System Health And MonitoringDamian LeibaschoffSupport Escalation EngineerMicrosoft

Rod WhiteSupport EngineerMicrosoft

AgendaSystem Health VisionSecuritySoftware UpdatesCritical AlertsBackupReporting

System Health VisionProvide base operational monitoring and policy definitions for SBS server, 2nd server,

and all domain joined clients.System Health pillars include

SecuritySoftware UpdatesSBS Critical Alerts Backup

SecurityE-mail anti-malware/anti-spam

Via Forefront Security for Exchange* and OneCare for Server*

Monitoring of client file system anti-virus and anti-spyware

Rolled up status recovered from Vista/XP Security CenterStatus recovery is real time

Note: *Important: "Limited Time Trial Subscription “ only

Software UpdatesIntegration with WSUS 3.0 (SP1)Auto approved all critical/security and definition updates

Client O/S – download/install/restart if appropriateServer O/S – download and notify – administrator to initiate install

Client exclusion supportedImportant: Please set the expectation that once SBS 2008 is installed, updates will be applied to non-compliant systems – restarts will occur

Software UpdatesApproval scope can be modified (via WSUS)

Removing critical and security updates will turn updates into yellow: Warning

Administration of SUM kept to a minimum

Administrator will need to approve updates with revised SLTsUI will expose ‘optional updates’

Critical AlertsMonitoring of auto start services (server)Key events (server)

BackupLicensingNetworkingSecurity

Thresholds (clients and server)Disk usage

Monitoring of all other critical alerts ‘Catch All’ for all critical alerts within the server event logs

Alert PresentationHome page score card

Summary red/yellow/green

Computers pagePer computer statusDetailed per alert description

Daily summary/weekly detailed reports

E-mail/UI

Catch All events only in the reports

BackupSystem Health calls backup APIs to recover state

Green – Last SBS 2008 Server backup successfulYellow – Backup on the server not configuredRed – Last SBS 2008 Server backup failed

Reports2 Default reports

Cannot be removed

You can add new onesHistorical archive available

Partner Overview

Partner ProfileNextStep NetworkingCincinnati, OH15 Employees115 active customersCustomer segment focus: SMBSolution focus areas: MSPP Level: Microsoft Gold Partner

TAP Customer ProfileCity of Mt. Healthy15 desktopsBusiness Focus: Local GovernmentKey Pain Points: How will SBS 2008 help:

A Real-World Perspective 2008 TAP Experience

Positive feedback from the clients; Stable environmentMigration was straight forward and did not require any third party productsMigration was non-intrusive and did not require much downtimeAs a member of the TAP we are able to get answers to any issues quickly and easily

Health and Monitoring now includes the entire domain not just the SBS serverKey features

Comprehensive monitoringWeekly alerting allows for increase in reliabilityWeekly alerting allows your staff to be more productive by allowing them to quickly determine the health of a network and be able to prioritize workWeekly and Monthly Reports can be used to drive sales for time and material clients

What specifically do you recommend the partners do next, in priority order?

Participate in events like this one… get together with those who knowInstall it on a test server and get your hands dirty – add some workstations and see how beneficial the monitoring is

Appendix

FeaturesCustomized reports

Includes status for server and clients

Real-time server and client health statusFirewall, AV, anti-spywareUpdatesGeneral alerts

Centralized update managementOneCare anti-malware on the server

"Limited time trial"

Forefront Security for Exchange"Limited time trial"

SecurityDefault components

File system AVWMI query to Security Center

Anti-spywareWMI query to Security Center

Anti-spamCMDLET in Powershell

E-mail antivirusFSE utilities

Extensibility for third party ISVsClient reports based on WMI queries

UpdatesWorks on top of WSUS 3 SP1Defaults

ServerApprove critical, security, and definition updates for installationDownload, update, and notify

ClientApprove critical, security, service packs, and definition updates for installationInstall updates at 3 AM

Other updates need to be approved for install to either servers or clients

UpdatesThree group policies

Update services client computersUpdate services common settingsUpdate service server computers

Security filtering on client and server GPOsMachines can be excluded from this process

Burden on administrator to manually update

Windows Live OneCare For Server

Same scan engine solution as Forefront Client SecurityServer file exceptions configured by defaultNo firewall component on server SKUBackup component disabled

Use the SBS provided backup solution

Only 25 machines if using a OneCare circle

Use the SBS Console to monitor all clients

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The information contained in this presentation relates to pre-release software product, which may be substantially modified before its first commercial release. Accordingly, the information may not accurately describe or reflect the software product when first commercially released. This presentation is provided for informational purposes only, and Microsoft makes no warranties, express or implied, with respect to this presentation or the information contained in it.