Using Software as a Service with Microsoft Solutions

Windows Azure provides an amazingly rich, flexible, and scalable platform to run your custom applications, but sometimes you don’t need to develop a custom application. Instead, you might want to use off-the-shelf software in the cloud, or Software as a Service (SaaS). Microsoft offers a number of SaaS solutions, which have been designed based on experience and feedback from users of other public cloud solutions and on-premise solutions. In this section I explore the Microsoft collaboration and management of public cloud solutions.

Collaborative Working with Office 365

Formally known as Business Productivity Online Suite (BPOS), Office 365 provides an SaaS version of Microsoft’s premium communication and collaboration technologies. Office 365 gives organizations access to highly available, Internet-based implementations of Exchange, Lync, and SharePoint, in addition to the browser-based Office Web Apps. This means an organization with no local infrastructure can have full access to all the capabilities of these main back-office technologies. If you have followed the evolution of Exchange, Lync, and SharePoint, you’ll have noticed that all three of these products have improved access to their services by using web protocols, such as HTTPS. It is because of the web protocol interface that these services can be hosted on the Internet and accessed using standard Office client tools, such as Outlook, without modification.

Microsoft markets the Office 365 service as a range of plans; there are four main types of plan available, some of which have sub-options that provide different levels of functionality:

• P Plans: For individuals and small businesses with up to 50 people. Each user gets a 25GB mailbox, online Office Web App access, SharePoint Online for internal and public site sharing, and Lync Online for communication, meetings, desktop sharing, and PC-to-PC audio and video calls.
• E Plans: For enterprise customers who need access to powerful, enterprise-level feature sets. Four levels of plan are available, with feature sets that extend those in the P plan to unlimited mail storage, access to local versions of Office and Microsoft server services like Exchange, full enterprise voice capabilities, and more.
• K Plans: Also for enterprise customers but targeted for kiosk workers who are typically deskless and require a smaller subset of functionality. Two levels of plan are available, which differ only in their ability to carry out basic editing of documents with Office Web Apps as opposed to read-only viewing. Also included is a 500MB mailbox, calendar, contacts, and so on, plus access to SharePoint online; but no Lync.
• A special plan for educational institutions is available that provides various feature options for both staff and students.

Organizations select a plan or choose different plans for different users based on their needs; the service is charged on a per-user per-month subscription basis. I have seen organizations use a form of the E plan for the primary workers in the main office, and the K plan for people out in the field or in manufacturing plants who only need basic functionality. The P plan is great for small businesses or individuals, as it provides the full back-office suite functionality for $6 per month per user.

I’m not going to describe the specific functionality of Office 365; simply put, it offers web versions of Office, Exchange, Lync, and SharePoint hosted for you. All the normal connectivity methods are available, such as web access and ActiveSync access to your mail, SharePoint access through the browser, Windows Phone and Office applications, and Lync using the normal client. Even though Office 365 is a shared infrastructure, your organization has its own address book, calendar sharing, and data security. The environment completely segregates different organizations so it seems as if you have your very own complete Exchange, Lync, and SharePoint implementation. Figure 14-5 shows the base SharePoint site on which I’ve not yet done any configuration. Notice that I have full use of all SharePoint features available for my organization to collaborate with.

Figure 14-5: The basic Office 365 SharePoint home page, which you can customize. You can even manage your public website via the Website option.

Although understanding which products are hosted by Office 365 is simple—that is, Office, Exchange, Lync, and SharePoint—it is important to realize what a huge advantage this can be. Most organizations struggle with managing enterprise-class Exchange, Lync, and SharePoint implementations, in particular. It is extremely challenging and expensive to keep up with maintenance and patching, upgrading to the latest versions, performing regular backups and tuning exercises, and ensuring site-level resiliency. With Office 365, all that is done for you; you just configure the users who should have the services and you are done.

Some organizations use a hybrid approach. Corporate users might use an on-premise Exchange infrastructure while other workers could be provisioned in Office 365; and it is possible to connect the on-premise and off-premise Office 365 to give the appearance of a single infrastructure through a number of Exchange to Office 365 connectors.

One feature small businesses may appreciate is the support for a public website. While only those users in your business who have subscribed to Office 365 can share documents online through SharePoint, that component includes tools for you to create a public website, which you can maintain quite easily using a web interface. This is an easy way to get a basic but professional-looking web presence quickly.

Managing Desktops with Windows Intune

Windows Intune is a fairly new offering, first introduced early in 2011; it had its first major update in October 2011 and is targeting a six-month update cycle. Windows Intune can be thought of as desktop management in the cloud, an off-premise solution similar to System Center Configuration Manager (SCCM).

Like any other SaaS solution, no local infrastructure is required for Windows Intune and it carries a per-machine per-month cost. Organizations access Windows Intune through a website that displays full desktop inventory information (hardware and software), patch deployment status, and malware definition information. In addition, you can initiate operations, such as deploying software, through the website. The only change required locally is deployment of the Windows Intune client to all desktops you plan to manage. Windows Intune includes a customer-specific certificate to ensure that communications between the client and service are secure.

At the time of writing, the client is supported on Windows XP Professional SP2 and Windows XP SP3; Windows Vista Enterprise, Ultimate, or Business; and Windows 7 Enterprise, Ultimate, or Professional. Windows Intune capabilities include the following:

• Supporting both 32-bit and 64-bit systems
• Managing and deploying updates, including both Microsoft and non-Microsoft updates
• Monitoring desktops, registering alerts, and generating notifications based on alert filters—for example, five machines generating an alert within a configured amount of time

• Deploying software after uploading applications to Windows Intune
• Providing remote assistance
• Reporting hardware and software inventory
• Managing both Microsoft and non-Microsoft licenses
• Providing malware protection using technology based on Forefront Endpoint Protection
• Managing security policies, including policy conflict notification
• Executing remote tasks focused on malware actions and machine restarts, as shown in Figure 14-6
• Enabling management from “anywhere” using Silverlight web-based administration console to provide a rich user experience
• Providing read-only administrator access to the web interface, which is useful for training purposes and help-desk users
• Windows Enterprise Edition rights, included with an additional step-up price, and access to Microsoft Desktop Optimization Pack

Figure 14-6: Desktops managed by Windows Intune can have tasks remotely executed through the Remote Tasks menu.

Windows Intune does not support server operating systems, nor can it perform operating system deployments. On-premise solutions, such as SCCM, provide a much richer set of capabilities, although Windows Intune certainly gains great functionality with each update. What I have seen in the industry is that system administrators are using on-premise solutions, such as SCCM, for corporate machines but employing Windows Intune for remote users, contract employees, and lightly managed or non-domain-joined machines, including machines that are acquired through a merger or acquisition.

Analyzing Server Usage with System Center Advisor

System Center Advisor (SCA) is another cloud-based solution that helps you monitor your servers and alerts you to problems. It does not patch or resolve problems; rather it collects information from servers in your environment through its agent, which is installed on each SCA-monitored server.

You designate one or more servers that have Internet connectivity as SCA gateways, which gather the data and send it daily to Microsoft’s SCA cloud service. The service analyzes the uploaded information, using a knowledge base maintained by Microsoft, and issues alerts and recommendations back to your customer portal.

In its first release, SCA performs analysis of the Windows operating system, AD, Hyper-V, and SQL Server 2008/2008 R2; this scope will grow in the future. Operating systems supported are Windows Server 2008 and later (including Hyper-V Server 2008 R2). The only requirement is for the Microsoft .NET Framework 3.5 SP1 feature to be installed on the server before the agent can be installed.

Enabling SCA in your server infrastructure is a basic process. You download a single setup program that contains the gateway and agent plus a certificate that uniquely identifies your organization.

To deploy, first install the gateway and optionally the agent on a server to enable communication with the System Center Advisor cloud service, and then deploy the agent to the additional servers that should be monitored. Within 24 hours the servers will be visible in the System Center Advisor web portal (http://www.systemcenteradvisor.com), which uses Silverlight to give a rich graphical interface but requires a web browser that supports Silverlight.

Once System Center Advisor is deployed, any issues—such as missing patches and configuration problems—for which best practices are not being adhered to are displayed in your web interface, along with potential solutions. The Advisor also tracks the history of configuration changes on monitored servers.

A basic view of a limited test environment I deployed is shown in Figure 14-7, which depicts the overview screen that provides information about the general health of your environment.

Whereas Windows Intune can be seen as a cloud version of SCCM, SCA is not a cloud version of System Center Operations Manager (SCOM). Although SCA does some very basic monitoring, its main purpose is to identify any configuration issues in your environment and offer guidance on how to adhere to best practices. Despite its name, SCA is not actually part of System Center, but rather a benefit included as part of Software Assurance (SA) for the supported products to help customers validate their installations.

Figure 14-7: The System Center Advisor web interface offers a good view of the health of the monitored servers.