Microsoft EMEA Retail Technology Conference 2004 Microsoft EMEA Retail Technology Conference 2004 System Management in Store Willem Haring

Slides:



Advertisements
Similar presentations
The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
Advertisements

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
WSUS Presented by: Nada Abdullah Ahmed.
WSUS Windows Update Services
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Windows Update Services Patch Management comes of Age David Wallis Senior Systems Consultant Raven Computers Ltd.
Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd
Information for Developers Windows XP Service Pack 2 Information for Developers.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT303.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.
16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Wally Mead Senior Program Manager Microsoft Corporation.
Managing CERN Desktops with Systems Management Server (SMS 2003) Michel Christaller Internet Services Group Department of Information Technology CERN May.
SOE and Application Delivery Gwenael Moreau, Abbotsleigh.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.
Technology from Microsoft David Overton Head of Technology for Small Business
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.
Conditions and Terms of Use
Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.
Module 13: Maintaining Software by Using Windows Server Update Services.
Module 14: Configuring Server Security Compliance
The Microsoft Baseline Security Analyzer A practical look….
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
DEV325 Deploying Visual Studio.NET Applications Billy Hollis Author / Consultant.
Microsoft Solution Accelerator for Business Desktop Deployment Microsoft ® Solution Accelerator for Business Desktop Deployment Training for IT Professionals.
Migration from Software Update Services to Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia Scott Korman WSUS MVP SEC316.
Raj Natarajan National Technology Specialist Microsoft Australia.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Paul Butterworth Management Technology Architect
Enabling Enterprise Applications Marcus Perryman Microsoft
Microsoft Management Seminar Series SMS 2003 Change Management.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Virtual Machine Management Challenges What are Solution Accelerators? Offline Virtual Machine Servicing Tool Next Steps.
Managing and Monitoring the Microsoft Application Platform Damir Bersinic Ruth Morton IT Pro Advisor Microsoft Canada
11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.
Microsoft Solution Accelerator for Business Desktop Deployment Microsoft ® Solution Accelerator for Business Desktop Deployment Training for IT Professionals.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Reducing server sprawl and IT power/cooling costs Moving from reactive to proactive state Quickly troubleshooting PC and laptop issues Deploying new.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)
Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT305.
Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.
Windows Small Business Server 2003 R2 Powering Small Businesses.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Application Migration Fritz Ohman Alphageek
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
System Center 2012 Configuration Manager Service Pack 1 Overview.
Windows Server 2003 Terminal Server: Overview And Deployment Haim Inger CTO Malam Group.
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Maintaining and Updating Windows Server 2008 Lesson 8.
System Center 2012 Configuration Manager
5/19/2018 7:00 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Implementing Security Patch Management
Managing Specialized Devices With Windows Embedded Device Manager 2011
1/1/2019 8:36 AM System Center – Datacenter Management Technology Specialist Management Produkte Microsoft Deutschland.
Implementing Security Patch Management
Mark Quirk Head of Technology Developer & Platform Group
IT Management, Simplified
Presentation transcript:

Microsoft EMEA Retail Technology Conference 2004 Microsoft EMEA Retail Technology Conference 2004 System Management in Store Willem Haring

AgendaSecurity Patch Management Device management

Patches proliferating Time to exploit decreasing Exploits are more sophisticated Current approach is not sufficient Security is our #1 Priority There is no silver bullet Change requires innovation Blaster Welchia/ Nachi SQL Slammer 26 Nimda Days between patch and exploit Security: Patch & Exploit

Microsoft Baseline Security Analyzer (MBSA) 1.2 Virus Cleaner Tools Systems Management Server (SMS) 2003 Desktop QFE Installer Tool 1.0 Device Update Agent Software Update Services (SUS) SP1 Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition Windows XP Embedded with Service Pack 2 Microsoft ISA Server 2004 Enterprise Edition Software Update Services Client (SUS 2.0) = Windows Update Services Client (WUS) Patching Technology Improvements (MSI 3.0) Systems Management Server 2003 SP1 Microsoft Operations Manager 2005 Windows Server 2003 Service Pack 1 Audit Collection Services (ACS) Security Configuration Wizard (SCW) Windows Update Services (WUS Server) Windows Rights Management Services SP1 System Center 2005 Windows Server 2003 “R2” Network Access Protection (“Quarantine 2”) Vulnerability Assessment and Remediation Active Protection Technologies Visual Studio “Whidbey” Security: Timeline Today H2 04 Future 2005 *Items in red don’t apply to XP Embedded *Items in green are XP Embedded-specific

Patch Management Device Update Agent Desktop QFE Installer Software Update Services Systems Management Server

Device Update Agent (DUA) What is it? Management tool that enables app/operating system-level updates and/or bug fixes What is the customer benefit? Ships in the box today Small footprint impact How does it work? Building an image with DUA support and redistributing the DUA Script compiler (if needed to support third-party script authoring) enables device-users. How does pricing/licensing work? Royalty-free, ships with SP1

Desktop QFE Installer Tool V1.0 What is it? Group of Windows files and registry keys that enables in-field devices to consume unmodified Windows XP Professional updates What is the customer benefit? Updates devices as soon as Pro updates are issued No re-imaging/rebuilding required How does it work? Provides supporting file and registry entries for Windows Update installation packages How does pricing/licensing work? Only available on the OEM Secure Site. Supporting documentation will be available only on the OEM Restricted Access Site, detailing how to drop the Pro update. Other important items Will only work with Pro updates issued May 11, 2004 and later

Software Update Services (SUS) What is it? New in SP2 Management schema that enables device scans for security updates followed by deployment What is the customer benefit? XP Embedded-based devices are maintained with security updates, either automatically or via end-user intervention. How does it work? SUS Client (ships in XP Embedded with SP2) communicates with SUS server (the engine behind Windows Update) to transfer update from SUS server is run by Administrator, who is ultimately in charge of what security updates get applied. *ONLY* works over the intranet, not the *internet* -- so if an OEM is managing the device using SUS, must be on the enterprise intranet How does pricing/licensing work? SUS client ships free of charge with SP2. SUS server is free Web download. Windows Server + Core CALs required. If using WinSVR03 Web Edition and no remote DB, then no CALs required

SUS: How It Works Parent SUS Server Firewall Child SUS Server Bandwidth Throttling Windows Update Service Bandwidth Throttling 2.Administrator reviews, evaluates, and approves updates 1.SUS Server check for updates every hours 3.Approvals & updates synced with child SUS servers* 4.AU gets approved updates list from SUS server 6.AU either notifies user or auto-installs updates 7.AU records install history 5.AU downloads approved updates from SUS server or Windows Update *SUS maintains approval logs & download, sync, & install statistics

WU v. SUS: Key Differences Windows Update Works with Windows XP Pro/Home Enables your device to use *anything* posted to om (security updates, driver updates, service packs) om omRoyalty-free Software Update Services Works with Windows XP Pro/Home, and Windows XP Embedded Enables your device to consume only security updates from (no driver updates, no service packs) Requires Windows Server license and CAL licensing

Systems Management Server (SMS) What is it? Manageability application that enables software inventory and patch management for embedded devices What is the customer benefit? Manage embedded devices just as you manage personal computers/servers Control, reporting, and planning schema incorporated into SMS How does it work? Use SMS 2003 to drop application and/or platform updates onto your device. Must use MBSA to detect what updates are required. NOT AVAILABLE YET–functionality coming in CY05 with WUS. XP Embedded-based devices may show up as unpatched during an MBSA scan. How does pricing/licensing work? Evaluate SMS 2003 Advanced Client for XP Embedded (free download) SMS 2003 evaluation copy (free download) Redistribute Windows Server + SMS + Windows Server CAL + SMS CAL

Customer Type Scenario Customer Chooses Large or Medium Enterprise Want single flexible patch management solution with extended level of control to patch and update (+ distribute) all software SMS Want patch management solution with basic level of control that updates Windows 2000 and newer versions* of Windows** SUS Small Business Have at least 1 Windows server and 1 IT administrator** SUS All other scenarios DUA * Windows XP, Windows Server 2003, Windows 2000 **Customer uses Windows Update or manual process for other operating system versions and applications software Choosing A Patch Management Solution Typical Customer Decisions

IT Challenges Today’s IT Desired IT

WEPOS Management Existing Microsoft Management technology support Active Directory Event Log MMC Technology Telnet Server Terminal Services Windows Management Instrumentation support VB Scripting Support

Device Management Tool Provides the current device status Details the resources an OPOS device is using Ability to enable/disable an OPOS device Details the Service Object information

Capability Windows Update SUS SMS 2003 Supported Platforms for Content WS2003, WinXP, WinME, Win2K, NT 4.0, Win98 WS2003, Windows XP Embedded, WinXP, Win2K WS2003, Windows XP Embedded, WinXP, Win2K, NT 4.0, Win98 Supported Content Types All patches, updates (including drivers), and service packs (SPs) for the above Only security and security rollup patches, critical updates, and SPs for the above (no SPs on Windows XP Embedded) All patches, SPs, and updates for the above; supports patch, update, and app installs for MS and other apps (no SPs on Windows XP Embedded) Granularity of Control Security Update Detection YesYes No (Yes in all products, except Windows XP Embedded) Targeting Content to Systems NoNo No (Yes in all products, except Windows XP Embedded) Network Bandwidth Optimization No Yes (for patch deployment) Yes (for patch deployment and server sync) Patch Distribution Control NoBasicAdvanced Patch Installation and Scheduling Flexibility Manual, end user-controlled Admin- (auto) or user- (manual) controlled Administrator control with granular scheduling capabilities Patch Installation Status Reporting Assessing computer history only Limited (client install history and server- based install logs) Comprehensive (install status, result, and compliance details) Additional Software Distribution Capabilities Deployment Planning N/AN/AYes Inventory Management N/AN/AYes Compliance Checking N/AN/AYes Adopt the solution that best meets the needs of your organization Core Patch Management Capabilities Choosing A Patch Management Solution Needs-Based Selection

Patch Management Strategy NameDescriptionBenefitCostProsCons CD Manually update devices Controlled method for devices that are not networked Royalty-freeFoolproofResource-intensive Device Update Agent (DUA) SP1 manageability tool In-box product to control updating app/operating system Royalty-free with SP1 (and SP2) Small footprint Proprietary to XP Embedded SMS 2003 Enterprise-wide technology Integrated management schema for app and operating system updates Client royalty-free, must pay for Windows/ SMS and Windows/SMS CALs Scalability, reporting, scheduling Patch scanning not functional Desktop QFE Installer Tool 1.0 (DQI) Update in-field devices with Pro updates, without a restart Delta approx. zero between update and deployment Royalty-free–please ask your OEM for more info. Can update in-field devices with Pro updates Not automatic by itself SUS Enterprise-wide technology Intelligent management schema for updating devices Client royalty-free, must pay for WinSVR & CAL (unless using SVR WE) Auto-scan for security update deployment Only works with WU packages NOTE: EXCEPT FOR SUS, All these technologies require knowledge of component dependencies and are not automatic (like WU).

Patch Management Interrelationships

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.