|
“Customers can implement Forefront without giving up third-party solutions”
Last month, Microsoft announced two key product launches—Forefront Client Security and System Center Essentials 2007. At the sidelines of the launch event in Los Angeles, Microsoft spokespersons Margaret Dawson, Group Product Manager, Security Product Marketing, and Robert D Reynolds, Senior Product Manager, Enterprise Management Division, spoke to NWC’s Anoop K Menon about the software giant’s entry into the security business and its long-term roadmap for providing integrated security and management solutions.
Within the IT organization, security and operations management are treated as specialized, independent domains that require specific expertise. What explains this buzz about the convergence of security and operations management?
Margaret Dawson (MD): Traditionally, IT operations management and IT security were addre ssed through different sets of products. Functionally, operations focused on network and systems reliability and performance, while security focused on securing the information assets against theft or misuse.
However, from a customer standpoint, both parties have several things in common—controlling access to information, being involved in activities like security patch installation, and carrying out work on a common IT infrastructure. But these commonalities couldn’t be leveraged under the traditional silo approach.
On the other hand, convergence facilitates a greater level of common infrastructure across security and management, while providing the tools that satisfy the needs of both IT security and management groups. As a result, both can share information, gain deeper visibility into the IT environment, and integrate better while avoiding duplication of effort. Forefront security products have been built on the capabilities of the System Center family of IT management solutions, enabling security and operations groups to avoid duplication of effort and become more productive while saving on costs.
Could you cite a few instances where duplication of effort between security and operations can be avoided or eliminated?
MD: Both sides need to look at how they can leverage each other’s worlds. One such area is patch management. Usually, the security side carries out patch installation, while the oper ations side ensures that the desktops or servers are compliant.
While patch installation is regarded as a routine task, it is also infamous for causing business outages, something that the operations team wouldn’t want, especially in 24x7 environments.
We have integrated patch management into our System Center family. The security guy is happy because it is fitting into the systems side that is already in place, and he is assured that everything is compliant.
Robert D Reynolds (RDR): Security can define the policy, operations can implement it.
Bob Muglia, (Head, Server and Tools Business), has declared that the Forefront launch marks Microsoft’s ‘official’ entry into the security marketplace. Where do things go from here?
MD: In the Forefront line we have products rolling out in the client security, server security, edge security and access security realms. In most large enterprises, rules for these are separate, but there are cases where the security team sets the rules.
At present, our customers are telling us what they need and what their priorities are, and in most cases, they are deploying for very specific scenarios, like, for example, secure messaging. So you have Forefront Security for Exchange Server that is providing extra security for Exchange Server.
Our roadmap for the next set of Forefront products envisions deeper integration within these products, both from the functionality as well as management standpoint, as well as with System Center.
What’s important is that customers can implement Forefront without giving up their third-party solutions. Today, in any industry, you are closely partnering with companies on one side and competing with them on the other. That’s definitely the case in the enterprise security products market too. Co-petition is order of the day. What is important to us at Microsoft is that customers are taking malware protection as seriously as they take platform security and application security.
RDR: It will be better for the customers because Microsoft will deliver innovation and the rest of the industry will respond. The end-result is a more secure and better-managed customer, and that’s what we want.
What was the impetus behind System Center Essentials 2007?
RDR: When we talked to the mid-market we found that existing products were not meeting their needs. Mid-market companies usually have 2-3 persons running their IT organizations. More tools meant more complexity because each new tool had to be translated between them as they did their jobs. The mid-market is not willing to make that trade-off. It would rather have a product that solves its problems and is tightly integrated.
We therefore created System Center Essentials to give the mid-market customers a unified product incorporating all broad features that the enterprises are using such as integrated monitoring and software distribution capability.
We want to design products that address the specific needs of the customers at the scale that they operate in. One of the things that can help Forefront rapidly into that line of thinking is shared infrastructure. System Center is building the infrastructure which will be handed off to the Forefront team so that they build on that.
MD: Our security products are built on the strong foundation of our management portfolio. You can see this mindset in action in Forefront Client Security. We built Forefront Client Security on the System Center’s operations management technology rather than create the technology on our own because IT people are familiar with the technology and it has great reporting and a graphical user interface.
System Center Operations Manager 2007 is a big leap over its predecessor in that it monitors an entire system in a centralized environment instead of individual servers and applications. However, what has been the impact of this expansion in scale and scope on deployment time?
RDR: This is something that we worked on with our early adopter customers, and improved between betas and production. To give you an idea, Microsoft Information Technology (MS IT) has 100,000 clients under agent-less monitoring, 20,000 under agented monitoring, and 15,000 production servers under monitoring.
Basically, MS IT checks every release candidate, deploys it, and makes it RTM-ready (Release to Manufacturing), which is the final step before the product goes to customers. Now does this take time? Yes, because networks are complex. It took MS IT two weeks to go from a complete tear-down to operational monitoring with Operations Manager 2007 RTM.
Again, in Operations Manager 2007, we have carried out several enhancements to management packs that are basically knowledge repositories about the monitored objects. These enhancements will lead to quicker diagnosis and automatic resolution of problems, and ensure higher usage of end-to-end service monitoring capabilities of Operations Manager 2007.
We have spent time not only in improving raw performance but also in analyzing and automating the capabilities of managing the IT infrastructure. This frees the IT managers using our product to add value to the business instead of tweaking the product to get what they want.
|