Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Published: May 2007 For the latest information, please see www.microsoft.com/education/blueprint.mspx
Copyright 2007 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons AttributionNonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that users particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Active Directory, ActiveSync, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.
Contents
Overview............................................................................................1 Chapter 1: Introduction to the Blueprint.............................................3 Chapter 2: Educational Institution Objectives.....................................6 Chapter 3: Basic Optimization Level....................................................8 Chapter 4: Standardized Optimization Level......................................19 Chapter 5: Rationalized Optimization Level.......................................37 Chapter 6: Dynamic Optimization Level.............................................40 Links.................................................................................................44 Acknowledgements...........................................................................51
Overview
As the world becomes more dependent on technological advances, planning for and managing technology become more and more essential. And although prudent management of technology is important to business and governments, it is perhaps even more critical to educational institutions, which frequently have very limited resources so that the cost of failure can be extremely high. The Microsoft Technology Blueprint for Primary and Secondary Schools provides guidance to assist educational institutions in fully utilizing their current technology and migrating from their current state to a more efficient and effective institution. Because each school has unique issues, priorities, and resources, no Technology Blueprint can be expected to address the specific needs of all schools. Although educational institutions have very specialized requirements, many lessons that have been learned in the business world can apply to the needs of educational institutions.
Chapter Summary
The Blueprint is comprised of the following chapters: Overview. The overview provides an introduction to the Blueprint and describes the topics that each chapter covers. Chapter 1, Introduction to the Blueprint. This chapter provides an introduction to the Infrastructure Optimization (IO) Model and describes the four levels of technological maturity on which the Blueprint focuses. In addition, the chapter describes the five capabilities that are required to build a more agile IT infrastructure. Chapter 2, Educational Institution Objectives. This chapter describes the technical challenges that educational institutions face and summarizes the objectives upon which the Blueprint focuses. Chapter 3, Basic Optimization Level. This chapter provides an introduction to the Basic level of the IO model. It describes some of the tools that schools at the Basic level use to address technical challenges. In addition, the chapter describes some of the processes and advantages of moving from Basic to the Standardized level. Chapter 4, Standardized Optimization Level. This chapter discusses how schools at the Standardized level address technical challenges and describes some of the advantages of moving from Standardized to the Rationalized level. Chapter 5, Rationalized Optimization Level. This chapter describes how schools at the Rationalized level integrate tools and processes to address technical challenges. It also provides a high level description of the advantages of moving from the Rationalized level to Dynamic. Chapter 6, Dynamic Optimization Level. This chapter introduces the Dynamic level and describes how schools at this level integrate tools and processes. Links. This section provides URL links to all of the resources and case studies that the Blueprint references. Acknowledgements. This section lists the people who contributed to the creation of the Blueprint.
Feedback
Please direct questions and comments about this guide to edu-sa@microsoft.com.
The Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized provides significant detail about what is required to move an organization from Basic to Standardized. The Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized provides significant detail about what is required to move an organization from Standardized to Rationalized.
Note Additional guides are planned to address the movement between other optimization levels. As they become available, this document will be refreshed to reflect those new guides.
Microsoft and its partners provide the technologies, processes, and procedures to help customers move along the infrastructure optimization path. Processes move from fragmented or nonexistent to optimized and repeatable. Customers' ability to use technology to improve their business agility and deliver business value increases as they move from the Basic level to the Standardized level, the Rationalized level, and finally to the Dynamic level. The IO Model has been developed by industry analysts, Massachusetts Institute of Technology (MIT) Center for Information Systems Research (CISR), and Microsoft, derived from experiences with its enterprise customers. A key goal for Microsoft in creating the IO Model was to develop a simple way to use a maturity framework that is flexible and can easily be used as the benchmark for technical capability and business value. The Core IO Model defines five capabilities that are required to build a more agile IT infrastructure: Identity and Access Management. Describes how customers should manage people and asset identities, solutions that should be implemented to manage and protect their identity data, and how to manage access to resources from mobile users, customers and/or partners outside of a firewall. Desktop, Device and Server Management. Describes how customers should manage desktops, mobile devices, and servers as well as how to deploy patches, operating systems, and applications across the network. Security and Networking. Describes what customers should consider implementing in their IT infrastructure to help guarantee that information and communication are protected from unauthorized access while at the same time provides a mechanism to protect their IT infrastructure from denial of service attacks and viruses while preserving access to corporate resources. Data Protection and Recovery. Provides structured or disciplined backup, storage, and restore management. As information and data stores proliferate, organizations are under increasing pressure to protect that information and provide cost-effective and time-efficient recovery when required. IT and Security Process. Provides proven best practice guidance on how to costeffectively design, develop, operate, and support solutions while achieving high reliability, availability, and security. While rock-solid technology is necessary to meet demands for reliable, available, and highly secure IT services, technology alone is not sufficient; excellence in process and people (skills, roles, and responsibilities) is also needed. This capability is comprised of two processes, Security Process and ITIL/COBIT-Based Management Process, each of which is addressed separately in the Blueprint.
Self Assessment
Prior to implementing any of the recommendations within this document, IT staff should perform a self assessment of the environment to see where they fall within the IO model. They may find that they do not have to implement all the recommendations to move to the next optimization level because they have implemented them previously. Microsoft has a simple online self-assessment tool that IT staff can use to determine the optimization level of the organization. The tool asks a series of yes or no questions and based on the responses produces a Web page that outputs the results. The following graphic shows an example of the simple chart that the self assessment tool produces.
Figure 2. Self Assessment Results Chart This results chart shows that the Identity and Access Management capability is in Standardized, whereas the other capabilities remain in Basic. Because of these results, the staff would need to focus on moving the other three capabilities to Standardized. To perform a self assessment, see the Core Infrastructure Optimization Assessment site.
Business Management: Inefficient Operations and a Lack of Insight into Where Money Is Spent
With scarce resources, highly diverse and specialized funding for special needs children, grants, capital funds, etc, the need arises for schools to manage resources efficiently and be able to provide funding agencies with reports on how and where funds were spent. These funds are distributed by departments throughout school districts to purchase a myriad of items from pencils, food, or large equipment, to major capital improvements that require substantial detailed accounting. Finally, because of government regulations and local community scrutiny, there is a need for clear, easily readable reports.
Case studies: Oregon Department of Education: Web-Based Solution Enables Better DecisionMaking, Productivity for the Oregon Department of Education Ivy Tech Community College: Community College Improves Enrollment Forecasting, Positions to Meet Growth Goal University of Southern Mississippi: University Boosts Productivity by 40 Percent, Saving U.S.$66,000 Annually
Business Management: Inefficient Operations and a Lack of Insight into Where Money Is Spent
Most effective schools at the Basic level perform a substantial amount of manual work using stand-alone accounting software or specialized Enterprise Management Systems. These schools use stand-alone systems for manual work and analysis and then download the reports into spreadsheets for further analysis, which typically includes combining and segmenting data using tools such as rollup reports and pivot tables. The financial officers can provide several perspectives on the financial conditions of the schools. Office staff use stand-alone word processing programs for inter-office communications and spreadsheets to assist in tracking school and office funds. The IT Help desk provides an e mail or database-based help system in which school staff submit help requests. These requests are sent to an IT Help e-mail alias so that IT Staff can schedule responses based on a pre-established priority system. These requests are tracked in a stand-alone database. References: Use Microsoft Dynamics and 2007 Microsoft Office system together for best results Service call management database: Call Center Template
Basic IT Infrastructure
The Basic IT infrastructure is characterized by manual, localized processes; minimal central control; and nonexistent or unenforced IT policies and standards for security, backup, image management and deployment, compliance, and other common IT practices. Overall health of applications and services is unknown due to a lack of tools and resources. Generally, all patches, software deployments, and services are provided manually.
Moving to Standardized
Customers benefit substantially by moving from this Basic level of infrastructure to a Standardized infrastructure, helping them to dramatically reduce work effort by: Developing standards, policies, and controls with an enforcement strategy. Mitigating security risks by developing a "defense in depth" posture: a layered approach to security at the perimeter, server, desktop, and application levels. Automating many manual and time-consuming tasks. Adopting best practices, such as those of the IT Infrastructure Library (ITIL); the SysAdmin, Audit, Network, and Security Institute (SANS); and so on.
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; by the way computers are introduced to the network; and use of the Active Directory directory service to manage resources, security policies, and access control. Customers in a Standardized state have realized the value of basic standards and some policies, yet still have room to improve. Generally, all software updates, software deployments, and desktop service are provided through medium touch with medium to high cost. However, these customers have a reasonable
10
inventory of hardware and software and are beginning to manage licenses. Security measures are improved with a locked-down perimeter, but internal security may still be a risk.
The Standardized level of optimization requires that your organization has procedures and tools in place to automate patch distribution, manage and consolidate standard desktop images, and centrally manage connected mobile devices.
11
By using an automated patch distribution process, educational institutions can ensure that their resources are properly patched. These updates protect the system from crashes due to bugs in the software, and also protect against the security threats that appear constantly. An automated patch distribution process requires fewer people and less time to fully patch an environment. If you do not have an automated patch distribution process in place for 80 percent or more of your desktops and laptops, read the Automated Patch Distribution to Desktops and Laptops section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
12
Thin Images These images contain few if any applications. The advantages of thin images are many: they cost less to build, maintain, and test; network and storage costs are lower; they offer far greater flexibility. However, flexibility increases deployment and networking costs. Hybrid Images Hybrid images are a combination of thick and thin images. In a hybrid image, the disk image is configured to install applications on first run, giving the illusion of a thick image but installing the applications from a network source. Hybrid images have most of the advantages of thin images, yet are not as complex to develop and do not require a software distribution infrastructure. Installation times are longer, which can increase initial deployment costs. An alternative is to start with a tested thin image and build a thick image on top of it. Testing the thick image is minimized, because the imaging process is essentially the same as a regular deployment. Another alternative is to add a minimum number of core applications to a thin image. These applications could include antivirus software and line-of-business (LOB) applications required on all computers in the organization. Deployment of images can be done in a number of ways. The two recommended methods are called Lite Touch Installation and Zero Touch Installation. In Lite Touch Installation, an imaged is configured with the majority of the configuration settings defined. The actual launch of the installation is done manually via a boot disk and leveraging the network, a bootable image CD or some other means. In addition, a few configuration settings may need to be manually installed. This is the recommended installation method for the Standardized level. In Zero Touch Installation, the image installation is initiated automatically. All configuration settings are defined so that the administrator does not perform any manual post-installation steps. Because of this, it takes more time to customize this form of deployment. If you do not have a defined strategy for image based deployments, a defined set of disk images and tools for deploying the images for 80 percent or more of your client computers, read the Defined Standard Images for Desktops and Laptops section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
Where possible, the educational institution should attempt to limit the number of images to absolute minimum required for the environment. Having a large number of images increases the cost of management associated with maintaining the images. While a goal of two would be ideal, it is understood that exceptions will need to be made for a variety of reasons.
13
If you are managing more than two operating system versions in your desktop environment, read the Consolidation of Desktop Images to Two Operating System Versions section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
Data access
For information about mobile device security from Microsoft, see Windows Mobile 5.0 Messaging and Security Feature Pack. If you support or supply mobile devices and do not user identity validation, data protection and backup for mobile devices, read the Identity Validation, Data Protection, and Data Backup of Mobile Devices section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
14
15
DNS, DHCP, and WINS are three mechanisms that are essential to the provision of IP address allocation and management services in enterprise environments. There are alternative mechanisms, but in most cases DNS and DHCP provide the backbone of any service, and WINS fulfills any requirement to collocate DNS and NetBIOS addressing schemes. If you do not have internal servers for basic networking, read the Internally Managed Basic Networking Services (DNS, DHCP, WINS) section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
Additional Information
The following resources don't explicitly reference the Core IO Model, but they provide guidance that the IT staff should consider as they plan a move from Basic to Standardized. Securing Windows 2000 Server Windows Server 2003 Security Guide
16
If you do not have a backup and restore solution for 80 percent or more of your critical servers, read the Defined Backup and Restore Services for Critical Servers section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
Security Process
Security process is a key element of infrastructure optimization, and security must be part of the design criteria for all procedures and technologies highlighted by the Core IO Model. Most organizations know that it is important to protect their data and resources from loss or damage due to theft, human or computer error, malicious intent, or any number of other events. You can take steps to limit the opportunities for loss or damage to occur. You can also establish policies and procedures to respond to and minimize the effects of the loss or damage to your IT environment. To move the organization to the Standardized level within the Security Process capability, there are four key areas that need to be addressed. These areas are: Security policies Risk assessment Incident response Data security
Security Policies
To establish an effective set of security policies and controls you need to determine the vulnerabilities that exist in your computer systems and review the security policies and controls that guard them. This review should cover areas where policies are lacking, in addition to examining current policies. Some of these areas are: Physical computer security policies such as physical access controls. Network security policies (for example, e-mail and Internet policies). Data security policies (access control and integrity controls). Contingency and disaster recovery plans and tests. Computer security awareness and training. Computer security management and coordination policies. Compliance of acquired software.
Your organization should have a person dedicated to reviewing and maintaining the security policies and setting the security strategy of the organization.
Risk Assessment
With a formal security risk management process, organizations can operate in the most cost-efficient manner, with a known and acceptable level of risk. A formal security risk management process also gives organizations a consistent, clear path to organize and prioritize limited resources to manage risk. You will realize the benefits of using security risk management when you implement cost-effective controls that lower risk to an acceptable level.
17
Incident Response
When a security event occurs, IT professionals might feel like the only things they have time to do are to contain the situation, figure out what happened, and fix the affected systems as quickly as possible. Some might try to identify the root cause, but even that might seem like a luxury under extreme resource constraints. While this kind of reactive approach can be an effective tactic, imposing a small degree of order to the reactive approach can help organizations of all types to better use their resources. With proper planning, your organization can be proactive in addressing breaches of security.
Data Security
One of the most important tasks of the IT department is ensuring the security of company data. There are several steps you can take to move to the Standardized level for data security. Implement antivirus controls on all computers. (See the " Antivirus with Automated Signature Updating " section earlier in this guide). Establish consistent policies for classifying sensitive data. Establish consistent processes to identify security issues and threats that could compromise sensitive company data.
For a full discussion of data security, see the Data Security and Data Availability in the Administrative Authority white paper. If you do not have plans in place for security policies, risk assessment, incident response, and data security, read the Security Policies, Risk Assessment, Incident Response, and Data Security section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
18
Improving end-user support services. Support services, or the Service Desk is the first point of contact for the organization. Its efficient and effective response to customer problems and concerns can do much to enhance the reputation of the organization. Configuration management. A key principle in effectively managing an IT infrastructure is to document its components and the relationships between them. Configuration management provides the foundation for decision-making in change management, negotiating SLAs, assessing IT capacity, and other critical processes. Implementing change management best practices. Change management describes a consistent set of processes to initiate infrastructure changes, assess and document their potential impacts, approve their implementation, and schedule and review their deployment.
If you do not have a process for incident, problem, service, configuration, and change management, read the Support and Change Management Process section in the Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized.
Business Management: Inefficient Operations and a Lack of Insight into Where Money Is Spent
Most effective schools at the Standardized level value the integration of their student data management system, the business management systems, instructional management, and technology services. The integration of these systems allows business managers to track and report the flow of resources from funding agencies to their expenditures. It reduces redundancy, and prevents erroneous and out-dated data from being maintained, used for analysis, and providing standard and customizable detailed reports. The office staff uses integrated office communications systems that combine the word processing, spreadsheet, e-mail, Internet, and phone systems. This infrastructure makes for efficient office management and communications between departments and allows
20
reports to be rolled up to regional reports. In addition, interoffice employee management systems, such as Human Resource services, are accessible to all employees. The IT Help desk provides an e-mail or database-based help system in which school staff can make and monitor track. The Tracking system provides report capabilities, allowing the IT Management to perform root cause and trend analysis. Case studies: Delaware Department of Education (DDOE): Delaware Schools Meet NCLB Requirements, Cut Costs by U.S.$740,000 Sydney Anglican Schools Corporation Implements Powerful Financial System Nebraska Department of Education: Web-Based School Assessment System Wins Political Points Department of Education and Training Victoria: DET Victoria Saves up to $208,000 a Year with Microsoft Office SharePoint Server 2007 Saskatchewan Learning: Saskatchewan School Boards Score Top Marks in Efficiency with New Financial Management System
21
Standardized IT Infrastructure
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; to control the way computers are introduced into the network; and by using Active Directory to manage resources, security policies, and access control. Organizations in a Standardized state have realized the value of basic standards and some policies, yet still have room to improve. Generally, all patches, software deployments, and desktop service are provided through medium touch with medium to high cost. They have a reasonable inventory of hardware and software and are beginning to manage licenses. Security measures are improved with a locked-down perimeter, but internal security may still be a risk.
Moving to Rationalized
By moving to a Rationalized IT infrastructure, you can improve your organizations infrastructure and take control with automated systems management and automated identity and access management. At this level, your IT staff can access tools and information efficiently, service-level agreements are linked to organizational objectives, and your organization can benefit from clearly defined and enforced images, heightened security, and reliable best practices.
Configuration Monitoring
Configuration monitoring tools are available that provide reports for out-of-compliance configuration. Some educational institutions may want to report on out-of-compliance computers and then determine the correct course of action to bring the computer back into compliance. For example, if a school wants to enforce that an application is installed on all computers, but that application requires drivers that do not exist for certain hardware types in the environment, the best option may be to monitor these out-ofcompliance computers and determine the best way to resolve them on an individual basis. The Rationalized level of the Core IO Model requires implementation of a directory-based configuration management infrastructure using Group Policy and recommendsbut does not requirestand-alone configuration monitoring tools. Although there are a number of third-party options available, Microsoft offers two types of tools to monitor configuration compliance: Best Practices Analyzers and Systems Management Server 2003 Desired Configuration Monitoring. Best Practices Analyzers (BPA) from Microsoft contain pre-defined best practice settings and reports. These free downloads are available for Microsoft server products including Microsoft Exchange
22
Server, Microsoft Internet Security and Acceleration Server, and Microsoft SQL Server. Systems Management Server 2003 Desired Configuration Monitoring, which is also a free download, enables organizations to define desired configuration settings or rules and to monitor compliance. In addition to these tools, there are a number of software applications available from Microsoft partners to define and manage standard configuration.
Policy-Based Configurations
As the number of managed clients grows within an organization, it becomes necessary to standardize on how the security and configuration settings are applied to the systems. By ensuring a uniform means of applying policy settings through an automated means increases the security of the environment. This comes from protecting against inconsistent configurations that are introduced through a manual process. In addition, it lowers the cost of managing the environment as these policies are applied in a uniform fashion. If changes are required to the configuration of the computers, the changes can be made in the policy and quickly applied to computers in the organization. For more information about how to implement a directory-based tool to centrally administrate configurations and security on desktops, see the Windows Server 2003 Group Policy documentation. If you do not have a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops, read the Centralized Directory-based Configuration and Security section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
23
To automate operating system distribution, an educational institution must: Identify tools and technologies required to enable automated operating system deployment. Perform necessary pre-deployment tasks for application compatibility and packaging, infrastructure remediation, imaging, user-state migration, and desktop security. Test and validate Zero Touch Installation in a lab environment and pilot program. Perform automated operating system deployment to end users.
The objective in moving to the Rationalized level is to completely automate existing desktop deployment procedures. Doing so enables a Zero Touch Installation (ZTI) of desktop images, role-based applications, required drivers, language packs, updates, and migration of user state without any interaction at the targeted computer. In this phase, you should identify what is necessary to enable ZTI in your desktop environment. Microsoft Solution Accelerator for Business Desktop Deployment (BDD) 2007 is the recommended resource for identifying deployment options and end-to-end planning of deployment projects. BDD 2007 provides guidance for Zero Touch Installation (ZTI) using Systems Management Server (SMS) 2003 with the Operating System Deployment Feature Pack. To successfully automate operating system deployment involves a number of predeployment steps, which include addressing: Application compatibility Infrastructure remediation Application management Computer imaging system User state migration Securing the desktop
After completing the steps required for pre-deployment, you are ready to start testing and deploying desktop images. All of the pre-deployment steps mentioned above are necessary for a Lite Touch Installation (LTI) or Zero Touch Installation (ZTI). Testing the deployment in a controlled environment reduces costs if an issue is found. In addition, testing helps ensure a smoother roll out to the general population when the time comes. For more information about how to automate operating system distribution, visit Microsoft TechNet and search for operating system deployment or Zero Touch Installation. To see how Microsoft uses SMS for operating system distribution, see the Deployment Process: Overview page. If you have not completed the pre-deployment tasks, read the Automated Operating System Distribution section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
24
At the Standardized level, tools to automate asset inventory are required as part of the patching process, and software update or patch management is also a requirement. Automated tracking of desktop assets leads to requirements to automate deployment of applications and operating systems, track usage, and report system status. The Rationalized level requires that all of these tasks are integrated into a common process methodology and toolset. If you do not have automated tracking of hardware and software assets on 80 percent or more of your desktops, read the Automated Tracking of Hardware and Software for Desktops section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
For guidance specific to Microsoft Office, read the Latest Versions of Microsoft Office on Desktops section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
25
26
To see how Microsoft addresses secure mobile communications, see Trustworthy Messaging at Microsoft. If you have not implemented mobile device authentication for all devices, read the Guaranteed Secure Communications with Mobile Devices section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
27
These services can be accessed through a mobile device if that device has a WAPdesigned browser that simplifies the content to account for the restrictions of mobile devices. If you have not made your key applications accessible to mobile devices through HTTP or WAP, read the Access to Web Applications Using WAP or HTTP for Mobile Devices section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
28
To see how Microsoft has simplified disk imaging with Windows Vista, see Planning the Windows Vista Deployment at Microsoft. If you do not have a layered-image strategy for managing your desktop images, read the Layered Imaging for Desktops section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
29
Remote client access. Remote clients are usually single computers, such as home computers or laptops of employees who need to access resources while working at home or traveling. Site-to-site access. Site-to-site access is used between remote sites and centralized facilities of the organization to access resources and data at different logical and physical locations.
Both of these key remote access requirements of an organization can be provided using a virtual private network (VPN). Both of these solutions require the underlying presence of either a dial-up connection or an Internet (shared) leased-line connection. Remote Terminal Services such as provided by Microsoft Windows Server 2003, lets you deliver Windows-based applications, or the Windows desktop itself, to virtually any computing deviceincluding those that cannot run Windows. Terminal Services provides three important benefits for secure remote access: Rapid centralized deployment of applications. Low-bandwidth access to data. Windows anywhere.
For more information on Terminal Services, see Windows Server 2003 Terminal Services. To see how Microsoft implements VPN and Terminal Services, see: Providing Security for Corporate Resources at Microsoft by Using ISA Server 2004 Security Enhancements for Remote Access at Microsoft
If you do not provide secure remote access to internal resources and line of business applications through VPN or Microsoft Terminal Services, read the Secure Remote Access to Internal Resources and LOB Applications section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
30
packet security, end-to-end between computers. Network traffic can be authenticated, or authenticated and encrypted, in a variety of customizable scenarios. For more information on IPsec, visit Microsoft TechNet and search for IPsec. To see how Microsoft secures communications between servers, see Improving Security with Domain Isolation. If you do not have a secured and guaranteed way to verify communication between critical servers, read the Secured and Guaranteed Communication Verification Between Servers section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
31
communications, you can move from the Standardized level to the Rationalized level. The Rationalized level requires that communication via SIP is also secure, which means that the communication is archived, operated through the directory service, and certificates are used. To see how Microsoft uses secured communication mechanisms, see Deploying Office Live Communications Server 2005 and Office Communicator 2005 at Microsoft. If you do not provide a secured communication mechanism for presence, such as Session Initiation Protocol (SIP), read the Secure Communication Mechanism for Presence section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
32
Accessibility of information. Information assets need to be accessible to authorized users and protected from unauthorized access or modification. Passwords can help, but users who have several passwords for accessing different secure systems may choose passwords that are easy to remember and consequently easy to decipher. Non-repudiation of identity. Information needs to be sent from one user to another with the confidence that the sender of the information is valid. It is also necessary to provide reasonable confidence that the information has not been changed en route. Privacy of information. Users should be able to send information to other users or to access a computer system with confidence that the information cannot be accessed or be made available to others. It should be possible for the user or system to define who can access the information. Privacy is of particular importance when information is transmitted over the public Internet.
These requirements deal with electronic information assets and have a direct impact on most organizations. Any mechanism that is implemented to deal with these requirements must be both manageable and secure. A public key infrastructure (PKI) is an appropriate technology to fulfill these requirements with the use of digital certificates. PKI enables the exchange of digital certificates between authenticated entities and trusted resources. Certificates in a PKI are used to secure data and manage the identification credentials of resources within and outside the organization. Because PKI needs to be trusted, it is managed by a pre-qualified organization or part of such organization. Such an organization can be called a certification authority (CA), but usually just the computer that runs the certificate software is called a CA. Whether the CA refers to an organization or to the software that supports certification, the CA is responsible for establishing and vouching for the identity of certificate holders. It may also revoke certificates if they should no longer be considered valid and publish certificate revocation lists (CRLs) for use by certificate verifiers to determine the validity of a certificate. For more information, visit Microsoft TechNet and search for PKI. To see how Microsoft deploys PKI, see Deploying PKI Inside Microsoft. If you do not have a centrally managed Certificate Services infrastructure or public key infrastructure (PKI), read the Centrally Managed Certificate Services section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
33
introduce significant amounts of trafficthe decision to centralize must take such impacts into account. Co-locating services can introduce additional challenges. Your backup and restore software should provide the following capabilities: No user intervention. Local users do not need to remember to rotate the data backup tapes into tape backup hardware. Automated monitoring. You can verify the success and health of the backed-up production servers. The software should give you just-in-time alerts about issues that you need to fix. Faster and more reliable restorations. The software must provide rapid and reliable recovery of data lost because of user error or server hardware failure. Enduser recovery enables users to independently recover their own data. Verification of backups. You can easily verify the success of a backup. Monitored backup process. You can verify the success and health of the backup process.
If you do not have a centrally managed data backup for your remote sites, read the Centrally Managed Data Backup for Branch Offices section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
Security Process
Most organizations know that it is important to protect their data and resources from loss or damage due to theft, human or computer error, malicious intent, or any number of other events. You can take steps to limit the opportunities for loss or damage to occur. You can also establish policies and procedures to respond to and minimize the effects of the loss or damage to your IT environment. The Rationalized level of the Blueprint deviates somewhat from the Core Infrastructure Optimization Self-Assessment and focuses on the following topics: Two-factor authentication Standard security review for new software acquisitions Data classification processes.
Two-Factor Authentication
Single secrets such as passwords can be effective security controls. A long password of more than 10 characters that consists of random letters, numbers, and special characters
34
can be very difficult to crack. Unfortunately, users cannot always remember these sorts of passwords, partly due to fundamental human limitations. Two-factor authentication systems overcome the issues of single secret authentication by requiring a second secret. Two-factor authentication uses a combination of the following items: Something that the user has, such as a hardware token or a smart card. Something the user knows, such as a personal identification number (PIN). Something the user is, such as their fingerprints or retinas
Smart cards and their associated PINs are an increasingly popular, reliable, and costeffective form of two-factor authentication. With the right controls in place, the user must have the smart card and know the PIN to gain access to network resources. The twofactor requirement significantly reduces the likelihood of unauthorized access to an organizations network. For detailed information on two-factor authentication, see The Secure Access Using Smart Cards Planning Guide.
For more information about the standard and to obtain the documentation, visit the ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management Web site.
35
Depending on the organization, improvements to these service management functions might or might not have the greatest impact on operational effectiveness and improvement. We recommend that your organization at a minimum completes the Microsoft Operations Framework Self-Assessment, and preferably a full Service Management Assessment, to identify the most important areas requiring process or service improvements.
36
For more information, visit the Microsoft Operations Framework Web site. To see how Microsoft IT uses MOF and best practice IT service management, see Microsoft Operations Framework: Improving the Way IT Organizations Handle IT Issues. If you have not established processes for service level management, release management, systems administrator, network administrator and job scheduling, read the Operating, Optimizing, and Change Processes section in the Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized.
Business Management: Inefficient Operations and a Lack of Insight into Where Money Is Spent
Schools at the Rationalized level can use highly integrated systems that assist the business leadership in proactively providing detailed funding and expense reports, substantial trend reports, and budget modeling tools for planning and risk analysis and decision support. Case study: EDCO Gains Multi-Company Project Accounting Capabilities
38
Rationalized IT Infrastructure
The Rationalized IT infrastructure is where the costs involved in managing desktops and servers are at their lowest and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. The use of zero-touch deployment helps minimize cost, the time to deploy, and technical challenges. The number of images is minimal and the process for managing desktops is very low touch. These customers have a clear inventory of hardware and software and only purchase those licenses and computers that they need. Security is extremely proactive with strict policies and controls from the desktop to server to firewall to extranet.
Moving to Dynamic
By moving to a Dynamic IT infrastructure, you can benefit from self-assessing and continuous improvement, access information from anywhere on the Internet with greater ease and security, and ensure compliance and high availability through self-provisioning and quarantine-capable systems.
39
Clients that fail the check may have automatic remediation occur and then be rechecked. Alternatively, the owner of the client may have to perform some remediation steps and attempt the connection again. Microsoft has a planning guide around VPN quarantine that was introduced in Windows Server 2003 with Service Pack 1. For more information, see the Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide.
Business Management: Inefficient Operations and a Lack of Insight into Where Money Is Spent
Schools at the Dynamic level use their highly integrated business systems to provide proactive analysis tools and reports. These tools provide the schools with warning and opportunity flags, which can assist the schools in making data-driven short term and long term decisions.
41
Dynamic IT Infrastructure
The Dynamic infrastructure is one where IT systems are self-managing and dynamic. When an infrastructure reaches the Dynamic level, IT teams capture and use knowledge to design and deploy manageable systems and automate ongoing operations using system models. A Dynamic infrastructure requires alignment of development, architecture, deployment, and management tools. Although the Dynamic infrastructure is the final stage of the Core IO Model, constant changes in technology and IT service capability enable organizations to move beyond the Dynamic level as defined in the model. Microsoft has established the Dynamic Systems Initiative (DSI) to build software solutions that facilitate the movement to the Dynamic stage. DSI describes a vision in which IT systems become self-aware and self-managing. From a core technology perspective, DSI is about building software that enables knowledge of an IT system to be created, modified, transferred, and operated on throughout the life cycle of that system. These core principlesknowledge, models, and life cycleare the keys in addressing the complexity and manageability challenges that IT organizations face today. The IO Model defines a core number of capabilities in alignment with the Dynamic infrastructure: Proactive component configuration control User self-service for common help desk requests Automated application compatibility testing Optimized firewall and security practices, including network quarantine capabilities Secure wireless network access Secured third-party remote access to network and line-of-business applications Automated desktop health monitoring Automated software update management for servers Data protection and recovery strategy for critical desktops
These attributes are key areas where customers can currently implement processes and technologies to achieve a Dynamic infrastructure. The Moving from a Rationalized to Dynamic Infrastructure page highlights key technologies and implementation guidance to correspond with these capabilities. DSI takes the Dynamic infrastructure definition further by defining the building blocks of a dynamic system: knowledge of a designer's intent for those systems, knowledge of the environment in which the systems operate, knowledge of IT policies that govern those systems, and knowledge of the user experience associated with those systems. Microsoft is currently developing a common language for the knowledge components, the Service Modeling Language (SML), where this knowledge can be captured, consumed, and augmented throughout the IT system. Based on Microsoft research in service modeling, SML will provide a rich set of constructs for creating models of complex IT services and systems. These models will include information about configuration, deployment, monitoring, policy, health, capacity planning, target operating range, service-level agreements, and other configuration attributes. The Service Modeling Language is based on the System Definition Model, which defines a mechanism for capturing information about systems in reusable models. You can begin preparing for the convergence of knowledge among developers, architects, administrators, and users through the SML. Tools and practices are available for defining, maintaining, and enforcing knowledge components at all stages in the infrastructure life cycle.
42
43
Infrastructure References
Los Angeles County Office of Education: Los Angeles County Cuts Messaging Costs; Employees Stay in Touch in Real Time Department of Education and Training Victoria: DET Victoria Saves up to $208,000 a Year with Microsoft Office SharePoint Server 2007 Broward County Public Schools: School District Addresses Core Educational Goals with Automated Project Management Dufferin-Peel Catholic District School Board Delivers New Learning Tools Oregon Department of Education: Education Department Reduces Number of Servers by 40 Percent, Lowers IT Costs
Links
The following lists provide URL links to the resources and case studies cited within the Blueprint.
Resources
Active Directory Federation Services at http://technet2.microsoft.com/windowsserver/en/library/050392bc-c8f5-48b3-b30ebf310399ff5d1033.mspx Application Compatibility Feature Team Guide in Business Desktop Deployment 2007 at www.microsoft.com/technet/desktopdeployment/bdd/2007/AppCompact_1b.mspx Application Compatibility Testing for Windows Vista: Technical Case Study at www.microsoft.com/technet/itshowcase/content/appcompattcs.mspx Application Compatibility Toolkit at http://technet.microsoft.com/enus/windowsvista/aa905102.aspx Best practices analyzers: Microsoft Exchange Server Best Practices Analyzer at www.microsoft.com/downloads/info.aspx? na=22&p=1&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u= %2fdownloads%2fdetails.aspx%3fFamilyID%3ddbab201f-4bee-4943-ac22e2ddbd258df3%26DisplayLang%3den Microsoft Internet Security and Acceleration Server Best Practices Analyzer Tool at www.microsoft.com/downloads/info.aspx? na=22&p=2&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u= %2fdownloads%2fdetails.aspx%3fFamilyID%3dd22ec2b9-4cd3-4bb6-91ec0829e5f84063%26DisplayLang%3den Best Practices Analyzer Tool for Microsoft SQL Server at www.microsoft.com/downloads/details.aspx?FamilyID=b352eb1f-d3ca-44ee893e-9e07339c1f22&DisplayLang=en
Bluefire at www.bluefiresecurity.com/ Bridge the gap between development and operations with Whitehorse at http://msdn.microsoft.com/msdnmag/issues/04/07/whitehorse/default.aspx Computer Imaging System Feature Team Guide at www.microsoft.com/technet/desktopdeployment/bdd/2007/ComImgFea_3.mspx Control Objectives for Information and related Technology (COBIT) at www.isaca.org/ Core Infrastructure Optimization at www.microsoft.com/business/peopleready/coreinfra/ac/default.mspx Core Infrastructure Optimization Online Self-Assessment at www.microsoft.com/business/peopleready/coreinfra/ac/default.mspx
Links
45
Core IO Implementer Resource Guide Standardized to Rationalized at www.microsoft.com/downloads/details.aspx?FamilyId=ED8F8C4A-5E48-46BA-89B617D9F8894AB5&displaylang=en Core IO Implementer Resource Guide: Basic to Standardized at www.microsoft.com/downloads/details.aspx?FamilyId=77C0EA3A-BC82-456CB13D-CFC04D9DCB89&displaylang=en Data Protection and Recovery in Windows XP at www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.mspx Data Security and Data Availability in the Administrative Authority at www.microsoft.com/technet/security/bestprac/bpent/sec3/datasec.mspx Deploying Office Live Communications Server 2005 and Office Communicator 2005 at Microsoft at www.microsoft.com/technet/itshowcase/content/lcs2005twp.mspx Deploying PKI Inside Microsoft at www.microsoft.com/technet/itshowcase/content/deppkiin.mspx Deployment Process: Overview at www.microsoft.com/technet/desktopdeployment/depprocess/default.mspx Dynamic Systems Initiative at www.microsoft.com/windowsserversystem/dsi/default.mspx Extending the Security Configuration Database at http://technet2.microsoft.com/windowsserver/en/library/80740a7a-3668-491a-a9dc114cfe8d43741033.mspx. iAnywhere at www.ianywhere.com Implement configuration control policies across systems using Group Policy at http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/default.msp x Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide at http://go.microsoft.com/fwlink/?LinkId=41308 Improving IT Efficiency at Microsoft Using Virtual Server 2005 at http://www.microsoft.com/technet/itshowcase/content/virtualserver2005twp.mspx Improving Security with Domain Isolation at www.microsoft.com/technet/itshowcase/content/ipsecdomisolwp.mspx Introduction to Firewall Services at www.microsoft.com/technet/solutionaccelerators/wssra/raguide/FirewallServices/defa ult.mspx Introduction to the Wireless Application Protocol at www.wirelessdevnet.com/channels/wap/training/wapoverview.html ISO/IEC 17799:2005 Information technology -- Security techniques -- Code of practice for information security management at www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail? CSNUMBER=39612&ICS1=35&ICS2=40&ICS3= IT Health Scorecard Metrics at www.microsoft.com/technet/itshowcase/content/itscorecdnote.mspx IT Infrastructure Library (ITIL) at http://www.itil.co.uk/ Managing Mobile Devices in the Enterprise at www.microsoft.com/technet/solutionaccelerators/mobile/evaluate/mblmange.mspx Microsoft Office Online Templates for teachers at http://office.microsoft.com/enus/templates/results.aspx?qu=teacher&av=TPL000
46
Microsoft Operations Framework (MOF) at www.microsoft.com/mof Microsoft Operations Framework: Improving the Way IT Organizations Handle IT Issues at www.microsoft.com/technet/itshowcase/content/mofmmppt.mspx Microsoft Operations Manager 2005 Security Guide at www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/3e039637-463946f7-9f5f-518e0c04795e.mspx Microsoft Operations Manager (MOM) 2005 Management Pack Development Guide at www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/dcb14ae5c716-4629-90ce-77f898b91d4f.mspx Microsoft Systems Management Server 2003 Desired Configuration Monitoring at www.microsoft.com/technet/itsolutions/cits/mo/sman/dcm.mspx Microsoft TechNet at http://technet.microsoft.com Mobile Device Wireless Connectivity at www.microsoft.com/technet/archive/itsolutions/mobile/deploy/mblwirel.mspx MOM 2005 Operations Guide at www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/faf19f47-facd-44679510-e7c84c671572.mspx Monitoring Exchange Server 2003 at Microsoft at www.microsoft.com/technet/itshowcase/content/monittsb.mspx Odyssey Software at www.odysseysoftware.com/ Optimizing Bandwidth at Microsoft at www.microsoft.com/technet/itshowcase/content/optbwcs.mspx Optimizing Infrastructure: The Relationship between IT Labor Costs and Best Practices for Managing the Windows Desktop at http://whitepapers.zdnet.com/whitepaper.aspx?docid=284982&promo=100202 Planning the Windows Vista Deployment at Microsoft at www.microsoft.com/technet/itshowcase/content/vistadeploy_twp.mspx Providing Security for Corporate Resources at Microsoft by Using ISA Server 2004 at www.microsoft.com/technet/itshowcase/content/isa2004sp2.mspx Providing Security for the Network Perimeter at Microsoft at www.microsoft.com/technet/itshowcase/content/secnetwkperim.mspx Providing Security for the Network Perimeter at Microsoft at www.microsoft.com/technet/itshowcase/content/secnetwkperim.mspx Secure Access Using Smart Cards Planning Guide at http://go.microsoft.com/fwlink/?LinkID=41314 Securing Windows 2000 Server at http://go.microsoft.com/fwlink/?linkid=14838 Security Enhancements for Remote Access at Microsoft at www.microsoft.com/technet/itshowcase/content/rasecwp.mspx Security Guidance Portal on Microsoft TechNet at www.microsoft.com/technet/security/guidance Server Security Patch Management at Microsoft at www.microsoft.com/technet/itshowcase/content/sms03spm.mspx Service call management database Microsoft Office Access Database Call Center Template at http://office.microsoft.com/enus/templates/TC010184671033.aspx?pid=CT101426031033
Links
47
Service Modeling Language at www.microsoft.com/windowsserversystem/dsi/serviceml.mspx Set up automated application compatibility testing at www.microsoft.com/technet/prodtechnol/winxppro/deploy/appcom/apcintro.mspx Solution Accelerator for Consolidating and Migrating LOB Applications at www.microsoft.com/technet/solutionaccelerators/ucs/lob/lobsa/lobsaovw.mspx Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2 at www.microsoft.com/technet/solutionaccelerators/mobile/deploy/msfp_3.mspx Systems Management Server (SMS) 2003 at www.microsoft.com/technet/sms/default.mspx Systems Management Server 2003 Desired Configuration Monitoring at www.microsoft.com/downloads/details.aspx?FamilyID=a867fc14-daa3-4c2a-9e654fbcbec60aaa&DisplayLang=en Trustworthy Messaging at Microsoft at www.microsoft.com/technet/itshowcase/content/trustmes.mspx Update Management at www.microsoft.com/technet/updatemanagement/default.mspx Use Microsoft Dynamics and the 2007 Microsoft Office system together for best results: Integrate business software tools to empower your people and achieve your goals at www.microsoft.com/dynamics/product/office2007integration.mspx? mg_id=10150&wt.svl=10150 Windows Mobile 5.0 Messaging and Security Feature Pack at www.microsoft.com/windowsmobile/business/directpushemail.mspx Windows Mobile 5.0 Security Model FAQ at http://blogs.msdn.com/windowsmobile/archive/2005/12/17/security_model_faq.aspx Windows Mobile Center at www.microsoft.com/technet/solutionaccelerators/mobile/default.mspx Windows Server 2003 Group Policy at http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/default.msp x Windows Server 2003 Security Guide at http://go.microsoft.com/fwlink/? linkid=14846 Windows Server 2003 Terminal Services at http://technet2.microsoft.com/windowsserver/en/technologies/featured/termserv/defa ult.mspx Windows Server System Architecture Virtual Environments for Development and Test at www.microsoft.com/technet/solutionaccelerators/wssra/ve/default.mspx Windows Server System Reference Architecture (WSSRA) at www.microsoft.com/downloads/details.aspx?familyid=d44e34ec-b4e2-49a1-9f409ed4ba3765df&displaylang=en. Windows Vista Security Guide, Chapter 3: Protect Sensitive Data at www.microsoft.com/technet/windowsvista/security/protect_sensitive_data.mspx Wireless Networking at www.microsoft.com/technet/network/wifi/default.mspx Zero Touch Installation (ZTI) at www.microsoft.com/technet/desktopdeployment/bdd/2007/ZeroTouch_3.mspx Zero Touch Installation Deployment Feature Team Guide at www.microsoft.com/technet/desktopdeployment/bdd/enterprise/ztidftguide_7.mspx
48
Case Studies
Abbotsholme School: Independent Boarding School Moves to 21st Century with Network and Wireless Solution at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49303 Broward County Public Schools: School District Addresses Core Educational Goals with Automated Project Management at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=1000003652 Carnegie Mellon University's West Coast Campus: University Supports Remote Students with Web Conferencing Solution at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=53579 Carson-Dellosa Publishing: Educational Publisher Speeds Time-to-Market with Information Sharing Solution at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=53827 Delaware Department of Education (DDOE): Delaware Schools Meet NCLB Requirements, Cut Costs by U.S.$740,000 at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=48439 Denbigh High School : Teachers Lesson Preparation Time Reduced with Free Education Support Tools at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=1000003764 Department of Education and Training Victoria: DET Victoria Saves up to $208,000 a Year with Microsoft Office SharePoint Server 2007 at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=201040 Dufferin-Peel Catholic District School Board Delivers New Learning Tools at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=48834 EDCO Gains Multi-Company Project Accounting Capabilities at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=48382 Elementary School of National Hero Maks Pear: Slovenian School Improves Communication with Parents at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=1000003795 Anoka-Hennepin School District: Identity Management Solution Keeps Parents in Large Minnesota School District Informed at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=1000003795 Edmonton Catholic Schools Provide Parents with a Window into the Classroom at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=48835 Greenhill School: Making the Grade with Microsoft FrontPage 2000 at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=50468 Hutchesons Grammar School: Leading Scottish Grammar School Maintains High Standards Online at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=200395 Ivy Tech Community College: Community College Improves Enrollment Forecasting, Positions to Meet Growth Goal at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200036
Links
49
University of Southern Mississippi: University Boosts Productivity by 40 Percent, Saving U.S.$66,000 Annually at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200111 Jefferson County Public Schools Close Achievement Gaps in Student Performance at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=52902 Lake Washington School District: Collaborative Learning Portal Promotes Student Success at Lake Washington School District at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=52395 Lenawee Intermediate School District (LISD): Michigan District Boosts StudentTeacher Interaction, Enhances Classroom Instruction at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=53231 Los Angeles County Office of Education: Los Angeles County Cuts Messaging Costs; Employees Stay in Touch in Real Time at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200047 Mere Green Combined School Unlocks the Potential of Every Child at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=52429 Miami Dade County Public Schools: Collaborative Portal Improves Education for Fourth-Largest U.S. School District at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200967 Nebraska Department of Education: Web-Based School Assessment System Wins Political Points at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=50847 Ninestiles School: Anytime Anywhere Learning at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=51168 Northern Lights Public School Builds an Award-Winning Learning Environment at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49024 Oregon Department of Education: Education Department Reduces Number of Servers by 40 Percent, Lowers IT Costs at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200692 Oregon Department of Education: Web-Based Solution Enables Better Decision-Making, Productivity for the Oregon Department of Education at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=50340 Perm Municipal Education and Science Committee Increases Staff Productivity Thanks To Collaborative Solution at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=53149 Rockdale County Public Schools: School Staff Gains Immediate Access to Student Information with Handheld Solution at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=48747 Sandwell Borough Council: Portal Solution Brings the Whole Community Together to Raise Educational Standards at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=53619 Saskatchewan Learning: Saskatchewan School Boards Score Top Marks in Efficiency with New Financial Management System at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=201326 Sydney Anglican Schools Corporation Implements Powerful Financial System at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200586
50
The Department of Education for Northern Ireland: Northern Ireland Chalks Up Educational Excellence with Microsoft Innovative Teachers Programme at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=52050 The School District of Philadelphia: Messaging Solution Boosts Communication Among Students, Educators, and Parents at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200039 Tracy Unified School District: School District Learns E-Mail Security Can Do More, Cost Less, and be Easier to Use at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=200918 UK Schools: Parents Help Cut Truancies and Improve Pupil Performance at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=51806 Western Heights Public Schools Meet NCLB Requirements, Gain US$400,000 in Revenue at www.microsoft.com/casestudies/casestudy.aspx?casestudyid=52901 Wolverhampton City Council Mobilises Learning to Give Students Access to Anywhere, Anytime Education at www.microsoft.com/casestudies/casestudy.aspx? casestudyid=53880
Acknowledgements
The Solution Accelerators Security and Compliance team would like to thank the team that produced the Microsoft Technology Blueprint for Primary and Secondary Schools. The following people were either directly responsible for or substantially contributed to the writing, development, testing or provided valuable feedback to the Blueprint. Craig Bartholomew Eve Blakemore Gaurav Bora Liz Butowicz Derick Campbell Chase Carpenter Jeremy Chapman Bret Clark Mike Danseglio Charles Denny Dave Gasiewicz Karl Grunwald Mike Hines Karina Larson Jerry Lee Linda Bookey, Bookey Consulting John Cobb, Wadeware LLC RaxitKumar Gajjar, Infosys Technologies Ltd Michelle Hargarten, Silver Fox Jennifer Kerns, Wadeware LLC Jeanne Tiscareno, Chase Marketing Company Aidan McCarthy Juan Manuel Santos Rodriguez Bomani Siwatu Jim Stewart Cynthia Suber Cindy Weisz Adrian Wilson Naser Ziadeh
Beta reviewers
Cindy Agnew, Fife School District Brent Albasini, Fife School District Micah Baker, Cascade School District Douglas Harrell, Edison McNair Academy Marthelia Hargrove, Former Principal Costano School Kevin Johnson, Fife School District Kevin Pobst, Hinsdale Township High School District 86 Tim Hohman, Hinsdale Township High School District 86 John Porter, Montgomery County Public Schools, Maryland Mike Casey, San Diego Public Schools Tim McCarty, Dublin Unified School District Scott Sexsmith, Capistrano Unified School District Brian L. Stockbrugger, Capistrano Unified School District Julie Yack, Colorado Technology Consultants