En esta presentación analizamos varias herramientas de administración disponibles en Microsoft para mejorar nuestra infraestructura.
Ing. Eduardo Castro Martinez, PhD
Microsoft SQL Server MVP
http://ecastrom.blogspot.com
http://mswindowscr.org
http://comunidadwindows.org
4. Packaged Knowledge Packaged Best Practices Partner Ecosystem
Knowledge
Management Packs Solution Accelerators Hardware
Operation Microsoft Operations ISV
Configuration Framework MOF/ITIL) System Integrators
Connectors for Microsoft Consulting Services
Interoperability Process Improvement
Deployment
Knowledge Creation
Data Center
Management
Solutions
Products
Desktop & Device
Management
Infrastructure
Windows Platform Virtualization Technology Open Standards
Active Directory Server Virtualization WS-Management
Windows WorkFlow Application Virtualization Open Pegasus
WMI Desktop Virtualization SML/CML
WSUS Presentation Virtualization
Powershell
5. Configuration End to End Server Data Protection
Management Monitoring Compliance and Recovery
Automated Proactive Platform Configuration Business Continuity
Provisioning Monitoring Controls and Through
and Updating Application & Reporting Virtualization
of Physical Service Level Centralized Mgmt
and Virtual Monitoring Security Auditing Backup
Environments Interoperable Comprehensive and Recovery of
Server and Extensible Security & Identity Physical and
Consolidation Platform and Access Mgmt Virtual Resources
Through Disaster Recovery
Physical
Virtualization
Virtual
6.
7. Configuration Manager R2 with multicast
Enhanced OS provisioning Ops Mgr R2
Cross-platform monitoring of Unix, Linux
VMM 2008 computer support
and unknown Ops Mgr v4
Native Connectors for interoperability
VMware ESX server support
Service Manager Service Manager
Network-aware service monitoring
Service Manager change and configuration Automated incident generation direct from
management workflows operational alerts
Baseline Compliance Solution Accelerator
Ops Mgr R2 DPM vNext
Increased onsite and offsite data protection
Support for service management based
Additional Config Packs capabilities
VMM 2008
compliance practices via Service Manager
Service Manager Additional Windows workloads protected
Compliance Solution Accelerator Dynamically manage virtual hosts to avoid
downtime using PRO tips
9. Proliferation of Flexible
Devices Work Styles
Laptops outselling 30% of workforce
desktops for the first mobile in 3 years (IDC)
time (IDC) 50% of workers travel
4x number of managed with non-pc device by
devices than PCs by 2012 (Gartner)
2009 (The Economist)
Anywhere Security and
Access Compliance
Broadband increase to 81% surveyed report
64% of US households their business reported
by 2011 (Forrester) missing laptops with
3.3 Billion people have confidential data in
mobile phone service past year (Ponemon
(Int.Telco Union) Institute Survey)
10. Adaptive Application Delivery Windows Vista Deployment
Managed client application Automated OS
delivery via traditional and deployment via image
virtual methods standardization
Client Infrastructure Monitoring Remote PC Diagnostics & Repair
Client health monitoring Out of band remote
and proactive issue diagnostics and
identification remediation with Intel
vPRO
End-Point Security Management Configuration Compliance
Enforced compliance with Assess systems
system health policy compliance against
definitions via established configuration
remediation baselines Compliance
Baseline
Solution Accelerator
11. Understand Applications
& Hardware
Restore
Understand
Applications
Compatibility
& State
Deploy OS
16. What Is Virtual Server?
What Is Windows Server Virtualization?
Windows Server Virtualization
Requirements
Windows Server Virtualization Features
Windows Server Virtualization Architecture
17. Virtual Server:
Is a hypervisor that runs parallel to the
Windows operating system (hybrid VMM)
Works with earlier versions of Windows
Server
Stores disks in .vhd files
Stores configuration settings in .vmc files
Hardware devices are emulated
18. Windows Server Virtualization:
Is a bare metal hypervisor for 64-bit editions of the Windows Server 2008
operating system
Supports dynamic resource allocation
Supports 32-bit and 64-bit guests
Supports live migration of virtual machines
Parent
Partition Child Partition Child Partition
Applications Applications Applications
Windows
OS 1 OS 2
Server 2008
Windows Hypervisor
Hardware
19. Software Requirements:
Windows Server 2008 Standard, Enterprise, or Datacenter
Windows Server 2008 64-bit editions only
Windows Server 2008 Enterprise includes licenses for up to 4 virtualized
servers
Windows Server 2008 Datacenter includes licenses for an unlimited number of
virtualized servers
Hardware Requirements:
• 64-bit x86 processor
• Hardware assisted virtualization
— AMD-V or Intel VT
• Hardware enabled Data Execution Prevention
— AMD NX (no execute bit)
— Intel XD (execute disable)
20. Features of Windows Server Virtualization:
Large memory support in VMs
Multiprocessor support in VMs
Support for network offload technologies
Virtual machine snapshots
Scripting interface
Minimum and maximum thresholds for CPU and network
Offline Virtual Hard Disk manipulation
Automatic failover to a recovery site
21. Provided by:
Parent Partition
Windows
Virtualization Stack
Child Partitions Windows
Virtualization
WMI Provider ISV
Applications
VM VM Worker OEM
Service Processes
User Mode
Virtualization
Server Core Virtualization Service Clients Windows Kernel
Service (VSCs)
Windows Providers
Kernel IHV (VSPs) VM
Enlightenments
Drivers Bus
Kernel Mode
Windows Hypervisor
―Designed for Windows‖ Server Hardware
22. System Center Virtual Machine Manager
enables:
Centralized deployment and management of
VMs
Placement analysis
Physical to virtual conversion
Creation of a library of VM components
Delegated self-service provisioning
23. Quick Migration enables VMs on a SAN to be migrated to a standby server
Planned migration:
• State is saved to disk then restored on standby server
• Downtime depends on memory and speed of SAN
• Downtime can be only several seconds
Unplanned migration
• State is not saved
• Virtual machine is restarted on standby server
• Downtime will be minutes
25. Active Directory Rights Management Services (AD RMS) is an information
protection technology that works with AD RMS-enabled applications to help
safeguard digital information from unauthorized use
AD RMS can be used to:
Restrict access to an organization’s intellectual property
Limit the actions users can perform on content
Limit the risk of content being exposed outside the organization
26. RMS
1 Server
4
5
2 3
Information Recipient
Author
27. Action Application Features
Microsoft® Office:
• Word • Set rights (View, Change, Print)
Protect Sensitive Files
• Excel® • Set validity period
• PowerPoint®
• Help protect sensitive e-mail from
being sent to the Internet
Do-Not-Forward/Print Microsoft Office
E-mail Outlook® • Help protect confidential e-mail
from being taken outside of the
company
• Internet Help safeguard intranet content by
Explorer® restricting access to:
Help Safeguard View
Intranet Content • Microsoft Office
SharePoint® Change
Services Print
Identity Federation All RMS-enabled Help safeguard data across AD FS
Support applications trusts
28. Active Directory
SQL Server
Domain Controller
AD RMS Server
RMS Enabled
Application
Information
Author Recipient
29. AD RMS Certificates and Licenses
include:
Lockbox
Machine certificate
Rights account certificate
Client licensor certificate
Publishing license
Use license
Revocation list
30. SQL Server Active Directory
Domain Controller
3 AD RMS
Server
2 1
RMS-
enabled
Application
4
Information Recipient
Author
31. 3
SQL Server Active Directory
Domain Controller
2
AD RMS
Server
4 5
1
RMS-enabled
Application
Information Recipient
Author
33. Overview of Active Directory Certificate
Services
Understanding Active Directory Certificate
Services Certificates
Implementing Certificate Enrollment and
Revocation
34. A certificate consists of a digital file that has two parts
• Base certificate information • Public Key
• Public keys are distributed to all clients who request the key
• Private keys are stored only on the computer from which the certificate
was requested
35. Plaintext SSL Plaintext
(Encrypted)
Web Encrypt Decrypt Web
Server Client
Different keys
are used to
encrypt and
decrypt the
message
Private Key Public Key
36. Certificate templates:
• Define what certificates can be issued by the CAs
• Define certificates used for various purposes
• Define which security principals have permissions to read, enroll, and
configure the certificate template
37. A Certification Authority (CA) is an entity entrusted to issue certificates to:
• Individuals
• Computers
• Organizations
• Services
These certificates verify the identity and other attributes of the certificate
subject to other entities
38. CA hierarchies include a root CA and one or more levels of subordinate CAs
Reasons for deploying more than a single server CA hierarchy:
• Usage
• Organizational divisions
• Geographic divisions
• Load balancing
• High availability
• Restrict administrative access
39. When implementing a CA solution, you
can:
• Use an internal private CA
• Use an external public CA
Internal CAs are less expensive and provide more administrative options, but
the issued certificates are not trusted by external clients
40. Enterprise Stand-Alone
Can use without AD DS
Uses Group Policy for Trusted Root
propagation
Publishes certificates and CRL to AD DS
Can enforce credential checks during
enrollment
Can have subject name generated
automatically from logon credentials
Can use certificate templates
Can be used to generate smart card
Windows domain authentication
certificates
Can use certificate auto-enrollment
41. What methods are used for certificate
enrollment?
• Web Enrollment
• Manual/Offline Enrollment
• Automatic Enrollment
42. To obtain a certificate using manual enrollment:
1 Create a certificate request
2 Submit certificate request to CA
3 Obtain administrative approval for certificate
4 Retrieve certificate from CA and install on client
43. Group Policy
triggers automatic
request
Enterprise
CA
Group
Policy
Domain
Computer
Auto-enroll is enabled on the
template from which the
requested certificate is created
44. Certificate revocation occurs when a certificate is invalidated before its
expiration period
Clients can ensure the certificate has not been revoked
by using the following methods:
• Online Certificate Status Protocol responder service (OCSP)
• Certificate Revocation Lists (CRLs)
47. Visual Studio Team Suite
Visual
Architecture Development Test Database Studio
Industry
Edition Edition Edition Edition Partners
MSF Process and Guidance
Modeling Code Analysis Load & Manual Database
Code Metrics Testing Deployment
Profiling Change Mgmt
DB Testing
Code Coverage
Visual Studio Professional Edition
Test Load Agent
Team Foundation Server
Version Control Reporting and BI Team Build
Work Item Tracking Team Portal
48. Visual Studio
Your VSIP Package Your PCW plug in Your
.NET App
Your TE Node
Team Foundation OM
Work Item OM Version Control OM Registration Svc Proxy Linking Service Proxy
Policy Framework Eventing Service Proxy Security Service Proxy
Common Controls Classification Svc Proxy Client
Application Tier
Changeset / Source File Work Item Build Your Artifacts
Version Control Service Work Item Tracking Svc Team Build Service Your Service
Warehouse Adapter Warehouse Adapter Warehouse Adapter Warehouse Adapter
Registration Service Linking Service Eventing Service Security Service Classification Service
TF Facts Data Tier
TF Data TF Facts Your Data
Your Facts
Reporting
Warehouse
49.
50. Logical Class Diagram
Use Case Diagram
Sequence Diagram
Component Diagram
Activity Diagram
.Net Class Diagram
Model Explorer
51. Work item tracking ensures
traceability.
Work Item Database
& Queries
Metrics Warehouse
52. Hierarchal Work Items
Improved Excel-based Agile planning tools
High fidelity integration with Microsoft
Project Server
Cross project dashboard and reporting
Simpler reporting
62. Communication and Collaboration challenges
•Be part of a virtual team
•Share and contribute information My Manager
•Connect with the right person in the
right way
My team
Role 3: External Contacts:
Capital city /
Contractors
Global
Customers
Partners
•Work Anywhere Other Dept
•Connect with the – HR,
right person in the Role 1: YOU
Legal,
right way Accounts
•Search, Share
and Find
information •Share information
•Mobile enable •Working across geographically dispersed
locations
Role 2: Company employee •Connect with the right people at the right time
Home/Hotel Room/Cafe •Seamless transition from communication modes
for ad hoc and formal situations
63. Voice and e-mail as separate inboxes
Different servers, access mechanisms
Desktop software (e-mail)
Phone (voice mail)
Fax messages
Stand-alone fax machines
Users and administrators must manage
their messages from multiple locations
with different tools
“With Exchange Server 2007, we look forward to
being able to communicate better…Will this
technology help us sell more golf clubs? In this case,
yes, we believe that better communication will help
us sell more golf clubs.”
—Eric Hart, End-User Computing Manager, PING Inc.
64. Convenient, integrated access to your
vital business communications
Reducing costs, increasing operational
efficiency by consolidating
infrastructure, training
Unified store, transport, directory
Increasing client reach to the telephone
―Anywhere access‖ to your messages,
calendar, contacts
“Having anywhere access to e-mail and voice mail is
going to be a huge benefit... People can access
information and interact with it using a variety of
devices, at work, at home, and on the road; and all of
this translates directly into productivity.”
—Steven Presley, Senior IT Engineer for Messaging,
QUALCOMM
65. Custom Rendering
Voice messages
Play (multimedia)
Play on phone
Fax messages
Voice mail options
Reset PIN
E-mail folder
Missed call
notifications
66. Phone interface to Exchange Server 2007
Speech enabled (English) or Touch Tone
Voice
Play, forward, delete, call sender, etc.
E-mail messages
Language detection, play, forward, delete, find, hide etc.
Calendar
Accept invitation, play details, clear, etc.
Personal contacts, directory
Call (office/cell/home), send a message
67.
68. VoIP protocols
(SIP, RTP, T.38)
between UM and
IP PBX/gateway
Works with many
varieties of PBX
Well suited to site
consolidation
Scalable, reliable
69. UC endpoints
QOE
Public IM Monitoring
Archiving
Clouds CDR
AOL
MSN DMZ
Yahoo Data Inbound
Audio/ Routing
Video
Outbound
SIP
Routing
Remote Voice Mail
Users Routing
Active
Access Front-End Server(s) Conferencing Backend
(IM, Presence) Server(s) SQL server Directory
Server
Exchange
Mediation Server
Federated 2007 Server UM
Businesses
(SIP-PSTN GW)
Voicemail
PRI
PSTN PBX
70. Role Scenario Purpose
Standard Edition All All-in-one functionality for proof-of-concepts
Enterprise Edition: Front End All SIP communications between client and servers
Enterprise Edition: Back End All SQL Server: Back End store for state information
Director External Access Authentication of external users
Edge Server External Access Remote access, federation, PIC, media traversal
Mediation Server Voice Interoperability with IP-PSTN Gateways
Archiving Server All Compliance and Call Detail Records
Communicator Web Access Web Access Web Access for IM and Presence functionality
71. Consolidated Configuration
Example Deployment
Medium Size Business
AD Regional Deployment
Functionality
SQL IM, Presence, Peer-to-peer Voice, Conferencing
Highly Available, Medium Scale
No External Access
Enterprise Edition Front-End PSTN requires Mediation Server
Servers: Consolidated
Server Roles IIS Share
Presence Audio/Video
Conferencing
Scalability
5 Servers
Up to 30,000 users
72. Expanded Configuration
Example Deployment
Large Enterprise
AD
Central Datacenter
Active Passive
Functionality
Enterprise Edition
SQL SQL
IM, Presence, Voice, Conferencing
Front-End Servers: Expanded Back-end Back-end
Server Server
No external access, No PSTN
Server Roles
IIS Servers
A/V Conferencing
Servers
Web
Conferencing
Scaled-out across servers
Servers
High Availability, High scale
Enterprise Pool: Expanded
Scalability
14 Servers
Up to 125,000 users
73. External
Access
(Primary)
AD
Access
Edge Server
Traffic: SIP
Web Conf Edge
Server
Traffic: PSOM
Internet Corporate
Network
A/V Conf
Edge Server
DMZ Traffic: A/V
Active Passive
REDMOND Datacenter
Traffic: HTTPS
DMZ
ISA (reverse proxy)
Corporate Network
SQL SQL
Primary
Access
Corporate Network
Loc 1 A
DMZ
Edge Server
Web Conf
Enterprise Edition Front-End Servers: Expanded
Back-end
Server
Back-end
Server Site
Edge Server
IP-PSTN GW
PSTN Internal Deployment Director Loc 2
A/V Conf
Edge Server
B
Region I IIS Servers A/V Conferencing Servers Web Conferencing Servers
Secure connection IP-PSTN GW Mediation
over TLS Server
Enterprise Pool: Expanded
Loc 3 ISA (reverse proxy)
B
WAN Link
Load Balancer
COMO Console
IP-PSTN GW Mediation
Server
Director authenticates
OCS Access
Corporate Network Edge Server OC
UC
phone ... remote user
SQL
Web Conf
Internet Edge Server
Secure OCS 2007 SE OCS 2007 SE
Internal Deployment
connection over
A/V Conf
Edge Server MTLS Load Balancer AD Secondary
User
authenticates Directors Site
Access Proxy Datacenter
SINGAPORE
ISA (reverse proxy)
External
Loc 1 A
Access
IP-PSTN GW (Secondary)
Pool A Pool B Pool C
PSTN Loc 2
B
Region II Enterprise Pool: Consolidated
IP-PSTN GW Mediation
Server
Loc 3
B
IP-PSTN GW
74. Ing Eduardo Castro, PhD
ecastro@grupoasesor.net
http://ecastrom.blogspot.com