Exchange 2010 Windows Server 2008 R2 y Decreto 83

Presentación del tema: "Exchange 2010 Windows Server 2008 R2 y Decreto 83"— Transcripción de la presentación:

1 Exchange 2010 Windows Server 2008 R2 y Decreto 83
4/5/2017 8:16 AM Exchange 2010 Windows Server 2008 R2 y Decreto 83 Raphael Barini Sub-Gerente Tecnología Policomp S.A. Blog: Slide Objective: Instructor Notes: © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Policomp S.A. Orador Soporte al Evento Decreto 83
Desafíos estratégicos de negocios Exchange Server 2010 Demo Preguntas y Respuestas

3 Policomp S.A. Empresa Servicios TIC Foco en Servicios Profesionales
14 años en el mercado nacional e internacional MS Gold Certified Partner Tecnologías Microsoft Consultoría Diseño Implementación Explotación Administración Soporte Preventivo Soporte Correctivo

4 Orador: Raphael Barini
Sub-Gerente de Tecnología de Policomp S.A. 12 años de experiencia sobre plataforma Microsoft Actualmente con 50 certificaciones Microsoft Entre los 50 primeros en certificarse sobre Exchange Server 2010 (Charter Member) en el mundo Mejor instructor técnico Microsoft en el mundo en el año por la cadena New Horizons CLC

5

6 Soporte al Evento La demostración de las soluciones a mostrar en este evento se realiza sobre un servidor DELL PowerEdge R710. La demo está basada en máquinas virtuales sobre Windows Server 2008 R2 Hyper-V y sobre la plataforma final de Exchange Server 2010 RTM, con cliente Windows 7 y Office 2010 (beta). Características del servidor para la DEMO: 2 x Quad-Core X Ghz Nehalem,95W 6GB RAM DDR3 1333Mhz 4x146GB SAS 15K RPM RAID-5

7 Decreto Supremo Nº 83 Aprueba la Norma Técnica para los Órganos de la Administración del Estado sobre Seguridad y Confidencialidad de los Documentos Electrónicos “Artículo Tercero: Créase el Subcomité de Gestión de Seguridad y Confidencialidad del Documento Electrónico como organismo asesor del Comité de Normas para el Documento Electrónico, el cual será coordinado por el Ministerio del Interior” En este Decreto se plantea la necesidad estratégica de nombrar en cada uno de los Órganos del Estado, un Encargado de Seguridad, el cual debe velar por el cumplimiento de este Decreto al interior de su Institución, siendo una de sus labores, coordinarse con el/los CSIRT de Gobierno. CSIRT: Computer Security Incident Response Team

8 Decreto Supremo Nº 83 Si bien el Artículo 1 establece que:
“La presente norma técnica establece las características mínimas obligatorias de seguridad y confidencialidad que deben cumplir los Documentos Electrónicos de los órganos de la Administración del Estado, y las demás cuya aplicación se recomienda para los mismos fines.” El espíritu de la Norma: Es exponernos un código de buenas prácticas para la de seguridad de la información en los Órganos del Estado basados en la Norma Chilena Nch 2777 (ISO 17799), lo que es complementario con la Ley N°19.799, sobre Documentos Electrónicos, Firma Electrónica y Servicios de Certificación de dicha firma. Es decir, los alcances de esta norma son amplios, pues toca, a modo de ejemplo, desde la plana ejecutiva al comprometerlas en un política de seguridad institucional, hasta las acciones más cotidianas como por ejemplo: NO comer en donde exista un equipo computacional. CSIRT: Computer Security Incident Response Team

9 Decreto Supremo Nº 83 El DS N°83 indica en general los ámbitos que hay que enfrentar, pero no describe cómo se debe implementar. Entonces ¿cómo decidimos qué utilizar? Asignación de valor al activo información. Evaluación de vulnerabilidades y amenaza. Evaluación del riesgo : impacto versus probabilidad. Toma de decisión sobre como aplacar los riesgos a los que nuestros activos están expuestos, sujetos a un marco presupuestario e involucrando a las jefaturas, pues ellos deben asumir los riegos residuales o no cubiertos. CSIRT: Computer Security Incident Response Team

10 Desafíos Estratégicos de Negocios
“Nuestros equipos de ventas necesitan conectarse con los clientes correctos mientras están en la calle” - VP de Ventas “Necesito entregar herramientas de seguridad y compliance para soportar una fuerza de trabajo altamente distribuída.” - CIO “Necesito reducir costos de HW y la sobrecarga operacional.” - IT Manager,

11 ¿Qué nos están diciendo?
Sobrecarga de Comunicaciones Socios y Clientes distribuídos globalmente Alto costo de las comunicaciones Slide Objective: Set the stage for the Exchange investment pillars, by highlighting how we listen to customers to understand the challenges they face and how these serve as a very important input into our product roadmap. Talking Points: As we started to think about our areas of investment for the next major release of Exchange, we spent time asking our customers and partners about what challenges they face in managing their critical messaging infrastructure. Several key themes bubbled up from these discussions, including: How can I be more productive in a world of ever increasing volumes of communications (i.e., , voice mail, instant messaging, RSS feeds, etc.)? Can you help better manage this Communication Overload and enable me to more easily prioritize and react to what’s in my inbox? Can you let me specify rules on how to best communicate with me in a way that doesn’t intrude my work or personal life. As our organization scales to new heights, how can I better communicate with Globally Distributed Customers, Partners, and Employees? That is, my Global Address List (GAL) more and more needs to include those outside my Active Directory. How can they easily locate each other, coordinate, schedule meetings, etc. in this new world of work? The High Cost of Communications is driving us to find more efficient and cost effective ways to deliver and support such a mission-critical business asset. How can I make use of existing infrastructure or services over the Internet to achieve these levels of scale at a lower cost? How can I keep pace with Increasing Security and Compliance Requirements, and protect my users, customers, and business from a range of security risks, such as accidental information disclosure to malicious software threats? While there are certainly other challenges our customers are facing, these four were consistently heard across customers of all sizes and industry verticals. Aumento de la seguridad y compliance

12 Exchange Server 2010 Optimizado para Software + Services
Protección y Compliance Acceso desde cualquier lugar Flexible y Confiable Archivamiento de Protección de las Comunicaciones Seguridad Avanzada Adm. sobrecarga del Inbox Mejorando el Voice Mail Colaborar Efectivamente Disponibilidad Permanente Administración Simplificada Flexibilidad en el Deployment Optimizado para Software + Services Slide Objective: Respecto a decreto 83: Cuando se habla de “compliance” en general, aquí y en el resto de la presentación, se puede usar para referirse en específico a lo solicitado por el Decreto 83.

13 Protección y Compliance
Lograr incrementar el compliance en IT con herramientas avanzadas para proteger las comunicaciones y administrar la infraestructura Entregado con Exchange Server 2007 Protección de virus y spam On-premises y hosteada Cumplimiento de regulaciones gubernamentales Políticas de administración y seguridad para dispositivos Móviles Inversiones en Exchange Server 2010 Archivamiento de y políticas de retención Administración de protección de derechos de Poderosa interfaz de búsqueda multi-mailbox para eDiscovery Slide Objective: Respecto a decreto 83: Esta Slide resume los principales requerimientos del decreto 83. Específicamente, los puntos 8, 9 y 10 de la norma NCh2777 que se piden en el artículo 37 del decreto.

14 Archivamiento de Correo
Administrar Correo en un archivo integrado manteniendo una experiencia de usuario familiar Drag and drop PSTs directly into the archive…. Respecto a decreto 83: Las Slides 7-9 muestran cómo se puede cumplir con el punto de la norma en forma fácil y segura. Situation : One of the key challenges relating to compliance is how to centrally manage and control all data, including PSTs residing on user’s desktops. Unlike mail stored on the server, PSTs on individual desktops cannot be easily and quickly discovered; litigation holds and corporate expiration policies cannot be enforced. Meanwhile, from the IWs perspective, managing PST quotas can be frustrating, including diminishing Outlook performance as PST folders grow. Move PSTs to a network share and a new set of problems arise: increased PST corruptions and a degraded search experience. Feature Talking Points With the introduction of an archiving feature in Exchange 14, customers can move easily from an unmanaged to a managed solution The “archive” is a separate mailbox, managed and controlled by the administrator Users can drag and drop PSTs to an archive folder within their inbox or schedule auto-move of messages to archive through Folder or Item policy tags PSTs are now discoverable; legal holds can be easily applied and performance is not compromised for large mailboxes ( GB) The mailbox experience does not change within the archive: users can view, read and navigate mail the same as today Slide Objective – The audience should walk away understanding that the new Exchange archive feature offers a simple way to centrally store and manage PSTs – while maintaining the familiar mailbox management experience for users. …apply a retention policy…. …or set folders to archive automatically…

15 Archivamiento de Correo
Aplicar granularidad por mensaje y por políticas de Carpeta Policy Drop Down in Ribbon Message expiration time in view Situation : The explosive growth of regulatory compliance and corporate governance requirements has made it challenging for administrators and compliance officers to provide end users with simple tools for managing retention policies of the high volume of messages being sent and received daily. It is impractical for a small group of people to police to this end directly, so tools which enable end users to apply retention policies which are defined by the organization and tools which automatically apply such policies without IT intervention are required to effectively mitigate the risk associated with compliance and governance. Talking Points: Retention policies can now be applied to any individual or folder rather than just a restricted set of managed folders Policies are defined centrally and pushed to the client, exposed directly to users in the UI for selection or notification Transport rules can be designed to automatically apply default policies for select groups of users or based on select attributes of Slide Objective: The audience should walk away understanding that Exchange increases flexibility and functionality allowing retention policies to be applied to s individually or at the folder level. IT administrators and compliance officers can define policies and distribute them to select groups of users ensuring that users choose from only policies which are appropriate for their role in the company.

16 Archivamiento de Correo
Potenciar a encargados de Compliance a ejecutar búsquedas Multi-Mailbox con facilidad New User Friendly Search Situation: Traditional systems require complex access control policies and provide hard to use tools in order to meet the growing needs of eDiscovery and requirements of Human Resources departments relative to searching corporate communication throughout the infrastructure. Those responsible for these tasks are non-IT users who are unfamiliar with administration tools and do not have access to the e- mail servers. These compliance officers and HR representatives are having to follow complex processes and use complex tools, aided by IT, to handle what is already a complex problem due to legal and corporate governance. Solutions are required which empower these individuals to go about their business without IT intervention and which ensure that only those assigned by the organization to perform such tasks are able to. Talking Points: Cross-mailbox search user interface enables compliance officers and HR to perform searches based on select attributes across the entire mail infrastructure Roles based administration allows for easy delegated access to this tool with no complex Access Control Requirements eDiscovery processes may be followed without IT intervention and only by those authorized Compliance officers and HR representatives use familiar and easy-to-use tools within the existing UI of Outlook and Outlook Web Access (compared to Get Mailbox Powershell commands in E2007) Engineering is working on FAST integration for enhanced eDiscovery functionality Slide Objective: The audience should see that Exchange goes beyond traditional administration models to empower delegation of tasks associated with compliance away from the administrator and put these tasks into the hands of those responsible with easy-to-use tools Easily Refine and Target Search

17 Proteger las Comunicaciones
Proteger mensajes automáticamente con reglas centralizadas de administración de derechos Respecto a decreto 83: Esta slide se refiere al punto 9 de la norma. Con Exchange 2007/2010 se cumplen estos requerimientos “out of the box”. Situation : Electronic communications is ubiquitous today. The ease of transmitting and information attached to also increases the risk of unauthorized viewing and distribution. Leaks of confidential information can result in lost revenue, compromised ability to compete, unfairness in purchasing and hiring decisions, diminished customer confidence, and more. This risk demands solutions which are not only secure but easy to apply, whether its to messages sent inside an organization, outside the organization to partners or, as is increasingly the case, to a hosted archive service. While users can already apply RMS manually to an , Information Leakage Protection (ILP) becomes even more effective when this protection can be applied automatically, based on rules defined by the administrator. This not only eases the burden on the user to protect company IP within but ensures better, more consistent compliance with corporate policies. Talking Points: Protect voice mail messages with the same core technology as you protect , documents, spreadsheets, and presentations Apply RMS automatically in Outlook or through Transport rules Leverage the same rich Information Rights Managements experience in OWA as you have become familiar with in Outlook Encrypt message in transport without the complex requirements of PKI and S/MIME Ensure governance and compliance requirements are met by archiving protected messages in the clear alongside the encrypted message if required Automatic RMS protection of and attachments can be done through: An Outlook add-in. RMS is activated based on the sender’s department, the identity of the recipient (user or DL), and whether all recipients are internal or not. Two RMS templates are offered by default: Do Not Forward or Internet Confidential (mail is protected but user has rights to forward, copy, etc.). Others can be added. The activation can be overridden by user. Transport rules which key off of attributes (e.g. sender, keywords, subject line) Slide Objective: The audience should understand that RMS can now be applied through Transport which, in turn, paves the way for broader, more granular ILP as well as protection of voic . Protección automática de contenido: Regla de transporte para aplicar plantillas RMS a o voice mail Soporte para escaneo de adjuntos y búsqueda de correo protegido Políticas “out of the box” de Internet Confidential y Do Not Forward Protección de información a través de PC, web, Móviles

18 Proteger las Comunicaciones
Ayudar a usuarios a hacer lo correcto cuando envían información sensible

19 Administrar sobrecarga del Inbox
Ayuda a reducir los correos innecesarios mediante los nuevos MailTips Remove Extra Steps and Situation: People send embarrassing s (or worse) to the wrong recipients (think MS of reporters dossier to that reporter, RNC lobbying efforts though White House accounts, or pharmaceutical sent out with all recipients names visible); MailTips is designed to make sure your communications are right the first time and to avoid such embarrassing mistakes. Talking Points: Know someone is OOF before you send a message (look at the oof and send to the right person from the start) Be alerted to important issues like external recipients or large lists of people this will be sent to Know things like booking a room too small for the number of people you’re inviting Know internal rules that will block your message from being sent before you send it (too many attachments, too big of an attachment, recipient can’t receive the message, and other custom rules defined by the system administrator) Slide Objective: The audience should walk away from this slide seeing that Exchange helps users send more effective messages the first time. It helps them schedule the right size rooms, not send messages to which they will get an OOF response and avoid sending mail to external recipients or large lists of people that might create an embarrassing mistake. Reduce Non-Delivery Reports

20 Colaborar efectivamente
Una familiar experiencia de Outlook a través de clientes, dispositivos y plataformas Desktop Web Mobile Situation : People use many different platforms to communicate these days. From getting a message on the go on your cell phone to sending out a contract proposal at a desktop; users are looking for ways to keep in better touch as their mobility increases. Access though Macs, PCs, Web Browsers and Cell phones all are a critical part of the connected infrastructure that allows businesses to increase their productivity and decrease decision making time. Talking Points : Rich desktop clients are available for both PCs and Macs though Outlook and Entourage Rich web browser access to OWA premium is now available for 99% of the browser market. Users can use IE for the premium experience they have come to expect, or use Safari and Firefox for very similar premium experiences. OWA Lite is still available for those with restricted bandwidth or accessibility needs. Exchange ActiveSync (EAS) is fast becoming the standard for Push to smartphones. For almost any smartphone that an organization has decided to support, there is an Exchange ActiveSync enabled client available. Slide Objective: The Audience should walk away understanding that Exchange is providing the one stop for their communications needs. Exchange inboxes will be accessible from a wide variety of platforms and technologies. This broad access to rich Exchange data experiences allows them to be more flexible in their organizations while still having a consistent management story on the administrative side. This means lower costs with greater support for the platforms their organizations chooses to use; lower cost, greater choice.

21 Colaborar efectivamente
Una sola ubicación para , Instant Messages, mensajes de texto con un Inbox Universal Voice Telephony Situation : People communicate though many different modes of communications today. From SMS with family members to to business partners; IM for fast responses from co-workers to voic from a colleague, people are using more and more modes of communication to contact each other. Today these forms of communications (as well as others like RSS feeds and multiple accounts) are all handled in separate applications and though separate interfaces. Exchange Server allows users to bring all of these together in one place so you can communicate with who you want, when you want and how you want. Talking Points : Instant Messaging is available for Real Time Communications with OCS (OCS can federate with the major IM services and the hosted service can also use Live IM instead of OCS) SMS Text messaging syncs to your inbox letting you backup, sync and send messages from the web (also can connect to the mobile device to show the message coming from your number allowing the recipient to respond to your mobile phone) Integrated RSS feed in your inbox means you don’t have to surf the web to get the information you need Aggregated accounts means you can access multiple accounts without having to log out of Outlook or open up multiple websites. Slide Objective: The Audience should walk away understanding that Exchange is providing the one stop for their communications needs. Exchange Inboxes will allow them as a user to bridge the communications silos they now use meaning that they have one place to read, create, respond and interact with the multiple modes of communications they use today; and in the future. Instant Messaging SMS Text Messaging

22 Colaborar efectivamente
Fácil colaboración con socios externos mediante el calendario compartido Situation: Having a view of not only your calendar, but others calendars is critical to being productivity. From a parent who needs to see a spouse’s calendar to know who’s night it is to pick up the kids, to the ability for team’s to share a calendar of critical events for all of the team members. Shared calendars are necessary to raise the level of productivity for the group. Likewise, coordinating with people outside your organization ahs been a manual process that now can be accomplished with the ease that we allow people to share calendars internally. This makes scheduling meetings with external partners fast, efficient and effective. Talking Points : Customers can now share their calendar externally the way they currently share them internally Customers can now view multiple calendars in OWA Slide Objective: The audience should walk away form this slide understanding that we’ve really gone from just holding your calendar to allowing you to flexibly use your calendar and interact with others, internal and external, though your calendar.

23 Flexible y Confiable Provee la flexibilidad necesaria para operar una infraestructura de mensajeria de alto rendimiento Entregado en Exchange Server 2007 Instalación mejorada Alta Disponibilidad mediante Continuous Replication Consola de administración simplificada Inversiones en Exchange Server 2010 Opción de solución con servicio hosteado Única plataforma para Alta Disponibilidad y Disaster Recovery Administración basada en Roles Respecto a decreto 83: Las Slides muestran cómo se puede cumplir con el punto 8.4 y 8.5 de la norma. Instructor Notes:

24 Disponibilidad Continua
Mailbox simplificado para Alta Disponibilidad y Disaster Recovery con nueva plataforma unificada San Jose New York Mailbox Server Mailbox Server Mailbox Server DB1 Replicate databases to remote datacenter DB1 DB1 Recover quickly from disk and database failures DB2 DB2 DB2 DB3 DB3 DB3 DB4 DB4 DB4 DB5 DB5 DB5 Situation: As the importance of communications in today’s workplace continues to grow, companies count on their IT staff to prevent outages and data loss Traditionally, customers have been required to deploy expensive shared-storage clustering and purchase 3rd party data replication products to provide full redundancy of Exchange Server services and data Exchange Server 2007 introduced a built-in data replication technology called Continuous Replication, which significantly reduced the cost of deploying a highly available Exchange infrastructure Running a highly available Exchange infrastructure still requires a great deal of time and expertise, because integration between Exchange Server and Windows Clustering is not seamless Companies want an easier way to replicate their data to a remote location, in order protect their Exchange environment against site-level disasters Talking Points: Exchange “14” uses the same Continuous Replication technology found in Exchange 2007, combining on-site data replication (CCR) and off-site data replication (SCR) into a single framework called a “Database Availability Group” Exchange Server Database Availability Groups handle all aspects of clustering internally. There is no need to manage failover clustering separately in Windows Server Administrators can add replicated database copies incrementally (up to 16 total), and Exchange switches between these copies automatically as needed to maintain availability Mailbox servers involved in clustering can host other Exchange roles (Client Access, Hub Transport, etc), so full redundancy of Exchange services and data can be achieved with just two servers Legacy Exchange clustering (Single copy clustering, which was the only clustering option in Exchange 2000 and Exchange 2003) is being retired in favor of Exchange 2007-style clustering. 3rd party replication products will still be supported The new high availability architecture provides simplified recovery from a variety of failures (disk-level, server-level, and datacenter-level), and can be deployed on a variety of storage types (as described in the previous slide) Slide Objective: Position the new HA model as the evolution of previous HA methods, with significantly less cost and complexity Evolución de tecnología de Continuous Replication Más fácil de manejar e implementar que un cluster tradicional Permite que cada DB tenga 16 copias replicadas Provee full redundancia de roles de Exchange Capacidades de CCR y SCR combinadas en una misma plataforma

25 Disponibilidad Continua
Limitar la interrupción del usuario durante la mantención y movimientos de Mailbox Client Mailbox Server 1 Mailbox Server 2 Client Access Server Usuarios permanecen en línea mientras sus mailboxes son movidos entre servidores Enviando Mensajes Recibiendo Mensajes Accediendo al mailbox completo Los Administradores pueden ejecutar migraciones y mantención durante las horas regulares de trabajo Situation: Administrators commonly move mailboxes between servers and databases as part of maintenance activities or when migrating between Exchange versions Currently, when an administrator moves a mailbox, this takes the user offline for the duration of the move, leaving them no access to As mailbox sizes have grown, mailboxes take longer to move, so administrators have been forced to perform mailbox moves at night and on weekends to minimize disruptions for end users Talking Points: In Exchange “14”, mailbox moves can be done in online mode: users remain can send, receive, and read mail while the contents of their mailboxes are moved to a new location Maintenance activities can now be performed during the day, rather than a nighttime or weekend maintenance window Migration to Exchange “14” (whether Exchange “14” is deployed on-premise or online) can be accomplished faster and with less end-user disruption Slide Objective: Describe how give administrators can use the new online move mailbox process to perform Exchange maintenance and migrations without sacrificing their evenings and weekends.

26 Disponibilidad Continua
Potenciar a los usuarios especialistas a ejecutar tareas con administración basada en roles Compliance Officer Human Resources Help Desk Staff Situation: Delegated administration has greatly improved with each release of Exchange Server, but Exchange 2007 still required modification of ACL’s to create specialized administrative roles (i.e. Compliance Officer role) In Exchange 2003, managing permissions required customization of ACL’s (about 560 ACE’s in total). A whole whitepaper dedicated to ACL modification. In Exchange 2007, property sets made it easier, but doing split permissions was still complicated and required ACL modification. A lengthy E2k7 whitepaper was written how to do this for Unified Messaging. Permissions were focused on AD objects, and didn’t map 1:1 with tasks Talking Points: Roles-Based Access Control (RBAC), in Exchange “14”, simplifies the administrators ability to create specialized roles with specialized actions. For example: Creating a helpdesk administrator role who only has the ability to create new mailboxes or change mailbox quota or message size limits. Creating a specialized Telephony Specialist role, who’s permissions are limited to managing UM dial plans. Creating a specialized compliance officer role, who’s permissions are limited to performing cross-mailbox searches for legal discovery. Creating a human resources role, where individuals assigned to this role are only able to update employee contact information. Creating a branch office administrator role, where they only have permissions to modify details for mailboxes within the specific branch (Organizational Unit or OU). Roles-Based Access Control is simple to manage. Administrators will use the Exchange Management Shell to: Create Roles to define/grant the set of operations for a specific user (i.e. ability to create a new mailbox, or set mailbox quota limit) Define Scope of where the operations can be run (i.e. a specific organizational unit, like North America OU or Finance Dept) Assign the roles and scope to a set of users (i.e. Unified Messaging Admin, Helpdesk Admin, Compliance Officer, etc…) What required an entire whitepaper (in E2k7) to create a specialized Unified Messaging role, can now be done in Exchange “14” with a single cmdlet in the Exchange Management Shell. Slide Objective: Exchange “14’s” Role-Base Access Control (RBAC) capabilities allow Exchange administrators to easily create specialized administrative roles. This delegated administration model empowers specialist users to perform tasks relevant to their role, while lowering help desk costs by allowing the IT to focus on more important tasks. Conduct Mailbox Searches for Legal Discovery Update Employee Info in Company Directory Manage Mailbox Quotas

27 Administración Simplificada
Disminuir costos de soporte mediante nuevas opciones de Auto-Servicio para el usuario Track the status of sent messages Situation: The largest percentage of helpdesk calls incurred by an organization using Exchange include: Distribution Group management, message tracking, changes to personal information in address book, and other similar tasks. The annual cost of helpdesk support staff for systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“ Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008). Talking Points: Roles-Based Access Control (RBAC), in Exchange “14”, allows IT administrators to move specific self- service tasks to end-users. Distribution Group management – End-users can create new DG’s, manage memberships and ownership, as well as delete DG’s Message tracking – End-users can track delivery receipt information of all messages sent Editing personal information in address book – End-users can modify select user information, such as mobile phone number. End-user self-service management is performed through a web-based management interface (aka. Exchange Control Panel) Other typical end-user tasks/options will be moved from to this web-based management interface, such as: Out of Office, Inbox Rules, Mobile device management, etc… Regular feedback from users of Exchange Labs (and other research) has helped frame the user experience with this web-base management interface Slide Objective: Exchange “14’s” Role-Base Access Control (RBAC) capabilities allow Exchange administrators to give selective self-management capabilities to end-users. By moving self-service tasks to end-users, organizations can reduce the costs for helpdesk support, and allow IT staff to focus on more important tasks. Create and manage distribution groups

28 Reflexiones Los auditores pueden cumplir un rol relevante en materia de control. No debe ser un cargo nominal. La seguridad de sus sistemas es tan importante como la funcionalidad. No sacrifique la seguridad ni la ponga en un segundo plano. Construya sus sistemas con la seguridad en mente desde el principio. Observe otras experiencias y pida ayuda. Sea rápido. Los hacker no lo esperarán. Solucionar problemas antes que sean inmanejables.

29 Demo

30 © 2008 Microsoft Corporation. All rights reserved
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.