A apresentação está carregando. Por favor, espere

A apresentação está carregando. Por favor, espere

Cenários Práticos de Utilização de MOF (Microsoft Operations Framework) Danilo Bordini Especialista de Infraestrutura http://blogs.technet.com/dbordini.

Apresentações semelhantes


Apresentação em tema: "Cenários Práticos de Utilização de MOF (Microsoft Operations Framework) Danilo Bordini Especialista de Infraestrutura http://blogs.technet.com/dbordini."— Transcrição da apresentação:

1 Cenários Práticos de Utilização de MOF (Microsoft Operations Framework)
Danilo Bordini Especialista de Infraestrutura

2 Agenda Desafios de IT / Governança
Microsoft® Operations Framework (MOF) & Continuous Improvement Roadmap (CIR) Aplicação Prática em Cenários

3 Infraestrutura - Desafios
Crescimento Serviço ao Cliente Gerenciamento de Dispositivos Mobilidade Servidores em várias localidades Plataformas legadas Instalação e manutenção Gerenciamento de Identidade Software updates Ataques maliciosos, vírus, spam, etc Gerenciamento de patches, VPNs, etc Acesso seguro (funcinários, parceiros e clientes

4 Tecnologia da Informação – Complexidade e Custos
Custos de Infraestrutura Suporte $$ Custo de Gerenciamento 1994 1997 2000 2003 2006 2008+ Cliente Servidor Distribuídos Sistemas Dinâmicos

5 Faça Mais com Menos

6 Pressões – Tecnologia da Informação
Aumentar disponibilidade e funcionalidade Diminuir custos de operação Níveis de Serviço Valor de Negócio Tecnologia da Informação (IT) Custos Eficientes Aumentar níveis de resposta Aumentar segurança Governança

7 Como os Problemas dos CEO irão direcionar estratégias de TI (2006)*
Diminuição do Crescimento Econômico Flexibilidade nos Portifólios de TI Aumento da Competição Aumentar Produtividade e Diminiur Custos (BPM,SOA) Executivos com problemas com o excesso de informações Disponibilização Ferramentas de Produtividade para Executivos Seniores TI pode encorajar o Crescimento Mudar o foco para explorar as informações TI pode inibir mudanças Ajuda em gerenciar mudanças estratégicas Fusões e Aquisições estão de volta Implementar arquiteturas de negócio modulares ROA (Retorno sobre Ativo) está ganhando espaço Avalie os investimentos de TI para ROA *Fonte: How CEO concernsat Year-End 2005 Should Drive IT Strategies Gartner Research – 09/01/2006 – Mark Raskino, Jorge Lopez, Ken McGee

8 Portifólio de TI Gerenciado
Business Scorecard SLA Design IT Run IT Operations Framework Microsoft Windows Server System Reference Architecture Changing Functions Catálogo de Serviços Operating Functions Supporting Functions Messaging Service ERP Service Authentication Service Network Service Optimizing Functions So now let’s have a more specific look at the life of IT. In it’s simplest form, IT is tasked with maintaining a catalogue of IT services. Some services are delivered in support of the business with service level agreements, others are in support of those services. This gives rise to a whole set of capabilities and dependencies that must be developed and maintained in a coherent fashion to ensure consistent levels of security, reliability and manageability. <click> Not only do we need to worry about consistently applying best practice design to evolve that catalogue of services, but there are also all the service management considerations that must be catered to. Change functions include Change, Configuration an release management Operating functions include Systems Admin, Directory Admin, service monitoring and control Supporting functions include Service Desk, problem management Optimizing functions include Service Level Management, Capacity management All these service management considerations must be consistently applied across the whole catalogue of service, hence this orthogonal view depicted in the diagram. For example, you only want one change system, you want one service monitoring function, you want a holistic approach to capacity management etc. etc. This is how WSSRA and the Microsoft Operations Framework are complimentary – helping you design it right and run it right for an optimized service portfolio. Random messages/tenets/talk points IT organizations need to manage an IT service portfolio, through the IT lifecycle, and deliver value to the business Best practice (knowledge) must be applied through the IT lifecycle to ensure solutions are designed right, deployed right and run right Software models are the key to carrying forward best practice through the IT lifecycle Understanding the capabilities our customers need in their IT service portfolio helps us relate our product offerings in a very contextual fashion and best solve problems Microsoft has many assest which when applied together enable our customers to be successful and enabled with the Microsoft platform. WSSRA Helps you design quality services leveraging Microsoft Products MSF Helps you deploy services effectively and efficiently MOF Provides descriptive and prescriptive guidance with People Process and Enabling technologies on effectively delivering services ... OLA

9 O que é Governança de TI A especificação dos direitos decisórios e do framework de responsabilidades para estimular comportamentos desejáveis na utilização da TI* Fonte: Governança de TI - Tecnologia da Informação Peter Weill, Jeanne W. Ross Editora M.Books

10 Agenda Desafios de IT Microsoft® Operations Framework (MOF) & Continuous Improvement Roadmap como solução Aplicação Prática em Cenários

11 MOF Resolve ?

12 Necessidades do Negócio
MSF e MOF Frameworks Soluções Necessidades do Negócio Alterações Entrega do Serviço

13 Microsoft Operations Framework
Identifica e constrói melhores práticas nos produtos Microsoft habilitando o bom gerenciamento Provê guias para melhorias contínuas no gerenciamento de TI Provê guias para gerenciar e efetivamente responder às pressões com gerenciamento de serviços de TI

14 MOF e ITIL Information Technology Infrastructure Library (ITIL)
Microsoft define muitos princípios de ITIL através do MOF MOF faz ITIL ser aplicável aos produtos Microsoft

15 Capacidade de Serviço Processos Tecnologia Pessoas
Automação através de produtos e ferramentas Consistente e repetitivo Claramente define regras, responsabilidades e conhecimentos Processos Tecnologia Pessoas

16 Modelos MOF Modelo Processo Modelo Time Modelo Risco Operations
Partner Release Infrastructure Support Service Security Modelo Processo Modelo Risco Learn Control Track Analyze Plan Identify

17 MOF Modelo Processos & SMFs
The process model is all about driving due consideration through IT operations and having a standard approach to managing process. The service management functions within the 4 quadrants of changing, operating, supporting and optimizing are a way of collecting processes into a given structure (in this case like-activities) and given taxonomy (notice the ITIL terminology) and then understanding the inter-relationships between them. Service Management Functions IT SMFs are the core of the MOF process model. Although no SMF is exclusive to a given quadrant in MOF, each SMF has a “home” quadrant or primary planning and execution quadrant. Grouping SMFs with a primary MOF quadrant is a more intuitive way to introduce an SMF in the context of the process model. The following is a comprehensive list of MOF SMFs along with their description. Changing Quadrant – SMFs in the changing quadrant serve to align change in the production environment with IT business drivers. By instituting a formalized process for identifying needed changes and releasing secure, compatible solutions, these SMFs help IT forestall a common, and often significant source of downtime and mitigation cost. Configuration management serves the entire suite of IT processes, by providing a detailed reference database of critical settings and configurations. Operating Quadrant – Processes within this quadrant focus on maintaining a healthy IT production environment. SMFs here focus on performing routine scheduling, data backup, and directory refresh tasks. Beyond the routine, they also control bandwidth-intensive operations to minimize impact on system performance. A proactive set of best practices encourages operators to mitigate potential system failures before they occur, often utilizing enabling technologies such as Microsoft Operations Manager or other tools. Supporting Quadrant – The processes and IT staff that work within the supporting quadrant comprise IT’s user and customer presence. Service desk is the first line of support for internal and external customer issues. Efficient and effective incident and problem management processes help business minimize support costs through automation, self-help, and the generation of beneficial change to improve system performance and to correct errors. Optimizing Quadrant – Taking the longer view, processes in this quadrant focus on analysis of current system parameters and identification of improvements to reduce or control cost, enhance availability and recovery, improve consistency and quality of service, and maintain compliance with evolving security needs and requirements.

18 Continuous Improvement
ITIL, CMM, CobIT, Six Sigma Governança, Maturidade, Qualidade Compatível ISO20000, ISO17799, ISO9000 Onde você chegou ? Onde você quer chegar ? Negócios IT Drivers Scorecard Progresso Métricas Guias de Gerenciamento de Serviços Programa de melhoria De serviços Estudos de Gerenciamento Como você irá chegar ? Onde você está agora ?

19 Valor Negócio CIR CI Roadmap adiciona valor melhorando os serviços e performance de negócio Identificando Problemas Validando Problemas Determinado as causas raízes Priorizando soluções Unindo soluções para aumentar o valor para o negócio Talk about how in a traditional assessment, a list of issues was created and then fixing those problems was assumed to be the solution. But that’s not necessarily always the case! First, you need to validate that the problems really exist, and then determine the root cause of the problem, and finally, prioritize those issues for fixing. The real added bonus in the MOF CI Roadmap is that it links solutions to the goal of increasing business value – right from the start. (This leads into the next slide)

20 Componentes CIR (Continuous Improvement Roadmap)
MOF Service Management Assessment (SMA) Atualizado - Provê um análise multidimensional de serviços dentro do contexto de valor do negócio MOF Service Improvement Program (SIP) – Melhorias de processo dentro da perpectiva de mudanças contínuas MOF

21 MOF Service Assessment
Focado no valor do negócio Mede a capacidade de gerenciamento de serviços Pessoas, processos e habilitando tecnologia Este serviço é focado em entender a performance atual das pessoas, os processos de TI e habilitar tecnologias para aumentar o valor do negócio.

22 MOF Service Improvement
Provê guias prescritivos e práticos Focado em melhorar a entrega dos serviços Permite ao usuário medir as melhorias Este serviço tem por objetivo melhorar a performance das pessoas e gerenciamento de IT, baseado em estudos e no negócio das empresas.

23 Service Management Guidance
MOF Team Model MOF Modelo de processos para operação MOF Gerenciamento de Riscos (para operadores) Funções de gerenciamento de serviços MOF revisão de operação

24 O que é novo no CI Roadmap
Foco em Boas Páticas CIR Interativo, focado no negócio O gerenciamento de projeto é baseado no “MSF” considerando o processo de melhoria Qualidade Exemplos foram adcionados Criado em Boas Práticas aplicadas nos produtos MS

25 Agenda Desafios de IT / Governança
Microsoft® Operations Framework (MOF) & Continuous Improvement Roadmap (CIR) Aplicação Prática em Cenários

26 Gerenciamento do Active Directory
Cenário Atual O papel do Active Directory Cenários de Implementação e Oportunidades

27 Interfaces tradicionais se multiplicam
Extranet Intranet Clientes Mercado Fornecedor Internet Ambiente heterogêneo, diferente do passado. Vários ambientes sem controle (internet) e muitas vezes desconhecidos

28 Interfaces tradicionais se multiplicam
FTP XML EDI Notes Neon HTTP TCP/IP BizTalk PeopleSoft SAP Internal App X PO X PO MQSeries SMTP FAX Telephony CRM Extranet Intranet Clientes Mercado Fornecedor Internet Vários padrões e produtos pela imposição de diversos fornecedores de sw e hw

29 Confusão !? Single Sign-On Authorization Interoperability Provisioning
Passwords Directories Authentication

30 Gerenciamento do Active Directory
Cenário Atual O papel do Active Directory Cenários de Implementação e Oportunidades

31 O que é Active Directory
O que é Active Directory? Base para gerenciamento de acesso e identidade Account Information Privileges Profiles Policies Single Sign-On Windows Users Network Resources File Shares Printers Windows Servers Configuration Security Quarantine Windows Clients Directories Databases Mainframes UNIX Other Systems Product Information Automated deployment Microsoft Products Quality of Service Security Policies Network Devices Security Policy VPN & Remote Access Firewall Services App-specific directory data Third-Party Applications Operational Efficiency Improved Security Improved Productivity Interoperability Active Directory Muito mais do um simples serviço de diretório ou armazenamento de usuários e grupos. Base para todo o gerenciamento de rede e controle de acesso. Ponto central para gerenciamento de redes e usuários Central de autorização para redes & segurança das aplicações Ponto de integração para conectar sistemas

32 O Papel do Active Directory…
Aumentar eficiência operacional Aumenta em até 30% eficiência de gerenciamento Microsoft® Windows® Reduz o número de diretórios e senhas Gerenciamento central de servidores e desktops Configuração automática de segurança para sistemas Windows Assegura o uso de senhas fortes Simplifica o gerenciamento de acesso para recursos de rede Fortalecer Segurança The Role of AD… Active Directory plays three important roles in any organization: Increase IT Operational Efficiency by: Increasing the efficiency of managing Windows by up to 30% Reducing the number of directories and passwords Centrally managing Windows servers & desktops Strengthening Security by: Automating the lockdown of Windows systems Enforcing the user of strong passwords & credentials Simplifying managing access to network resources And, 3. Improving employee productivity by: Enabling end users to find people, applications and resources faster Empowering employees with rich collaboration capabilities; and, Providing single sign-on to integrated applications and resources Let’s talk about how Active Directory can help you increase IT operational efficiency… Aumentar Produtividade do funcionário Localiza pessoas, aplicações e recursos Fornece ricas capacidades de colaboração Single Sign-on para aplicações e recursos

33 Estudo de Caso 500 funcionários, 17 escritórios remotos
Delegação de tarefas administrativas & economia de $10,000 anualmente Single sign-on reduz custos de help desk em 5% 170 funcionários, 2 sites Tempo de administração reduzido em 30% & economia de $42,000 Group Policy reduz a necessidade de visita física em desktops Case study links – Gibsons: – Energia / Minas K2: – Esporte / Manufatura Pella: – E-commerce / Manufatura 6,800 funcionários, múltiplos sites Group Policy padronizou desktops & controla alterações pelos usuários Economia de $100,000/ano & melhoria da resposta do suporte Links

34 Estudo de Caso Aumento da Eficiência Operacional Fortalecer Segurança
Consolidação mensageria / serviço de diretórios Single sign-on – aumento da produtividade Economia média de $1.5M / ano Fortalecer Segurança Atualização de desktops durava meses Agora, cerca de 1 semana com AD & SMS Economia de horas trabalhadas e $8.6M Melhorar Produtividade LORG Customer Case Studies CGE&Y - Motorola - AKZO Nobel – Healthy Care Integração com solução de terceiros elimina múltiplos logons 10% de redução de tempo necessário para cesso aos dados de negócio AD facilita para usuários encontrar dados na Intranet e informações de rede Links

35 Estudo de Caso Aumentar Eficiência Operacional Fortalecer Segurança
AD ferramenta central de gerenciamento de servidores e estações de trabalho Consolidação de servidores próximo de 50% TCO reduzido cerca de $36.000 Fortalecer Segurança Uso de GPO para aplicar políticas de segurança / senhas Gerenciamento integrado de firewall Custo operacional reduzido cerca de 70% Melhorar Produtividade Uso de perfil de usuário ambulante e redirecionamento de pastas Dados dos usuários disponíveis a partir de qualquer computador Produtividade do usuário final aumentada em 20% SORG/MORG Customer Case Studies PING (MORG) – 800 employees/4 sites - – Golf/Manufatura Rainier Mountaineering (SORG) – 105 employees - – Climbing / Entertainment Renggli (MORG) – 120 employees/2 sites - Links

36 Gerenciamento do Active Directory
Cenário Atual O papel do Active Directory Cenários de Implementação e Oportunidades

37 Estrutura de Diretórios dentro da Empresa

38 Cenário 1 – Maximizando investimento do Active Directory
1,500 funcionários; 5 localidades 50% redução em Help Desk 25% redução total de TCO Benefícios Acumulados Oferta de serviço básico e simples de implementar e documentar (MOF) Active Directory Delegar Tarefas Controle do Desktop Group Policy

39 Cenário 2 – Maximizando investimento do Active Directory
Integração de 40 escritórios remotos Redução de hardware em 80% 5 novos servidores substituiram todos servidores dos escritórios remotos Aumento da eficiência de TI em 25% Benefícios Acumulados Consolidação de Domínios Active Directory Delegar Tarefas Controle do Desktop Group Policy

40 Cenário 3 – Maximizando investimento do Active Directory
1,600 funcionários Upgrade para Exchange 2003 e Active Directory Consolidação Exchange & diretório NT para AD3 Redução custo de administração em 20% Consolidação de diretórios Benefícios Acumulados Consolidação de Domínios Active Directory Delegar tarefas Controle de desktops Group Policy

41 Cenário 4 – Maximizando investimento do Active Directory
1,500 funcionários & 16,000 estudantes Revolução no gerenciamento de informação Utilização do Active Directory para segurança e delegação de tarefas Colaboração Consolidação de Diretórios Benefícios Acumulados Consolidação de Domínios Active Directory Delegar tarefas Controle de Desktops Group Policy

42 Cenário 5 – Maximizando investimento do Active Directory
1,700 funcionários em 30 países Gerenciar a informação de maneira mais rápida nas tomadas de decisão Comunicação corporativa instantânea Active Directory habilitou single sign-on e segurança Comunicação em Tempo Real Colaboração Consolidação de diretórios Benefícios Acumulados Consolidação de domínios Outro exemplo: própria Microsoft Active Directory Delegar tarefas Controle de Desktop Group Policy

43 Maximizando investimento do Active Directory
Produtividade Usuário Final Produtividade de IT Comunicação em Tempo Real Colaboração Consolidação de Diretórios Benefícios Acumulados Consolidação de Domínios The purpose of this slide is to show the cumulative benefit a customer can obtain from Active Directory and the Windows platform. Benefits and savings can accrue over time and the more the customer utilizes Active Directory the greater the benefit will eventually be. Let’s walk through what these companies have done with our platform and Active Directory: (All of these studies are available on !) Barnes and Noble upgraded to Windows 2000 for increased reliability and scalability. They managed to reduce their on-line transaction costs by 25%, increased their online revenues by 300% and achieved zero-down time. Baltimore Gas & Electric (now Constellation Energy Group) implemented Group Policy and automated software distribution with Active Directory. This enabled them to reduce their overall administrative and helpdesk calls by $3M. As an example of how consolidating two directories together saves money we can look at Archstone. They consolidated their directory with their NOS directory and managed to realize a 15%/year reduction in their IT costs. They had one less directory to manage, one less set of administrators, one less set of administration and operational costs. We’ve already mentioned Barclays Global Investors – They leveraged our security infrastructure, security standards like Kerberos and Active Directory to enable single sign-on across their corporate intranet with their Unix workstations. By using Kerberos they were able to use Active Directory as their primary authentication directory and achieve single sign on. That helped them save $3.6M over 3 years and reduce their security staff by 21% - they didn’t need as many people to reset and monitor passwords on all of these systems! Our final example is a Blue Cross Blue Shield of South Carolina who is using Active Directory as their “extranet” directory. Active Directory’s high scalability, performance (www.mindcraft.com) and low licensing costs enabled BCBS to avoid having to pay over $2M for a competitive solution. BCBS is using AD as the cornerstone for delivering information to all of their customers. With the Windows .NET Server we are introducing new features that will allow companies to benefit even more with our platform and Active Directory. We are introducing “cross-forest trusts” so that a company can easily federate multiple AD forests together. This will be of special interest to those companies who have deployed multiple forest or who have division that are in independent forests. In addition, TrustBridge will be introduced to provide true federated identity across the internet. This will a customer who is using Active Directory or Kerberos to federate with another company over the internet. This will enable companies to easily interoperate with their business partners, subsidiaries or other firms that are using AD or Kerberos. Active Directory Delegar Tarefas Controle Desktop Group Policy

44 Estrutura de Diretórios “fora” da Empresa

45 Cenário 1 – B 2 C Perfil da Empresa Resultados Requisitos
Prestadora de serviços - saúde 2.8M membros Fase I: 1.4M usuários Projeto em menos de < 70 dias Investimento de $310,000 Economia $1.34M 99.9% uptime Requisitos Escalabilidade, diretório de Internet altamente disponível Integração com outros sistemas Benefícios da solução - healthcare industry Arquitetura Multi-Master = alta disponbilidade Integração com outros sistemas (w/WebSSO)

46 Cenário 2 – B 2 C Perfil da Empresa Resultados Requisitos
Ramo de Educação 8M membros Desenvolvimento reduzido Redução na administração Requisitos Arquitetura padronizada de segurança Senha única para todos os sistemas Benefícios da Solução – Financial Services Servers: 4 CPU Type: 4 x 700MHz Intel Pentium III Xeon CPUs Memory: 4 GB Disk C: 2-36GB/10k in RAID 1 array. Used for OS/SYSVOL Disk E: 2-36GB/10k in RAID 1 array. Used for AD transaction logs. Disk F: 7-36GB/10k in RAID 5 array. Used for AD DB file. Escalabilidade testada e aprovada Preço atrativo Integração com outros sistemas; redução de TCO

47 Cenário 3 – B 2 C Perfil da Empresa Resultados Requisitos
Portal Web 8M usuários Projeto concluído menos de 6 meses Investimento de $310,000 4x menor do que TCO Unix Requisitos Escalar até 10M usuários Serviço de para todos usuários Vídeo sob demanda Benefícios da Solução – IT Services Escalabilidade de diretório / mensageira Integração SQL, Media Server & produtos de terceiros

48 Visão para gerenciamento de Identidade Estendendo o acesso e valor do AD
Passado Presente Futuro Silos de Aplicação ID para cada sistema Focado internamente Limitado ao valor do negócio Integração Customizada Integração de Identidade Interna & Externa Alto Custo Sistemas Conectados Federação Construido para estender Baixo Custo Integração de Identidade Produtos e Serviços Capacidade de Plataformas Interoperabilidade Web Services <SLIDETITLE INCLUDE=7>Vision for Identity Management</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> Microsoft has a vision for identity management that transcends a specific product. Ultimately, the vision is that identity management needs to be simplified to a point that the cost and level of effort required to perform identity management is as low as possible. In the past, the paradigm was that of an “Application Silo” where each application had its own identity system. Most applications were internally focused. As a result the application was limited as to the business value it could provide. Today there is considerable custom integration of applications and identity systems. Importance of serving external users in addition to internal users has driven integration, but much of it is performed on a custom or one-off basis. As a result there is a high cost to value for these systems, and they leave considerable work to IT organizations to serve the needs of the applications and their users. The future view is to enable increasingly connected systems through federation (which we will explore more when we talk about ADFS) and by creating and deploying applications that are built to be extended. These systems should be easy to configure, implement, and use; and if that can be accomplished, the cost is low and the value is high. [BUILD 1]So in general terms we are in transition from an environment where identity integration products and services were required to accomplish identity management and integration tasks. [BUILD 2]And we are moving to an environment where the platform contains the tools to enable identity management and interoperability can be accomplished with Web services. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=0></TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

49 Gerenciamento de Acesso e Identidade Active Directory Federation Services (ADFS)
Estende o valor de instalações do Active Directory Facilitar o acesso seguro de aplicações web para funcionários, parceiros e clientes Promover a eficiência de TI, produtividade do usuário final e segurança Funciona com instalações existentes do Active Directory Interoperabilidade com sistemas de terceiros e aplicações / plataformas heretogêneas <SLIDETITLE INCLUDE=7>Active Directory Federation Services</SLIDETITLE> <KEYWORDS>ADFS, Active Directory Federation Services, Federation</KEYWORDS> <KEYMESSAGE> ADFS helps customers do more with less by providing seamless access across organization and security boundaries. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Our solution to the identity management problem in R2 is Active Directory Federation Services. Customers have been enjoying the benefits of intranet single sign-on using Active Directory, and ADFS will allow customers to extend this capability across security and organizational boundaries to partners and suppliers – a combined Web SSO and Federation solution that makes it easier to do business with each other. Customers will be able to reduce costs and effort when implementing Web SSO for internal systems or across security boundaries with multiple partners. With ADFS, userid & passwords will be managed by organizations that owns them and not the hosting company. This reduces the cost of IT management, by reducing the number of directories required, help desk calls for password reset, and also improves security as organizations can internally enforce strong authentication as well as automatically restrict access to partner sites upon disabling a user’s local AD account. Since ADFS is integrated with other Microsoft identity management technologies, it rounds out a complete set of tools for internal and external authentication and authorization management. In particular, ADFS is built to integrate with new technologies like ADAM (use Windows Server for extranet web apps without literally adding the users to the external domain), Authorization Manager (roles-based access control to operation-level app capabilities, with roles membership managed by the account partner) and Windows SharePoint Services (bring strong auth, SSO and federation to internet-facing SharePoint sites). Since this technology is based on industry standard, organizations will not have to dictate specific products on partner/suppliers in order to interoperate. This results in a faster time to market and greatly reduced deployment and development costs. IBM, Netegrity, Oblix, OpenNetwork, RSA, and Ping Identity have all shown interop with this product. Promotes IT efficiency, end user productivity, and better security IT efficiency: Centralized user administration, “native” delegated administration, lower password reset costs End-user productivity: SSO to internal & partner web applications, fewer passwords for users to forget Security: Automated de-provisioning, strong authentication, auditing/logging of access to partner applications </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>Let’s look at how ADFS works schematically.</TRANSITION> <TRANSITION LENGTH=2>Let’s look at how ADFS works schematically.</TRANSITION> <TRANSITION LENGTH=4>Let’s look at a couple ADFS scenarios.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> AD IIS Empresa A Empresa B

50 Cenário ADFS : Web SSO Clientes Parceiros
Credenciais do usuário e atributos gerenciados pelo AD / ADAM na aplicação Funcionários <SLIDETITLE INCLUDE=4>ADFS Scenario: Web SSO</SLIDETITLE> <KEYWORDS>ADFS, Web SSO</KEYWORDS> <KEYMESSAGE>ADFS enables Web SSO scenarios.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> ADFS extends its set of platform-level authentication services to support the extranet-located, non-domain web application scenario with ADFS. Now when you use Windows Server and IIS for an extranet application, you can use forms auth, and give users a SSO session cookie so they don’t have to logon for access to any other web applications in a trusted domain. This is important since so many web apps are in fact a collection of apps – you don’t want users being challenged over and over for credentials (think online banking, and the separate-but-colocated checking, credit card and loan applications). An interesting variation on this scenario is the B2E (business to employee) scenario, where an organization has web applications that it would like employees to access from both inside the firewall and when traveling or at home – without requiring VPN access, and without requiring a separate, duplicate identity in the extranet (think OWA, but for any web application). ADFS’ integration with Windows Integrated Auth means that employees get Kerberos single sign-on from their work desktops, and authenticate against the same Active Directory account (using forms-based auth and a one-way forest trust from the DMZ into the internal network) when away from the office. The benefits of this scenario include: single sign-on to farm of IISv6 Web applications, stronger authentication via forms, client-side certificates, ADAM support benefits security (LDAP user store in perimeter), and it enables support for “road warrior” applications (everyone gets access: Windows Integrated Authentication for internal users, ADFS auth for external users). </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=4>Let’s look at another scenario.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>R2 ITpro launch deck.</ITEM> </ADDITIONALINFORMATION>

51 Road Map do Produto Windows Server R2 “Longhorn” 2003 Active Directory
Windows Single Sign-On Enterprise Directory Active Directory Application Mode Application Directory MIIS 2003 Directory synchronization User Life Cycle management Password management HIS 2004 Extend SSO Bi-directional password sync Authorization Manager WebSSO w/Partner Products ADFS in R2 (CY 05) Identity X-org Federation Web SSO ADAM Synchronizer MIIS 2003 SP1 (CY 04) Broader reach Password Synchronization MA SDK Workflow and Approvals MIIS 3.5 (CY 05) Declarative Provisioning User Self-service Audit/Reporting Module Audit Collection System (CY04) Active Directory Manageability enhancements Identity System Simplified and secure digital identity consumer experience

52 Ações Importantes !! Conheça o site do MOF Execute o Self-Assesment Tool Crie processos e documentos baseados em suas necessidades reais e de seus clientes, porém, sempre apoiados pela metodologia MOF Utilize o CIR !!!! Crie ofertas de serviços e soluções baseadas em MOF

53 Referências Windows 2003 & Active Directory Virtual labs
Windows 2003 Active Directory Site & Home Page Microsoft System Architecture For Windows 2003 Active Directory Federation Services

54 Danilo Bordini http://blogs.technet.com/dbordini
© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.


Carregar ppt "Cenários Práticos de Utilização de MOF (Microsoft Operations Framework) Danilo Bordini Especialista de Infraestrutura http://blogs.technet.com/dbordini."

Apresentações semelhantes


Anúncios Google