Technet Ireland IOI

1
Welcome
2
Stay Connected with Microsoft Ireland
http//www.microsoft.com/ireland/technet

• TechNet Ireland - Resources for IT Professionals
• Irish TechNet Newsletter
• Events
• Microsoft technology user groups (SQL/NIMTUG)
• Early access to betas
• Community support
• Dont forget to hand back the evaluation forms
• colmt_at_microsoft.com / daven_at_microsoft.com

3
Agenda

• 1400 Setting the scene IOI
• 1415 Active Directory and IPSec
• 15.30 Tea / Coffee
• 1545 MOM
• 1700 Refreshments

4
A Crisis Of Complexity
5
Solving The ChallengeInfrastructure Optimization
6
Managed and consolidated IT Infrastructure with
maximum automation
Fully automated management, dynamic resource
Usage , business linked SLAs
Managed IT Infrastructure with limited
automation
Uncoordinated, manual infrastructure
More Efficient Cost Center
Business Enabler
Strategic Asset
Cost Center
Based on the Gartner IT Maturity Model
7
Technology View of Model
8
Technology View of ModelOne Example
Data Protection Recovery

• Local user data stored randomly and not backed up
  to network
• Any backup happens locally
• No user state migration available for deployment

• Standards for local storage in My Docs but not
  redirected or backed up
• Any backup happens at workgroup level
• Backup/restore on critical servers
• Some automation of user state migration available
  for deployment

• Users store data to My Docs and synched to
  server
• Backup managed at company level
• Backup/restore of all servers with SLAs
• User state is preserved and restored for
  deployment

• Self managed backup and restore on all servers
  and desktop data with SLAs

9
Translating IOI into action
10
Know what you have
11
Measure impact of change
Point Solutions
Integration Standards Based Common
Tools Strategically Aligned Exception Management
Core Applications
Server SAP Dev File Print Messagin
g Web
Client Messaging SAP Antivirus
Remote Control Office Internet FileNET Utilitie
s
Suppor t
Management
Security
File\Print\Fax Servers
Platform
Server Single Manufacturer Certified
Installs Standard Build Managed
Client Single Manufacturer Gold Build Version
Control Other devices (PDA, mobile, etc.)
File\Print\Fax Servers
Domain
Network Services DHCP etc.
Authentication AD, SSO, etc
Name Services DNS, WINS
Replication
Network
WAN
LAN
RAS
Internet
12
AD Forest, Domain and OU Design GPOs

• Common Practices/Tips and Tricks

13
Forest/Domain Design

• Majority of Active Directory Forests being
  implemented are single forest/single domain
• separate development/pre-production forests
• Multiple NT4 production domains collapsed into
  single domain
• Significant impact on administration
  centralised (some delegation of tasks)
• Tip Always start from single forest/single
  domain when planning
• Try to avoid non-technical influences
• Tip Two things that negatively affect AD
• Bad replication design
• Bad Group Policies

14
OU Design

• OU creation based on
• Delegation of Administration
• Application of GPOs
• Increasing use of security/WMI filtering of GPOs
• Choice of 3 basic models reflect
• Resources
• Geography
• BU Structure
• Tip use a top level OU
• Tip moving objects between OUs affects
• GPOs applied
• Scripts
• Tip Naming Conventions

15
GPOs

• Minimum should be
• Domain and Security policies
• Automatic updates
• Windows Firewall
• Remote Desktop/Remote Assistance/Remote Control
• Internet Explorer configuration
• Restricted Groups
• Office ADMs
• Tip Take as much configuration out of the
  standard build process into Group Policy as
  possible
• Tip netstat ano
• Tip Disable unused portions of GPOs
• Tip Naming Conventions
• Link Group Policy Settings Reference for Windows
  Server 2003 with Service Pack 1

16
Demo

• Different OU Strategies
• GPOs (Firewall, etc)

17
IPSec

• Whats it about?
• Ensure only managed/known devices communicate
  with each other
• IPSec or 802.1x?
• Gathering momentum with Networking teams take
  control of the options!
• Whats achievable in standard environments?
• Domain Isolation (full or partial)
• Server Isolation in Isolated Domain
• What is an IPSec Policy
• Filters to identify machines and protocols/ports
• Actions to taken when traffic matches a filter
• Tip Mandatory - Ensure that core domain traffic
  - Domain Controllers, WINS, DNS, DHCP etc. etc.
  is filtered out and always allowed
• Tip Keep it simple, get comfortable
• Link IEEE 802.1X for Wired Networks and Internet
  Protocol Security with Microsoft Windows

18
Demo

• IPSec

19
Coffee BreakBack _at_ 1540
20
Microsoft Operations Manager
21
MOM 2005 Management Packs
Active Directory Application Center 2000
Automated Deployment Services (ADS) BizTalk
Server 2002 Enterprise Edition Biztalk Server
2004 Commerce Server 2000 Domain Name Service
(DNS) Dynamic Host Configuration Protocol (DHCP)
Exchange Intelligent Message Filter Exchange
Server 2000 and 2003 Exchange Server Best
Practices Analyzer Exchange 5.5 Group Policy
Host Integration Server 2000 Internet
Information Services (IIS) Internet Security and
Acceleration (ISA) Server Live Communications
Server 2003 Live Communications Server 2005
Microsoft Baseline Security Analyzer Microsoft
Distributed Transaction Coordinator Microsoft
Identity Integration Server 2003 Microsoft
Message Queuing (MSMQ) Microsoft Office Project
Server 2003 Microsoft Server Clusters Microsoft
SharePoint Portal Server 2003 Microsoft
Transaction Server (MTS)
Microsoft Windows File Replication Service
Microsoft Windows SharePoint Services Microsoft
Operations Manager 2005 .NET Framework Network
Load Balancing Password Change Notification
Service Proxy Server 2.0 Routing Remote
Access Service for Windows 2000 Routing Remote
Access Service for Windows Server 2003 SNA
Server 4.0 SQL Server Systems Management Server
2.0 Systems Management Server 2003 Terminal
Services Virtual Server Web Sites and Web
Services Windows Base Operating System Windows
DFS Service Windows DHCP Service Windows File
Replication Service Windows Internet Name
Service (WINS) Windows Media Services Windows
Print Server Windows Rights Management Services
Windows System Resource Manager Windows
Terminal Server
22
3rd Party MOM Management Packs
3Com AirDefense Anti-Virus Applications APC
UPS AVICode Intercept Studio BayNetworks
(Nortel) Bindview BlackBerry Enterprise
Server Brocade Cisco Cisco PIX Firewalls Cisco
Routers Cisco Switches Cisco VPN
Concentrators Citrix MetaFrame XP Debian Linux
Dell OpenManage EMC EqualLogic SAN Foundry
FreeBSD Generic SNMP HP Insight Manager HP
Integrity
Sun Solaris SuSe Linux Synoptics (Nortel) Tidal
Enterprise Scheduler Veritas Backup Exec
VMWare Wellfleet (Nortel) WindowsCE CONNECTORS
Aprisma SPECTRUM, BMC Impact CA Solve for z/OS,
CA Unicenter Clarify Amdocs, Fujitsu-Siemens
ServerView HP Network Node Manager HP OpenView
Operations (OVO) Maranti Networks, Metilinx
Connector Micromuse NetCool, NetIQ AppManager
OpalisRobot, Peregrine Service Center Quest
InTrust, Remedy ARS, Siebel HelpDesk SMARTS
InCharge, Tivoli Enterprise Console Tivoli
Information/Management for z/OS Tivoli Net View
Connector, Tivoli Service Desk Tivoli Net View
for OS/390, Vantive
HP ProLiant HP Tru64 HP-UX IBM AIX IBM FastT
storage iVision Liebert Lotus Domino Mac OS
X Magellan-Passport (Nortel) Mandrake
Linux MiraPoint NetApp NetBSD NetScreen Nice Open
BSD OpenVMS Oracle RDBMS Generic Syslog RedHat
Linux SAP R3 SCO Unix F5 Network BigIP
23
MOM

• Why MOM (from a field perspective?)
• Why implement any mission critical environment
  without MOM?
• Always asked What should we monitor in AD, or
  Exchange, or SQL?
• Answer what MOM monitors
• Knowledge driven intended to supply the
  resolution with the problem
• SO easy to integrate with other management tools
• Dell OpenManage Server Administrator, HP Insight
  Manager
• SLA evidence (Reporting)
• It isnt expensive
• Tip Check for MPs regularly
• Tip MOM on SQL SP4 gotchas

24
Demo

• MOM install - guidance
• Agent deployment
• MP imports
• Reporting
• Create Management Packs
• MOM 2005 Resource Kit
• Extending MOM

25
(No Transcript)
26
Additional Links

• Service overview and network port requirements
  for the Windows Server system -
  http//support.microsoft.com/default.aspx?scidkb
  en-us832017
• MOM Management Packs - http//www.microsoft.com/ma
  nagement/mma/catalog.aspx
• Windows Server System Reference Architecture -
  http//www.microsoft.com/technet/itsolutions/wssra
  /raguide/default.mspx
• Windows XP Security Guide - http//www.microsoft.c
  om/technet/security/prodtech/windowsxp/secwinxp/de
  fault.mspx
• Windows Server 2003 Security Guide -
  http//www.microsoft.com/technet/security/prodtech
  /windowsserver2003/w2003hg/sgch00.mspx
• What's New in Windows Server 2003 R2 -
  http//www.microsoft.com/windowsserver2003/r2/what
  snewinr2.mspx