. Costs are fully controlled; there is integration between users and data, desktops, and servers; collaboration between users and departments is pervasive; and mobile users have nearly on-site levels of service and capabilities regardless of location. Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to business needs. Additional investments in technology yield specific, rapid, measurable benefits for the business. The use of self-provisioning software and quarantine-like systems for ensuring patch management and compliance with established security policies allows the Dynamic infrastructure organization to automate processes, thus helping improve reliability, lower costs, and increase service levels.
Core Infrastructure Optimization Capability Overview
The following image lists the basic requirements for each capability to advance through the optimization levels.
.gif "Figure 1. Capability requirements of each optimization level")
Figure 1. Capability requirements of each optimization level
For more information, including customer case studies and business value information, visit https://www.microsoft.com/technet/infrastructure/default.mspx.
Self Assessment
Microsoft has developed a self-assessment tool that you can use to determine your current optimization level. We recommend that you use this tool before proceeding with this guide. The tool is based on the material presented in this guide. To access the self-assessment tool, visit https://www.microsoft.com/business/peopleready/coreinfra/ac/default.mspx.
The following section presents questions for each of the core capabilities that direct you to relevant sections of this planning guide. Your answers to the questions will dictate which sections contain guidance applicable to your organization. Many requirements in the following section have minimum attributes associated with them. If your organization meets every requirement and requirement attribute outlined in this section, you have already achieved the Dynamic level. At this point, your organization will have implemented continuous improvement methodologies to determine how to reach further levels of organizational maturity beyond the Dynamic level in your IT organization. You can print this section as a scorecard for determining which requirements and attributes you need to implement in your organization.
Capability: Identity and Access Management
The Dynamic level of optimization requires centrally managed user provisioning across heterogeneous similar systems, as well as federated identity management across organizational and platform boundaries. By moving to the Dynamic level, this guide assumes the requirements for the Rationalized level have already been met, including the presence of directory-based tools and procedures for enforcement of desktop and server configuration and security policies, information protection procedures and infrastructure in place, and managed local policy and security templates implemented on desktops.
Requirement: Identity and Access Management |
Yes |
No |
|---|---|---|
Centralized automated user account provisioning (for example, issuing new accounts, changing passwords, synchronizing permissions, or enabling access to business applications) across 80 percent or more of heterogeneous systems. |
|
|
Attributes:
Defined current identity object provisioning workflows in your organization, as well as areas to improve or optimize.
Identified technologies used to manage object identity life cycles.
Implemented a consolidated solution to automate common user account provisioning workflows.
For more details, see automated user account provisioning in this document, or visit the following Web sites:
Requirement: Identity and Access Management |
Yes |
No |
|---|---|---|
Implemented a federated directory-based tool to enable authenticated access to external customers, service providers, and business partners. |
|
|
Attributes:
Validated need for providing authenticated access to external entities.
Determined strategies and policies for providing external access to defined resources.
Implemented technologies to ensure secure access for defined external users to defined services.
For more details, see federated directory-based services to authenticate external users in this document, or visit the following Web sites:
Capability: Desktop, Device and Server Management
The Dynamic level of optimization requires that your organization has procedures and tools in place to automate service management of mobile devices and to get them close to parity with desktops in regards to manageability and security. Additionally, the Dynamic level requires the use of virtualization in production for the consolidation and balancing of server workloads. By moving to the Dynamic level, this guide assumes the requirements for the Rationalized level have already been met, including automated hardware and software asset management, automated patch management to desktops and servers, automated operating system image deployment, desktop image consolidation using thin images with recent software and operating systems, and plans in place to begin using virtualization technologies in production.
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Tools in place to perform automated infrastructure capacity planning for primary IT services (such as e-mail). |
|
|
Attributes:
Identified primary IT service candidates for automated capacity planning.
Created capacity models to automate capacity planning or implemented capacity planning tools.
For more details, see automated infrastructure capacity planning in this document, or visit the following Web sites:
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Management of mobile devices and access to IT services and applications nearly at parity with managed desktop and laptop computers. |
|
|
Attributes:
Implemented secure technologies to provide access to primary line-of-business applications (for example, LOB apps, CRM, or supply chain) via mobile devices.
Established defined set of standard basic images for mobile devices.
Implemented an automated solution to continuously update configuration settings and/or applications in mobile devices.
Deployed an automated quarantine solution for mobile devices.
Implemented an automated patch management solution for mobile devices.
Implemented an automated asset management solution for mobile devices.
For more details, see dynamic mobile device management and access in this document, or visit the following Web sites:
Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2
Requirement: Desktop, Device and Server Management |
Yes |
No |
|---|---|---|
Implemented virtualization to dynamically move workloads from server to server based on resource needs or business rules. |
|
|
Attributes:
Deployed a subset of production IT services or applications to virtual machines.
Actively managing and optimizing system resources on shared hardware devices.
For more details, see implementing virtualization in this document, or visit the following Web sites:
Solution Accelerator for Consolidating and Migrating LOB Applications
Implementation Guide in the Solution Accelerator for Consolidating and Migrating LOB Applications
Capability: Security and Networking
The Dynamic level of optimization requires that your organization has implemented integrated threat management and mitigation across client and server edge, true service level monitoring of defined services extending from the data center to end users, and a quarantine solution for unpatched or infected computers. By moving to the Dynamic level, this guide assumes the requirements for the Rationalized level have already been met, including policy-managed local firewalls on servers and desktops, secure wireless network deployed, IPsec solution implemented, public key infrastructure (PKI) and certificate services in place, as well as secure remote access via virtual private networks (VPNs) and optimized wide area network (WAN) links to branch offices.
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Integrated threat management and mitigation across clients and server edge. |
|
|
Attributes:
Assessed server edge security threats and evaluated threat mitigation solutions.
Implemented technology solutions to protect against Internet-based threats across the client and server edge.
For more details, see threat management and mitigation in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Model-enabled service level monitoring of desktops, applications, and server infrastructure. |
|
|
Attributes:
Defined desktop, application, and server infrastructure service models.
Evaluated technologies for monitoring availability of connections and components across defined services.
Implemented automated solution to define and monitor service levels.
For more details, see model-enabled service level monitoring in this document, or visit the following Web sites:
Requirement: Security and Networking |
Yes |
No |
|---|---|---|
Automated quarantine solution for unpatched or infected computers. |
|
|
Attributes:
Evaluated technologies to enable network quarantine for remote and on-site users.
Implemented VPN quarantine solution for remote users.
For more details, see automated quarantine services in this document, or visit the following Web sites:
Capability: Data Protection and Recovery
The Dynamic level of optimization requires that your organization has procedures and tools in place to manage backup and recovery of data on desktops. By moving to the Dynamic level, this guide assumes that the requirements for the Rationalized level have already been met, including defined backup and recovery services for all managed servers in central, hub, and branch locations.
Requirement: Data Protection and Recovery |
Yes |
No |
|---|---|---|
Implemented defined backup and restore services with service level agreements (SLAs) for 80 percent or more of desktops. |
|
|
Attributes:
Established goals for the desktop backup and recovery service.
Defined and implemented a suitable backup and restore service for desktops in the organization and established SLAs.
For more details, see managed backup for desktops in this document, or visit the following Web sites:
Windows XP Professional Resource Kit: Backing Up and Restoring Data
Windows Server System Reference Architecture Backup and Recovery Services
Capability: Security and ITIL/COBIT-based Management Process
The Dynamic level of optimization requires that your organization is optimizing and continually improving its delivery of IT services. At the Rationalized level, service level agreements were in place for server monitoring and backup and recovery services. At the Dynamic level, SLAs are extended to all managed IT services, and security also becomes more sophisticated with advanced two-factor authentication using biometric scans or equivalent to access highly sensitive or critical data.
Requirement: Security and ITIL/COBIT-based Management Process |
Yes |
No |
|---|---|---|
Established security processes and technologies to enable advanced two-factor user authentication (such as biometric scans) for highly sensitive data. |
|
|
Attributes:
- Developed and implemented advanced two-factor identity and access management policies for highly sensitive data.
For more details, see advanced two-factor user authentication in this document, or visit the following Web sites:
Requirement: Security and ITIL/COBIT-based Management Process |
Yes |
No |
|---|---|---|
Implemented best practices for further optimizing your IT organization. |
|
|
Attributes:
Implemented best practice Availability Management.
Implemented best practice Financial Management.
Implemented best practice Infrastructure Engineering.
Implemented best practice IT Service Continuity Management.
Implemented best practice Workforce Management.
For more details, see optimizing processes in this document, or visit the following Web site:
Preparing to Implement Core IO Requirements
The detailed capability and requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Rationalized to Dynamic guide will expose you to the high-level context of the processes and technologies necessary to help implement the requirements of the Core Infrastructure Optimization Dynamic level. These sections provide contextual detail for areas to focus on, an introduction to processes and technologies, and links to relevant implementation guidance throughout.
Microsoft Core IO requires that directory services are based on Active Directory in Microsoft Windows Server® products. Microsoft partner and third-party solutions can be used to meet all requirements in the model, if functionality meets defined requirements.
Phased Approach
Microsoft recommends a phased approach to meeting the requirements of each of the IO capabilities. The four phases are shown in the following graphic.
.gif "Figure 2. Four phases of the IO capabilities")
Figure 2. Four phases of the IO capabilities
In the Assess phase you determine the current capabilities and resources within your organization.
In the Identify phase you determine what you need to accomplish and what capabilities you want to incorporate.
In the Evaluate and Plan phase you determine what you need to do to implement the capabilities outlined in the Identify phase.
In the Deploy phase you execute the plan that you built in the prior phase.
Solution Currency
The detailed Capability and Requirement sections of the Core Infrastructure Optimization Implementer Resource Guide: Rationalized to Dynamic guide highlight guidance and technologies available from Microsoft as of the release date of the document. We expect that these technologies will evolve, as will the accompanying guidance. Some products or technologies are in the process of being released as this guidance has been written; in these cases relevant products are described in brief and hyperlinks are provided to corresponding Microsoft TechNet Web sites. Please visit Microsoft TechNet regularly for any updates to products and capabilities referred to in this document.
Implementation Services
Implementation services for the projects outlined in this document are provided by Microsoft partners and Microsoft Services. For assistance implementing Core Infrastructure Optimization projects highlighted in the Core Infrastructure Optimization Implementer Resource guides, contact a Microsoft partner near you or visit the Microsoft Services Web site for more details.