Microsoft Windows Intune 2.0: Quickstart Administration

By David Overton
  • Instant online access to over 8,000+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Overview of Cloud Computing

About this book

Microsoft Windows Intune is a cloud service solution that simplifies how small and mid-sized businesses manage and secure PCs using Microsoft cloud services and Windows 7—so your computers and users can operate at peak performance all the time.

This step-by-step guide will show you how to plan, set up and maintain Windows Intune, showing you how to manage a group of PCs (either 1 business or several if a partner) from the base operating system, through to the patches, anti-malware solution and deployed software and policies from a central console, using the Windows Intune service.

This book takes you through all the steps to plan, set up and maintain Windows Intune and how to manage a group of PCs. The book starts by providing an overview of Cloud Computing and PC Management. The book then dives into topics such as Windows Intune features, signing up for Windows Intune and installing the client software, configuring Windows Intune, proactive management, and monitoring and dealing with alerts, including remote assistance amongst others. As Windows 7 is part of Windows Intune, the book will also cover the minimum steps required to move from Windows XP to Windows 7 while keeping user settings and preferences.

Publication date:
January 2012
Publisher
Packt
Pages
312
ISBN
9781849682961

 

Chapter 1. Overview of Cloud Computing

Welcome to the cloud computing revolution currently sweeping through the IT landscape. It might be slightly confusing as to why we are starting a book on PC management with an introduction to cloud computing, however, the management service you are signing up for is a cloud based solution, with benefits and challenges that need to be addressed and planned for.

Through this chapter we will understand what cloud computing is and how it compares to the traditional on-premise computing models of today. We will then discuss what this means to us when relying on the Windows Intune Service and highlight other cloud computing services that we might want to use, or perhaps already be using from the cloud.

The one word of warning that I will give here is that every IT company on the planet appears to have a definition of cloud computing that suits the products they sell. Here, we will define the key aspects that are required for something to be a cloud computing solution.

In this chapter, we will cover the following topics:

  • Facets of cloud computing

  • Different levels of cloud computing

  • Challenges of cloud computing

  • Bringing all this together for Windows Intune

We are going to cheat a little. I'm not going to provide one of those quotable definitions of cloud computing, but rather explain what I believe are the key facets of cloud computing and how these benefit us and provide us with caution in some areas. The reason I'm going to do this is because I recently saw a presentation by a UK government official that stated they had found twenty-two definitions of cloud computing and none of these definitions fitted their needs, so they defined number twenty-three. No doubt I will upset some in the IT world with my information, but that is one of the luxuries of being the author, although I think this aligns with most of the twenty-three definitions to date.

The key facets of a cloud solution are as follows:

  • Centralized solution, management, and upgrades

  • Elastic in scale and power

  • Pricing based on utilization

  • Delivered using Internet protocols

  • Secure and private

  • Service Level Agreement

There are other facets that are often part of a cloud solution, but not required and we shall also explore these:

  • Multiple client device types

  • Client software

  • Programmable interfaces

What should not be ignored is that all of the these facets could be delivered on our premises, especially if the delivery is for a large organization. However, the economies of scale and shared fixed costs that trend to zero are limited by our own ability to scale. Some would call this on-premise solution a private cloud, while others would call it a well-managed data center with many aspects shared with a historic well-run mainframes estate. As a side note, my computing life started with mainframes and it makes me smile that a mainframe expert would see almost all of the key facets of a cloud solution as those by which mainframe based solutions were delivered from private data centers.

This is one of the key things to understand here. While Internet scalability enables a lower cost model and the protocols are becoming more manageable even with our firewalls that protect our networks as they connect to the Internet, there is very little here that by itself is new. The uniqueness here is that organizations like Microsoft are investing billions of dollars to build the data centers and solutions that bring each facet together into a handful of locations at a game changing price point.

Centralized solution, management, and upgrades

Given that a cloud service is normally provided over the Internet, for scale, the solution will be located in a handful of data centers owned and managed by the service provider. They will provide everything we need to run the solution, from physical servers to networking and application software; however we are not be able to directly access this. We use the interfaces they provide for the services and the service provider manipulates hardware, software, and configures the network for us. The key thing is that it is a highly replicated solution that has a level of management that is taken care of for you. The different cloud computing models and what is managed for you, versus by you, will be discussed later in this chapter.

The following diagram demonstrates the items that could move from a distributed to a centralized solution with cloud services. We can see that with a centralized solution, more resources are required in an IT function rather than repeated in each department. While the boxes are not drawn to scale, we should get economies of scale as things are centralized. Centralization can take place on our premises or using a cloud services provider where some of the IT functions in the diagram are, in effect, outsourced to the cloud service provider.

With Windows Intune, all the information about each Windows computer is centrally stored in multiple Microsoft data centers and can be managed by us, no matter whether a server, the network, or even the entire data center fails. The application that runs on this infrastructure is the Windows Intune management software and it is maintained and upgraded without needing to be involved in the process. We will also have client software that connects to this infrastructure that is provided by Windows Intune, but the installation onto each client computer still falls to us to manage. When we make a change using the management tools at the data center, this will automatically be distributed out to the client computers provided they are connected to the Internet, implementing our changes without having to visit or touch these machines.

While Windows Intune centralizes the management function, storage and applications are still provided in the same way as previously delivered.

Elastic in scale and power

The Internet is a big place and the demands on services can be tiny or massive and this is expected to change over time, sometimes within minutes. A cloud solution should have that flexibility built into it. When we deliver computing resources in our own offices or data center, we have to buy the right number of servers and storage to enable us to meet the peak demand. Probably, because it is too complex to do anything else, most organizations simply leave these servers on all the time, consuming electricity, but adding no value to the business. In a cloud environment, servers are started and stopped as needed to deliver the solution, often by the service provider on our behalf. We can see all the opportunities that an elastic service can simply scale up or be turned off according to our business needs in the following diagram:

In the case of Windows Intune, this is the application that Microsoft manages and they start up and stop the servers as required to deliver the information to the Windows Intune client software on the PCs and the management interfaces.

Pricing based on utilization

There are two elements to the pricing of cloud solutions that need to be discussed. The first is that by virtue of the elastic number of servers used, the cost of the service is lower than purchasing for peak capacity. The second is that rather than paying for servers, power, cooling, storage, and people, we now pay for utility. This may be a fee per user, compute hour, storage, and so on, but it is nothing like the traditional buy or lease models for IT where we paid for the hardware and software rather than usage.

The low fee we pay for Windows Intune relates to the fact that the service is delivered at Internet scale with elastic scalability that means that the actual computing required is right sized for all the users of the service at any moment. Our usage would be a fraction of the IT required to deliver ourselves because we do not actively interact with the management system 100% of the time. Beyond the scalability, Microsoft is also able to deliver greater efficiencies in managing the whole solution. This enables Microsoft to charge a flat rate per user for the services that is lower than the cost of acquiring the software, hardware, and people to manage by a significant amount.

Delivered using Internet protocols

Protocols describe the way machines talk to each other. Some of these are defined by standards bodies and others are known as de-facto standards as they have been popularized by the organization or organizations that use them. Either way, they need to be Internet friendly so that they can be routed, inspected and secured by firewalls and received by different client device types where appropriate.

Windows Intune uses a combination of standards based and de-facto standards, but all the protocols are published and known, enabling routing and securing via the Internet. Windows Intune uses a standard web browser to deliver the management interfaces and then a well-known set of protocols to deliver the rest of the information to the client PCs.

The term Cloud is often used when describing solutions that are often hosted and certainly connected to over the Internet. What used to be an Internet service is now often referred to as a Cloud service, but the terms are often interchangeable.

Secure and private

The final technical facet that all cloud services should have relates to security and privacy. The service needs to be as trustworthy as if we were running it ourselves. This means that our data is not shared or leaked, and that the communication protocols are secure. This is often not something we can test, but we should look for a privacy statement from the service provider.

Windows Intune's privacy statement can be found by following the link: http://davidoverton.com/r.ashx?20.

Service Level Agreement

All quality cloud services should have a Service Level Agreement or SLA for short. This will need some careful analysis as this is one of the areas that differs the most from running the technology and delivering the service ourselves, and having it provided as a cloud service.

Service Level Agreements consist of two elements repeated for each different feature or function of the service being offered. These two elements are Availability level and Service hours of a time period and, as a customer, we get some form of Recompense if the level of service is not delivered. As we are managing multiple users, the number of users impacted, or the proportion of them that were impacted is often also included in the calculation.

Availability

Availability is often described as a number of nines, such as "three nines" meaning 99.9% availability or uptime. Don't be fooled by the number of nines by themselves as a service interruption (known as downtime) as it could still have a major impact if it was in the middle of our busiest day. The following table shows us what the downtime implications are:

99% uptime

1% downtime

99.9% uptime

0.1% downtime

Day

23h 45m 36s

14m 24s

23h 58m

1m 26s

Week

6 days 22:19:12

1h 40m

6 days 23h 49m

10m 5s

Month

30 days 16h 33m

7h 26m

30 days 23h 15m

44m

Year

361 days 8h 24m

3 days 15h 36m

364 days 15h 14m

8h 45m

The first consideration is the time period of which the measure is taken. Consider the preceding table which shows the time period of which certain availability levels are considered acceptable. It may all look relatively rosy, but if the availability is over a year, then there can be over a working day without the service at 99.9% availability (that of Windows Intune) and over 3 days if a service is provided at the "two nines" level of 99%, that of many services. Depending on the service, this will either be acceptable or unacceptable. Some cloud services do not have availability levels at all and these can be offline for months without recompense.

Finally, some services do not count downtime as soon as things go wrong, meaning that a large number of short failures are not considered to be breaking the availability agreements.

Service hours

The other consideration is serviceable hours. In the preceding table we have assumed that the service has no "planned" downtime or maintenance windows and that it is available and measured for 24 hours every day. Some services have large maintenance windows, as much as 16 hours per day, and during this time if the service is available, that is great, but if not then there is again no recompense.

If we were running the technology on-premise, we could discuss improving the service availability and how we could impact the quality of service. With a cloud service we may be able to pay more to get a higher availability level, utilize more servers, or have no choice but to accept what it given.

Windows Intune, at the time of writing, stated that 10 hours scheduled downtime per year was acceptable and personally I would agree with this as it amounts to 10 hours out of 8,760 per year which is a very high level of availability. While this may sound a little scary, since Windows Intune only delivers management functionality, in the event of a failure it is only this management functionality that stops working. The users can continue to use their computers during this issue.

Recompense

The balance to the expected Service Level Statement is the Recompense, should the service not meet this level. Again, here we need to ensure that this matches our business needs. Some services will provide usage or service credits, while others will provide us with cold hard cash as compensation.

Service credits can be nice, but sometimes they materialize as an extension to our existing contract period, which is not necessarily useful or desirable. The alternatives include actual refunds or a reduction in our next bill.

Windows Intune, at the time of writing, delivers service credits in the following month and it is quite generous.

Window Intune SLA

We have covered the Windows Intune SLA several times in the preceding text and there is a snippet of this document below. To get the latest version of this, please go to the following URL: http://davidoverton.com/r.ashx?21.

In this snippet, we can see how Microsoft calculates uptime at the time of writing. We can see that Microsoft considers the number of users impacted as well as the number of minutes that they were disrupted to be key to calculating the Availability or"Monthly Uptime Percentage".

We can see that if the service impacts all users for more than 44 minutes a month, we are entitled to a 25% service credit. In my opinion, this is one of the best value service credits available in the marketplace today.

Multiple client device types

We are now moving on to requirements that are not always present in all cloud computing scenarios, but it is important to understand how they might be useful.

Not that many years ago, the de facto desirable device for all computing needs was a Windows based PC. While the benefits of Windows have increased, as has the use of Windows 7, people want to be able to access information and applications from other devices. We have seen the rise of netbooks, tablets and phones as information access devices.

These devices all have relatively small storage and processing capacity, so the natural thing is to store information and provide the computing power on the Internet where it can be delivered on mass as needed. The services that provide all of this are often delivered using cloud computing solutions as they need the facets discussed in the preceding text.

Once the key information, data, and processing are deployed in the cloud, all these devices can utilize it from a browser or a small application that calls upon these cloud services. This means that rather than having to write complex software for all these devices, which has always been a barrier to deploying on anything but Windows in the past, now it is developed once for the cloud environment and delivered as a simple piece of consumption software for each device type. As the consumption software is lower in complexity because the complex solution is now being delivered by the cloud service, it becomes cost effective to write it multiple times, once for each device.

Now we have a model that allows access from multiple devices from any location provided they have a possible connection to the network with the cloud service on it, normally the Internet.

iPhones, iPads, Android, Windows Phone 7, netbooks, notebooks, Windows XP, Vista, and Windows 7 PCs are now all excellent consumers of cloud services. Each device has its own interface quirks, tools, and other management issues, but for a cloud service provider, they can now address more devices and users than ever before.

Today, Windows Intune is only used to manage Windows PC devices and the management interface is only available through a web browser with Silverlight installed, however, I expect more interfaces to become available over time.

Client Software

Cloud computing requires a way for us, the user, to interact with it. This may be via a web browser, but if that is not the case, then we need to ensure the device we are planning on using has the software available to download in a marketplace, or application store for the specific device. This could be an application on a phone or computer. Familiar examples would include an e-mail client or music playing software.

In the case of Windows Intune, we need client software on each Windows device that will be managed. The client software communicates to the cloud service and we manage the service via a web browser.

Programmable interfaces

With a cloud computing solution we have much of the data and clever computer processing being done in a data center across a network, which means this now has to be controlled remotely. There are two choices here as to how this is done, either by building the whole service and infrastructure and solution as the vendor, or by enabling third parties to have access to the control interfaces.

For some solutions, having third parties access these control interfaces makes perfect sense as it enables additional benefits to users without having to spend the time building it ourselves as the vendor. For some solutions however, the data is considered too complex to manage or too important to let third parties change, so the interfaces are not accessible.

Windows Intune today does not have publicly accessible programmable interfaces, so no enhancement of the software is possible

If these interfaces are available then the vendor will also have some form of additional shop front or application store to enable us as the user to choose to augment the cloud computing solution we have.

 

Centralized solution, management, and upgrades


Given that a cloud service is normally provided over the Internet, for scale, the solution will be located in a handful of data centers owned and managed by the service provider. They will provide everything we need to run the solution, from physical servers to networking and application software; however we are not be able to directly access this. We use the interfaces they provide for the services and the service provider manipulates hardware, software, and configures the network for us. The key thing is that it is a highly replicated solution that has a level of management that is taken care of for you. The different cloud computing models and what is managed for you, versus by you, will be discussed later in this chapter.

The following diagram demonstrates the items that could move from a distributed to a centralized solution with cloud services. We can see that with a centralized solution, more resources are required in an IT function rather than repeated in each department. While the boxes are not drawn to scale, we should get economies of scale as things are centralized. Centralization can take place on our premises or using a cloud services provider where some of the IT functions in the diagram are, in effect, outsourced to the cloud service provider.

With Windows Intune, all the information about each Windows computer is centrally stored in multiple Microsoft data centers and can be managed by us, no matter whether a server, the network, or even the entire data center fails. The application that runs on this infrastructure is the Windows Intune management software and it is maintained and upgraded without needing to be involved in the process. We will also have client software that connects to this infrastructure that is provided by Windows Intune, but the installation onto each client computer still falls to us to manage. When we make a change using the management tools at the data center, this will automatically be distributed out to the client computers provided they are connected to the Internet, implementing our changes without having to visit or touch these machines.

While Windows Intune centralizes the management function, storage and applications are still provided in the same way as previously delivered.

Elastic in scale and power

The Internet is a big place and the demands on services can be tiny or massive and this is expected to change over time, sometimes within minutes. A cloud solution should have that flexibility built into it. When we deliver computing resources in our own offices or data center, we have to buy the right number of servers and storage to enable us to meet the peak demand. Probably, because it is too complex to do anything else, most organizations simply leave these servers on all the time, consuming electricity, but adding no value to the business. In a cloud environment, servers are started and stopped as needed to deliver the solution, often by the service provider on our behalf. We can see all the opportunities that an elastic service can simply scale up or be turned off according to our business needs in the following diagram:

In the case of Windows Intune, this is the application that Microsoft manages and they start up and stop the servers as required to deliver the information to the Windows Intune client software on the PCs and the management interfaces.

Pricing based on utilization

There are two elements to the pricing of cloud solutions that need to be discussed. The first is that by virtue of the elastic number of servers used, the cost of the service is lower than purchasing for peak capacity. The second is that rather than paying for servers, power, cooling, storage, and people, we now pay for utility. This may be a fee per user, compute hour, storage, and so on, but it is nothing like the traditional buy or lease models for IT where we paid for the hardware and software rather than usage.

The low fee we pay for Windows Intune relates to the fact that the service is delivered at Internet scale with elastic scalability that means that the actual computing required is right sized for all the users of the service at any moment. Our usage would be a fraction of the IT required to deliver ourselves because we do not actively interact with the management system 100% of the time. Beyond the scalability, Microsoft is also able to deliver greater efficiencies in managing the whole solution. This enables Microsoft to charge a flat rate per user for the services that is lower than the cost of acquiring the software, hardware, and people to manage by a significant amount.

Delivered using Internet protocols

Protocols describe the way machines talk to each other. Some of these are defined by standards bodies and others are known as de-facto standards as they have been popularized by the organization or organizations that use them. Either way, they need to be Internet friendly so that they can be routed, inspected and secured by firewalls and received by different client device types where appropriate.

Windows Intune uses a combination of standards based and de-facto standards, but all the protocols are published and known, enabling routing and securing via the Internet. Windows Intune uses a standard web browser to deliver the management interfaces and then a well-known set of protocols to deliver the rest of the information to the client PCs.

The term Cloud is often used when describing solutions that are often hosted and certainly connected to over the Internet. What used to be an Internet service is now often referred to as a Cloud service, but the terms are often interchangeable.

Secure and private

The final technical facet that all cloud services should have relates to security and privacy. The service needs to be as trustworthy as if we were running it ourselves. This means that our data is not shared or leaked, and that the communication protocols are secure. This is often not something we can test, but we should look for a privacy statement from the service provider.

Windows Intune's privacy statement can be found by following the link: http://davidoverton.com/r.ashx?20.

Service Level Agreement

All quality cloud services should have a Service Level Agreement or SLA for short. This will need some careful analysis as this is one of the areas that differs the most from running the technology and delivering the service ourselves, and having it provided as a cloud service.

Service Level Agreements consist of two elements repeated for each different feature or function of the service being offered. These two elements are Availability level and Service hours of a time period and, as a customer, we get some form of Recompense if the level of service is not delivered. As we are managing multiple users, the number of users impacted, or the proportion of them that were impacted is often also included in the calculation.

Availability

Availability is often described as a number of nines, such as "three nines" meaning 99.9% availability or uptime. Don't be fooled by the number of nines by themselves as a service interruption (known as downtime) as it could still have a major impact if it was in the middle of our busiest day. The following table shows us what the downtime implications are:

99% uptime

1% downtime

99.9% uptime

0.1% downtime

Day

23h 45m 36s

14m 24s

23h 58m

1m 26s

Week

6 days 22:19:12

1h 40m

6 days 23h 49m

10m 5s

Month

30 days 16h 33m

7h 26m

30 days 23h 15m

44m

Year

361 days 8h 24m

3 days 15h 36m

364 days 15h 14m

8h 45m

The first consideration is the time period of which the measure is taken. Consider the preceding table which shows the time period of which certain availability levels are considered acceptable. It may all look relatively rosy, but if the availability is over a year, then there can be over a working day without the service at 99.9% availability (that of Windows Intune) and over 3 days if a service is provided at the "two nines" level of 99%, that of many services. Depending on the service, this will either be acceptable or unacceptable. Some cloud services do not have availability levels at all and these can be offline for months without recompense.

Finally, some services do not count downtime as soon as things go wrong, meaning that a large number of short failures are not considered to be breaking the availability agreements.

Service hours

The other consideration is serviceable hours. In the preceding table we have assumed that the service has no "planned" downtime or maintenance windows and that it is available and measured for 24 hours every day. Some services have large maintenance windows, as much as 16 hours per day, and during this time if the service is available, that is great, but if not then there is again no recompense.

If we were running the technology on-premise, we could discuss improving the service availability and how we could impact the quality of service. With a cloud service we may be able to pay more to get a higher availability level, utilize more servers, or have no choice but to accept what it given.

Windows Intune, at the time of writing, stated that 10 hours scheduled downtime per year was acceptable and personally I would agree with this as it amounts to 10 hours out of 8,760 per year which is a very high level of availability. While this may sound a little scary, since Windows Intune only delivers management functionality, in the event of a failure it is only this management functionality that stops working. The users can continue to use their computers during this issue.

Recompense

The balance to the expected Service Level Statement is the Recompense, should the service not meet this level. Again, here we need to ensure that this matches our business needs. Some services will provide usage or service credits, while others will provide us with cold hard cash as compensation.

Service credits can be nice, but sometimes they materialize as an extension to our existing contract period, which is not necessarily useful or desirable. The alternatives include actual refunds or a reduction in our next bill.

Windows Intune, at the time of writing, delivers service credits in the following month and it is quite generous.

Window Intune SLA

We have covered the Windows Intune SLA several times in the preceding text and there is a snippet of this document below. To get the latest version of this, please go to the following URL: http://davidoverton.com/r.ashx?21.

In this snippet, we can see how Microsoft calculates uptime at the time of writing. We can see that Microsoft considers the number of users impacted as well as the number of minutes that they were disrupted to be key to calculating the Availability or"Monthly Uptime Percentage".

We can see that if the service impacts all users for more than 44 minutes a month, we are entitled to a 25% service credit. In my opinion, this is one of the best value service credits available in the marketplace today.

Multiple client device types

We are now moving on to requirements that are not always present in all cloud computing scenarios, but it is important to understand how they might be useful.

Not that many years ago, the de facto desirable device for all computing needs was a Windows based PC. While the benefits of Windows have increased, as has the use of Windows 7, people want to be able to access information and applications from other devices. We have seen the rise of netbooks, tablets and phones as information access devices.

These devices all have relatively small storage and processing capacity, so the natural thing is to store information and provide the computing power on the Internet where it can be delivered on mass as needed. The services that provide all of this are often delivered using cloud computing solutions as they need the facets discussed in the preceding text.

Once the key information, data, and processing are deployed in the cloud, all these devices can utilize it from a browser or a small application that calls upon these cloud services. This means that rather than having to write complex software for all these devices, which has always been a barrier to deploying on anything but Windows in the past, now it is developed once for the cloud environment and delivered as a simple piece of consumption software for each device type. As the consumption software is lower in complexity because the complex solution is now being delivered by the cloud service, it becomes cost effective to write it multiple times, once for each device.

Now we have a model that allows access from multiple devices from any location provided they have a possible connection to the network with the cloud service on it, normally the Internet.

iPhones, iPads, Android, Windows Phone 7, netbooks, notebooks, Windows XP, Vista, and Windows 7 PCs are now all excellent consumers of cloud services. Each device has its own interface quirks, tools, and other management issues, but for a cloud service provider, they can now address more devices and users than ever before.

Today, Windows Intune is only used to manage Windows PC devices and the management interface is only available through a web browser with Silverlight installed, however, I expect more interfaces to become available over time.

Client Software

Cloud computing requires a way for us, the user, to interact with it. This may be via a web browser, but if that is not the case, then we need to ensure the device we are planning on using has the software available to download in a marketplace, or application store for the specific device. This could be an application on a phone or computer. Familiar examples would include an e-mail client or music playing software.

In the case of Windows Intune, we need client software on each Windows device that will be managed. The client software communicates to the cloud service and we manage the service via a web browser.

Programmable interfaces

With a cloud computing solution we have much of the data and clever computer processing being done in a data center across a network, which means this now has to be controlled remotely. There are two choices here as to how this is done, either by building the whole service and infrastructure and solution as the vendor, or by enabling third parties to have access to the control interfaces.

For some solutions, having third parties access these control interfaces makes perfect sense as it enables additional benefits to users without having to spend the time building it ourselves as the vendor. For some solutions however, the data is considered too complex to manage or too important to let third parties change, so the interfaces are not accessible.

Windows Intune today does not have publicly accessible programmable interfaces, so no enhancement of the software is possible

If these interfaces are available then the vendor will also have some form of additional shop front or application store to enable us as the user to choose to augment the cloud computing solution we have.

 

Different levels of cloud computing


Having discussed all the different facets that make up cloud computing, we now need to understand that there are various models for delivering cloud computing, each with benefits and challenges. The three different types of cloud computing solutions in common use today are:

  • Infrastructure as a Service (IaaS)

  • Platform as a Service (PaaS)

  • Software as a Service (SaaS)

As we can see from the preceding diagram, each option for cloud computing delivers the same components of a solution which historically would have been delivered from our own premises. However, as we move from infrastructure as a service to software as a service, our cloud solution provider becomes responsible for more of the solution.

Infrastructure as a Service

Probably the best known Infrastructure as a Service (IaaS)  solution available today is from Amazon with their EC2. Solutions exist from other providers, including Microsoft with the Azure VM role.

Each of these services provides us with a virtual machine running an operating system, often Windows Server, hosted in their data center. This means that we do not need to purchase hardware or the operating system, and only pay for the computing that we use. It is likely that we will not physically have a server in their data center, but it is more likely we will have a virtual machine or a slice of a physical server that delivers the power promised in the agreement.

We are responsible for managing that server in the form of security, patches, and software that is loaded onto it in the same way as if we had it physically installed on our premises.

Platform as a Service

The most complete Platform as a Service (PaaS) available in my opinion is Microsoft Azure which provides a development environment for organizations to create solutions that they can then use themselves or sell to customers. Microsoft has all the facets of cloud computing here and my day-to-day role involves helping Microsoft business partners adopt Azure.

There are other vendors who offer PaaS solutions that offer similar functionality, although my own personal experience is with Microsoft Azure. Wikipedia maintains links to some of them at http://en.wikipedia.org/wiki/Platform_as_a_service. The key thing is that there is a platform for developers to build upon to deliver a solution. The only thing these vendors have to worry about is writing their software as all aspects of running the platform they build upon is delivered for them, including the operating system and any database maintenance, system scalability, and hardware and network management.

The benefits here are that almost all of the start-up costs for infrastructure that a traditional services or software organizations would have are eliminated, as well as the ability to expand as rapidly as the solution is successful. Previously, a business had to predict their IT requirements for development and delivery of a solution and buy in advance, but not with PaaS.

Software as a Service

The most complete cloud computing solution available today is called software as a service. These are finished goods that we can take advantage of in the same way as traditional software, except the whole service is managed by someone else.

Examples that we are familiar with include Hotmail, Salesforce.com, Office 365, and of course, Windows Intune. All of these are highly functional application that are consumed and configured over the Internet. Some offer software that can be installed to further increase the application's functionality or enable offline access to the data when we are not connected to the Internet.

As the consumer of the software, we do not need to worry about the scalability of the hardware, network, or application that is delivering the functionality as this is all managed for us, often as a service built on top of a PaaS solution which is often built on an IaaS platform, however this is not always the case.

 

Challenges of cloud computing


Having described the facets of cloud computing, it sounds like there are only benefits; however, with all new uses of technology, there are some challenges too. While these will continue to be worked on and removed or improved, we need to be aware of them to help decide if a cloud computing solution is right for you.

Picking and deploying Windows Intune means we have to be comfortable with these areas, although clarity will be provided as to what this all means to us as a Windows Intune user at the end of the chapter.

Network requirements

Any cloud service requires by its very nature a connection to the Internet via a network. While this might not sound like a challenge, many businesses can access and process their data today irrespective as to whether a connection to the Internet is present or not. This means that a well-managed Internet connection will become more important to all users of such a service, rather than just managing the corporate network. Mobile workers can be more commonly connected to the Internet rather than their corporate network, so delivering a cloud service can provider simpler access for these users without the hassle of VPN network settings or dedicated hardware.

Data accesses and synchronization

If today our is data stored on our computer's hard disk and tomorrow it is stored in a cloud service, we have just moved from a service which can work on an airplane or train without an Internet connection to one where we now require ubiquitous Internet access to work.

Cloud service providers have realized this and offer many solutions to this failing. Many providers offer offline support where we can read and update our data when we are disconnected and then synchronize it to the service when we connect again. This functionality is normally delivered by client software that we have to load onto our devices and this software manages the offline data and synchronization. The only downside to this is that we may have to deal with synchronization errors should more than one person update the same information while we are offline.

Network bandwidth and latency

The second challenge with Internet based services relates to the amount of Internet network usage. For some services, functionality that would result in network usage within our corporate network gets moved to flowing over the Internet. This is likely to increase the bandwidth we require to enable this increased usage.

Added to this requirement is the speed at which we can get the data and services. When the data is local on a hard disk or on a network that we control, access to the data and service can be very quick. The further we move it away from our control and network, the slower access can be, decreasing a user's satisfaction with the service if they have to interact with it.

Again, it is possible that the client software will change the way the service works to remove the issues or limit the bandwidth consumed, but large amounts of data being moved from a local connection to a remote one can still be problematic if ultimately a large amount of data needs to be moved in a small amount of time.

Security

If the cloud computing solution we are using or connecting to requires a connection over the Internet, then it is possible that some sensitive data will flow over the Internet. Most cloud solutions offer ways to secure this traffic. Some industries are governed by a number of legal regulations and this transport over the Internet may have to comply with these regulations, which is something to watch out for.

The same goes for the storage of data, in terms of the physical protection it is given and the actual location. Some services are not based in the same country as us and this may give rise for concern.

For this reason, military, financial, and some government situations are not easily compatible with a public, Internet hosted cloud solution. However, there is frequently a private cloud solution that can meet these requirements.

Customization

When using a cloud service, one of the reasons that it is possible for us to receive the service at scale and often with a beneficial price point is because it is a mass-production system. This means that the level of customization possible is frequently lower than a traditional on-premise application or service that we would otherwise use. When a solution is installed on premise, it can be customized heavily, however with a shared cloud solution, customization is often restricted to the configuration options provided in the solution.

 

Bringing all this together for Windows Intune


Windows Intune is a SaaS solution, meaning that Microsoft is responsible for all layers shown in the diagram in the preceding Different levels of cloud computing section. This relieves us of the responsibility of installing, maintaining, and upgrading the server infrastructure required to deliver this solution, but it also removes a level of control.

With Windows Intune, while the service is provided like electricity down the wire, we do need to configure and customize the service to make it deliver value as well as manage the installation on the client computers and respond to alerts and requests for assistance.

This means that we get the benefits of being able to manage our Windows computers, by policy, but do not have to worry about how that management is implemented at all. To me, this is the beauty of Windows Intune. It is like the benefits of all the systems management capability of Microsoft Small Business Server 2011 and more, without the need to manage the server and software itself.

Just like Small Business Server, we will still have to approve system updates, talk to people about alerts that are raised and sometimes visit their computers to diagnose problems, although the tools in Windows Intune with MDOP make this easier too.

For all this to work, we as the administrators and the computers that we are managing must connect to a network that has access to the Internet with regularity. If this is unlikely then our ability to manage these computers and for them to get updates in policy, security settings, and system updates is significantly reduced, as is our ability to provide accurate reporting and timely assistance.

 

Summary


In this chapter, we have gone on a rapid tour of the world of cloud computing, but it is important to understand the concepts that we are signing up for with Windows Intune and the related services. The key item being that it is centrally provided by Microsoft, over the Internet on a massive shared service basis, removing a large set of infrastructure management headaches. While we can configure the options provided, we can't customize the service beyond those options.

In this next chapter, we will explore what we should be looking at to manage our PC estate to make it more predictable and reliable. This will include defining polices and goals as well as reporting against these. We will also explore the activities we will need to carry out to hit our goals and have happy, more productive users.

About the Author

  • David Overton

    David Overton has been in the IT industry for over 25 years and has worked at Microsoft in the UK for more than eleven years. David fell in love with Small and Medium Business when he was given responsibility for engaging with journalists at the time of the launch of Small Business Server 2003 in the UK. For the next four years David was responsible for improving SBS deliveries by Microsoft partners. As well as his day job, David is also a writer: he has written for consumer publications Windows XP and Windows Vista magazines, and he blogs at http://davidoverton.com, where he helps readers find solutions to questions and problems. In 2009, David published his first book on SBS 2008 which was well received. When not working or writing, David likes to spend time with his family and also tries to fit in sailing any time of the year in any weather.

    Browse publications by this author
Book Title
Access this book and the full library for just $5/m.
Access now