1. CYOD and BYOD The Options The Impact WindowsUG.com WindowsUG

2. Intro CYOD and BYOD: The use of devices in the business environment has gone from disaster, to being welcomed by many. BYOD is evolving to CYOD. Getting the right device for the right use case is key to maintaining easy use, cost, security and resilience. This session will show you how to approach and how you can incorporate, manage and control devices into your existing IT infrastructure, including Windows devices and Windows Phone with new business-focused features that make devices easy for the admin, and enjoyable for the user. There will be review and demonstration of technologies that permit safe and secure file and data access, and discussion on how you can develop infrastructure to help further empowerment. WindowsUG.com WindowsUG

3. Who are the Windows User Group? www.WindowsUG.com @WindowsUG #WindowsUG Mike Halsey MVP Windows Expert (Consumer) MVP Awardee 2011 - 2014 Author of… Chris Rhodes MVP Windows Expert (IT Pro) MVP Awardee 2012-2014 STEP Member MCT Re-Boot Solutions Ltd Andrew Bettany MVP Windows Expert (IT Pro) MVP Awardee 2012 – 2014 IT Academy Manager University Of York Queuedit.com STEP Member Author of…

4. Who are We ? Graham Parkinson Graham is an experienced Architect consultant and trainer, working form companies in several markets as trusted advisor (many in FTSE 100), as well as advising Capgemini on offer development and client engagements. Graham has worked at 10 plus Microsoft TechED events along with Microsoft NDA events. Graham has spoken at events in the UK and Europe. Currently working in Europe and US. Specialist areas include:  Enterprise Architecture and business improvement  Identity and Access Management  Workplace Computing  Security Audit and Solutions. Graham holds several IT Technical certifications across 7+ vendors, Security (CISSP), Service management, training and Architecture Certifications. Based in London, but working globally, Graham works on projects generally with user base 5,000- 500,000 seats, across section of business areas, both public and private sector, booth for end clients across several sectors, as well as for two T1 suppliers

5. WindowsUG.com WindowsUG Thank you to our sponsors! Security Master class 16th - 17th December Course Description Generally when security is seen as a blocker, it means it is not understood. Simply keeping systems available is part of security. The landscape has changed over the last five years, but has your view of security changed with it? Course Outline What is Security? - Getting security without the price tag you expected - Where to start? PCs Servers and the LAN - Encryption, where how and why? - Antivirus and endpoint - Data loss, USB sticks - Bring your own device MDM and PKI Data..Data… Data… - Credit cards - Archiving and compliance Identity the golden rules - Changes since the 90’s - Time to save money and work - Practical changes - What’s in windows 20xx? The cloud – Managing differing security opportunities Setting out your plan - Making sure you have an action plan and discuss your own plan £395.00 per person, per course For forthcoming events and more information visit www.itmasterclasses.com VMware vSphere 5.5 Masterclass 24 th – 25 th November 2014, York IT Academy, Ron Cooke Hub, University of York, Heslington East Campus, Heslington, York, YO1 5GE A hands on approach to building a VMware cluster from scratch. Taking bare metal through to a full deployment of a VMware ESXi 5.5, vCenter 5.5 management server and connecting this environment to an iSCSI/NFS target. Day 1  Introduction to VMware Virtualization  Installing VMware vSphere 5 Components  Virtual Machines  VMware vCenter Server  Configure and Manage Virtual Networks Day 2 Configure and Manage vSphere Storage Virtual Machine Management Access and Authentication Control Resource Management and Monitoring High Availability and Fault Tolerance Scalability Patch Management £395.00 per person, per course For forthcoming events and more information visit www.itmasterclasses.com

6. Agenda Intro What / Why is CYOD / BYOD ? The Challenges Meeting the challenges Management devices Finding out more WindowsUG.com WindowsUG

7. New Ways of working ? Could your latest corporate desktop upgrade be the last you ever need to do? It’s time for a new strategic approach – one that focuses on applications, not devices. You can’t afford to sit back after upgrading to Windows 7 and then drift along until it’s time to do the next upgrade. Instead, you need to stop and think about a strategy to support the new ways of working that businesses and users increasingly need and prefer.

8. 8 Ways of working

9. Definition of new way of working

10.  Cost Saving ?  More efficient working ?  Cost reduction?  Service driven  Different service different supplier ?  Is one supplier enough ?  SSO need with multiple services?  Divergent Access  Where Access is from ?  Consumer type devices ?

11. New Ways of Not working WindowsUG.com WindowsUG

12. CYOD / BYOD WindowsUG.com WindowsUG Capgemini march 2014 – Companies 100-2500 Users

14. Bring Your Own Device; Employees and Contingent Staff Work Location Primary Device Secondary Device Windows VDA or Software Assurance (SA) for Windows Companion Subscription License (CSL)* *Windows CSL provides the primary user of an SA or VDA covered device rights to run Windows To Go or VDI from secondary non-corp owned devices.

16. Identity WindowsUG.com WindowsUG  Authentication  Authorization  Audit

19. Lightweight registration process for personal devices Enables access to data when using a registered, trusted device; leverages the user and device identities together Used with Dynamic Access Control in Windows Server 2012 R2 Primarily a security capability, potentially combined with MDM for manageability Workplace Join

20. Expanded domain join capabilities User-provided devices are “unknown,” and IT has no control. Partial access can be provided to corporate information. Registered devices are “known,” and device authentication allows IT to provide conditional access to corporate information. Domain-joined computers are under the full control of IT and can be provided with complete access to corporate information. Browser session single sign-on (SSO) Seamless two-factor authentication for web apps Enterprise apps SSO Desktop SSO

21. Connections HomeGroup Proxy Radio devices Workplace Network Join your workplace network so that you can use network resources like internal websites and business apps. Apps and services from IT someone@example.com Workplace Enter your user ID to get workplace access or turn on device management Join Turn on

22. Partner / Employee / MED

25. 25 Users can access corporate apps and data wherever they are. IT can use the Web Application Proxy to authenticate users and devices with Multi-Factor Authentication Use conditional access for granular control over how and where the app can be accessed. Active Directory provides the central repository of user identity as well as device registration information. Developers can leverage Windows Azure Mobile Services to integrate and enhance their apps. Devices Apps and data Published apps Active Directory integrated

29. Secure access WindowsUG.com WindowsUG  LAN user case limited  VPN mitigated  Decentralization of devices  Diverging technology possible  Access control support at key service points

30. 60% of ICT spent on security mails to meet core ‘ requirements’ 72% of companies (Gov) Productivity hit by excessive security Paying too much? Exposed to risk? Impossible to use ? Anti Virus Anti Spyware Anti Spam HIPS Client Firewall Device Control App Control NAC Total £ 10.28 £2.02 £0.78 £1.16 £0.71 £0.00 £1.20 £2.62 £1.80 Anti Virus £5.66 Anti Virus £5.66

31. Trust WindowsUG.com WindowsUG

32. Example WindowsUG.com WindowsUG

33. User and Security point of view  Simple and standardized rules  Principle: the more controlled the device is, the more access it gets  4 dimensions: location, user, device, allowed Company resources  Principle: the same behavior in the hotel as in internally  Principle: must remain consistent across policies & components  Principle: promote security where needed with incentives  Users connect the Laptop WiFi because it is easier than guest (same credentials and no limitation in time) ->improve service of guest network  Principle incremental levels of security defining SEVERAL levels of access  Incremental: level 2 includes level 1 and so on  Must be policy compliant

34. Access Options  Remote App  App V  No Access WindowsUG.com WindowsUG

35. Virtual Desktop Infrastructure (VDI) Office 365 WINDOWS 8 ADVANCEMENTS High fidelity RemoteFX experience on LAN / WAN Multi-touch support for modern applications and devices Support for local USB, Lync, etc. BENEFITS Secure, fast browsing Rich user experience; Touch enabled with Windows 8 devices Centralized management of app & data (IT) Enhanced security and compliance (IT) Great choice of Windows- based devices Hosted Applications (RemoteApp) Powered by Remote Desktop Services (RDS)

36. RemoteApp RemoteApp applications canintegrate seamlessly with thedesktop. RemoteApp applications look andbehave like locally installed apps. A special icon helps to identify themas RemoteApp applications ratherthan locally installed apps. The RemoteApp workspace can beconfigured by using Group Policy.

37. BENEFITS Rich User Experience Everywhere with RemoteFX Simple to deploy, easy to manage Best Value in VDI – high performance at lower cost Microsoft VDI: Powered by Remote Desktop Services (RDS) 1 platform | 1 experience | 3 deployment choices Desktop Sessions Pooled VMs Personal VMs RemoteFX

38. Rich multimedia experiences Rich experience everywhere Best value for virtual desktops Efficient management True USB and multi-touch remoting Consistently rich performance Simplified wizard In-box management console Fairshare Lower-cost storage User disks Intelligently patching

39. Policy Enforcement Deployment WindowsUG.com WindowsUG

40. End-user experience Consistent self-service experience for users across mobile platforms Native Windows app Available in the Windows Store Windows Phone 8 Company Portal iOS Company Portal Native Windows Phone 8 app (.xap) Sideloaded during enrollment Native iOS application Available in the Apple App store Windows 8.1 Company Portal

41. Compare

42. Unified device management Mac OS X Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Windows RT, Windows Phone 8 iOS, Android

43. Connections HomeGroup Proxy Radio devices Workplace Network Workplace Device not joined to Workplace Join Cancel Sign in User name amyers@contoso.com Password Sign in with a certificate Connecting to a service

44. Workplace amyers@contoso.com Connections HomeGroup Proxy Radio devices Workplace Network Enter your user ID to get workplace access or turn on device management. This device has joined your workplace network Your organization’s device management system lets your IT admin set up apps and network connections for you. Leave Turn on Cancel Turn on Get apps and services from IT I agree to the Terms of Use Some workplaces have policies, certificates, and apps that help you connect your device to business info. If you connect your PC, your workplace can apply settings, collect basic information, and install or remove apps they manage. Talk with your IT admin to learn more about your specific workplace.

45. What to What ?  Define aims PER device types  Get Apps  Managed Device  Encrypt /wipe  Container modes  See activity  Remote control  Make coffee Define remote management

46. DEMO Enrolment

47. Cloud or Not that is the question WindowsUG.com WindowsUG

48. Mobile device management with Windows Intune Direct management (Windows RT, Windows Phone 8, iOS)

49. DEMO Management

50. * Any device certified for use with Windows 7, Windows 8, or Windows 8.1, regardless of the OS running on the host machine. Software Assurance (SA) for Windows required. 01100111 11010011 11001001 10001001 Booting from Internal hard drive FIREWALL App-V UE-V Folder Re-Direct 01100111 11010011 11001001 10001001 Booting from External USB drive App-V UE-V Folder Re-Direct App-V UE-V Folder Re-Direct BitLocker Windows To Go, Your Portable Workspace A consistent Windows 8.1 experience on any device with Windows To Go

51. Full Fidelity Experience High performance Full native hardware access on the host machine Same peripheral support as Windows 8.1 Touch enabled, mouse and keyboard aware Windows 8: New Windows apps in the enterprise Windows Store is disabled by default For users that don’t roam, GP can enable the store Enterprise sideloading of LOB metro-style apps works regardless Windows 8.1: New Windows apps in the enterprise Windows Store is enabled by default Enterprise sideloading of LOB metro-style apps continues to work

52. Easy to Use: Redefine Mobility Work Across Multiple PCs On a new PC drivers are installed on first boot Identifies computer from characteristics of machine firmware Stores configuration to boot faster on previously used PCs Work Across system Firmware Can be configured to boot on both UEFI and Legacy BIOS Both sets of boot components are placed on a system partition Doesn’t solve architecture incompatibility

54. Desired State Configuration DSC  DSC  You define the desired state of a system  PowerShell ‘makes it so’  DSC changes the game  IT Pros do NOT write scripts that run on remote servers  IT Pros write configuration statements that define how a remote server should run – PowerShell does the rest  DSC a work in progress - but progress is good!

55. DSC Architecture Configuration Development DSC Resource s Staging Node Configuration Pushed Pulled MOF FIles Configuratio n Documents

56. Pull Model Pull Server (Contains DSC data and Resources) Authoring Phase (May include imperative as well as declarative code) Staging Phase -Fully declarative configuration representation using DMTF standard MOF instances -Configuration is calculated for all nodes “Make it So” Phase (Declarative configuration is rectified through imperative providers.) Parser and Dispatcher Imperative Providers Providers implement changes: Imperative Idempotent Local Configuration Store PSV4 provides: Declarative syntax extensions Schema-driven Intellisense Schema validation (early-binding) Runs service to provide configuration to nodes 3 rd party languages and tools PS V4 or later NODES

57. DSC  Parameterisation  You can provide parameters to a Configuration  You pass parameter values when you execute the configuration  The MOF files are customised based on parameter values  You can re-run with different parameters to produce different (extra) MOF Files  Resources are not yet complete  Some additional resources created by the Product team and RTW  Some community authored resources also starting to appear  Start-DscConfiguration creates one MOF file per node  No easy way to assign multiple MOF files per system in Pull mode

58. DEMO Desired State Configuration

59. Push Model Configuration Staging Area (Contains MOF Files) 3 rd party languages and tools Authoring Phase (May include imperative as well as declarative code) Staging Phase -Fully declarative configuration representation using DMTF standard MOF instances -Configuration is calculated for all nodes PS V4 or later “Make it So” Phase (Declarative configuration is rectified through imperative providers.) Parser and Dispatcher Imperative Providers PSV4 provides: Declarative syntax extensions Schema-driven Intellisense Schema validation (early-binding) Providers implement changes: Imperative Idempotent Local Configuration Store Start-DSCConfiguration pushes the MOF files to the nodes NODES

60. Take Away’s  Create / Review Requirements  Companies need to understand implications and plan - Major refresh in many cases over years – most important is … New ways of working means new thinking !

61. Identify the need for this, don’t do it yourself. Could roles implemented by others…

62. Q&A literally… ask us anything! WindowsUG.com WindowsUG

63. Thank you to our sponsors! New Ways of Working Master class A hands on approach to building a Workplace technical design. We will use Microsoft based tools, You will have after just two days A basic strategy for your business Have setup device management Understand PowerShell management capability Understand impact if other infrastructure a Day 1  Introduction  Understand Challenges  Identity  Access Controls  License guide Day, 2 Workplace Management MDM DSC Underpinning infrastructure change Your 3 Year Plan £395.00 per person, per course For forthcoming events and more information visit www.itmasterclasses.com Security Master class 16th - 17th December 2014 Course Description Generally when security is seen as a blocker, it means it is not understood. Simply keeping systems available is part of security. The landscape has changed over the last five years, but has your view of security changed with it? Course Outline What is Security? - Getting security without the price tag you expected - Where to start? PCs Servers and the LAN - Encryption, where how and why? - Antivirus and endpoint - Data loss, USB sticks - Bring your own device MDM and PKI Data..Data… Data… - Credit cards - Archiving and compliance Identity the golden rules - Changes since the 90’s - Time to save money and work - Practical changes - What’s in windows 20xx? The cloud – Managing differing security opportunities Setting out your plan - Making sure you have an action plan and discuss your own plan £395.00 per person, per course For forthcoming events and more information visit www.itmasterclasses.com

65. Graham.Parkinson@Bingconsulting.co.uk Contact ? Twitter :Graham_MCT