PrivateCloud Solution Implementer Guide

Private Cloud
Solution Implementer Guide
Agenda
Recap Discussions to Date Solution Guidance

Phase 1 Phase 2 Phase 3
Customize the Solution Requirements

Next Steps
Engagement Approach
Business strategy Solution areas
Audience
Industry
Horizontal
Business executives
1. Understand business needs and priorities 2. Discuss range of potential solution capabilities
IT executives
1. Present relevant integrated capabilities 2. Position the Integrated Enterprise Platform approach
Architects IT pro/dev executives
Integrated Capability Analysis => Projects, architecture, products
Solution road map
Integrated Capability Analysis

Ensure target business capabilities cover process improvement priorities Translate business capabilities into required infrastructure capabilities Assess current infrastructure maturity Determine gaps to target integrated capabilities Build a road map for integrating capabilities and implementing solutions Specify required platform architecture, technologies, and services Baseline the Microsoft platform road map
Support for Priority Business Capabilities

Business Driver ADOPT A RESPONSIVE, FLEXIBLE, AND INTEROPERABLE APPLICATION PLATFORM Phase 1
Reduce time and cost for application maintenance and systems integration via refactoring of applications with serviceoriented architecture (SOA) to improve maintainability and ease of application and service integration, which is supported by project management processes and tools Reduce lead time to deploy and scale application capacity and increase the use of hardware and data center resources via virtualization of application workloads Improve application status monitoring to reduce downtime via centralized application monitoring administration tools to monitor application performance Improve application performance via integration of applications with application monitoring tools that provide rich insights into application performance across platforms Provide consistent interfaces to applications via published user interface guidelines and portals that centralize access to applications Manage credentials to allow only legitimate users access to devices, applications, and data via strong authentication and aggregation of identities across the enterprise into a single view
Phase 2
Reduce application development costs and timeframes via well-defined and consistent application development environments that support service-oriented architecture (SOA) principles and improve productivity of application development staff Improve return on development investments and promote consistency across applications, including support for multiple devices via consolidation and reuse of application platform services that support service-oriented architecture (SOA) principles and multiple devices, as well as portfolio and resource management processes and tools Improve the performance, reliability, and availability of enterprise applications and reusable application services via flexible, automated management of virtualized workloads and application services Reduce application downtime and time to remediate performance issues to achieve servicelevel agreements (SLAs) via centralized administration and reporting tools and dashboards for monitoring as well as integrated management of applications Optimize responsiveness in managing application performance via application management capabilities and processes that use deep integration of applications with systems management tools to configure and tune application performance Provide consistent, familiar, and streamlined user interfaces to application and common productivity tools via collaborative portals and workspaces that integrate application access with common content authoring, collaboration, and messaging services Easily and automatically provision and de-provision users' rights to access services in accordance with defined policies via managing the entire life cycle of user identities and their associated credentials, identity synchronization, certificates, and passwords
Phase 3
Reduce time-to-value of custom applications and application integration via virtualized standard application development environments that support service-oriented architecture (SOA) principles, as well as portfolio and resource management processes and tools Reduce time-to-value and maintenance while improving ubiquity and consistency of application services via integration of external application services into developed applications Improve application scalability while reducing data center costs via intelligent, automated management of application fabric to intelligently place virtual machines that optimize offered load and data center resource use Maximize insights into application performance to drive better application management decision making via tools for analysis, data mining, and data visualization of application monitoring and management information Provide centralized, integrated user interfaces for applications via bidirectional composite applications that abstract applications with an integrated interface Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications via federated identity and access management to enable the sharing of identity information more securely across organizational boundaries including to cloud environmentswhich enables private cloud Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies via digital certificates and smart cards

Business Driver IMPROVE DATA CENTER RELIABILITY AND RESPONSIVENESS AND REDUCE COSTS Phase 1
Centrally monitor the operations of essential data center services for availability and performance across platforms and physical and virtual environments via centralized, easy-to-use administrative tools to manage and monitor server workloads that are extensible and interoperable with thirdparty applications, services, and devices across multiple vendor platforms Make server, networking, and storage more efficient to provide maximum scalability and cost-effectiveness via network load balancing to increase performance by sharing workloads across multiple servers Ensure consistency and ease deployment of well-defined configurations via centrally maintained infrastructure and application configuration definitions Provide visibility into hardware and software assets and the identity and location of people who use them via an up-to-date inventory of all hardware and software assets Back up server data that supports critical services in accordance with standard IT practices and help ensure recovery from damaged or lost data, hardware failure, and disaster via identifying critical services based on value of data, cost of outage, and other business-driven metrics and via optimized techniques to help ensure successful backup of all critical servers according to outlined recovery goals
Phase 2
Centrally monitor and manage the operation of critical server infrastructure, end-user systems, and services over multiple physical and virtual environments to adhere to service-level agreements (SLAs) via centralized, easy-to-use administrative tools to manage and monitor server workloads that are extensible and interoperable with third-party applications, services, and devices across multiple vendor platforms and across multiple internal and external virtual and physical environments with automation of common management tasks Enable easy deployment and maintenance of managed images and configuration files based on well-defined configurations via a single management tool for easy deployment and maintenance of managed images and configuration files Provide the ability to repurpose a defined and consistent set of services, software, and hardware in response to new workload requirements via well-defined and consistent, managed images for deployment, application delivery, updates, patches, and security fixes in a single distribution Support changing workload requirements and deploy application and security updates for third-party and custom line-of-business applications via centralized catalogs of standard and custom services, software, and hardware, and automated tools for infrastructure and application configuration management Provide ongoing protection of data in the data center and ensure rapid data recovery to a near-current point in time that is acceptable to IT service owners via specifying multiple backup and recovery points that do not require recovery of the entire server Provide support to accommodate planned downtime and reduce unplanned downtime without affecting availability via failover clustering, streamlined maintenance, and disaster recovery options to eliminate single points of failure Realize high availability of data, increased performance, and greater protection in the data center to improve service delivery via fault tolerance and different storage capacities, performance, and management options that include highperformance storage, storage area network (SAN) backups, and maximum flexibility in allocating and sharing storage to enable use of private cloud technology
Phase 3
Deliver integration, efficiency, and business alignment of data center IT services by enabling informed and cost-effective decision making and proactive preventative maintenance via integrating information with reporting and flexible data mining, analysis, and dashboards from disparate IT management systems and administrative tools for real-time remote diagnosis and remediation of problems Use tools and automation to help optimize infrastructure to meet demand according to service-level agreements (SLAs) via endto-end service management and automated infrastructure and application configuration policy management, including service-level agreement (SLA) dashboards and advanced configuration reporting to enable use of private cloud technologies Ensure continual backup and archiving of data to enable recovery of any service to nearly any point in time, and enable rapid restoration of the data center environment via continuous or near-continuous data backup and archiving based on workload, including multiple recovery points for fast rollback, recovery of essential services, and one-touch application restoration Enable geographical diversification by providing high availability, disaster recovery options, and increased service uptime via business continuity solutions based on virtualization to deliver better business continuity at branch offices while optimizing the number of required physical servers

Business Driver IMPROVE DATA CENTER RELIABILITY AND RESPONSIVENESS AND REDUCE COSTS (Continued) Phase 1
Secure the IT infrastructure from attacks while preserving access to corporate resources across the enterprise, including endpoints, server applications, and the network via an environment that is secured through policy validation, network restriction, and ongoing monitoring of network health and via defense-in-depth across multiple layers Help enable secure remote access to information from virtually anywhere, wherever the business requires it via a secure and well-managed messaging and collaboration infrastructure Manage credentials to allow only legitimate users access to devices, applications, and data via strong authentication and aggregation of identities across the enterprise into a single view Provide IT administrators with an integrated view of the configuration status of servers and with detailed, location-specific views of potential issues to identify, assess, and mitigate risks via easy-to-use administrative tools to quickly and easily manage and monitor configuration controls across server workloads and to gain visibility into the state of the infrastructure Ensure alignment with business governance requirements via a definition of IT governance processes aligned with business governance processes Provide a nimble IT services delivery engine that supports business needs as they arise and drives down costs via a definition and implementation of mature, distinct roles for IT service management processes
Phase 2
Provide remote access to information that is more secure, while enabling IT administrators to centrally manage network access and to control and monitor health policies via enabling policybased access and defined and consistent security, management, and configuration controls; and by centralized audits of system security for collecting, storing, and analyzing security event data Easily and automatically provision and deprovision users' rights to access services in accordance with defined policies via managing the entire life cycle of user identities and their associated credentials, identity synchronization, certificates, and passwords Help improve security and compliance and centrally monitor and track changes to system configuration, to identify and audit security breaches and compliance failures via identity tracking and enforcement and a centralized database of audit logs that includes flexible custom views and configurable event logs Enforce security measures and monitor key security events for all servers and networking components in the data center to identify, assess, and mitigate compliance risks via reports and dashboards to help administrators investigate the causes of risks and non-compliance incidents so they can take measures to establish appropriate policies, procedures, and controls to mitigate exposure of non-compliance Enable faster and more consistent support for new business initiatives while maintaining security, privacy, and compliance via the definition of and compliance with mature, centralized IT governance processes supported by reporting and analysis tools Provide consistent IT services delivery across the entire organization via pooled and consistent IT service management across systems and data centers supported by reporting and analysis tools
Phase 3
Secure and manage users' internal and external access across systems, from virtually any location and any device via enforced security policies that provide robust protection and can flexibly support the connectivity needs of an increasing number of internal and external users, devices, system configurations, and network connection types Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications via federated identity and access management to enable the sharing of identity information more securely across organizational boundaries including to cloud environmentswhich enables private cloud Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies via digital certificates and smart cards Tighten risk management by ensuring automatic identification of security and compliance threats and by automating mitigation of all deviations from security policy via real-time dashboards, detailed configuration auditing, risk management and reporting, data mining of reported data, security metrics, and event data mining and analysis Enable IT to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor via compliance with well-defined interfaces between IT governance processes and all other IT service management processes, which are supported by portfolio and resource management processes and tools to enable private cloud

Business Driver TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS Phase 1
Improve maintainability and simplify integration with other applications and services via refactoring of applications with service-oriented architecture (SOA), which is supported by program management processes and tools Ensure alignment with business governance requirements via a definition of IT governance processes aligned with business governance processes Provide a nimble IT services delivery engine that supports business needs as they arise and drives down costs via a definition and implementation of mature, distinct roles for IT service management processes Enable measurement of usage in predetermined units of measurement for each IT service offered via implementation of tools to measure IT usage Allow for increased business agility by enabling a flexible IT infrastructure to improve performance and scalability for applications and services in the data center and at branch offices via virtualization to consolidate multiple, underused physical servers; provide continual availability; quickly scale environments up and out; and recover quickly from disaster, while reducing IT hardware and operating costs for servers Enable faster response to business needs for the provisioning of new IT services via well-defined and consistent provisioning processes with service-level agreements (SLAs) Manage credentials to allow only legitimate users access to devices, applications, and data via strong authentication and aggregation of identities across the enterprise into a single view
Phase 2
Improve return on development investments and promote consistency across applications and application platform services via consolidation and reuse of application platform services that support service-oriented architecture (SOA) principles, using portfolio and resource management processes and tools Enable faster and more consistent support for new business initiatives while maintaining security, privacy, and compliance via a definition of and compliance with mature, centralized IT governance processes supported by reporting and analysis tools Provide consistent IT services delivery across the entire organization via pooled and consistent IT service management across systems and data centers supported by reporting and analysis Bill business units based on allocated percentage of overall IT costs based on percentage of overall IT use via a central taxonomy and supporting tools to aggregate IT usage measurement and charge back allocated costs to business units Reduce capital expense allocation to business units via the ability to scale capacity and resources up or down to respond to business demands with on-premises or outsourced private cloud infrastructure Reduce IT labor costs for provisioning of new IT services on request from business units via automated provisioning processes Easily and automatically provision and deprovision users' rights to access services in accordance with defined policies via managing the entire life cycle of user identities and their associated credentials, identity synchronization, certificates, and passwords
Phase 3
Increase business agility, reduce time-to-value, and lower application maintenance costs while improving ubiquity and consistency of application services via applications' use of application platform services available from outsourced (hosted) cloud providers Enable the IT department to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor via compliance with well-defined interfaces between IT governance processes and all other IT service management processes, which are supported by portfolio and resource management processes and tools to enable private cloud Transition from allocating fixed capital expenses to business units to charging back operational expenses to business units based on usage via strategic sourcing of outsourced (hosted) cloud infrastructure Allow for almost immediate provisioning of new IT services without the need for significant, if any, IT labor intervention via self-service provisioning processes Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications via federated identity and access management to enable the sharing of identity information more securely across organizational boundaries including to cloud environmentswhich enables private cloud Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies via digital certificates and smart cards
Agenda


Next Steps
Sophistication of the Solution

IMPROVE DATA CENTER RELIABILITY AND RESPONSIVENESS AND REDUCE COSTS
ADOPT A RESPONSIVE, FLEXIBLE, AND INTEROPERABLE APPLICATION PLATFORM
TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS
Phase 1
Provides basic support for the most critical elements of the business driver
Phase 2
Provides adequate, typical support for critical and priority elements of the business driver
Phase 3
Provides thorough, streamlined support for the business driver that enables differentiated levels of performance
Solution Guidance
PHASE DEFINITION
Phase Definition MAPPING TECHNOLOGIES
CONCEPTUAL ARCHITECTURE
LOGICAL ARCHITECTURE
For each business driver, list the business challenges, solution features, and business benefits for this solution phase. Use this information and the Support for Priority Business Capabilities slides to structure the conversation with IT professional(s) for capturing, refining, and baselining business problems and solution functionality priorities.
Mapping
The Optimization mapping indicates the maturity level required for each capability of the solution to fully support the features specified in this solution phase. Use the mapping as a starting point to determine appropriate maturity levels for the solution. After mapping the solution, assess the gap between the current and desired infrastructure to: Understand the scope and sequencing of work required Organize a deployment road map
Technologies
Use the results of the Optimization mapping to determine the technologies required for the features and supporting capabilities specified in this solution phase.
Conceptual Architecture
Use this high-level, use case diagram to provide the black box definition of this solution phase. Customize to your solution definition during the integrated capability analysis.
Logical Architecture
Use this logical, component-level architecture view to show all software components and how they interact to support this solution phase. Tailor to fit your particular solution definition during the integrated capability analysis.
Note: Physical architecture is covered in the Architecture Guide also used during the integrated capability analysis.
Agenda


Next Steps
Phase 1
Business Driver
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Transform existing applications so that they have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Improve the performance, reliability, availability, deployment time, and time to scale for enterprise applications while increasing use of hardware and data center resources Centralize application monitoring and management of infrastructure and applications into a single and extensible solution Improve user productivity and minimize time-to-value for applications Simplify identity and access management across multiple systems, applications, and users Unify physical and virtual environments across customer premises and the cloud to achieve efficiencies in heterogeneous environments by managing resources across physical and virtual platforms to ensure proactive service-level monitoring of availability, performance, and configuration Reduce IT burden, enhance existing services, and offer new services, with access to near-infinite scalability on demand by dynamically allocating pooled internal IT resources and by providing consistency in operating system images deployed in the organizationto enable the ability to scale up or down as required to meet business needs (for example, easy provisioning) and to reduce power consumption and carbon footprint for a more environmentally sustainable, more efficient data center Maintain business continuity after an outage, failure, data loss, or data corruption in the data center Provide secure access to systems, and report on and respond to security-related events in the data center while ensuring broad access to information
Business Capabilities
Reduce time and cost for application maintenance and systems integration Reduce lead time to deploy and scale application capacity and increase the use of hardware and data center resources Improve application status monitoring to reduce downtime Improve application performance Provide consistent interfaces to applications Manage credentials to allow only legitimate users access to devices, applications, and data
Centrally monitor the operations of essential data center services for availability and performance across platforms and physical and virtual environments Make server, networking, and storage more efficient to provide maximum scalability and cost-effectiveness Ensure consistency and ease deployment of well-defined configurations Provide visibility into hardware and software assets and the identity and location of people who use them Back up server data that supports critical services in accordance with standard IT practices and help ensure recovery from damaged or lost data, hardware failure, and disaster Secure the IT infrastructure from attacks while preserving access to corporate resources across the enterprise, including endpoints, server applications, and the network Help enable secure remote access to information from virtually anywhere, wherever the business requires it
Phase 1
Business Driver
(CONTINUED)
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Simplify identity and access management across multiple systems, applications, and users Satisfy internal and external risks and compliance requirements for the data center environment Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance Provide a data center environment that supports serviceoriented architecture (SOA) principles, enabling applications that are portable, have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance Provide predictable and stable IT costs by enabling the move from an allocated capital expenditures model of charging for IT services to a chargeback model that charges for IT services used Ensure a scalable, reliable platform and extend the data center to the cloud, and respond more quickly to the changing needs of the business while driving down hardware and facilities costs Simplify identity and access management across multiple systems, applications, and users
Manage credentials to allow only legitimate users access to devices, applications, and data Provide IT administrators with an integrated view of the configuration status of servers and with detailed, locationspecific views of potential issues to identify, assess, and mitigate risks Ensure alignment with business governance requirements Provide a nimble IT services delivery engine that supports business needs as they arise and drives down costs
Improve maintainability and simplify integration with other applications and services Ensure alignment with business governance requirements Provide a nimble IT services delivery engine that supports business needs as they arise and drives down costs Enable measurement of usage in predetermined units of measurement for each IT service offered Allow for increased business agility by enabling a flexible IT infrastructure to improve performance and scalability for applications and services in the data center and at branch offices Enable faster response to business needs for the provisioning of new IT services Manage credentials to allow only legitimate users access to devices, applications, and data
Phase 1: Core IO
B S R D Data Center Mgt & Virtualization Datacenter Mgt and Virtualization
PHASE DEFINITION
MAPPING
TECHNOLOGIES
A defined software library exists. Automated build and deployment with consistent provisioning processes integrated with software and configuration library that includes virtual images; on demand reporting; self service portal for IT or end users to deploy. Deployment and management of software updates are tool based. Physical and virtual hardware, software, and consumption unit assets are reconciled and reported on demand (manual or automated), and tools and data repository are in place to track and audit assets. Capacity management processes are manual and reactive, resource utilization and capacity are monitored periodically. The organization actively uses virtualization to consolidate resources for production workloads. Some Production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. IT services are audited for compliance based on documented company and industry-standard policies (HIPAA, SOX, and PCI); reports are generated monthly. Services are available during server failure (e.g. server clustering, hot spares, and/or virtualization recovery solution). Process in place to assign costs for static Service allocations back to business groups; based on capacity not usage, or based on show-back reporting. Malware protection is centrally managed across server operating systems within organizations, including host firewall, host IPS/vulnerability shielding, and quarantine, with defined SLAs. Protection is deployed and centrally managed for all applications and services. Integrated perimeter firewall, IPS, Web security, gateway anti-virus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across datacenter, application, organization, and cloud boundaries. Secure remote access is integrated with quarantine for compliance with corporate policy. Support service or application segmentation on the same physical infrastructure (servers, storage, networks). Redundant Domain Name System servers exist on a separate network to provide fault tolerance and isolation, including ability to do zone transfer across boundaries. The Dynamic Host Configuration Protocol infrastructure is aware of the virtual local area network. Quality of service is in place for prioritizing applications and services with intelligent allocation of bandwidth. Network capacity is virtualized and available via pools that are consumed by VMs and services based on dynamic management driven by service models. Wide area network traffic health and performance are monitored and reported. IPv4 for main transport services, using IPv6 for some transport services (eg. to achieve larger address range). If a single disk or system component fails, no data is lost but data availability may be interrupted. Storage is managed and allocated on highly available servers using virtual disks or dynamic disk volumes. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements. Data is archived automatically based on storage quotas and date of last modification or access using on demand processes to achieve compliancy. Configurations are standardized; systems are assessed for compliance, and some settings are enforced through group policies. A solution is in place to configure and update devices.
Server Security
Networking
Storage
Device Deployment and Management
Device Mgt & Virtualization
Device Security
Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.
Identity & Security Services
Identity & Access
To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods, and machines; access control is role-based. Password policies are set within a directory service to enable single sign on across boundaries for most applications. Password resets through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. A scalable directory that is integrated and automatically synchronizes with all remaining directories across multiple geographies and isolated domains for all applications with connectivity to cloud when applicable.
Information Protection & Control IT service portfolio aligns with individual business units; the IT service costs, returns, capacity, availability, continuity, and integrity are reported. IT policies are documented for each IT service. Each IT service has a formal definition of reliability. IT service projects are started with a clear vision, scope, and team, and appropriate specifications are in place. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Processes to manage incidents are in place for each IT service. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Problem management processes are in place for each IT service, with self service access to knowledge base. Each IT service has its own change and configuration management process; standard changes are identified for each IT service. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service. Self service objectives and/or agreement exists, IT Service request process exists, fulfillment is manual. Comprehensive service life cycle orchestration that is automated for some workloads. Location of data is known and auditable.
IT Process & Compliance
Phase 1: BPIO
B S R D Workspaces Portals Collaboration
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Workspaces are managed at the departmental level and are available from individual productivity applications. Teams work on managed versions of content with controls and common space; team workspaces include group calendaring, shared contacts, user online presence, and simple workflows.
Portals (enterprise, departmental, and personal) are provisioned by IT and are deployed on a single productivity infrastructure; governance policies are fully in place, including single sign-on supported by uniform directory services. Line-of-business applications and data are delivered through the portal for a few broad-use functions; data is typically read only.
Social Computing Project Mgt Teams plan, track, and share tasks in lists by using collaboration tools; multiple baselines exist. Teams can upload and share documents and files; project workspaces are integrated with desktop productivity applications. Most unstructured information from intranets, e-mail, and content management repositories is indexed; some structured content from databases, people, and expertise information is indexed.
Information access Interactive experience and navigation
Messaging
The messaging solution (e-mail and calendar) includes basic anti-virus, anti-spam, and anti-phishing protection. Secure, remote, online and offline access to rich mailbox and calendar functionality exists inside and outside the firewall. IT manages mailbox provisioning by using a single directory. Users have secure access to an enterprise-managed online presence and IM infrastructure from inside and outside the firewall; peer-to-peer voice and video communications are based on a single directory. Online presence information (automatically refreshed user availability information based on communications, log-on, and calendar activities) is integrated into the e-mail client.
Unified Communications
IM/Presence
Conferencing Voice Information Mgt
Content Creation and Management
Process Efficiency Compliance Authoring Multi-Device Support Interoperability User Accessibility Productivity applications are designed to facilitate use by people who need accessibility features. Core productivity applications offer standards-based tools for users to confirm accessibility of content. Content authoring tools support rich formatting and rich media editing, and content can be secured with rights management by users. Users can intuitively preview, discard, or accept formatting and content; formatting can be saved in templates for reuse. Rich client, Web, and other applications have a consistent user interface paradigm that is optimized for usability and discoverability.
Phase 1: APO
B Business Intelligence S R D BI and Analytics Platform Data Warehouse Management Big Data Information Services and Marketplaces Transaction Processing Database and LOB Platform
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Reports are generated on a scheduled basis or on demand by IT and are then shared on reporting portals. Users have some ability to subscribe to reports. Some level of automation is in place to render data pulled from enterprise systems on dashboards, but is used for only strategic or high profile projects. Dashboards have integrated interfaces to allow users to roll-up and drill-down on live data. Data management is aligned between operations and reporting/analysis, and aligned across departments for some data sets. An IT-managed BI environment is in place and applications at the department level integrate with departmental data marts. IT designs, implements, and manages data schemas that are optimized for localized self-service reporting and analysis tools.
Data Management
Key high-value data has associated formal data management policies and processes. Data governance may be recognized on a siloed basis, but not as a corporate discipline. Data and asset inventories and dependency relationships are manually documented periodically. Access policies for data and objects in databases are defined but not centralized, and do not reference data classifications. Administrative tasks are still performed using an over-privileged account. Security management is performed on a serverby-server basis. Systems are in place for retention backup. Organizational/departmental policies exist for how long items are stored and what is stored. Application messaging services used by development are aligned with standard application operating environments. Development and operations teams have the skills required to effectively and consistently make use of these technologies. Limited application component and service reuse strategies exist at the departmental or project level. Orchestration and workflow between applications is typically implemented via custom integrations. Applications are beginning to adopt web services or other standards implemented in operating environments to allow application components and common application services to interoperate as needed. Common application services and middleware component frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Limited application component and service reuse strategies exist at the departmental or project level. Common application services and runtime application frameworks are selected jointly by development and operations teams as part of the application life-cycle management process. Operations is beginning to rationalize to the standard common services and consolidate runtime platforms. User experience is considered as an afterthought, if at all during site development. Basic integration of rich technology (Silverlight, Flash, Java, etc.) exists, but is inconsistent throughout the site, and is generally used to provide islands of richness. Some use of reusable assets is supported by high-value services, components, and modules. Composition by IT departments requires advanced coding skills. Use of composition frameworks and tools happens on a project-by-project basis. SOA and portal components are not coordinated. A single platform is designated for portal infrastructure. Point solutions enable simple UI customization by end users. Business units are beginning to implement programs to migrate many of their solutions to the new standard platform. Tooling is difficult, as different stakeholders (analysts, developers, end users, etc.) have allegiance to their tools and the tools do not integrate well. Some independent end-user composition happens as a result of the portal deployment. Central IT provides managed and secure data services to some of the most commonly needed enterprise entities and provides business units with standard services to some key enterprise systems and for some standard needs like reporting and dashboards. LOB applications expose pre-built web parts that integrate with the company portal and are easily used by users. Developers are beginning to create components and services for the designated portal platform, though the efforts are exploratory in nature or focused on individual projects. The composite application portal has basic integration with existing business productivity desktop and enterprise applications (such as desktop applications and email). Use of standardized processes for data integration is at the project level and technologies are used to improve back-end integration. The business leverages an integration broker running on-premises to connect to cloud applications using adapters. Reusable integration components are developed for custom development on an ad hoc basis. Project management is centralized for application integrations. Standard application frameworks, messaging, and other application services aligned with standard application operating environments are appropriately and consistently employed by application development teams. Tools for major development activities are standardized across the organization, though practices and versions are not. Application customization is performed through customization support offered by the application, on an isolated project basis with no standard approaches or consideration for future maintenance or integration. Basic governance is established and an application inventory exists. Work-breakdown structures map estimated work to business value. Rudimentary metrics are used to manage project progress. Project managers aggregate data from standard status updates. Effective change management processes are in place. Testing has test harnesses and some automation, formal unit testing with good code coverage, and defined test strategy and processes. Explicit use of code quality tools typically occurs at the end of the development cycle. Labs for testing and development have environment specifications that are defined and tested with environment build procedures and application build deployment procedures. Processes are defined for debugging production defects and incidents, with a standard set of defect artifacts.
Application Infrastructure
Internet Applications
Component and Service Composition Custom Development
Enterprise Integration
Development Platform
Application Lifecycle Management
Phase 1: Core IO
B S R D Data Center Mgt & Virtualization
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Datacenter Mgt and Virtualization
Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Server Consolidation); HyperV Server 2008 R2; Hyper-V Server 2008 R2 (Server Consolidation); Hyper-V Server 2008 R2 Standard; Hyper-V Server 2008 Standard; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Assessment and Planning Toolkit 6.0; Microsoft Assessment and Planning Toolkit 6.5; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Microsoft Software Inventory Analyzer 5.0; Microsoft Software Inventory Analyzer 5.1; Opalis; Security Compliance Management Toolkit; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Automated Installation Kit; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2008 R2 Standard / Enterprise (Hyper-V); Windows Server 2012; Windows Server Update Services 2.0; Windows Server Update Services 3.0 Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server ; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Virtual Private Network); Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Forefront Unified Access Gateway 2010 (Endpoint access controls); Intelligent Application Gateway 2007; Intelligent Application Gateway 2007 (Endpoint and Access Security); Internet Security and Acceleration Server 2006 (Multi-Networking); Internet Security and Acceleration Server 2006 (Virtual Private Network); System Center 2012 Endpoint Protection; System Center 2012 Virtual Machine Manager; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Windows Firewall with Advanced Security); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy and Access Services); Windows Server 2012 Microsoft Network Monitor 3.3; Microsoft Network Monitor 3.4; Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012 Microsoft Online Backup Service; System Center 2012 Data Protection Manager; System Center Data Protection Manager 2010; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Backup and recovery); Windows Server 2008 R2 (File Classification Infrastructure); Windows Server 2008 R2 (Hardware RAID); Windows Server 2008 R2 (Software RAID); Windows Server 2012 (Backup/Recovery, Hyper-V Replica); Windows Server 2012 (File Classification Infrastructure); Windows Server 2012 (Hardware RAID); Windows Server 2012 (Storage Spaces); Windows Server 2012 (Virtual Disks); Windows Storage Server 2008; Windows Storage Server 2008 (Backup and recovery); Windows Storage Server 2008 (RAID); Windows Storage Server 2008 R2; Windows Storage Server 2008 R2 (Backup and recovery); Windows Storage Server 2008 R2 (RAID) Exchange Server 2007; Exchange Server 2007 (ActiveSync); Exchange Server 2010; Exchange Server 2010 (ActiveSync); Microsoft Desktop Optimization Pack 2011 (Advanced Group Policy Management); Microsoft Desktop Optimization Pack 2011 R2 (Advanced Group Policy Management); System Center 2012 Configuration Manager; System Center 2012 Mobile Device Manager; System Center 2012 Operations Manager; System Center Configuration Manager 2007 R3; System Center Mobile Device Manager 2008; System Center Mobile Device Manager 2008 (Enrollment Auto Discovery); Windows Azure; Windows Embedded Device Manager 2011; Windows Intune; Windows phone 7.5; Windows Phone 8 Forefront Endpoint Protection 2010; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Intune; Windows Server 2008 R2; Windows Server 2012 Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2012
Server Security
Networking
Storage
Device Security Identity & Access Information Protection & Control
Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Professional 2007; Office Project Server 2007; Office SharePoint Server 2007; Opalis; PowerShell 2.0; Project Professional 2010; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; SharePoint Server 2010; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012
Phase 1: BPIO
B S R D Workspaces
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007 (client integration with SharePoint); Office 2010 (client integration with SharePoint); Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007 (document workspaces); Office SharePoint Server 2007 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow); SharePoint Designer 2007 (Workflows); SharePoint Designer 2010 (Workflows); SharePoint Server 2010 (document workspaces); SharePoint Server 2010 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow)
Collaboration
Portals
Office SharePoint Server 2007; Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Server 2010; SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)
Social Computing Project Mgt Project 2007; Project 2010; SharePoint Foundation 2010
Information access Interactive experience and navigation Messaging
Office SharePoint Server 2007 (out-of-the-box indexing connectors, search filters); SharePoint Server 2010 (out-of-the-box indexing connectors, search filters)
Exchange Server 2007; Exchange Server 2010; Outlook 2007; Outlook 2010; Outlook Web Access 2007; Outlook Web Access 2010 Lync 2010; Lync Server 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Outlook 2007 (integrated presence indicator); Outlook 2010 (integrated presence indicator)
IM/Presence Conferencing Voice Information Mgt Process Efficiency Compliance
Authoring
Office 2007; Office 2010 (copy/paste improvements with Live Preview, Office Backstage, paste galleries, insertion of screenshots; Word: document map, photo masking and cropping); Office 2010 (PowerPoint: resizing and cropping videos with 3-D effects); Office SharePoint Server 2007; SharePoint Server 2010 (rich media editing, rights management); Visio 2007 (brainstorming diagram, business templates); Visio 2010 (brainstorming diagram, business templates) Office 2007; Office 2010 (Fluent UI); Office SharePoint Server 2007; SharePoint Server 2010 (Fluent UI); Visio 2007; Visio 2010 (rich client, share diagrams with others on the Web)
Multi-Device Support Interoperability User Accessibility
Office 2007; Office 2007(accessibility investments); Office 2010(accessibility investments)
Phase 1: APO
B Business Intelligence S R D BI and Analytics Platform Data Warehouse Management Big Data Information Services and Marketplaces Transaction Processing Database and LOB Platform
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PowerPivot; Report Builder; SharePoint 2010 Standard; SharePoint Foundation 2010; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010 SQL Server 2008 R2; SQL Server 2008 R2 (Master Data Services); SQL Server 2012; SQL Server 2012 (Master Data Services); Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010
Data Management
Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2005; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012
.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Excel 2010, Outlook 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric
.Net Framework; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Silverlight; Visual Studio 2008; Visual Studio 2010 BizTalk Server 2006 R2; BizTalk Server 2006 R2 (Adapters); BizTalk Server 2009; BizTalk Server 2009 (Adapters); BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 2008; Visual Studio 2010; Windows Server AppFabric .NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional Office Professional 2010; SQL Server 2008 R2; Visual Studio 2008; Visual Studio 2010 Professional; Visual Studio Team Foundation Server 2010; Windows SDK
Component and Service Composition
Custom Development
Enterprise Integration Development Platform
Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Premium; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010
Phase 1
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Phase 1
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Agenda


Next Steps
Phase 2
Business Driver
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Transform existing applications so that they have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Improve the performance, reliability, availability, deployment time, and time to scale for enterprise applications while increasing use of hardware and data center resources Centralize application monitoring and management of infrastructure and applications into a single and extensible solution Improve user productivity and minimize time-to-value for applications Simplify identity and access management across multiple systems, applications, and users
Reduce application development costs and timeframes Improve return on development investments and promote consistency across applications, including support for multiple devices Improve the performance, reliability, and availability of enterprise applications and reusable application services Reduce application downtime and time to remediate performance issues to achieve service-level agreements (SLAs) Optimize responsiveness in managing application performance Provide consistent, familiar, and streamlined user interfaces to application and common productivity tools Easily and automatically provision and de-provision users' rights to access services in accordance with defined policies
Unify physical and virtual environments across customer premises and the cloud to achieve efficiencies in heterogeneous environments by managing resources across physical and virtual platforms to ensure proactive service-level monitoring of availability, performance, and configuration Reduce IT burden, enhance existing services, and offer new services, with access to near-infinite scalability on demand by dynamically allocating pooled internal IT resources and by providing consistency in operating system images deployed in the organizationto enable the ability to scale up or down as required to meet business needs (for example, easy provisioning) and to reduce power consumption and carbon footprint for a more environmentally sustainable, more efficient data center Maintain business continuity after an outage, failure, data loss, or data corruption in the data center
Centrally monitor and manage the operation of critical server infrastructure, end-user systems, and services over multiple physical and virtual environments to adhere to service-level agreements (SLAs) Enable easy deployment and maintenance of managed images and configuration files based on well-defined configurations Provide the ability to repurpose a defined and consistent set of services, software, and hardware in response to new workload requirements Support changing workload requirements and deploy application and security updates for third-party and custom line-of-business applications Provide ongoing protection of data in the data center and ensure rapid data recovery to a near-current point in time that is acceptable to IT service owners Provide support to accommodate planned downtime and reduce unplanned downtime without affecting availability Realize high availability of data, increased performance, and greater protection in the data center to improve service delivery
Phase 2
Business Driver
(CONTINUED)
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Provide secure access to systems, and report on and respond to security-related events in the data center while ensuring broad access to information Simplify identity and access management across multiple systems, applications, and users Satisfy internal and external risks and compliance requirements for the data center environment Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance
Provide remote access to information that is more secure, while enabling IT administrators to centrally manage network access and to control and monitor health policies Easily and automatically provision and de-provision users' rights to access services in accordance with defined policies Help improve security and compliance and centrally monitor and track changes to system configuration, to identify and audit security breaches and compliance failures Enforce security measures and monitor key security events for all servers and networking components in the data center to identify, assess, and mitigate compliance risks Enable faster and more consistent support for new business initiatives while maintaining security, privacy, and compliance Provide consistent IT services delivery across the entire organization Improve return on development investments and promote consistency across applications and application platform services Enable faster and more consistent support for new business initiatives while maintaining security, privacy, and compliance Provide consistent IT services delivery across the entire organization Bill business units based on allocated percentage of overall IT costs based on percentage of overall IT use Reduce capital expense allocation to business units Reduce IT labor costs for provisioning of new IT services on request from business units Easily and automatically provision and de-provision users' rights to access services in accordance with defined policies
Provide a data center environment that supports service-oriented architecture (SOA) principles, enabling applications that are portable, have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance Provide predictable and stable IT costs by enabling the move from an allocated capital expenditures model of charging for IT services to a chargeback model that charges for IT services used Ensure a scalable, reliable platform and extend the data center to the cloud, and respond more quickly to the changing needs of the business while driving down hardware and facilities costs Simplify identity and access management across multiple systems, applications, and users
Phase 2: Core IO
B S R D Datacenter Mgt and Virtualization Data Center Mgt & Virtualization
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Software and configuration library is maintained at current update levels with version control and auditing on demand. Automated build, deployment and provisioning processes with orchestration to configure new instances of services based on a template that can be composed of multiple virtual images; real time reporting. Software update management and auditing are policy-driven and monitored, including automated vulnerability detection. Isolation and remediation of vulnerable and non-compliant systems are automated. The IT asset life cycle is automated, and managed using policies, procedures, and tools; management of assets and thresholds are based on automated inventory information. Service capacity and resource utilization are monitored continuously; analysis tools are used to predict the impact of proposed changes (software, hardware, usage, and topology); Workloads can be relocated manually. Chargeback is consumption based. The organization has a consolidated view and a consolidated management process across heterogeneous virtual environments, including branch offices. Majority of production server resources are virtualized. Resource pooling implementation supports compliance and cost management strategies, such as Auditing and Reporting, Policy Management, Metered Usage, Multi-Tenancy and Process Automation. Performance monitoring of applications as well as physical and virtual hardware pools with enforceable SLAs; Service health monitoring with consistent reporting across heterogeneous environments. Policy enforcement occurs in near real time based on company and industry-standard polices that allow for immediate quarantine of noncompliant systems, and consistent compliance reporting and standards exist across all IT services. There are multiple levels of service availability clustering or load balancing. Virtualization and management is used to dynamically move applications and services when issues arise with datacenter compute, storage and network resources. Charge back based on cost of resources allocated and consumed, charged in aggregated or abstracted units using a defined Service Catalog (e.g., VM months). Service segmentation and isolation that provides information security allowing multiple tenants to safely share the same infrastructure (one service can not affect another). Wide area network traffic health and performance is monitored and reported centrally, providing real time visibility with integration into service management tools. Using IPv6 with IPSec for secure private communication over public network. If a storage node fails, data access transparently fails over with no interruption in availability. Storage is managed and allocated dynamically from a highly available pool of physical space based on capacity required, and within limits set by policy quotas. Critical data is backed up by taking snapshots using a centralized, application-aware system. Data archiving is managed based on storage location by using automated compliance and retention policies such as rights management, read-only storage, and file expiration; Archiving capacity is elastic across boundaries with automatic capacity expansion within limits set by business policy. Configuration is enforced according to a system based on company and industry-standard polices. An authoritative configuration management database is kept up to date. A solution is in place to automatically identify devices to deploy, configure, and update while maintaining device security.
Server Security Networking
Storage
Device Security
Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.
Identity & Access
Provisioning and de-provisioning of user and super-user accounts, certificates, and/or multi-factor authentication is automated. Centralized IT offering of Federation services. Multiple Federation and trust relations between separate organizations 1 to 1 relationship. Multi-factor and certificate-based authentication are applied in some scenarios, such as remote access across boundaries (such as On Prem and Cloud). Self service password resets supported. A centralized, group/role based access policy is defined for business resources, applications, and information resources, managed through industry accepted processes.
Information Protection & Control The IT service portfolio is aligned with the organization; management regularly reviews how the service portfolio and strategy align, and reports costs and returns across IT services. IT policies are integrated across all IT services, enabling or restricting use of resources as appropriate. Definitions of reliability for IT services are integrated across IT services and enforceable. IT service projects are aligned with business projects through participation of customers; each project has a management review for project plan approval. IT service issues and design changes are tracked by using formal processes; testing is automated where possible. IT service release processes are uniform across IT services; deployment is automated and offers self service where possible; management reviews each service for readiness to release before deployment. Service-level and operational-level agreements are integrated for IT services; management reviews operational health regularly; some tasks are automated. Processes to manage incidents are integrated across IT services via self service where appropriate. Monitoring and flexible, tenant/service reporting are aggregated across individual areas for protection against malware, protection of information, and identity and access technologies. Problem management processes are integrated across IT services, with incident management integration. The change and configuration management process is integrated across IT services; standard changes are identified across IT services and automated with self service where possible. Risk and vulnerability analysis is integrated across all IT services; IT compliance objectives and activities are integrated across IT services and automated where possible; management regularly audits to review policy and compliance. A self service catalog is defined with SLAs/SLOs and consumed via a self service portal supported by some automated fulfillment. Location of data is compliant to local regulations.
Phase 2: BPIO
B S R D Workspaces Portals Collaboration
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Workspaces are centrally managed, customizable, and reusable, and provide users the capability to collaborate through Web browsers and mobile devices; offline synchronization is supported. Team members can simultaneously author, edit, and review content across Clients (including Devices).
Line-of-business applications are routinely surfaced through the portal and have the capability to write securely to back-end systems and to maintain data integrity; information from multiple applications can be combined in dashboards.
Social Computing Task assignments, task splitting, delegation, and reporting are automated; teams can plan against complex baselines. Project tasks and calendars are closely integrated with users online presence; teams can communicate with a single click; timely updates are available for accurate reporting. Collaboration happens across different mobile devices. Portfolios are analyzed in graphical views that include status, resource allocations, and financial details. Unstructured content from the Web, collaborative and content-managed data repositories, databases, and line-of-business applications is indexed; indexing processes incorporate browsing by people and ranking of expertise.
Project Mgt
Information access Interactive experience and navigation
Messaging
The messaging solution includes anti-spam, anti-phishing, and multiple-engine anti-virus protection. Secure, policy-driven access to a unified inbox from PCs, phones, and Web browsers exists inside and outside the firewall. Provisioning of user inboxes is driven by business demand, uses a single directory, and provides features based on user needs.
IM/Presence
Online presence, IM, and peer-to-peer voice and video are in place (including multiple-layer anti-malware and contextual content filtering) and are accessible from PCs, phones, and Web browsers. Online presence information and contextual click to communicate are integrated into the enterprise produc tivity and collaboration platform.
Conferencing Voice Information Mgt
Process Efficiency Compliance Content authoring tools deliver advanced formatting. Rich media can be centrally stored, tagged, managed, and made easily available for use in building content deliverables. Content is efficiently reused without loss of context across applications that have different purposes; templates are centrally manageable. Key applications support optimized usage scenarios; for example, Web for reach, rich client for responsiveness, and phone for mobility.
Authoring
Multi-Device Support Interoperability
User Accessibility
Productivity applications meet guidelines for information and content accessibility in recognized accessibility standards such as Section 508 and Web Content Accessibility Guidelines (WCAG) 2.0 for both PC and web. New sites meet standards guidelines for supporting assistive technologies in the browser.
Phase 2: APO
B S R D Business Intelligence
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Portals exist for dynamic reporting that supports rich report formats. Reports are generated with group or individual filter parameters and delivered via direct push or subscription and can vary by device. Users have the ability to share alerts and subscriptions with other users via limited collaboration and social networking. Dashboards are consistently used to provide operational and strategic views of the business from real time or periodically refreshed data. BI portal experience has rich visualizations, dashboards and scorecards with full data interactivity (slicing, filtering, etc.) consistent with self service reporting and analysis tools. Users have the ability to create unique personal and/or shared views of data that are actually combinations of multiple views (i.e. mashups). IT provisions and provides access to infrastructure, statistical analysis and data mining tools, and common sanctioned data sources to Data Analyst roles to analyze business data and build models to enable future decisions, predict trends, find correlations in business attributes, etc. Data Analysts publish the results of their analyses to business users via reports, spreadsheets, charts, visualizations, etc.
BI and Analytics Platform
Data Warehouse Management
Centrally governed data management exists for all data sets and content types, with support from tools that can capture and manage policies, and integration with data quality tools that can automatically apply data cleansing rules and services.
Big Data
Information Services and Marketplaces
Transaction Processing
Database and LOB Platform
Data Management
Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores. A common application messaging services infrastructure is in place and well managed for larger mission-critical applications. Standard service-based application architectures are being rationalized and implemented with appropriate governance. Applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. Applications use web services to communicate across application boundaries. Processes and infrastructure for managing service endpoints, service discovery, and routing of application messages is in place. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems. Components and services are explicitly tagged for reuse. A range of application services and infrastructure is provided across operating environments with central governance. A central engineering practices group co-sponsored by development and operations has formed and is providing valuable guidance to application development teams. Application developers consistently build applications using these application frameworks, so hosting, application services requirements, and management are predictable. Operating systems provide support for multiple application frameworks.
Phase 2: APO Continued

B Internet Applications S R D
PHASE DEFINITION
MAPPING
TECHNOLOGIES
User experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation).
Developers have tools that allow them to automate the creation of components usable by end users out of low-level services, and to publish them to the central repository and obtain basic metrics of usage. Tooling for solution assembly is simplified. A central repository of components for end users is designated to allow them to discover and use components to build solutions. Central IT provides mechanisms to create new business processes that integrate with existing ones, primarily through new workflow actions and specialized rules. Facilities exist to surface line-of-business events to end users' compositions and workflows. Along with IT, business units are becoming suppliers of reusable assets and realize that they can empower their users by connecting services and experience, building upon the assets that the central IT team provides and by creating their own. Creation of LOB extension applications can be accomplished without a lot of custom code and through the assembly of existing components. There is a designated tool for the creation of composite LOB extension in addition to the integration with advanced developer tools. However, other tools continue to exist for different functional purposes like workflow, UI creation, etc. Business productivity and collaboration applications, features, and infrastructure can be easily leveraged as components to integrate powerful and familiar capabilities into the context of a composite application interface. No discoverability of services is in place. Application models are highly descriptive of the application components and dependencies. Manual checks against the application map are in place to avoid impacts on services by component changes. Components and lowlevel services are documented manually, though the culture of management of those components has not been pervasive across the organization.
Custom Development
Applications leverage an application communication infrastructure deployed in operations that is actively managed and has dynamic routing capabilities. Application integrations leverage standard application messaging protocols and infrastructure to connect various applications running on-premises and in the cloud, connecting missioncritical data and transactions across enterprise applications. Centralized data integration strategies and tools are used across the enterprise.
The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization. Developed applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems.
Standards are implemented and an enterprise architect function is established. Costs are measured and used to establish budgets. All applications are fully supported. Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.
Phase 2: Core IO
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center 2012 Virtual Machine Manager + Concero Project; System Center Configuration Manager 2007 R3; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self Service Portal 2.0 ; Windows Azure; Windows Azure Platform (Developer portal); Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2012
Server Security
Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Security for Exchange Server; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Threat Management Gateway 2010 (Virtual Private Network); Forefront Threat Management Gateway 2010 (Web antivirus/antimalware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Forefront Unified Access Gateway 2010 (Endpoint access controls); Intelligent Application Gateway 2007; Intelligent Application Gateway 2007 (Endpoint and Access Security); Internet Security and Acceleration Server 2006 (Multi-Networking); Internet Security and Acceleration Server 2006 (Virtual Private Network); System Center 2012 Endpoint Protection; System Center 2012 Virtual Machine Manager; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy and Access Services); Windows Server 2012 Forefront Threat Management Gateway 2010; Internet Security and Acceleration Server 2006; Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012 System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (Failover Clustering); Windows Server 2012 (Cluster); Windows Server 2012 (File Classification Infrastructure); Windows Server 2012 (Hyper-V Replica); Windows Server 2012 (Storage Spaces); Windows Storage Server 2008 (Windows Rights Management Services); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 Enterprise (Failover Clustering); Windows Storage Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 Enterprise (Failover Clustering) Exchange Server 2007; Exchange Server 2007 (ActiveSync); Exchange Server 2010; Exchange Server 2010 (ActiveSync); System Center 2012 Configuration Manager; System Center 2012 Mobile Device Manager; System Center 2012 Operations Manager; System Center 2012 Service Manager; System Center Configuration Manager 2007 R3; System Center Mobile Device Manager 2008; System Center Mobile Device Manager 2008 (Enrollment Auto Discovery); System Center Service Manager 2010; Windows Azure; Windows Embedded Device Manager 2011; Windows Intune; Windows phone 7.5; Windows Phone 8
Networking
Storage
Device Security
Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010 (Network Inspection System); Internet Security and Acceleration Server 2006; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Intune (not for non-PC devices); Windows Server 2008 R2 (Network Access Protection); Windows Server 2012 Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 (User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Federation Services); Windows Server 2008 R2 Standard (Active Directory Lightweight Directory Services, WS-Federation, WS-Trust); Windows Server 2012
Identity & Access
Information Protection & Control

Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Professional 2007; Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Office SharePoint Server 2007; Opalis; PowerShell 2.0; Project Professional 2010; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; SharePoint 2010; SharePoint 2010 (Lists); SharePoint Server 2010; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012
Phase 2: BPIO
B S R D Workspaces
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2007 (client integration with SharePoint); Office 2007 (Groove 2007: offline collaborative workspaces); Office 2010; Office 2010 (client integration with SharePoint); Office 2010 (SharePoint Workspace 2010: offline collaborative workspaces); Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007; Office SharePoint Server 2007 (document workspaces); Office SharePoint Server 2007 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow); Office SharePoint Server 2007 (offline collaborative workspaces); SharePoint Designer 2007; SharePoint Designer 2007 (Workflows); SharePoint Designer 2010; SharePoint Designer 2010 (Workflows); SharePoint Server 2010 (coauthoring); SharePoint Server 2010 (document workspaces); SharePoint Server 2010 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow); SharePoint Server 2010 (offline collaborative workspaces, Web applications and companions, mobile-device view) Office SharePoint Server 2007; Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Server 2010 (Business Connectivity Services); SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)
Portals Collaboration Social Computing
Project Mgt
Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007 (document collaboration); Office SharePoint Server 2007 (document workspaces); Project 2007; Project 2007 (Gantt charts, calendars, task sheets, and visual reports); Project 2010; Project 2010 (Gantt charts, calendars, task sheets, visual reports, resource scheduling view, user-controlled scheduling, top-down summary tasks, task inspector, timeline view, incremental/granular leveling, synchronize with SharePoint task lists); Project Server 2007 (resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2007 (task creation and delegation, status reports, timesheets); Project Server 2007 (visual reports, resource availability graphs, and budget tracking); Project Server 2010 (enhanced collaboration and reporting, resource management, resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2010 (schedule management, financial management, time and task management); Project Server 2010 (task creation and delegation, status reports, timesheets, time tracking improvements, user delegation); SharePoint Server 2010 (document collaboration); SharePoint Server 2010 (document workspaces) FAST Search Server 2010 for SharePoint (federated search, connectors and content ingestion); Office 2007; Office 2010 (Outlook: keyword tagging for e-mail); Office SharePoint Server 2007 (federated search connectors, people search); SharePoint Server 2010 (FAST search usage rights, federated search connectors, people search)
Information access Interactive experience and navigation Messaging Unified Communications IM/Presence Conferencing Voice Information Mgt Content Creation and Management Process Efficiency Compliance Authoring
Exchange Server 2007; Exchange Server 2010; Forefront Protection 2010 for Exchange Server; Forefront Security for Exchange Server; Outlook 2007; Outlook 2010; Outlook Mobile 2007; Outlook Mobile 2010; Outlook Web Access (premium experience) Forefront Security for Office Communications Server; Lync 2010; Lync Server 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office Communicator Web Access 2007 R2; Office SharePoint Server 2007; SharePoint Server 2010
Multi-Device Support
Office 2007; Office 2010 (contextual UI menu); Office 2010 (PowerPoint: resizing and cropping videos with 3-D effects); Office SharePoint Server 2007; SharePoint Server 2010 (digital asset management including thumbnails, metadata, tagging, and ratings for images as well as video streaming); SharePoint Server 2010 (document sets); Visio 2007 (quick shapes mini toolbar, enhanced dynamic grid, page auto size, automatic alignment and layout adjustment); Visio 2010 (quick shapes mini toolbar, enhanced dynamic grid, page auto size, automatic alignment and layout adjustment) Office 2007; Office 2010 (Fluent UI); Office 2010 (PC, phone, and browser, 64-bit Office client deployment and authoring); Office Mobile 2010 (view and edit documents from a mobile device); Office SharePoint Server 2007; Office Web Apps (store, edit, and share documents online); SharePoint Server 2010 (Fluent UI); SharePoint Server 2010 (mobile access enhancements, view and edit documents, spreadsheets, presentations, and notebooks in the browser); Visio 2007; Visio 2010 (rich client, share diagrams with others on the Web)
Interoperability User Accessibility Office 2007; Office 2007 (accessibility investments, section 508 and WCAG 2.0); Office 2010 (accessibility investments, section 508 and WCAG 2.0); Office SharePoint Server 2007; SharePoint Server 2010; SharePoint Server 2010 (WCAG compliant browser forms)
Phase 2: APO
B S R D BI and Analytics Platform Business Intelligence Data Warehouse Management Big Data Information Services and Marketplaces
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Activity Feeds, Visio Services); SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SharePoint Foundation 2010; SQL Azure; SQL Azure Reporting; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010
SQL Server 2008 R2; SQL Server 2012; SQL Server 2012 (Data Quality Services); SQL Server 2012 (Master Data Services); Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010
Transaction Processing Database and LOB Platform
Data Management
Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012
.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2008R2; Windows Server 2008R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric .Net Framework; Expression Studio 3; Expression Studio 4; Expression Web 4; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office SharePoint Server 2007; SharePoint 2010; Silverlight; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Premium; Visual Studio 2010 Professional
BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Windows Server AppFabric
Enterprise Integration Development Platform
.NET Framework; BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows SDK
Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010
Phase 2
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Phase 2
PHASE DEFINITION
MAPPING
TECHNOLOGIES
* Recommended, not required
Agenda


Next Steps
Phase 3
Business Driver
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Transform existing applications so that they have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Improve the performance, reliability, availability, deployment time, and time to scale for enterprise applications while increasing use of hardware and data center resources Centralize application monitoring and management of infrastructure and applications into a single and extensible solution Improve user productivity and minimize time-to-value for applications Simplify identity and access management across multiple systems, applications, and users
Reduce time-to-value of custom applications and application integration Reduce time-to-value and maintenance while improving ubiquity and consistency of application services Improve application scalability while reducing data center costs Maximize insights into application performance to drive better application management decision making Provide centralized, integrated user interfaces for applications Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies Deliver integration, efficiency, and business alignment of data center IT services by enabling informed and cost-effective decision making and proactive preventative maintenance Use tools and automation to help optimize infrastructure to meet demand according to service-level agreements (SLAs) Ensure continual backup and archiving of data to enable recovery of any service to nearly any point in time, and enable rapid restoration of the data center environment Enable geographical diversification by providing high availability, disaster recovery options, and increased service uptime Secure and manage users' internal and external access across systems, from virtually any location and any device
Unify physical and virtual environments across customer premises and the cloud to achieve efficiencies in heterogeneous environments by managing resources across physical and virtual platforms to ensure proactive service-level monitoring of availability, performance, and configuration Reduce IT burden, enhance existing services, and offer new services, with access to near-infinite scalability on demand by dynamically allocating pooled internal IT resources and by providing consistency in operating system images deployed in the organizationto enable the ability to scale up or down as required to meet business needs (for example, easy provisioning) and to reduce power consumption and carbon footprint for a more environmentally sustainable, more efficient data center Maintain business continuity after an outage, failure, data loss, or data corruption in the data center Provide secure access to systems, and report on and respond to security-related events in the data center while ensuring broad access to information
Phase 3
Business Driver
(CONTINUED)
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Needs
Simplify identity and access management across multiple systems, applications, and users Satisfy internal and external risks and compliance requirements for the data center environment Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance
Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies Tighten risk management by ensuring automatic identification of security and compliance threats and by automating mitigation of all deviations from security policy Enable IT to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor
Provide a data center environment that supports service-oriented architecture (SOA) principles, enabling applications that are portable, have streamlined user interfaces, use services ubiquitously, support multiple devices, and can be more easily integrated Provide consistent quality in services by focusing on the relationship with the IT customer to drive down costs and improve customer service through support of compliance standard models like the Information Technology Infrastructure Library (ITIL), and enable controls and enforcement to protect critical systems and to ensure regulatory compliance Provide predictable and stable IT costs by enabling the move from an allocated capital expenditures model of charging for IT services to a chargeback model that charges for IT services used Ensure a scalable, reliable platform and extend the data center to the cloud, and respond more quickly to the changing needs of the business while driving down hardware and facilities costs Simplify identity and access management across multiple systems, applications, and users
Increase business agility, reduce time-to-value, and lower application maintenance costs while improving ubiquity and consistency of application services Enable the IT department to focus on governance by enabling the outsourcing of most IT service management processes to a cloud vendor Transition from allocating fixed capital expenses to business units to charging back operational expenses to business units based on usage Allow for almost immediate provisioning of new IT services without the need for significant, if any, IT labor intervention Enable organizations to share digital identities with trusted partners, customers, and vendors to provide seamless access to applications Implement strong, multi-factor, trusted authentication of users' credentials that is enforced through policies
Phase 3: Core IO
B S R D Data Center Mgt & Virtualization Datacenter Mgt and Virtualization
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Governed software and configuration library with compliance auditing. Application and operating system images automatically replaced when issues arise. Live Migration and high availability are used during patching to ensure systems are patched with no downtime. Template based patching is supported. The organization uses virtualization to manage resource allocation dynamically for running workloads and services including moving workloads from server to server based on resource needs or business rules. Resource pooling supports process and quality improvement programs (Process Excellence, Business Continuity etc.) and agility (real time elasticity, self service automation etc) strategies. Integrated management across physical and virtual resources and Workloads. Service performance monitoring with automated remediation and centralized view across all SLAs; consolidated view across all management tools. Real-time policy enforcement and reporting are based on company and industry-standard polices with automated non-compliance resolution for all IT services. Services are available during complete site outage (via geo-clustering and automated management). Real-time monitoring of IT systems with charge back of actual resource utilization to business groups consuming IT Services (e.g., CPU, storage, & network utilization).
Server Security
Malware protection is centrally managed and comprehensive for server operating systems within organizations, and includes automated remediation, recovery, and auditing, with defined SLAs. Protection is comprehensive and self healing, specifically deployed and managed on multiple tiers for all applications in the enterprise, including proprietary applications. Network security is automated and proactive, with centralized alerting and reporting to meet network protection service-level agreements. Secure, remote access is nearly always available with bidirectional connectivity; access to networks and applications is policy-based; alerts are proactive and security issues are remediated. Redundant Domain Name System servers exist in separate physical locations to provide fault tolerance and isolation. Allocation of bandwidth is on-demand and automatically scales to meet additional network requirements based on data center service requirements. Network resources are pooled and made available on demand to services and VMs based on policies and models that drive management of these resources. Critical data can be replicated with failover between geographical or virtual locations or services to provide business continuity in the event of a site failure. Storage is managed and allocated dynamically from an elastic pool of storage capacity available across boundaries with automatic capacity expansion within limits set by business policy. Critical data across the enterprise is protected continuously by replicating it at a separate location or by using a cloud-based service; data backups can be recovered by using a selfservice recovery process. There is an automated solution for federated management of all devices.
Networking
Storage
Device Security
Protection against malware is centrally managed for desktop systems, laptops, and non-PC devices; desktop systems and laptops include a host firewall, host intrusion prevention system or vulnerability shield, and quarantine.
Identity & Access
Provisioning and de-provisioning of all resources, certificates, and smart cards is automated for all users; roles and entitlement are managed and access control is policy-driven. Centralized IT offering of Federation services that integrates public identities and services. Offers 1 to many collaboration. Multi-factor and certificate-based authentication are corporate-wide across all applications and users with step up authentication option and higher security identity proofing (e.g. by geography).
All IT services are described in the service portfolio; services align with business strategy; IT service costs and returns can be modeled and predicted. Reporting on servicelevel and operational-level agreements occurs in real time across the organization; IT services are provisioned dynamically to provide the required levels of reliability and scalability; all tasks that can be automated are automated. Monitoring, reporting, and auditing are automated with event correlation, notification of incidents that matter, and remediation for protection against malware, protection of information, and identity and access technologies. All standard changes across IT services are automated and provisioned by self-service processes where appropriate. Risks and vulnerabilities are analyzed across all IT services against developed models; compliance objectives and activities are automated, and then updated automatically based on changes to IT policies. Self service portal in place with full automation or orchestration for IT services in the Service Catalog with reporting and notification capabilities. Fully automated service life cycle orchestration across heterogeneous workloads and environments.
Phase 3: BPIO
B Workspaces S R D Portals Collaboration
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Workspaces are centrally managed, customizable, and reusable, and provide users the capability to collaborate through Web browsers and mobile devices; offline synchronization is supported. Team members can simultaneously author, edit, and review content across Clients (including Devices).
Portals support collaboration and information sharing across extranet and Internet sites in a hybrid on-premises and Web (cloud)-based infrastructure and through federated relationships with trusted partners. Portals and line-of-business applications are integrated and users can take them offline for changes and secure synchronization later; can access data from these LOB apps across mobile devices; users can combine data from disparate sources into composite applications without IT involvement; IT has the flexibility to create rich client applications and surface them within productivity applications that are used to create and integrate content with the system of record.
Social Computing Project Mgt Information access Interactive experience and navigation The messaging solution includes anti-spam, anti-phishing, and multiple-engine anti-virus protection. Secure, policy-driven access to a unified inbox from PCs, phones, and Web browsers exists inside and outside the firewall. Provisioning of user inboxes is driven by business demand, uses a single directory, and provides features based on user needs. Portfolios are analyzed and proposals are selected based on alignment with business goals. Unstructured content from the Web, collaborative and content-managed data repositories, databases, and line-of-business applications is indexed; indexing processes incorporate browsing by people and ranking of expertise.
Messaging
IM/Presence
Online presence, IM, and peer-to-peer voice and video are in place (including multiple-layer anti-malware and contextual content filtering) and are accessible from PCs, phones, and Web browsers. Online presence information and contextual click to communicate are integrated into the enterprise produc tivity and collaboration platform.
Conferencing Voice
Information Mgt Content Creation and Management Process Efficiency Compliance Authoring Content authoring tools deliver advanced formatting. Rich media can be centrally stored, tagged, managed, and made easily available for use in building content deliverables. Content is efficiently reused without loss of context across applications that have different purposes; templates are centrally manageable. Application user interfaces are customizable at the user and organizational levels for optimal flexibility in user experience and IT control. Underlying capabilities such as instant messaging, communications, workflow, collaboration, and content management are available in each delivery mode as appropriate.
Multi-Device Support Interoperability User Accessibility
A broad ecosystem of third-party extensions further reduces usability challenges for people who require various accessibility accommodations. Solutions are developed to support process-led checks of user-created content and sites before publication.
Phase 3: APO
B S R D BI and Analytics Platform Business Intelligence Data Warehouse Management Big Data Information Services and Marketplaces Transaction Processing Database and LOB Platform
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Internal and external BI portals feature interactive dashboards and visualizations fed dynamically by real time or periodically refreshed data. These dashboards and visualizations can be embedded into other applications, and have facilities for real-time or asynchronous social collaboration. Dashboards and visualizations are device aware, providing views and controls appropriate to the device being used. Data Analysts use powerful data management workbench with integrated access to tools for data preparation, cleansing, multi-variate analysis, and a sophisticated set of data mining algorithms with extensibility and tuning options. Data Analysts can easily publish their findings and data sets for access by business users. Centrally governed data management exists for all data sets and content types, with support from tools that can capture and manage policies, and integration with data quality tools that can automatically apply data cleansing rules and services.
Data Management
Data governance with documented, standardized policies and processes are established and automated for maintaining data consistency and security, but not necessarily optimized. Data access controls are consistently implemented and applied based on data classification. Centrally administered cryptography is used and audited for protection of data-at-rest and data-in-transit. A self-service interface exists for DBAs and/or authorized users to manage security. An information asset inventory and relationship map is able to predict impacts of changes in some areas. Metadata and taxonomies are defined, implemented, and formally managed in one or more repositories with more reliance upon policy-based management to ensure proper configuration and adherence to policies. Business has begun to consolidate data, management plans, and policies for consistency across information stores. Business processes follow a model-driven, dynamic approach. IT manages a SOA-based application infrastructure, comprised of LOB back ends and composite applications that extend them and has complete monitoring of integration scenarios across the cloud and on-premises applications. User experience is a full part of the site development process, but refinements to the overall process can be made. Up-to-date versions of rich Internet technologies are used, and are often used appropriately, but not always (for example, plug-in based applications may be used to provide site navigation). The organization overall realizes that services and UI needs to blend, start rationalizing which UI standard they will be driving to, and move to a point where every service has a face that is consumable for composing new applications. End users can share their created solutions back to the repository. Mechanisms exist to allow for ranking and rating of solutions and components. A managed central repository of all configuration items, assets, and systems provides dependency maps, reporting, and metrics for development and operations teams across the organization to manage integrations, performance, and scale. End-to-end dynamic integration enables more complete automation of data and processes to increase business efficiency. Standardized platforms enable developers to build real-world SOA with built-in governance across enterprises. The organization has selected and implemented a common set of frameworks for major application development and operating environment needs. Developer skill and use of standard frameworks is consistent. A central architecture and engineering practices group has formed with the participation of development and operations teams, and provides valuable guidance to development teams. A standard set of tools and common development approaches are used across multiple development teams in the organization. Developed applications extend line-of-business (LOB) systems (at UX level and mid-tier), extending LOB business logic. IT manages a service-based infrastructure of composite applications that connect and surface best-of-breed LOB systems.
Application Infrastructure Internet Applications
Custom Development
Standards are implemented and an enterprise architect function is established. Costs are measured and used to establish budgets. All applications are fully supported. Consistent, iterative, well-documented, and cross-functional processes exist across the application life cycle. Project estimates consider historical data. High transparency exists within self-directed teams, cross-team transparency, and stakeholder engagement. Project managers track status via centralized tools. Issue tracking is well integrated with change management. Test-driven development is accepted. Applications are designed for testability, with architectural and layer verification and validation. Agile testing is integrated tightly with agile development. Users and stakeholders are engaged on an ad hoc basis. Unit testing, static analysis, and profiling are used regularly. Virtualized test labs are used regularly. Development and test environments are virtualized, and standard virtualized images of development and test environments exist. An integrated platform exists between development and operations for application monitoring, incident reporting and management, actionable defect/incident data from monitored applications, communication through support to development teams, and ubiquitous visibility into issue resolution status.
Phase 3: Core IO
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Hyper-V Server 2008; Hyper-V Server 2008 (Live Migration); Hyper-V Server 2008 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 Enterprise; Hyper-V Server 2008 R2; Hyper-V Server 2008 R2 (Live Migration); Hyper-V Server 2008 R2 (Mixed OS Virtualization, Branch Office Consolidation); Hyper-V Server 2008 R2 Enterprise; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Deployment Toolkit 2010; Microsoft Deployment Toolkit 2012; Opalis; Security Compliance Manager; Security Compliance Manager 2.x; Software Asset Management; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center 2012 Virtual Machine Manager + Concero Project; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; System Center Virtual Machine Manager 2008 R2 (Offline Virtual Machine Servicing Tool 2.1); System Center Virtual Machine Manager Self Service Portal 2.0 ; System Center Virtual Machine Manager Self Service Portal 2.0 plus partner solutions (e.g. V-Kernel); Windows Azure; Windows Azure Platform (Developer portal); Windows Server 2008 R2; Windows Server 2008 R2 (HyperV, Clustering, and Network Load Balancing); Windows Server 2008 R2 (Multi-Site Clustering); Windows Server 2008 R2 (Network Access Protection); Windows Server 2008 R2 (Windows Deployment Services); Windows Server 2008 R2 Enterprise / Datacenter (Hyper-V); Windows Server 2012
Server Security
Forefront Endpoint Protection 2010; Forefront Protection 2010 for Exchange Server; Forefront Protection 2010 for SharePoint; Forefront Protection Server Management Console; Forefront Security for Exchange Server ; Forefront Security for Office Communications Server; Forefront Security for SharePoint; Forefront Server Security Management Console; Forefront Threat Management Gateway 2010 (Virtual Private Network); Forefront Threat Management Gateway 2010 (Web antivirus/anti-malware protection, Network Inspection System); Forefront Unified Access Gateway 2010; Forefront Unified Access Gateway 2010 (Endpoint access controls); Intelligent Application Gateway 2007; Intelligent Application Gateway 2007 (Endpoint and Access Security); Internet Security and Acceleration Server 2006 (Multi-Networking); Internet Security and Acceleration Server 2006 (Virtual Private Network); Opalis; System Center 2012 Configuration Manager; System Center 2012 Endpoint Protection; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Configuration Manager 2007 R3; System Center Service Manager 2010; Windows Server 2008 R2; Windows Server 2008 R2 (Windows Firewall, Network Policy and Access Services); Windows Server 2008 R2 Enterprise (Windows Firewall, Network Policy and Access Services); Windows Server 2012
Networking
Forefront Threat Management Gateway 2010; Forefront Threat Management Gateway 2010 (Quality of Service); Internet Security and Acceleration Server 2006; Internet Security and Acceleration Server 2006 (Quality of Service); Opalis; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Virtual Machine Manager; System Center Operations Manager 2007 R2; System Center Virtual Machine Manager 2008 R2; Windows 7; Windows 7 (Policy-based Quality of Service); Windows 8; Windows Azure; Windows Server 2008 R2; Windows Server 2008 R2 (Domain Name System server); Windows Server 2008 R2 (Dynamic Host Configuration Protocol server); Windows Server 2008 R2 (Policy-based Quality of Service); Windows Server 2012 System Center 2012 Data Protection Manager; System Center 2012 Operations Manager; System Center 2012 Virtual Machine Manager; System Center Data Protection Manager 2010; System Center Virtual Machine Manager 2008 R2; Windows Azure; Windows Azure Platform; Windows Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Server 2008 R2 (Hyper-V) + Hardware pooling; Windows Server 2008 R2 Enterprise (Failover Clustering); Windows Server 2008 R2 Enterprise (Failover Clustering) + third party host/storage replication; Windows Server 2012 (Cluster); Windows Server 2012 (File Classification Infrastructure); Windows Server 2012 (HyperV Replica); Windows Server 2012 (Storage Spaces); Windows Storage Server 2008 (Windows Rights Management Services); Windows Storage Server 2008 + Hardware pooling; Windows Storage Server 2008 + third party host/storage replication; Windows Storage Server 2008 Enterprise (Failover Clustering); Windows Storage Server 2008 R2 (File Classification Infrastructure, Windows Rights Management Services); Windows Storage Server 2008 R2 + Hardware pooling; Windows Storage Server 2008 R2 + third party host/storage replication; Windows Storage Server 2008 R2 Enterprise (Failover Clustering) Exchange Server 2007; Exchange Server 2007 (ActiveSync); Exchange Server 2010; Exchange Server 2010 (ActiveSync); System Center 2012 Configuration Manager; System Center 2012 Mobile Device Manager; System Center 2012 Operations Manager; System Center 2012 Service Manager; System Center Configuration Manager 2007 R3; System Center Mobile Device Manager 2008; System Center Mobile Device Manager 2008 (Enrollment Auto Discovery); System Center Service Manager 2010; Windows Azure; Windows Embedded Device Manager 2011; Windows Intune; Windows phone 7.5; Windows Phone 8
Storage
Device Security
Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010 (Network Inspection System); Internet Security and Acceleration Server 2006; System Center 2012 Endpoint Protection; Windows 7 (Firewall); Windows 8; Windows Intune (not for non-PC devices); Windows Server 2008 R2 (Network Access Protection); Windows Server 2012
Phase 3: Core IO
Continued
B S R D
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Identity & Access
Forefront Identity Manager 2010 (Credential Management); Forefront Identity Manager 2010 (Policy Management); Forefront Identity Manager 2010 (User Management); Forefront Identity Manager 2010 R2; Hyper-V Server 2008 (Read-Only Domain Controller); Hyper-V Server 2008 R2 (Read-Only Domain Controller); Windows 7; Windows 8; Windows Azure; Windows Azure (Active Directory Access Control); Windows Azure Platform (Windows Identity Foundation, Active Directory Access Control); Windows Server 2008 R2 (Active Directory Domain Services, Group Policy); Windows Server 2008 R2 (Active Directory Domain Services, Read-Only Domain Controller); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Certificate Services); Windows Server 2008 R2 Enterprise / Datacenter (Active Directory Federation Services); Windows Server 2012
Compliance Management Libraries; Compliance Management Libraries 2.0; Data Classification Toolkit; Distributed Connectivity Services; Forefront Endpoint Protection 2010; Forefront Threat Management Gateway 2010; Hyper-V Server 2008; Hyper-V Server 2008 R2; Internet Security and Acceleration Server 2006; IT Governance, Risk and Compliance process management pack; IT Governance, Risk and Compliance process management pack 2.0; Microsoft Security Assessment Tool; Office Project Portfolio Server 2007 (prioritize and evaluate competing investments); Office Project Professional 2007; Office Project Server 2007; Office SharePoint 2007; Office SharePoint 2007 (Lists); Office SharePoint Server 2007; Opalis; PowerShell 2.0; Project Professional 2010; Project Server 2010; Security Compliance Manager; Security Compliance Manager 2.x; SharePoint 2010; SharePoint 2010 (Lists); SharePoint Server 2010; System Center 2012 App Controller; System Center 2012 Configuration Manager; System Center 2012 Data Protection Manager; System Center 2012 Endpoint Protection; System Center 2012 Operations Manager; System Center 2012 Orchestrator; System Center 2012 Service Manager; System Center 2012 Virtual Machine Manager; System Center Cloud Services Process Pack; System Center Configuration Manager 2007 R3; System Center Data Protection Manager 2010; System Center Operations Manager 2007 R2; System Center Service Manager 2010; System Center Virtual Machine Manager 2008 R2; Visio Professional 2007; Visio Professional 2010; Windows Azure; Windows Server 2008 R2 (Active Directory Domain Services); Windows Server 2012
Phase 3: BPIO
B S R D Workspaces
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2007 (client integration with SharePoint); Office 2007 (Groove 2007: offline collaborative workspaces); Office 2010; Office 2010 (client integration with SharePoint); Office 2010 (SharePoint Workspace 2010: offline collaborative workspaces); Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007; Office SharePoint Server 2007 (document workspaces); Office SharePoint Server 2007 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow); Office SharePoint Server 2007 (offline collaborative workspaces); SharePoint Designer 2007; SharePoint Designer 2007 (Workflows); SharePoint Designer 2010; SharePoint Designer 2010 (Workflows); SharePoint Server 2010 (coauthoring); SharePoint Server 2010 (document workspaces); SharePoint Server 2010 (integrated presence, Outlook Web Access Web Parts, news and announcement Web Parts, out-of-the-box workflow); SharePoint Server 2010 (offline collaborative workspaces, Web applications and companions, mobile-device view)
Portals
Duet Enterprise for Microsoft SharePoint and SAP; Office 2007 (composite applications, Office Business Applications, Duet); Office 2010 (SharePoint Workspace 2010: integrate line-of-business data offline and online); Office SharePoint Server 2007; Office SharePoint Server 2007 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail); SharePoint Server 2010 (Business Connectivity Services); SharePoint Server 2010 (SharePoint site administration, Active Directory Domain Services integration with SharePoint, audit trail)
Social Computing Collaboration
Project Mgt
Exchange Server 2007; Exchange Server 2010; Lync 2010; Lync Server 2010; Office 2007; Office 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office SharePoint Server 2007 (document collaboration); Office SharePoint Server 2007 (document workspaces); Project 2007; Project 2007 (Gantt charts, calendars, task sheets, and visual reports); Project 2010; Project 2010 (Gantt charts, calendars, task sheets, visual reports, resource scheduling view, user-controlled scheduling, top-down summary tasks, task inspector, timeline view, incremental/granular leveling, synchronize with SharePoint task lists); Project Portfolio Server 2007 (portfolio builder, portfolio governance workflow engine, portfolio prioritization, proposal management); Project Server 2007 (resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2007 (task creation and delegation, status reports, timesheets); Project Server 2007 (visual reports, resource availability graphs, and budget tracking); Project Server 2010 (business driver definition and prioritization, project portfolio prioritization, governance); Project Server 2010 (enhanced collaboration and reporting, resource management, resource leveling, Outlook integration, automated e-mail notifications, project updates, server-side scheduling); Project Server 2010 (schedule management, financial management, time and task management); Project Server 2010 (task creation and delegation, status reports, timesheets, time tracking improvements, user delegation); SharePoint Server 2010 (document collaboration); SharePoint Server 2010 (document workspaces)
Information access
Office SharePoint Server 2007 (federated search connectors, people search); SharePoint Server 2010 (FAST search usage rights, federated search connectors, people search); FAST Search Server 2010 for SharePoint (federated search, connectors and content ingestion); Office 2010 (Outlook: keyword tagging for e-mail); Office 2007
Interactive experience and navigation
Messaging
Exchange Server 2007; Exchange Server 2010; Forefront Protection 2010 for Exchange Server; Forefront Security for Exchange Server; Outlook 2007; Outlook 2010; Outlook Mobile 2007; Outlook Mobile 2010; Outlook Web Access (premium experience)
Phase 3: BPIO Continued

B S R D IM/Presence Unified Communications Conferencing
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Forefront Security for Office Communications Server; Lync 2010; Lync Server 2010; Office Communications Server 2007 R2; Office Communicator 2007 R2; Office Communicator Web Access 2007 R2; Office SharePoint Server 2007; SharePoint Server 2010
Voice
Information Mgt
Process Efficiency
Compliance Content Creation and Management
Authoring
Office 2007; Office 2010 (contextual UI menu); Office 2010 (PowerPoint: resizing and cropping videos with 3-D effects); Office SharePoint Server 2007; SharePoint Server 2010 (digital asset management including thumbnails, metadata, tagging, and ratings for images as well as video streaming); SharePoint Server 2010 (document sets); Visio 2007 (quick shapes mini toolbar, enhanced dynamic grid, page auto size, automatic alignment and layout adjustment); Visio 2010 (quick shapes mini toolbar, enhanced dynamic grid, page auto size, automatic alignment and layout adjustment)
Multi-Device Support
Exchange Server 2007; Exchange Server 2010; Lync 2010 (instant messaging); Lync Server 2010 (instant messaging); Office 2007; Office 2010 (Fluent UI); Office 2010 (PC, phone, and browser, 64-bit Office client deployment and authoring); Office Communications Server 2007 R2 (instant messaging); Office Communicator 2007 R2 (instant messaging); Office Mobile 2010 (view and edit documents from a mobile device); Office SharePoint Server 2007; Office Web Apps (store, edit, and share documents online); SharePoint Server 2010 (Fluent UI); SharePoint Server 2010 (mobile access enhancements, view and edit documents, spreadsheets, presentations, and notebooks in the browser); Visio 2007; Visio 2010 (rich client, share diagrams with others on the Web)
Interoperability
User Accessibility
Phase 3: APO
B S R D Business Intelligence BI and Analytics Platform Data Warehouse Management Big Data
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Data Mining Add-ins for Microsoft Office; Office Professional 2010 (Excel 2010); Office SharePoint Server 2007; PivotViewer; Power View; PowerPivot; Report Builder; SharePoint 2010 Enterprise (Activity Feeds, Visio Services); SharePoint 2010 Enterprise (Insights, Excel Services, Visio Services, PerformancePoint Services); SharePoint 2010 Standard; SQL Azure; SQL Azure Reporting; SQL Server 2008 R2; SQL Server 2012; SQL Server Analytic Services; SQL Server Reporting Services; Visio 2007; Visio 2010 SQL Server 2008 R2; SQL Server 2012; SQL Server 2012 (Data Quality Services); SQL Server 2012 (Master Data Services); Visual Studio 11; Visual Studio 2008 (BI Development Studio); Visual Studio 2010
Information Services and Marketplaces
Transaction Processing Database and LOB Platform
Data Management
Office Professional 2010; Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008; SQL Server 2008 R2; SQL Server 2012
.NET Framework; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Internet Information Services (IIS) 6; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office PerformancePoint Server; Office Professional 2010 (Word 2010, Excel 2010, PowerPoint 2010, Visio 2010); Office SharePoint Server 2007; SharePoint 2010; SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Window Server 2008; Windows Azure AppFabric; Windows Communications Foundation (WCF) Services; Windows Server 2008; Windows Server 2008 R2; Windows Server 2008 R2 (Hyper-V); Windows Server 2012; Windows Server AppFabric
.Net Framework; Expression Studio 3; Expression Studio 4; Expression Web 4; Internet Information Services (IIS) 7; Internet Information Services (IIS) 8; Office SharePoint Server 2007; SharePoint 2010; Silverlight; Visual Studio 11; Visual Studio 2008; Visual Studio 2010 Premium; Visual Studio 2010 Professional BizTalk ESB Toolkit; BizTalk Server 2006 R2; BizTalk Server 2009; BizTalk Server 2010; Office Professional 2010 (Access 2010); Office SharePoint Server 2007; Office SharePoint Server 2007 (Business Data Catalog); SharePoint 2010; SharePoint 2010 (Business Connectivity Services); SQL Server 2008 R2; SQL Server 2012; System Center 2007; System Center 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Windows Server AppFabric .NET Framework; BizTalk ESB Toolkit; BizTalk Server 2009; BizTalk Server 2010; SQL Azure; SQL Server 2008 R2; SQL Server 2012; System Center 2012; System Center Operations Manager 2007 R2; Visual Studio 11; Visual Studio 2010 Professional; Windows Azure AppFabric; Windows Server AppFabric
SQL Server 2008 R2; SQL Server 2012; Visual Studio 11; Visual Studio 2008; Visual Studio 2010; Visual Studio Team Foundation Server 2010; Windows SDK
Office Professional 2010; Project 2010; Visual Studio 11; Visual Studio 11 Team Foundation Server; Visual Studio 2008; Visual Studio 2010; Visual Studio 2010 Ultimate; Visual Studio Team Foundation Server 2010; Visual Studio Test Professional 2010
Phase 3
PHASE DEFINITION
MAPPING
TECHNOLOGIES
Phase 3
PHASE DEFINITION
MAPPING
TECHNOLOGIES
* Recommended, not required
Agenda

Customize the Solution Requirements Next Steps
Example: Steps to Customize the Solution

Customize the pre-defined solutions (Phase 1, Phase 2, or Phase 3) by doing the following:
Understand your priorities
Identify your top-priority business drivers Identify the business capabilities in the Capability Discussion Guide that match your priorities (see below)
Choose a starting point

Choose the phase (Phase 1, Phase 2, or Phase 3) that corresponds to your priorities
Adjust the mapping

Add, remove, or adjust capabilities
Example: Customized Solution Requirements

Example Solution Area: Phase 1
B S R D Deployment and management of software updates are tool based. The organization actively uses virtualization to consolidate resources for production workloads. Some production server resources are virtualized. A virtualized server pool is offered as a service. Performance monitoring of physical and virtual hardware with defined SLAs; health monitoring of applications; supported across heterogeneous environments with manual remediation. Services are available during server failure (for example, server clustering, hot spares, and virtualization recovery solution). Data Center Mgt & Virtualization
Server Security
Protection against malware is centrally managed across server operating systems within organizations, including the host firewall. Protection for select mainstream/non-custom applications and services (such as email, collaboration and portal applications, and instant messaging), if available, is centrally managed. Integrated perimeter firewall, IPS, web security, gateway antivirus, and URL filtering are deployed with support for server and domain isolation; network security, alerts, and compliance are integrated with all other tools to provide a comprehensive scorecard view and threat assessment across data center, application, organization, and cloud boundaries. Remote access is secure, standardized, and available to end users across the organization.
Networking
Redundant Domain Name System servers exist to provide fault tolerance. Dynamic Host Configuration Protocol servers are network-aware and include support for automatic configuration. Network quality of service (basic prioritization of applications and services) is standard, with manual allocation of available bandwidth. IPv4 is present for main transport services, using IPv6 for some transport services (for example, to achieve a larger address range). If a single disk or system component fails, no data is lost but data availability may be interrupted. Critical data is backed up on a schedule across the enterprise; backup copies are stored offsite, with fully tested recovery or failover based on service-level agreements. Mobile device access configuration is automated and is pushed over-the-air. A solution is in place to configure and update devices. Mobile phones are used for over-the-air synchronization with email, calendar, and contacts. Protection against malware is centrally managed for desktop systems and laptops and includes a host firewall; non-PC devices are managed and protected through a separate process.
Storage Device Mgt & Virtualization Device Security
Client Services
Identity & Access
To control access, simple provisioning and de-provisioning exists for user accounts, mailboxes, certificates or other multi-factor authentication methods and machines; access control is role-based. Password policies are set within a directory service to enable single sign-on across boundaries for most applications. Password resets occur through internal tools or manual processes. There is a centralized group/role based access policy for business resources, managed through internal tools or manual processes. Most applications and services share a common directory for authentication across boundaries. Point-to-point synchronization exists across different directories.
Persistent information protection exists within the trusted network to enforce policy across key sensitive data (such as documents and email); policy templates are used to standardize rights and control access to information.
IT policies are documented for each IT service. Each IT service has a process to manage bug handling and design changes; IT services are tested according to defined test plans based on specifications. IT service release and deployment processes are formally defined and consistently followed. Each IT service provides service-level and operational-level agreements. Processes to manage incidents are in place for each IT service. Monitoring, reporting, and notifications are centralized for protection against malware, protection of information, and identity and access technologies. Problem management processes are in place for each IT service, with self-service access to knowledge base. Risk and vulnerability are formally analyzed across IT services; IT compliance objectives and activities are defined and audited for each IT service.
Example: Tips to Customize the Solution

Consider using an alternate maturity level that corresponds to your requirements
Keep a
capability if you are unsure whether you need it
Identify, document, and discuss how a capability may be relevant
Server Security helps protect and secure the server infrastructure at the data center from viruses, spam, malware, and other intrusions.
Agenda


Next Steps
Engagement Approach
Business strategy Solution areas
Audience
Industry
Horizontal
Business executives
1. Understand business needs and priorities 2. Discuss range of potential solution capabilities
IT executives
1. Present relevant integrated capabilities 2. Position the Integrated Enterprise Platform approach
Architects IT pro/dev executives
Integrated Capability Analysis => Projects, architecture, products
Solution road map
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

PrivateCloud Solution Implementer Guide

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

PrivateCloud Solution Implementer Guide

Загружено:

Авторское право:

Доступные форматы

Private Cloud

Solution Implementer Guide

Recap Discussions to Date Solution Guidance

Customize the Solution Requirements

Architects IT pro/dev executives

Integrated Capability Analysis => Projects, architecture, products

Solution road map

Integrated Capability Analysis

Support for Priority Business Capabilities

Support for Priority Business Capabilities

Support for Priority Business Capabilities

Support for Priority Business Capabilities

Recap Discussions to Date Solution Guidance

Customize the Solution Requirements

Sophistication of the Solution

ADOPT A RESPONSIVE, FLEXIBLE, AND INTEROPERABLE APPLICATION PLATFORM

TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS

Recap Discussions to Date Solution Guidance

Customize the Solution Requirements

IMPROVE DATA CENTER RELIABILITY AND RESPONSIVENESS AND REDUCE COSTS

TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS

Device Deployment and Management

Device Mgt & Virtualization

Identity & Security Services

Identity & Access

IT Process & Compliance

Information access Interactive experience and navigation

Conferencing Voice Information Mgt

Content Creation and Management

Component and Service Composition Custom Development

Application Lifecycle Management

Datacenter Mgt and Virtualization

Device Deployment and Management

Device Mgt & Virtualization

Device Security Identity & Access Information Protection & Control

Identity & Security Services

IT Process & Compliance

Information access Interactive experience and navigation Messaging

IM/Presence Conferencing Voice Information Mgt Process Efficiency Compliance

Content Creation and Management

Multi-Device Support Interoperability User Accessibility

Office 2007; Office 2007(accessibility investments); Office 2010(accessibility investments)

Component and Service Composition

Enterprise Integration Development Platform

Application Lifecycle Management

Recap Discussions to Date Solution Guidance

Customize the Solution Requirements

IMPROVE DATA CENTER RELIABILITY AND RESPONSIVENESS AND REDUCE COSTS

TRANSFORM IT DELIVERY MODEL TO ALIGN WITH BUSINESS NEEDS

Server Security Networking

Device Deployment and Management

Device Mgt & Virtualization

Identity & Security Services

Identity & Access

IT Process & Compliance

Information access Interactive experience and navigation

Conferencing Voice Information Mgt

Content Creation and Management

Multi-Device Support Interoperability

BI and Analytics Platform

Data Warehouse Management

Information Services and Marketplaces

Database and LOB Platform

Phase 2: APO Continued