Tactical Advice

Reducing Costs With Microsoft Infrastructure Optimization

Apply this model in stages to achieve significant savings and improved service.
This story appears in the March 2009 issue of BizTech Magazine.

While dynamic or fully automated systems that are strategic assets to a company might seem like a far-off dream, infrastructure optimization models and products can help get you one step closer to making IT a valuable business asset.

Microsoft Infrastructure Optimization (IO) is based on Gartner’s Infrastructure Maturity Model and provides a simple structure for evaluating the efficiency of core IT services, business productivity and application platforms.

Though the ultimate goal is to make IT a business enabler across all three areas, you’ll need to concentrate on standardizing core services: moving your organization from a basic infrastructure (in which most IT tasks are carried out manually) to a managed infrastructure with some automation and knowledge capture.

An IDC study of 141 enterprises with 1,000 to 20,000 users found that PC standardization and security management could save up to $430 per user annually; standardizing systems management servers could save another $46 per user.

The Basics

Anyone who’s ever had to set up and maintain shared resources without a server to provide basic infrastructure services such as Domain Name System (DNS) and directory services will know how problematic that task can be. Windows Server in its various editions (Foundation, Small Business and Standard) can authenticate users and computers, and control access to systems and applications using Active Directory (AD). Other networking infrastructure services such as Dynamic Host Configuration Protocol (DHCP), Windows Internet Name Service (WINS) and DNS can be hosted on the same server.

Non-Windows devices can also authenticate against AD. For instance, why maintain a separate list of user names and passwords on a virtual private network device if it can use AD? Users would need to remember only one set of credentials for accessing network resources, which in turn would reduce support costs.

Though there are no technical requirements for configuration management in the standardized level of Microsoft IO, configuration and change management processes must be defined. It’s worth noting that you can centrally manage and enforce configuration settings for Windows clients and servers via AD Group Policy.

Many sysadmins were put off by Group Policy’s complexity when it was introduced with Windows 2000. Management tools have since matured, and the Group Policy Management Console (GPMC) — which can be downloaded from Microsoft and is included with Windows Server 2008 — provides a modeling tool for evaluating the results of a particular set of applied policy objects. Virtualization products such as Hyper-V and VMware Workstation also make it easy to test Group Policy in a lab. Central management can save up to $190 per PC per year.

Patching and Endpoint Security

Windows Server Update Services (WSUS), a free component of Windows Server, can be used to patch operating systems, and its functionality can be extended to include third-party applications with System Center Configuration Manager (SCCM) and Essentials (SCE). Microsoft’s latest Security Intelligence Report shows that 86 percent of reported vulnerabilities affected third-party applications or other software. At a push, Group Policy can be used to distribute application patches, but it’s more difficult to manage and less flexible than SCCM.

Enterprise-class antivirus programs, such as those offered by Symantec or McAfee, should be used to protect clients, servers and special applications such as Exchange and SharePoint. Starting with XP, all Windows clients and servers include a firewall, which should be turned on and managed centrally using Group Policy. Some security suites also include endpoint firewalls with advanced functionality. Comprehensive endpoint security can save $130 per PC per year.

Any company connected to the Internet over a shared connection is likely to have a firewall or network address translation device in place, providing some degree of protection for Intranet clients. Ideally, a good hardware firewall or server-based firewall (such as Microsoft ISA Server) with stateful inspection and application-layer filtering should be deployed at the network edge.

Disaster Recovery and Image Deployment

While Windows provides simple backup and restore functionality, it’s likely that all but the most basic setups will require a specialized product (for example, Backup Exec) or a dedicated server (such as Microsoft’s Data Protection Manager), which can consolidate data and provide centralized backup from multiple sources.

Limiting the number of operating systems that you support to a maximum of two and creating a set of standard images for deploying operating systems can save up to $110 per PC per year. Windows Server includes Windows Deployment Services, while SCCM provides more advanced OS deployment features. Symantec’s Ghost Solution Suite 2.5 is also capable of deploying images to multiple machines. Norton Ghost 14.0 is a good imaging solution for small businesses.

Mobile Devices

Managing mobile devices to ensure they remain secure and updated is probably one of IT’s biggest challenges. Exchange Server 2007 contains a set of ActiveSync policies for controlling Windows Mobile-based devices, and SCCM provides more advanced functionality, such as the ability to distribute software. Should a device be stolen, Exchange ActiveSync remote wipe can erase confidential data. BlackBerry devices can be managed by server software from Research In Motion.

Server Monitoring

Monitoring servers and other important infrastructure devices is important for anticipating potential problems and maintaining a good level of service. System Center Operations Manager (SCOM) or Essentials can be used to monitor Windows servers and other devices.

Nontechnical Competencies

Technical incidents are often caused by lack of change-control procedures. Microsoft IO standardization requires change and configuration management processes to be defined. Even a simple spreadsheet to record changes, along with limiting access to administrative privileges on servers, can provide a more stable environment. Processes must also be defined for problem, incident and service management — and be consistently applied.

While it may not seem to fit with core IT services, Microsoft states that all software should be evaluated and tested. This is a best practice when working with standard images and security controls on desktop computers. Software shouldn’t be installed unless it is part of your company’s approved software portfolio.

Russell Smith is an independent consultant based in the United Kingdom who specializes in Microsoft systems management.

Sign up for our e-newsletter


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...
Edward Snowden Personifies t... |
The NSA leak shows critical areas where organizations can better protect their data.


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...
Curse Builds a Private Cloud... |
One of the top resources in online gaming builds out a robust infrastructure that can...
SDN at the Forefront of HP’s... |
Computing giant kicks off Interop 2014 with a series of announcements aimed at turning...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...