Скачать презентацию www xkcd com 773 Hat tip to Nick Silkey Скачать презентацию www xkcd com 773 Hat tip to Nick Silkey

dbd46908c7eba26471fc83caedc7ed8f.ppt

  • Количество слайдов: 22

www. xkcd. com/773 Hat tip to Nick Silkey for bringing this one to my www. xkcd. com/773 Hat tip to Nick Silkey for bringing this one to my attention. 1

What is the “Windows Roundtable” ? An informal gathering of people who “do Windows” What is the “Windows Roundtable” ? An informal gathering of people who “do Windows” at Yale to facilitate communication of common goals, problems and solutions across the Yale IT community. Usually there will be a “headline topic” as a launching point for discussion and then general (moderated) discussion on whatever topics the group wants to cover. Ground Rules: – The Roundtable is a Yale-internal discussion – The Roundtable is a “no-powerpoint zone” – Participation in discussions is encouraged to both bring your questions and share your solutions. 2

Yale Windows Universe Update 2011 Ken Hoover Manager, ITS Windows Systems Group (WINSYS) ken. Yale Windows Universe Update 2011 Ken Hoover Manager, ITS Windows Systems Group (WINSYS) ken. [email protected] edu July 8, 2011 DISCLAIMER: Some of this talk is about initiatives that are still in the pre-release stages. It is intended to give you outlines that you can use as you make plans for Windows-based services in your area of responsibility. Except where noted, dates listed are target dates only and may change due to collisions with reality. 3

Mar-11 Feb-11 Jan-11 Dec-10 Nov-10 Oct-10 Sep-10 Aug-10 Jul-10 Jun-10 May-10 Apr-10 Mar-10 Feb-10 Mar-11 Feb-11 Jan-11 Dec-10 Nov-10 Oct-10 Sep-10 Aug-10 Jul-10 Jun-10 May-10 Apr-10 Mar-10 Feb-10 Jan-10 Dec-09 Nov-09 Oct-09 Sep-09 Aug-09 Jul-09 Jun-09 May-09 Apr-09 Mar-09 Feb-09 Jan-09 Dec-08 Nov-08 Oct-08 Sep-08 Aug-08 Jul-08 Jun-08 May-08 Apr-08 Mar-08 Feb-08 Jan-08 Dec-07 Nov-07 Oct-07 Sep-07 Aug-07 Jul-07 Jun-07 May-07 Apr-07 Mar-07 800 Feb-07 Jan-07 Dec-06 Nov-06 Oct-06 Sep-06 Aug-06 Jul-06 Jun-06 ITS Windows Systems Group (WINSYS) WINSYS manages Windows servers in Yale’s data centers. 900 Total Servers 700 Virtual Servers Physical Servers 600 500 400 300 200 100 0 4

Agenda • A few quick highlights and interesting statistics • Things that have changed Agenda • A few quick highlights and interesting statistics • Things that have changed in the last couple of years • Services that are being revamped and upgraded • Question Time 5

Quick Yale AD Highlights • By the numbers… – – – 100 K users Quick Yale AD Highlights • By the numbers… – – – 100 K users 31 K computers 13 K groups 3500 OU’s 1300 GPO’s – Domain Controllers process 8. 4 Million Kerberos Auth. N’s on a typical weekday (and generate 26 GB of logs!) 6

Changes in the last few years… • Exchange introduced in Summer 2007 – – Changes in the last few years… • Exchange introduced in Summer 2007 – – Processing ~500 K messages per day ~11, 000 mailboxes (and growing) ~6 TB of email store Quota increased from 1 GB to 2 GB in 2009 • Active Directory taking over from MIT Kerberos – now backing CAS, for example • Sharepoint & Project server in operation • Shared SQL Servers 7

Revamped services and a look ahead 8 Revamped services and a look ahead 8

NEW: Enterprise License Agreement • Microsoft enterprise license agreement for all faculty and staff NEW: Enterprise License Agreement • Microsoft enterprise license agreement for all faculty and staff • Includes: – Windows Desktop OS – Windows Server OS (all versions) – Office for Windows and Mac • Free upgrades for those clinging to Office 2003, etc. – Enterprise Client licenses for Exchange, Sharepoint, and others • Foundational for exciting activity in the Microsoft space… 9

BEING REBOOTED: Central File Service • Secure/managed file storage for users and departments • BEING REBOOTED: Central File Service • Secure/managed file storage for users and departments • ~40 TB of capacity added since September 1, 2010 • LOWER RATE for FY 12: $1/GB/month • Available to anyone with a PTAEO we can charge • 3 -lock approved • New “flattened” CFS security model – – Role-based access for departmental shares Support for single-user “home” shares (finally!) No mucking about with file/subfolder permission Existing shares will have their structure and permissions revamped to use new operating model during 2 H CY 2011 10

CHANGED: WINSYS Patch Release Cycle • Monthly patches for servers released in four cycles CHANGED: WINSYS Patch Release Cycle • Monthly patches for servers released in four cycles – Cycle “A” – 2 nd Tuesday (Rapid Response pool) “B” – 3 rd Tuesday (Development and “below”) “C” – 4 th Tuesday (Test/Pre-prod and “below”) “D” – 1 st Tuesday (Production) • Keep this cycle in mind if WINSYS runs a server for your department. Remember to test! • Applies only to WINSYS-managed machines but a good approach in any multi-environment Windowsbased application. 11

NEW SERVICE: “Lync” Internal Comms • Secure, encrypted IM with AD backing • Online NEW SERVICE: “Lync” Internal Comms • Secure, encrypted IM with AD backing • Online meetings/presentations – Yes, with audio and video • • • Good for business purposes within Yale Free* for faculty and staff to use Works on non-routable Yale subnets Works from outside too without VPN** Integrates with Exchange, Office 2007+ and Sharepoint • Native client included with Office 2011 for Mac Pilot rollout * Covered by new Microsoft Enterprise agreement ** But some ISP’s block SIP so sometimes VPN is needed anyway. 12

NEW SERVICE: Secure LDAP against AD • New Secure AD LDAP alias ad. its. NEW SERVICE: Secure LDAP against AD • New Secure AD LDAP alias ad. its. yale. edu – Secure LDAP (ldaps: //) with a Verisign certificate – Highly available through use of F 5 load balancers – For applications that want to bind to the AD for any purpose • NAS devices and other appliances • LDAP-based AD browser tools Use This • Any code that uses LDAP to talk to the AD Now! • Web applications using AD authentication • etc. – PLEASE update your applications and NAS boxes to use this alias (test first!) – Samba clients binding to the AD should still use “yu. yale. edu” • Make sure you’re not using the defunct “windows-auth” names! 13

NEW SERVICE: Managed SQL Server • Centrally-hosted SQL 2008 R 2 – – – NEW SERVICE: Managed SQL Server • Centrally-hosted SQL 2008 R 2 – – – – Proposed cost $1 k/yr per 5 DB’s / 5 GB of data APPROVED for use with 3 -lock data Servers managed by ITS DBA team and WINSYS ODBC access, secure/encrypted connections required On-disk encryption of databases available You “own” your own data with SQL Management Studio Good for: • Cost-sensitive customers who need a SQL server • Most small to medium-size databases under normal use – Not good for: • Very large databases Summer • Databases with heavy transactional activity 2011? 14

PLANNED UPGRADE: Domain Controllers • Refresh hardware and upgrade to 2008 R 2 – PLANNED UPGRADE: Domain Controllers • Refresh hardware and upgrade to 2008 R 2 – All DC’s will become eight-core 32 GB x 64 servers – Known issues with Samba versions before v 3. 3 which are domain-joined • Fix/workaround information available • Better yet, upgrade Samba • SYSVOL conversion – Uses DFS for replication – Transparent but needs testing – 2 H CY 2011 • Forest functional level upgrade to 2008 R 2 level – Winter 2011/201 15

Oh, one more thing… 16 Oh, one more thing… 16

EXCHANGE 2010 • Robust multi-browser web interface – Mac users, rejoice! – And people EXCHANGE 2010 • Robust multi-browser web interface – Mac users, rejoice! – And people running Linux on their toaster ovens… • 5 GB 8 GB default mailbox quota – More space than 99. 98% of Yale Exchange users use now – …and more than Gmail • Currently in pilot deployment with early adopters • Target: Everyone upgraded by Sep 1 17

Exchange 2010 details… • Adjusted Mailbox Quotas – 8 GB Quota • 7. 75 Exchange 2010 details… • Adjusted Mailbox Quotas – 8 GB Quota • 7. 75 GB – warnings • 8. 00 GB – prohibit send • 8. 25 GB – prohibit receive (mail bounces) • De-supported clients – Outlook 2000, XP • … and you shouldn’t use Outlook 2003 either – Entourage 2004 – Entourage 2008 pre-EWS – Upgrade these first… or dump them entirely. 18

Exchange 2010 OWA Supported Browsers “Full” Interface • Windows XP and higher – IE Exchange 2010 OWA Supported Browsers “Full” Interface • Windows XP and higher – IE 7+ – Firefox 3. 0. 1+ – Chrome 3. 0. 195. 127+ • Mac. OS – Safari 3. 1+ – Firefox 3. 0. 1+ • Linux – Firefox 3. 0. 1+ “Light” interface • Broadest compatibility • Accommodates visually impaired • Good for slow connections • Better than Horde • Examples: – – – IE 6 Chrome on Linux Safari on Windows & i. Pad Android web browsers Opera 19

Exchange 2010 OWA Demo? 20 Exchange 2010 OWA Demo? 20

Summary • New Microsoft Enterprise Agreement – Lots of stuff is now “free” which Summary • New Microsoft Enterprise Agreement – Lots of stuff is now “free” which used to cost extra. – Upgrade Office! • Central File Service revamped – New operating model with better security and auditability – Lower cost to users - $1/GB (includes backup) • New SQL 2008 database service being launched – $1000/yr per 5 DB’s or 5 GB/data, 3 -lock OK – Platform operated by ITS DBA team and you manage your data • Lync being piloted – Secure Yale-owned IM – Includes online meetings/presentations • Exchange 2010 – Any-web-browser-friendly – 8 GB quota 21

Questions / Discussion • What do you think of this format? • Should this Questions / Discussion • What do you think of this format? • Should this become a repeating conversation once again? How often? 22