Bob Muglia: Microsoft Forefront and Systems Center Launch Event

Transcript of Remarks by Bob Muglia, Senior Vice President, Server and Tools Business, Microsoft Corporation
Microsoft Forefront and Systems Center Launch Event: “You’re In Control”
Redmond, Wash.
May 2, 2007

ANNOUNCER: Ladies and gentlemen, Senior Vice President, Server and Tools Business, Bob Muglia.

BOB MUGLIA: Good morning, and welcome to the first of a worldwide series of events that we’ll be holding to launch our new sets of products around Forefront and Systems Center. Today, as I think you probably have seen, we have a day filled with great talks that will help you to understand how these products can really simplify your IT environment, and improve your productivity. There are all these exciting things. This is a time for a lot of great change in IT, a time when IT can really drive forward a new wave of business innovation. So, we’re pretty excited about how these products can help all of you to do that.

I wanted to start today by really providing a little bit of background on Microsoft’s overall thinking, an then spend a fair amount of time talking about the products, and how they all work together. So putting all this in context, Microsoft’s view of working with IT, working with business to solve the business challenges that you all face, is really one of a long-term perspective. We’ve been doing this for a long time, and we know we’ll continue to work with you, continue to learn from you for many, many years to come.

When we think about the kinds of solutions that we’re building, and the kinds of business apps that you’re creating on top of our platform, we recognize that these investments are things that you’ll be making today, and will work and solve your problems for many, many years, and so that’s the way we think about it. We recognize that this platform that we’re building is really something that’s going to be important for your business not just this year, or next year, but 10, 20, 50, even more years into the future. We think about this in the long run.

And when I look back, a lot has changed. I joined Microsoft 19 year ago. I was the first technical person on SQL Server way back when, in 1988, and the world was pretty different. I was the only technical person on SQL Server for a little while. And the world has changed quite a bit. When we talked about Microsoft inside business, the idea of Microsoft solutions helping to drive business forward and being a core part of the business platform was pretty comical at the time. And things have changed today where the Windows platform, and the solutions that are created on top of that really can solve any type of business problem that exists. We have nuclear power plants running their business solution on top of the Windows platform, and it’s really hard to get a whole lot more mission critical than that. And in building those sorts of things, doing so in a way that can be secure, fully integrated, and fully managed with the lowest possible cost, and the highest possibility availability is critical.

So our context on this is a very long-term perspective, it’s one where we think that the opportunity that exists to actually help you to improve your business process, run your business more efficiently, building new kinds of solutions, and allowing you to do that in the best possible way, we see tons of opportunity ahead. It’s really just begun.

Now, in thinking about the complexity as sort of the environment, obviously, the IT environment of today is increasing in complexity. Old-style business applications were much more monolithic in their design, frequently built on a single machine. Today’s business applications span multiple machines within a data center, client, server, multi-tier, Web-based, the kinds of applications of today integrate solutions from multiple partners, supply chain partners, end user customers, all of these things come together in a way that increases the complexity of the environment from a management and a security perspective for the IT organization to drive.

And so when we think about how we can help as a platform provider, first of all, an important context of this is that we’re just part of an overall solution. Microsoft’s approach is very partner oriented, we’ve been working with partners in the industry for many years to complete the solution, and to allow for integration, and to allow those solutions to be rolled out. So that’s an important part of our perspective is that Microsoft is just an enabler for the overall solutions.

Another important part is that we think that through technology, and through software, we can fundamentally change the dynamics of your environment. There’s a lot of ways to reduce cost. You can reduce cost by outsourcing things to overseas to India or China, and that will work for a while. There’s a lot to be said for that, and I know many companies have done that for some part of their operation. But ultimately, that won’t be a way that you can continue to reduce cost, especially as those parts of the world begin to become more expensive in the years to come. We think software, however, is something that can, from a long-term perspective, transform the IT system, reducing costs, and enabling new solutions. Software really is a fundamental enabler, because software issues prevent certain solutions from being deployed, and as software evolves, it opens up new opportunities. We see infinite potential for software to evolve to solve problems.

Now, we’ve been working for many years on this in both the security and the management space. In the management space, we’ve invested for about five years in a major way in terms of building and maturing our solutions. It’s a truth that the Microsoft management platform five years ago wasn’t up to snuff. I mean, I could go back and look and say, gee, we weren’t doing what we needed to do with our products. Today that world is completely different with Systems Center. Today, Systems Center is the leading management solution in the industry solving problems better, faster, cheaper than anything else that’s out there in the marketplace, in a much more integrated way.

Over those last five years, we’ve invested a lot in security. The world and the landscape around security has changed massively in the last five years, with security threats first coming through widespread viral attacks on the Internet, and now being more focused on individual attacks that are focused on the data that is the core business asset of an organization, thus potentially compromising the credibility of an organization, and the effectiveness, frankly, in some cases, even the viability of some businesses. So security has been very important.

Now, over the last five years, we’ve done a lot of investment in fundamentally securing our platform, and in the last couple of years we’ve increased our investments in terms of building a set of security products that augment that platform, and are focused on providing a more complete solution for businesses. That’s a big deal, Microsoft entering the security marketplace, the security business. And in a sense, today is really the official launch of that. We’ve had some security products in the marketplace for some time, but with this launch today, spreading around the world, we’re really saying that Microsoft is making a long-term commitment to providing a complete security solution for businesses.

Why are we doing that? What’s the motivation for doing that? Well, pretty simply, the motivation is that customers are asking us to do that. When we’ve talked to customers for a number of years, they’ve said, some customers have said, we would like to be able to buy a complete security solution from Microsoft. And that’s a great thing if that’s what customers want to do. Now, some other customers will say to us, whoa, whoa, whoa, you’re the platform provider, we’d like to buy a security solution from somebody else. That’s OK, too. What’s important to us is that the overall environment is secured and available for customers. And so it’s a pretty important new long-term investment for us. It’s something that we’re going to be doing for a long period of time. And I guarantee you that Microsoft is going to get it right, and we’re going to provide a great solution for customers.

Now, what’s the underpinning of this, that there’s an important technical underpinning behind all of this, and that’s something we call the Dynamics Systems Initiative. For about the last four years, we’ve been working on a long-term focused approach across all of Microsoft that takes to build an infrastructure that enables a new generation of security and management products. And that technical underpinning is really based on several key technologies, virtualization, which is spreading as an important consolidation and management tool for business. Microsoft is making massive investments in virtualization, virtualization infrastructure in the platform, virtualization management tools. We expect the world to move to a virtualized way, and Microsoft intends to be a leader in virtualization, and, in fact, you’ll see over the next year we’re rolling out leadership products in that space.

A focus on how we can use model-driven technology to capture the essence of an application, and enable a complete lifecycle of that application from the early definition through the design and development into the deployment, and then through the update stages. How can we capture that data in models to simplify the management process? It’s a remarkable fact today that on any platform in the world, if you look and try and find an overall infrastructure for describing all of the components of an application and their relationships, it doesn’t exist. It’s not a part of the core infrastructure of Linux, UNIX, mainframes, Windows, none of those platforms have it. We’re building it. We’re building it into Windows. We’re building it into Visual Studio. We’re building it into our Office tools in SharePoint. We’re building it into Forefront. We’re building it into Systems Center. We’re building it into SQL [Server]. We’re building it into Exchange. We’re building it across the entire Microsoft infrastructure. And we’re building it using an open standard known as XML that Microsoft really drove the definition of, but now has been adopted very broadly by companies like HP and IBM in the industry. So this model-driven management approach that Microsoft is taking across our product line is something that has the promise to enable and simplify management in a heterogeneous way across your entire organization, across your entire enterprise.

And a key part of that model-driven aspect is using these models to capture knowledge that understand what are the problems that your organization has, and how can you diagnose and solve those problems quickly. There’s a tremendous amount of knowledge out there in the IT world about what problems exist and how to solve them. How do you find that knowledge? How do you put it to use effectively within your organization to solve the problems as they occur within your organization? Well, today you look at a bunch of blogs, and you look at Web sites, and you look at information online, and maybe you read an e-mail message. That knowledge needs to be captured into the products, and into the models, and available to your people to solve the problems on an ongoing basis. That’s what DSI is about. It’s a solid technical foundation underneath the entire Microsoft product line that provides integration across it, and really fundamentally transforms the way IT will run business in the years to come.

Now security is a key part of that. One of the things that’s important today is we’re talking about how Forefront will participate in this DSI infrastructure, and use these models, use this technology in an integrated way to solve security problems. That’s one of the things Microsoft can bring to the picture. Our investments in all of these areas transcend into the security domain, and can solve problems in security that were very difficult to solve before. We’ll see a little bit of that today, just a taste of it. The opportunity in the future is tremendous, and we’ll just get the beginning taste of that with the initial releases of the Forefront products.

Now across this, there’s a way for us to help you take this knowledge-based infrastructure and use it in a systematic way, building on best practices to optimize your business. I’ll talk a little more about this at the end of the speech, but we call this the Infrastructure Optimization Model, and what we have is a systematic way for you to look at your business, look at the way you run your IT shop, and understand how to take and build upon that, and to make change to your environment to do a better job of running and optimizing your environment. We’ve done a lot of work understanding what are the best practices in the industry, what are the things that drive down cost, what are the deployment techniques that the customers that are using Microsoft technologies and third party technology most effectively to run their businesses at the highest level of efficiency? And we’ve documented all that through these IOMs, and it provides a guideline, a set of best practices for you to use to transform your business and drive down costs. It’s pretty dramatic. We’ll talk about how that can come into play as this speech goes on.

So what are the products today? We’re talking about two new generations of products, the Forefront product line with a focus on security; and the System Center product line with a focus on management. These products are designed to work together, they’re designed to provide a cohesive overall solution for the overall security space, desktop management, edge security, server security, as well as on the management side, desktop and device management, end to end service management, operational management, a full array of management products. Virtual machine management, a whole set of products for backup, a complete product line overall to solve the set of management and security problems. These come in many forms, they’re all branded under these consistent brands. They’re built together in a way that they work together for management, they work together for security, but perhaps most importantly, they’re built to work together in a cohesive way on a common platform.

That’s one of the important transitions in the industry right now, it’s one of the points of transition right now is that the industry is at a point where management solutions and security solutions cannot be thought of independently, they must be brought together cohesively. And that’s what Microsoft is doing with Forefront and System Center, we’re building them on a common platform to enable these things to be integrated in a way to allow you to be more effective in running your business. And we’re using this underpinning of technology, this DSI underpinning, virtualization, knowledge, models, that underpinning of technology to create this integration, and provide this integrated set of solutions.

A lot of exciting things. Steve Ballmer couldn’t be here today, but he wanted to say a few words to all of you, so roll the video from Steve.

STEVE BALLMER (From video): Hi, I’m Steve Ballmer, CEO of Microsoft, and I want to talk to you today about taking control of your infrastructure. We understand that security and management are two of the biggest challenge you face, and Microsoft is ready to help you overcome these challenges with our Forefront and System Center solutions. We’ve heard loud and clear that you want us to do more to help you address the ever-changing threat landscape, and to provide secure access to network resources. With our comprehensive line of Forefront business security solutions, we aim to do just that.

We also understand that security solutions need to be easier to deploy and manage, which is why we built our Forefront products on the strong foundation of our IT management solutions known as System Center. Many of you are using already our System Center solution such as SMS or MOM. The next generation of System Center goes even further in helping you dramatically reduce cost, improve availability, and enhance service delivery. Together Forefront and System Center help maximize your productivity by increasing security, simplifying administration, and integrating with existing infrastructure, so you can maintain control and empower your business. Customers and partners around the world are already realizing the benefits of these technologies in helping their businesses become People-Ready.

Thanks for your time. Thanks for your support. And enjoy the day.

BOB MUGLIA: Message from Steve.

So let’s talk about Forefront Client Security. Today we’re announcing that we’re shipping Forefront Client Security, brand new product. Microsoft is entering the client malware protection marketplace. It’s an important business for us. It’s an important product for you to consider within your organization. Obviously, there are other products in the marketplace, there are good products. But we think that this product will provide a level of integration and simplicity that really differentiates it, and really enables a different kind of solution here.

We’re making very large investments in this product line, and we’re working across the industry to make sure that the signatures, the virus signatures that we have are as good as anyone in the industry and, in fact, better, and we’re working with a number of independent laboratories to validate that. We are pleased to announce that we have a West Coast Labs approval with this product even before we ship, and we’re working right now to get the other labs to also approve the product. So you can be assured that Microsoft is making the core investment to ensure that an understanding of what’s happening in the anti-malware marketplace is fully deployed within your organization, and your organization is safe and secure, and that will be certified by a number of outside labs, and those investments from us are just going to increase and continue in the years to come.

Now talking a little bit about that, we have several major investments that we’ve made over the last few years. If you look overall, Microsoft’s investment in security is in the hundreds of millions, perhaps even beyond that of dollars. All of our products are built with a set of secure design principles that we’ve instituted over the last four or five years and, frankly, it’s made a real difference. If you just look statistically at the number of patches that we’ve needed to issue, the number of malware reports per product, Microsoft is actually doing pretty darned well. It seems like there are a lot of patches that come out on patch Tuesday, I know that. But when you look at the breadth of the product line that we have, in fact, we’re doing quite well when you compare us to Linux or other products in the marketplace. And that’s because we’ve made these investments in understanding how to do secure software by design, and we’ve institutionalized operational procedures across all of our products that build that in from the beginning, and we have validation. No product can ship at Microsoft without a security validation occurring, a security audit occurring on that product to ensure that the principles have been followed, and, in fact, that we’ve done everything possible to avoid security problems.

One of the things that happens is, sometimes those problems exist, and sometimes issues are found. And we have what I would say is a world-leading response center that keeps in touch with the broad security industry, the hacker communities, everybody out there that is either building solutions for securing products, and creating security vulnerabilities. We’re out there talking to everybody every day of the week, 24 hours a day, on a worldwide basis trying to understand what the vulnerabilities are. And Microsoft is ready to mobilize. We mobilize when a problem occurs, and try and get that problem fixed as fast as possible, and I think we’re in an industry, I think we’re doing this in a best practice way in the industry today.

The new investment over the last couple of years has been an investment in anti-malware signature creation, and Microsoft is investing literally hundreds of millions of dollars in building a worldwide infrastructure to allow us to create anti-malware signatures. We’re opening centers in Europe and Australia as well as the United States to ensure 24/7, seven day a week global coverage. As malware problems are reported, we’re making the investments to take the baseline knowledge that we have from our response center, and building that into an anti-malware signature to get those out as a part of our Forefront product. So major investments, major new investments to ensure that these products are industry-leading products. That’s a whole lot about the security side, and that’s a new set of investments for us.

The management investments, as I say, have been going on for about five years in a major way. We did some transformational work in management about five years ago in terms of incremental investments, and really moving towards a broad System Center product line. And today, we have a very broad product line for the enterprise businesses with products like SMS, soon to be System Center configuration Manager, MOM, now known as System Center Operations Manager, our Virtual Machine Manager, our Data Protection Manager, our full set of management products that exist for the enterprise.

But we also know that mid-market customers, customers with only a few IT employees don’t necessarily have the resources to take the time to learn how to manage those products. Those products are really designed for organizations with many thousands of employees, and it would be really nice for a company that has several hundred employees to have a great solution that’s very simple, easy to use, and yet brings all the benefits of those enterprise products, all that learning together in a cohesive way. And today we’re announcing the shipment of a really important product in that space, System Center Essentials. This is a product that takes all of the broad features that the enterprises are using, and brings them together in one environment for a mid-size organization to deploy, manage 5, 10, 15 servers, several hundred users, it’s all there. It’s all there in an integrated way to do deployment, patch updates, operational management, all of these features are integrated in a cohesive way, built on the same infrastructure as the enterprise products, but done so in a way that’s very, very easy to use. This is an exciting new product. This is a breakthrough product in the mid-market category, and there really is nothing else like it in the industry. None of our competitors have a product that pulls everything together in a cohesive way like this. And so we’re really excited about finally bring able to serve our mid-market customers in the same way that we serve enterprise customers, but in a way that’s appropriate for their organization.

So what I would like to do now is, one of our important partners, Intel, has been working with us on this, and we’d like to show you how they’re going to support System Center Essentials in their products.

[Video segment]

Intel ships a lot of systems, a lot of systems go out through the System Builder Channel, and a lot of systems get bought by mid-market, so we’re really, really pleased to be partnering with Intel on this, and they’ve helped us a bunch in the creation of this product, and it’s pretty exciting about what it will do for our mid-market customers.

So talking a little bit about these products, I said that there’s a lot of capabilities that are new and transformational associated with both the Forefront product line, and the System Center product line. There’s been some basic themes we’ve used in our thought process of creating the products. One of the things we do as we create products is, is we start, the way Microsoft starts crating a product is, we talk to our customers. We go out and literally analyze what they’re doing as a part of their ongoing business process. Where does it work, where doesn’t it work, where can software help them in that? And we work with our customers to just take an overall workflow and understand exactly what sets of things we can do in software to help our customers to automate their job. And making customers more productive is a really key thing. How can we automate tasks? We’ve got a whole new infrastructure around Power Shell that’s an industry-leading scripting language for automation, and that’s built into these products. We’re building templates. One of the important things is that customers want a place to start, so we’re creating templates that allow that to be understood.

I talked about knowledge and modeling being a basis of this. That is crucial for us to build the knowledge up and deliver it to customers in a way that it’s consumed. And it’s important, we’re following the industry standard, ITIL standard around understanding how knowledge gets disseminated and driven. We have something that we call the Microsoft Operations Framework which takes the ITIL approach, and customizes it appropriately for the Microsoft platform environment.

And in the security space, one of the key things that we recognize is that in the threat environment that customers deal with today, there must be multiple layers of security, edge security, desktop security, server security. And on the server, multiple layers of security are quite important to allow an ensure that the best coverage happens, because servers are a place where many users meet together. So we support in our Forefront server product the ability to run multiple anti-malware engines. Certainly the anti-malware engine from Microsoft, but also third party anti-malware engines, all put together so that if one vulnerability is caught by one vendor and not by another, the customer can assure that, in fact, the vulnerability is eradicated effectively from their environment.

So what’s the effect of this? Well, the net effect of this is that with products like Forefront Server and Security, companies like the Stock Group have found that they can improve their overall organization fairly considerably, and reduce the downtime. Stock did a measurement of that, and determined that they got a 20 percent reduction in downtime by running the Forefront Server Security product for Exchange Server, pretty substantive impact that this product has on an organization in terms of improving the availability for their internal users.

What I would like to do is invite Kuleen out now to show us a demo of how these products are simplifying the environment for our customers. Kuleen, good morning.

KULEEN BHARADWAJ: Thank you, Bob. (Applause.)

Thank you. Thank you all for being here today. Today I’m going to show you how Forefront and System Center products can help IT administrators stay productive as they protect against threats and manage machine health.

Now in this demo, I am the desktop security administrator for a company called Contoso, and my job is to ensure that all the desktops and the laptops are secure and healthy. This is a graphical view of my network and I spend most of my time in this green area here. Today I’ve just learned that there’s a new malware outbreak out on the Internet. But Contoso uses Forefront Client Security to protect its desktop, laptop and server operating systems. So the first thing I do is go to the Client Security Dashboard.

Here I see a quick view of security state, and I can easily identify trends. And by looking at one of these summary reports, I can see a list of malware that was detected in my environment, and confirm that the new malware has not yet affected any of my desktops. But now, I need to protect my desktops against this new malware by updating them with the latest client security anti-malware signatures.

But Contoso has strict policies for testing all software updates prior to deployment, and Contoso users System Center Configuration Manager to manage all deployment related tasks. And so I go to the Configuration Manager console, and I create this package that contains the latest client security anti-malware signatures. This package has an associated advertisement which I push out to a collection of test machines. These test machines represent the different operating systems installed on my desktops, such as Windows XP and Windows Vista, and because configuration manager integrates with Active Directory, it makes it really easy for me to find the machines to add to my deployment collection.

BOB MUGLIA: So I talked about how we start our process of building products by understanding what customer needs are, and listening to them. One of the first things we heard was that customers wanted a common environment for managing the configuration, and doing deployments of the desktops and servers in their organization for both management tasks and security. Having two different environments is not helpful to our customers. That’s what we heard. So we’ve done that, we built a common infrastructure. In this case, this customer is using System Center Configuration Manager to actually deploy not just security updates, not just new applications, but also the anti-malware signatures.

KULEEN BHARADWAJ: That’s right. And we have Vista support, and this is a Vista client in my test deployment, and the green checkbox here indicates the client security has already been updated with the latest anti-malware signatures. As you said, the signatures were actually received from Configuration Manager here, and were automatically installed in the same way as the other operating system and application software updates. So now I then safely deploy these signatures to the rest of my desktops and laptops.

Now although all my machines are now updated with the latest signatures, because of the new malware out there, I want to be extra vigilant. And so I go to the Client Security Console, and I open up this policy which protects all my desktops and laptops. I go to the protection tab, and I increase the frequency of malware scans. This scans for both viruses and spyware. I also increase the frequency of vulnerability scans. Now, this checks for missing security updates. The great thing about Client Security is that instead of having different policies to check for anti-virus, anti-spyware, and security state assessments, I now have a single policy to do it all. And because of the integration with Active Directory, I can easily deploy this to the desktops in my different organizational units.

So now Contoso also has strict auditing requirements, and so I have a test machine which represents the state of most of the desktops in my environment, and I monitor this very closely for all activity. Contoso uses System Center Operations Manager to manage all monitoring related tasks, and so I go to the Operations Manager console.

Now I will go to the Health Explorer for this test machine, because I want to check the availability of the audit collection service. Now, the audit collection service automatically pulls the security logs from this test machine into a central location, to simplify auditing and log analysis. Here I can also get rolled up views of configuration and performance and I can finally confirm that everything is green and healthy.

BOB MUGLIA: One of the things that we’ve done was we’ve made a lot of investments over the last few years in Operations Manager to build it into an industry-leading tool for understanding the state and health of machines in an organization. And with the new release of Operations Manager we focused on understanding services as a whole, so service-level management, versus just machine-level management. We do that using models, models are the basis for that. Without models we couldn’t understand all of the components of the service and bring those together. So that’s one major thing of Operations Manager.

Another major thing is the ability to monitor and understand what’s happening on mission critical desktops, audit collection of security issues on those desktops, or other issues that users are facing. So within an operations center you can begin to understand the experience that end users are having, even before they put in a help desk call, and you can make corrections to those things, and thus reduce costs. So major investments in helping servers to work together and monitoring services, major investments in helping to monitor and more effectively utilize desktops in an organization.

KULEEN BHARADWAJ: So these models and all these monitoring capabilities actually speak to how Forefront and System Center products can help IT administrators stay productive as they protect against threats, and management machine health.

Thank you.

BOB MUGLIA: Great. Thanks. (Applause.)

Kuleen will be back in a few more minutes for another demo and showing how these things work together, but you can see how the investments we’re making in Forefront and System Center have been designed to work together in an integrated way, and really simplify the environment for end users, providing administrators with the information they need to effectively run the business.

Now, speaking of simplified, simplified is a really key theme of this. One of the realities of these products that exist today in the management and security domains is, they obviously aren’t designed to work together, and there’s a lot of complexity in the way they work. Putting them together in an integrated fashion that enables administrators to have the information they need to make the decisions they need is critical, and to not have a lot of information in front of them that’s not very relevant.

We focused on, again, understanding what administrators do. So we build the tasks into these products, and the wizards to automate those tasks, to simplify that process. Reporting is key. We showed a bit of reporting in that last demo, and some of the Forefront report. In working with our customers in the beta trials of Forefront Client Security one of the pieces of feedback we received from our customers was, the reporting of this product is much better than what’s available from the competition. And frankly, many of our customers are deciding to move forward and deploy Forefront Client Security, because of the integrated reporting and the sophisticated reporting that’s built into it.

It gives the administrators the information they need to ensure that their environment is secure. Using models, using an understanding of what’s in the system, how can we help troubleshoot, how can we help solve problems, and how can we provide the visibility into the organization to really see what’s going on. Again, by integrating Operations Manager and the management products together with the security products, we can provide a cohesive solution that simplifies the environment overall, and provides the level of assurance that’s required to ensure that you’re within compliance in your organization and, in fact, the security policies that you’ve put into place are effectively being utilized.

So how does this impact, what’s the sort of impact on this? Well, companies like Tyco Healthcare have rolled out and deployed System Center Operations Manager and seen a great improvement in the productivity of their organization, and the effectiveness of the organization. With Operations Manager 2007 the service level management, understanding and managing applications as a cohesive whole, instead of individual piece parts really simplifies the environment in a dramatic way for the operations staff, and helps to reduce cost and improve the effectiveness of the administrative organization. Tyco is seeing a 40 percent improvement in the overhead associated with managing problems.

One of the things I know our own IT organization has found, the Microsoft IT organization, which is pretty much fully deployed on Operations Manager right now, is that the trouble tickets, the problems that are reported almost always result in a trouble ticket. In other words, they’re not seeing a very high degree of spurious problems being reported. When a problem is reported, an alert is raised in Operations Manager amongst the thousands and thousands of servers that our IT organization manages.

In fact, there’s a real problem out there that needs to be dealt with, and Operations Manager helps the IT organization take the effective steps to solve that problem before it becomes an end user visible problem, and brings down a critical system within the business. So it’s an important thing, and having this infrastructure in place is crucial for organizations.

One thing we’ve done is make huge investments in the underlying management packs that provide the knowledge for this Operations Manager. And managing complex systems like Exchange without Operations Manager is like trying to run a race with your eyes closed. You really  you need to have that visibility to ensure that the systems are running effectively, and your end users are not impacted. And there is no question that on the Microsoft platform the product that does the best job of this is Microsoft Operations Manager, and 2007 is a dramatic leap forward.

Let’s take a look at how some of our customers are using the set of Microsoft System Center and Forefront products to really simplify their environment.

[Video segment]

BOB MUGLIA: So all these customers are finding that they can really improve their IT environment by deploying these security and management products within their Microsoft infrastructure. And in a sense it’s sort of what you’d expect, that Microsoft can make a set of investments, since we understand the platform really well, we understand products like SQL [Server] and Exchange really well, and we can build our security and management products to really ensure that those environments are as secure and manageable as possible.

When you look inside Microsoft and you say, who writes the management packs for SQL Server, who writes it for Exchange, it’s not the management group that does it, it’s the Exchange group that writes it. And it’s been great having the Exchange group really take that challenge on, and they recognize one of the first things that happens when a group within Microsoft looks at their product, and they try and write a management pack, is they find out that their product isn’t as manageable as it should be. And there’s a lot of information that they need to expose, a lot of data about what’s happening inside the products that need to be exposed.

We’ve formalized that now. We call those health models. All of our products, all of our systems, Active Directory, file sharing, networking, Exchange, SQL Server, all those products now are being built with the idea of having an underlying health model that really can  where the product itself knows the state of health that it has, is something running marginally, is some subsystem down, and that information then can be collected in a cohesive way, and managed in a cohesive way. All that data comes together in Forefront and System Center, and really enables you to take control of your organization.

So what would you  this is  in a sense it’s what Microsoft does. I mean, if you look to Microsoft, we’re a vendor that really can provide an integrated platform experience. That’s the differentiator that Microsoft provides in the marketplace. Providing a top to bottom infrastructure, which has been designed to be integrated, so that the integration does not have to happen within your own shop. And that’s what we’re doing, but using a technological foundation like DSI, things like models, focus on health models, putting all of these pieces together, securing them in a cohesive way, thinking about how they all integrate and work together. So whether we’re building on identity with a common identity infrastructure of Active Directory, the most widely deployed directory infrastructure in the world, of course we’re using that, of course we build our systems to rely on that for a common point of integration.

Understanding across each workload, building those health models, and understanding how we can best reflect the status of a subsystem to an overall organization, and the impact, pulling those things together to understand that there are all these services out there, they’re all independent at one level, but they all come together into a common service, and they need to be managed and secured in a common way, and making sure that all of the applications you create in your business, that run your actual business can be managed in a similar way at the service level, and can be secured in a similar way across a cohesive environment, that’s really the commitment. That’s the commitment that Microsoft is providing within our platform, and the investments that we’ve made over the last 5 or 10 years are really bearing fruit now in terms of being able to improve the productivity of your organization, allowing you to do things more effectively than you’ve ever been able to do before at quite a bit lower cost.

This is really having an impact. Carnival, you saw a bit of video on Carnival, and how their ships deploy Operations Manager within the data center of their ships. It’s kind of interesting when you think about it for a second. Obviously, there’s a data center inside every Carnival ship, they’re big ships. They’re got all of the different subsystems within the ship that have to be brought together, all the financials that have to come together, all the transactions, thousands, and thousands of transactions a day all have to be brought together.

Operations manager allows them to run that data center more effectively on each ship, and coordinate with their central offices, enabling them to reduce their IT costs by, in this case they’ve measured it at 60 percent. Substantive savings for this organization, as they’ve deployed these management tools within their floating data centers to really improve the operations that they have.

So seeing all these things come together, all of these different pieces. I’d like to invite Kuleen back out to show you a demo of how Forefront and System Center integrate together to solve IT problems in a new way.

Welcome again.


Well, so this is the same malware outbreak scenario as the last demo where we protected and managed our desktops. But, malware also affects servers. So in this demo I am the Windows Server administrator for Contoso, and my job is to ensure maximum protection and uptime for critical servers. So this is a graphical view of my network and I’ve spend most of my time in the blue areas here. And today I will not only handle the malware outbreak, but I will also deal with a downtime issue on one of my servers.

Now, because of the new malware out there I want to monitor the security of my servers more closely, and so I go to the Forefront console. And I then open this policy, which protects all my server operating systems. I go to the reporting tab and I increase the alert level to five. This allows me to capture the maximum amount of alert information from these high business value assets.

Now, the alerting, event logging, and reporting functionality in Forefront is built on top of operations manager technology. And because of this integration between Forefront and System Center I can get detailed reports like this, on the security state of all my servers. So next I go to the operations manager console to check the overall health status of my critical machines. These are my critical servers, and I see that my Exchange Server has gone red. So I open up the Health Explorer for this, and now I will show you how because of the integration between Forefront and System Center with my server infrastructure, how I can deal with this downtime issue very easily.

So the Health Explorer automatically expands the unhealthy nodes, and I can see that the Exchange Information Store service has stopped. So I drill deeper into the alert to find the corresponding event that caused this, and I find this low system resources alert. Now by reading the alert description I know that this is peculiar to this hardware configuration, and I need to do two things to fix this. First, I need to install a special update on the Exchange Server to prevent this issue from recurring, and then I need to restart the Exchange Information Store service.

So to address the first action item I go to the System Center Configuration Manager console and here I use this really powerful new feature called Desired Configuration Management. This allows me to periodically evaluate my servers for compliance drift from specific hardware and software settings, which I can define, such as the presence of this special update. The yellow here indicates non-compliance, and so I create a package and I push it out to automatically install on the Exchange servers.

BOB MUGLIA: This is a pretty important thing, in the sense that what we are focusing on from a manageability perspective is enabling IT organizations to define policies that define how your organization should be running. We can provide some default ones as a part of our general installation systems, but then you can customize those policies to really be specific to your organizational needs. And one of the things that System Center configuration manager does, it monitors those policies to understand whether any individual machine is in compliance with those or not, and then allows corrective action to be taken.

KULEEN BHARADWAJ: Yes, and a lot of these corrective actions can be taking place remotely. So if you go to the software distribution node, you can see the status of this deployment, and remotely check that the deployment was successful by seeing the green out here.

So the next action item which I have to do is to restart the Exchange information store service, and so I go to the operations manager console. And here I can remotely, again, restart the service, without switching screens by using this context sensitive inline task. So this is not something that you will find with other tools out there today. And soon my Exchange Server will be back to green and healthy.

BOB MUGLIA: So this idea of having tasks built into Operations Manager that allow you to take corrective action directly from the console is a result of doing this on a model-based infrastructure. That model, those tasks are implementations based on the knowledge of what needs to be done to correct this specific problem, as was defined in the overall model.

Now, what that all means is that your operators have a simplified job in terms of fixing problems, because the solution to the problem is spelled out right in front of them, and the ability to effect this solution is right there, as well, the task that solves the problem is right there, as well. But, the underlying infrastructure is based on the investments we’ve been making in really understanding that health model within the different aspects of the Microsoft applications, and reflecting that all up in an overall service management approach that’s present within System Center.

KULEEN BHARADWAJ: Yes, and it’s all about the integration. So today what we have just shown you is how Forefront and System Center products integrate not only with each other, but also with your server infrastructure, to give your IT administrators greater visibility and control over their environment.

BOB MUGLIA: Great. Thanks, Kuleen.


BOB MUGLIA: I appreciate it. (Applause.)

So that integration is really key. I mean, building these things in a common DSI approach, model-driven, knowledge-based approach, we’re able to achieve a level of integration across the products that really results in a simplified environment for your people, and allowing people to be much, much more productive and solve problems in a way that they really wouldn’t even know how to solve them in the past.

The interesting thing about this is that we’re just a piece of the puzzle. I said that at the very beginning, that Microsoft works together with partners across the industry to solve the business problems that you have, and one of our most important partners is HP. We’ve been working with HP for many, many years, and HP has deployed many thousands of customer’s infrastructure. And they’re now building on these sets of tools to enable the infrastructure that they deploy for their customers to be much more effective.

Let’s take a look at what HP is doing.

[Video segment]

BOB MUGLIA: So HP, as I said, has been a great partner of ours, and really we couldn’t help our customers to solve these problems without partners like HP to enable the deployment of these solutions for many, many customers around the world. HP is one example of such a partner, there are many hundreds more, or thousands more, actually, that we work with every day of the week to help deploy this infrastructure, and focusing on providing the training, and the knowledge that they need to do their job as effectively as possible.

So where’s all this going? DSI is an important foundation for Microsoft’s approach to solving the broad set of system integration problems within an IT environment. We started DSI four years ago. We announced that we were making these sets of investments. That was a period of time, it was an interesting period of time. There was a lot of discussion around autonomic computing, and utility computing, and this and that. We started this approach that we called Dynamic Systems Infrastructure, and day-by-day we’ve steadily invested in this.

We’ve steadily invested in this, in areas of virtualization. We’ve steadily invested in this in terms of building an infrastructure for model-based development. We’ve steadily invested in this in establishing knowledge associated with those models, and incorporating those things into our products. You see that with products like Forefront, and System Center. Those investments we made over the last four years are evident in the products that we’re shipping today and this year. It’s pretty cool, because it really enables some new things.

The interesting thing, though, is that when we announced DSI we said this was a 10-year vision. We’re four years into it, we know there are six more years of good work to do. We’ve done four years of good work in four years. I feel like every day has counted, but as I look forward there’s a good six more years of work. Where’s it going to go? What are we going to do? Well, it turns out that these fundamental investments in things like knowledge and models and virtualization are just the foundational investments that can now be built upon to really provide more cohesive solutions.

What we’ve done with modeling today is really built just the underlying infrastructure for models. We’ve built that, we’ve defined this SML modeling language, that’s industry standard. We’ve defined some low-level infrastructure for models, now the fun part becomes to take each one of the subsystems that exist within an organization and define higher-level models that really describe those components in a lot of detail. What does  how does exchange deployment look at a model level, how are networks deployed as a part of it? How does SQL Server and business applications that get created relate together?

Those models are still broadly yet to be defined. And so as that happens what becomes possible is we can begin to encapsulate within the software, through models, the knowledge of best practices for deployment of those applications and operations of those applications. They’re best practices today, but those best practices are written in words, they’re on Web sites, they’re in blogs, they’re in e-mails. They need to be captured in models, that’s still yet to happen. And as that happens we think some really great things can happen in terms of further simplifying your environment.

Now, we’re going to bring these things together in some cohesive ways with new products like System Center Service Manager, which we’ll ship next year, which really provides a cohesive view of an overall IT organization, really enabling you to, in a sense  it’s sort of an ERP application for IT, that pulls all of these pieces together and allows you to manage your system in a cohesive way. You can think of it as an overall business application for you to run your IT business. And we think that’s really exciting. We couldn’t do it without models. It’s the first service desk-based application that was built on a foundation of models to provide the underlying infrastructure. That will be another major transition point.

Then over some period of time we’ll encapsulate and use these models as a way of driving the management and security across all of our products, and encapsulate within it the set of best practices that exists both by Microsoft and our partners. You won’t read in the future about the best practices for deploying Exchange, you’ll see that in the actual deployment, in the product itself, and it will be encapsulated in models, and you’ll ask yourself what kind of an organization are you, how many Exchange Servers do you have, how many locations around the world do you need to deploy Exchange. And that set of information will then be represented within models and the system will know in a much more effective how to deploy itself and manage itself on an ongoing basis.

So we’re really just beginning, with products like System Center and Forefront, we’re at the wave of a new set of innovation. Now, we’ve been working on System Center for a long time, and those products are very mature. We’re really just at the beginning of our new security products. All of these products will come together in that model-driven way, but you can be sure Microsoft’s making the set of investments to get this right.

Our security products  we’re new in the marketplace on security, but this differentiated approach, this approach of building our products in a model-driven way, building our approach in an integrated way, really will provide long-term advantage for our customers. And you can be sure that we’re making the investments that need to be made to get security right within your organization. We’re building on a strong foundation here, and we’re making the investments to drive that forward.

So how does this impact an organization? Well, I talked about these infrastructure optimization models, they’re a great thing. I hope that you take the time to learn about them, as a part of today, and to learn about them as a part of how to drive forward your business. We’ve now gone and said that there are these different stages, we worked with Gartner, we understood some approaches to how organizations can use technology, can consume technology, to make your organizations more efficient, and we’ve built in a broad set of best practices that you can implement today using the Microsoft platform product line, using products like System Center and Forefront, to really optimize your environment.

The results are pretty dramatic. If you take the steps, and move from level to level in here, and understand how you’re utilizing technology, are you using it as effectively as possible, if not, what can you do to fix it. If you take those steps, we’ve worked with IDC, and they’ve determined that we can dramatically reduce your ongoing investment by up to 80 percent. A huge amount of everybody’s IT budget is spent maintaining existing applications. And if we can work with you, and our partners can work with you, to help drive down those costs of your day-to-day operations, it leaves a better part of your IT budget to make new investments in new applications, and solutions that really drive your business forward.

That’s kind of what Microsoft is all about, building an integrated platform that lets you run your business more effectively, with your existing investment, and enables you to more effectively build new solutions to provide you with differentiated advantage. Today is sort of the beginning of the next wave. It’s pretty cool. It’s a pretty great place to start, a lot of great things to learn later this morning, and this afternoon.

When we look forward into the years to come we know we’re just at the beginning, but there’s an awful lot that you can do today with these new products to change your environment, and we think it’s pretty exciting. We hope you will, too.

Have fun today. Take advantage of all the different sessions, and have a great day.

Thank you very much. (Applause.)