John Taylor, Deputy CISO Martin Myers, IT Architect

Slides:



Advertisements
Similar presentations
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Advertisements

Ljubomir Ivaniš CPU d.o.o.
The System Center Family Microsoft. Mobile Device Manager 2008.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services Los Alamos LA-UR DCS-1 Departmental Computing.
Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
Module 3 Windows Server 2008 Branch Office Scenario.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
Module 16: Software Maintenance Using Windows Server Update Services.
Changing the Way Systems are Deployed 1. 2 * Ghost since 1999 * Almost 4500 licenses * Prior to 2007 license count increase of 5% or greater a year *
Randy Diddel A+ Certified Technician Apple Certified Associate-Mac Integration OS X ITIL Foundations v3 Mac Team Technical Support Analyst II UNM IT Workstation.
Module 4: Add Client Computers and Devices to the Network.
Delivering a New Desktop and Application Deployment Strategy Indiana University and the New Emerging Personal Computing Model Duane Schau
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Tim Vander Kooi Systems
Module 1 Planning Windows Server ® 2008 Deployment.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Harris Schneiderman Account Manager Kloud Solutions.
Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment.
Module 14: Configuring Server Security Compliance
Module 7: Fundamentals of Administering Windows Server 2008.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Workstation Imaging Process Overview Thomson Reuters –Manoj Shah –Mike Bowers –Curt Ricard –Sangkhone Stoltz –Joe Ness March 26 th, 2009.
Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.
Satisfy Your Technical Curiosity Specialists Enterprise Desktop -
Microsoft Management Seminar Series SMS 2003 Change Management.
MOE – Experience 1.What do you get 2.It just works 3.Same look and feel across the university 4.Your documents and desktop available.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Reducing server sprawl and IT power/cooling costs Moving from reactive to proactive state Quickly troubleshooting PC and laptop issues Deploying new.
System Center 2012 Configuration Manager Service Pack 1 Overview.
Managed by UT-Battelle for the Department of Energy System Center Configuration Manager at ORNL National Laboratories Information Technology Summit 2008.
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Windows Desktop Deployment Service at LANL Mark Wingard Central.
What's up with all these Windows 10 options?
Windows 2012R2 Hyper-V and System Center 2012
Moving to Windows 10 Vishal Ladwa – PowerONPlatforms Consultant
Basharat Institute of Higher Education
UNM SCCM System center configuration manager
Happy Endings: Reengineering Wesleyan’s Software Deployment to Labs and Classrooms Kyle Tousignant 03/22/2016.
Phase 4: Manage Deployment
Guy D. Falsetti Sr. Systems Architect University of Iowa
Get to know SQL Manager SQL Server administration done right 
2016 Citrix presentation.
MCSA VCE
Product Datasheet AppSense DataNow 4.1
Chromebooks and Cloud Computing
SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.
System Center Configuration Manager: What’s New?
Managed Workstations: The Hachet Man’s Story October 2016
Comparison June 2017.
Microsoft Virtual Academy
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
11/23/2018 3:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Getting Started.
Getting Started.
Microsoft Virtual Academy
Enterprise Program Management Office
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
IT Development Initiative: Status & Next Steps
Increase and Improve your PC management with Windows Intune
Day 2, Session 2 Connecting System Center to the Public Cloud
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
IT Management, Simplified
IT Management, Simplified
Presentation transcript:

John Taylor, Deputy CISO Martin Myers, IT Architect How Johns Hopkins Achieves Security and Operational Efficiencies Using a Common Windows Operating System Deployment John Taylor, Deputy CISO Martin Myers, IT Architect October 7, 2019

About IT@JH Administrators of SMS/SCCM since 1996 Central Active Directory (started 2002) Central IT (IT@JH) with 40 other IT groups using common SCCM Core Enterprise SCCM Roles: SCCM Central Packager SCCM Infrastructure Engineer ECI Engineer IT Architect In our Enterprise Management, Monitoring, and Security (EMMS) team Delegated OU/SCCM collections, centralized SCCM packages and inventory Use SharePoint to provide documentation and blog posts about SCCM

Enterprise Client Image (ECI) Initiative Provide a common Windows client image as an Enterprise Service Started initiative in Fall of 2013 Must integrate with SCCM Must provide customizations for IT groups Provide common solutions to update existing client software 48,584 systems running ECI today Customizations were required

Dependencies Networking Storage/ Virtualization ECI Policy & Standardization IT Group Participation ECI

Achieving Departmental/Schools Buy-In Meet with Management of each IT group Started with IT Management only on ECI Committee Committee Meetings initially every two weeks (had many debates) Meetings became technical only

ECI Roles and Responsibilities - EMMS Create and maintain common base client image Document client image feature set Document process for deploying image (USB and over the wire) Document packages available for deployment to all existing deployed ECI systems Create templates for documenting Task Sequences Quarterly update for each OS version Maintain change log for all ECI changes

ECI Roles and Responsibilities – ECI Customers Regular Attendance at meetings Define Operating System version(s) requirements Define core application/feature set Define policy for types of updates included in the client image Use SharePoint site for client image documentation and meeting minutes Create and document all Task Sequences not provided by the common image Test enterprise client image as updates are released Deploy quarterly image updates to client systems via SCCM

Enterprise OSD Imaging scenarios Deployment options Bare-Metal Refresh Replace Deployment options PXE Lite-Touch Zero-Touch Distributed task sequence templates Each IT group configures their own task sequences from the template No universal domain join account or admin group December 14, 2019

Technical Challenges Hardware standardization and drivers Scaled back RBAC for Driver Packages Worked with Hardware Standards Committee Worked with VAR for imaging client hardware Infrastructure File storage Network bandwidth IT Group learning curve Scaling out the SCCM infrastructure Distribution Points State Migration Points Import Computer process using SCORCH

All editions: Enterprise Operating Systems Windows 7 Dec 2013 – Nov 2018 Windows 8.1 Aug 2014 – Feb 2016 Windows 10 1511 Feb 2016 – May 2016 Windows 10 1607 Nov 2016 – Jun 2017 Windows 10 1703 Jun 2017 – Apr 2018 Windows 10 1709 Jun 2018 – Oct 2018 Windows 10 1803 Aug 2018 – Apr 2019 Windows 10 1809 Mar 2019 – Jan 2020 . 2014 . 2015 . 2016 … 2017 … 2018 … 2019 … 2020 All editions: Enterprise

Core Applications Microsoft Office Citrix Receiver Started with Office 2010, Office 2013 (in 2014), currently Office 2016 Citrix Receiver Adobe Reader, Shockwave, and Flash Player Google Chrome Enterprise .NET Framework Microsoft Bitlocker Administration and Monitoring (MBAM) Imprivata (ESSO) Pulse Secure VPN Latest Java (JRE) client (eliminated in Fall 2018) Windows Management Framework OS Security Updates

Windows 10 ECI Update Strategy Initially, quarterly updates Every 3 months Each ECI release supported for 1 year Later, moved to tri-annual updates Every 4 months Microsoft announced 30 months of support for Windows 10 Enterprise build versions 4 total releases for each Windows 10 version With Windows 10 1607, added a supported upgrade Task Sequence for Windows 10 upgrades

Upgrade Task Sequences Supported for all systems using ECI Tested by EMMS and ECI customers Not supported for non-Enterprise editions Standardizes solution for OS upgrades across JH Released with each new Windows 10 ECI Can be deployed as available or required Customers can update early (available) Long-term, communicated deadline (required)

Security Efforts Supported Removal of SMBv1 (Oct. 2016) Ensure Windows Auditing meets standard (if no GPO) Laptop and Desktop Encryption compliance Local Admin Password Solution (LAPS) EMET (Windows 7) Defender ATP Windows EOL compliance Increased awareness of application security issues across JH

Workstation Health Dashboard Measures Security and Operational Compliance SCCM/ECI Compliance OS Version Compliance Security Updates and Reboot Length LAPS, Defender ATP, and Encryption Status, NAC Chrome, Citrix Receiver, Office Versions, Imprivata, Adobe Reader IT Management, Audits and IT Staff subscribe to dashboard SCCM Root Collection Based

Unexpected Benefits Created a forum for Windows client issue discussions A regular discussion with SCCM Admins across JH Increased SCCM Admin proficiencies Centralized application compatibility issues Familiar platform for customers/IT staff who move between departments

Enterprise Management, Monitoring, and Security Information Technology @ Johns Hopkins