Desired Configuration Management Kevin Parr, PMP Principal System Center Technology Specialist Heartland District Microsoft Corporation

Agenda −Discuss Microsoft's Systems Management Strategy with System Center −Learn how to use DCM to assess and report on compliance with System Center Configuration Manager 2007 −Design configuration items and baselines for an organization

Use knowledge-based, automated in-line tasks to deliver rapid, high quality service Use knowledge-based, automated in-line tasks to deliver rapid, high quality service Maximize the use of the IT department’s existing Windows Server expertise Maximize the use of the IT department’s existing Windows Server expertise Out of the box, build on deep domain knowledge from both Microsoft and our strong partner community Out of the box, build on deep domain knowledge from both Microsoft and our strong partner community Implement templated best practices through Solution Accelerators Implement templated best practices through Solution Accelerators Reduce complexity through seamless management of logical IT environments Reduce complexity through seamless management of logical IT environments Manage your virtual environments down to the application level Manage your virtual environments down to the application level Improve visibility and control through integrated management Improve visibility and control through integrated management Manage multi-hypervisor technologies and monitor cross-platform environments Manage multi-hypervisor technologies and monitor cross-platform environments Dynamic IT Management

System Center Solutions: People, Process, & Technology Desktop & Device Management Data Center Management Mid-Market Solutions Open Standards Virtualization Technology Windows Platform Infrastructure Products Microsoft Consulting Services Management Packs Partner Ecosystem Knowledge Solution Accelerators Connectors for Interoperability Microsoft Operations Framework (MOF/ITIL)

Hardware Provisioning Workload Provisioning PatchingMonitoring Disaster Recovery Backup Virtual machine management Server consolidation and resource utilization optimization Conversions: P2V and V2V Virtual machine management Server consolidation and resource utilization optimization Conversions: P2V and V2V Patch management and deployment OS and application configuration management Software upgrades Patch management and deployment OS and application configuration management Software upgrades Live host level virtual machine backup In guest consistency Rapid recovery Live host level virtual machine backup In guest consistency Rapid recovery End to end service management Server and application health monitoring & management Performance reporting and analysis End to end service management Server and application health monitoring & management Performance reporting and analysis

The Challenge Regulatory Compliance IT organizations spend between 5,000 and 20,000 person-hours a year trying to stay compliant with Sarbanes-Oxley’s requirements Source: Survey on Sarbanes-Oxley Compliance Practices Within IT Organizations and Businesses by French Caldwell, Christine Adams, and John Bace (Gartner, September 2006) … but almost 1/3 of U.S. organizations still say they are not compliant Source: “The Global State of Information Security 2006” (CIO and PricewaterhouseCoopers, September 15, 2006)

The Challenge Configuration Drift 40% of unplanned downtime is caused by Application failure (primarily configuration) Source: “Tearing down the Wall” (Gartner, 2002) … and 82% of organizations reported downtime significant enough to impact their business −Average cost of more than $10,000/hour −Average duration of 3-4 hours Source: “Executives say software to blame for most IT downtime” (IndustryWeek, July 2007)

Data Security with Microsoft – PCI Perspective ISA Server, IPSec, Windows Firewall, Group Policy, Configuration Manager DCM, Operations Manager ACS Forefront Client & Server, Windows Defender, Malicious Software Removal Tool, Security Development Lifecycle, Threat Modeling, Writing Secure Code Rights Management Server, Encrypted File System, Certificates/ PKI, VISTA Bitlocker Active Directory, Right Management Server, SQL Server, SharePoint Server, Microsoft Identity and Integration Server, Smart Cards, Certificate Lifecycle Manager Configuration Manager DCM, Operations Manager, Audit Collection Service (ACS); Forefront Client, Server & Edge, SQL Server, VISTA Event Log Manager Securing the Store Whitepaper, Regulatory Compliance Planning Guide, Security Awareness Material, Templates, Solution Deployment Guides & Accelerators Build and Maintain a Secure Network Protect Customer Data Maintain a Vulnerability Management Program Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy

System Center Data Center Focus Areas Automated Provisioning and Updating of Physical and Virtual Environments Server Consolidation Through Virtualization Proactive Platform Monitoring Application & Service Level Monitoring Interoperable and Extensible Platform Configuration Controls and Reporting Centralized Security Auditing Comprehensive Security & Identity and Access Mgmt Business Continuity Through Virtualization Mgmt Backup and Recovery of Physical and Virtual Resources Disaster Recovery Configuration Management Configuration Management End to End to End Monitoring Server Compliance Server Compliance Data Protection and Recovery Data Protection and Recovery

Reduce Configuration Management Infrastructure Costs Simplified UI and Installation Simplified UI and Installation Branch office support Branch office support Greater levels of control (Scheduling, WoL) Greater levels of control (Scheduling, WoL) Built on Windows Management Infrastructure Built on Windows Management Infrastructure Simplicity Knowledge Driven Configuration Management IT policies for analyzing corporate and regulatory compliance IT policies for analyzing corporate and regulatory compliance Out of the box configuration policies for server workloads e.g. Exchange Out of the box configuration policies for server workloads e.g. Exchange License and asset inventory License and asset inventory Based on the Service Modeling Language (SML) Based on the Service Modeling Language (SML) Configuration Enabling the Mobile Enterprise Network Access Protection Network Access Protection Enterprise Vulnerability assessment Enterprise Vulnerability assessment Securely managing devices across the Internet Securely managing devices across the Internet Security Unified delivery of Windows Operating System for Clients and Servers One worldwide image to manage with Vista One worldwide image to manage with Vista Built on Windows Vista Deployment Technologies Built on Windows Vista Deployment Technologies Vista and Office 12 upgrade assessment and resolution planning Vista and Office 12 upgrade assessment and resolution planning Secure Online and Offline Provisioning Secure Online and Offline Provisioning Secure network storage of user state during Operating System deployment Secure network storage of user state during Operating System deployment Deployment Key Investments in System Center Configuration Manager 2007

The DCM Solution Regulatory Compliance Knowledge Microsoft supplied Configuration Packs −Regulations covered −Sarbanes-Oxley (SOX) −European Union Data Protection Directive (EUDPD) −Gramm-Leach Bliley Act (GLBA) −Federal Information Security Management Act (FISMA) −Health Insurance Portability and Accountability Act (HIPAA) −Products covered −Windows Server 2000 and 2003 −Windows XP and Vista −SQL Server 2000 and 2005 −Exchange Server 2003 Author, duplicate, or extend to meet individual organization policies

Microsoft licensed technology from Brabeion that provides a baseline of IT Controls for Microsoft platforms Aids in mapping these controls to required IT regulatory compliance frameworks: −COBIT −Control Objectives for Information and related Technology −ISO −International ISO and ISO Compliance PacksGLBA (Gramm-Leach-Bliley Act) HIPAA SOX(Sarbanes-Oxley) EUDPD (European Union Data Protection Directive) FISMA (Federal Information Security Management Act) Others

Identify required and prohibited configurations for clients, servers and applications and report on compliance against those definitions Improve availability, security, and performance by reducing problems associated with configuration drift Improve the help-desk’s ability to troubleshoot by providing defined configuration baselines Remediate non-compliance by deploying software, scripts, updates or task-sequences to corresponding dynamically created collections Desired Configuration Management

The DCM Solution Configuration Drift Create corporate policy and custom application configuration items (CIs) and baselines −Basic authoring UI for authoring by IT professionals −Published XML schema definition for authoring by LOB application developers −Homegrown or custom applications represent up to 90% of applications within large companies' infrastructure Source: “Executives say software to blame for most IT downtime” (IndustryWeek, July 2007)

Configuration Manager 2007 Operations Manager 2007 Exchange Server 2007 Exchange Server 2003 Vulnerability Assessment ISA Server 2006 Windows Server 2003 AD Windows Server 2003 DNS Windows Server 2003 WINS SharePoint Server 2007 SharePoint Server 2003 SQL 2000 SQL 2005 New Product RTM + 90 Days Desired Configuration Management Configuration Packs Configuration Packs

Server Compliance Configuration controls and centralized audit of system security Challenges Addressed SAS 70 is a huge initiative for us with regard to our data centers and all of our applications, and SOX is obviously important as well. With [System Center] my team has reduced the amount of time that we spend collecting security log information. For example, we just completed an investigation and pulled the security report in less than 5 minutes. In the past it would have taken days.” Jeff Skelton, Manager, Enterprise Management Center, Stewart Increasing compliance and audit requirements associated with business policies and regulatory requirements Security pressures in the data center Increasing compliance and audit requirements associated with business policies and regulatory requirements Security pressures in the data center Create, maintain and report on configuration controls for the data center environment Gather and report security related events Manage identities and access and improve security in the data center Create, maintain and report on configuration controls for the data center environment Gather and report security related events Manage identities and access and improve security in the data center Key Capabilities

Data Center Management Solutions Automated Provisioning and Updating of Physical and Virtual Environments Server Consolidation Through Virtualization Proactive Platform Monitoring Application & Service Level Monitoring Interoperable and Extensible Platform Configuration Controls and Reporting Centralized Security Auditing Comprehensive Security & Identity and Access Mgmt Business Continuity Through Virtualization Mgmt Backup and Recovery of Physical and Virtual Resources Disaster Recovery Configuration Management Configuration Management End to End to End Monitoring Server Compliance Server Compliance Data Protection and Recovery Data Protection and Recovery VirtualPhysical

System Center Roadmap 2007 SP1/R2 Rollup/SP SP V1 V5 V SP V R SP1