WriteImage CEP Siemens Manages 417,000 Users in Single ...



Overview

Country: International

Industry: Electronics and Electrical Engineering

Customer Profile

With more than 417,000 people in 130 business units in 190 countries, Siemens, headquartered in Munich, Germany, is one of the world’s largest electronics and electrical engineering companies.

Business Situation

Each Siemens business unit operates separately yet needs to work with other units to remain competitive and customer focused. Siemens needed to support global access and collaboration.

Solution

Siemens is adopting a single-forest, single-Active Directory® infrastructure based on Microsoft® Windows Server SystemTM, including Windows ServerTM 2003 with Active Directory and Exchange Server 2003.

Benefits

■ 417,000 user accounts in single Active Directory

■ Millions of dollars in annual savings

■ 75 percent file/print server consolidation

■ Ability to add business value

| | |“We want to run our business tools with maximum efficiency, and Windows Server System delivers the manageability, performance, reliability, availability, and security that makes that possible.”

John Minnick, Project Manager, Siemens Workplace Architecture Team

| |

| | | |Today, Siemens has 417,000 people, 340,000 desktops, and 8,900 servers in 130 business units in 190 |

| | | |countries. A few years ago, Siemens supported its business with 1,000 domains in a highly |

| | | |decentralized structure. It wanted a single, centralized Active Directory to streamline user |

| | | |management, e-mail, and collaboration. Siemens was also developing an Entitlement Architecture based |

| | | |on a Siemens DirX® solution for its corporatewide Identity Management infrastructure. Siemens |

| | | |achieved its goals, thanks to Microsoft® Windows Server SystemTM integrated server software that |

| | | |incorporates innovations to help companies do more with less. Siemens has deployed a single-forest |

| | | |architecture and directory that simplifies and facilitates management, saves tens of millions of |

| | | |dollars annually, and helps Siemens to add new business value that it couldn’t otherwise consider. |

| | | |Siemens expects to reduce file/print server count by 75 percent. The end result was a business |

| | | |solution where Windows Server System and Siemens DirX complement each other. |

| | | | |

| | | |[pic] |

| | | | |

Situation

The information technology challenge facing Siemens is vast—as vast as the company itself. Today, Siemens employs 417,000 people in 190 countries, with some 340,000 desktops and 8,900 servers in a global network that supports 130 Siemens units in six business segments: Information and Communications, Automation and Control, Power, Transportation, Medical, and Lighting. With support from regional units, each unit is responsible for its own operations and has the flexibility to make its own decisions and build strong relationships with its customers.

A few years ago, Siemens’s decentralized and constantly changing structure—the company had 1,000 domains in 1998—made it challenging to foster the cooperation among business units and regions that is critical to enabling the company to provide comprehensive customer-focused products, solutions, and services at competitive prices. It also made it challenging to provide a comprehensive, coordinated, and highly manageable IT infrastructure to support the enterprise and its growth.

“Just within one business unit, we had 15 different manufacturing systems on seven different platforms,” says John Minnick, Project Manager on the Siemens Workplace Architecture Team. “Identical products in different parts of the world may be made entirely differently because our systems can’t work together as one. Multiply that situation throughout our 130 business units and it means we’re looking at rising costs of labor, rising costs to house and power redundant systems, and the fact that we couldn’t communicate easily from one part of the world to the other. We could not effectively manage the environment as it was.”

Launching an Internet Initiative

To address these concerns, Siemens launched an initiative in 1998 to orient its business operations toward the Internet. The goal was to give information workers better collaboration tools and more effective ways to communicate, which would increase business agility and improve employee efficiency while bringing the organization closer to its customers. A series of initiatives was launched to achieve this goal. One initiative, the global Any4 vision, entails providing personnel, vendors, suppliers, distributors, partners, and other authorized Siemens users with easy, around-the-clock access to resources from any location—anyone, anywhere, anytime, any resource.

The Need for a Single Forest

Achieving these objectives would require Siemens to unify its 130 separate IT infrastructures into a single, enterprisewide forest that would allow the organization to share a common directory, schema, configuration, and global catalog (GC). Centralizing services would also reduce operating expenses by lowering the company’s hardware acquisition, IT administrative, and software licensing costs. The result of using the common infrastructure would be a highly manageable environment in which Siemens could do more with less, achieve greater levels of security and reliability, and cost-effectively increase productivity and add new business value to the enterprise.

Creating this common infrastructure foundation, called the Siemens Global Network, represented a drastic and sweeping new direction for the company. To provide the leadership for that direction, Siemens established the international Siemens Workplace Architecture Team (SWAT) to develop the foundational design principles and policies for all Siemens operating companies to use.

Solution

As a first step, SWAT focused on implementing the Microsoft® Windows® 2000 Advanced Server operating system with the Active Directory® service and Exchange 2000 Server to consolidate all separate networks into a global corporate directory and single-forest solution that would provide an enterprisewide addressing scheme and a messaging and collaboration environment.

Today, Siemens is realizing its vision of a single, global infrastructure for user management, e-mail, and collaboration with both enterprisewide and local management for its more than 400,000 employees. Integrated with Siemens Identity Management Architecture based on Siemens DirX—this solution makes enterprise management both simpler and more effective. The solution is based on Microsoft Windows Server SystemTM integrated server software, which incorporates software innovations to simplify development, deployment, and management so that companies can reduce their costs of ongoing operations, deliver highly reliable and secure IT systems, and drive valuable new capabilities for the future growth of their businesses.

Siemens is deploying Microsoft Windows ServerTM 2003, Enterprise Edition, with Active Directory and Exchange Server 2003, key components of Windows Server System. Siemens is extending the benefits of its centrally managed solution to the client side with Microsoft Office Professional Edition 2003 with the Microsoft Office Outlook® 2003 messaging and collaboration client.

Central to the Siemens solution is its single-forest architecture, which is bringing all business units together. It is providing employees with full functionality and transparent access to all resources with a global client, as well as providing a global standard for the design of Active Directory at Siemens.

That directory design consists of a forest root domain and second-tier domains. The forest root domain provides functions necessary to the existence and interoperation of the other domains in the forest. Created directly off the forest root domain by the individual Siemens units, second-tier domains contain all of their administrator, user, and computer accounts and resources.

Currently, the Siemens infrastructure consists of three forests: , which is the production forest; , which is a mirror of for business units to test new applications before implementing them in production; and , which is the Siemens global lab testing environment. This last environment consists of 45 servers—including domain controllers (DCs), Web servers, e-mail servers, and application servers—in 16 locations around the world. “Our test forest is bigger than some companies' production deployments,” says Minnick.

Building Blocks of Greater Manageability

Siemens’s extensive testing of Windows Server 2003 prior to deployment identified new features that are helping the company continue to improve the performance of, and access to, its global network, while preserving security and reducing management time and cost.

These features include:

■ Updated Knowledge Consistency Checker (KCC)/Inter-Site Topology Generator (ISTG) algorithm, which significantly shortens the calculation time for the replication topology on the ISTG and thus easily scales to meet Siemens single-forest requirements. “We found in lab testing that Windows Server 2003 enabled us to get beyond previous limits,” says Minnick. “KCC calculation time for 150 sites on Windows Server 2003 took just a few seconds.”

■ Logon connections without a global catalog. In Windows Server 2003, domain controllers in a site that does not contain a global catalog can be configured to cache universal group membership lookups when processing user connections. This allows a DC to process connections without contacting a GC. This can reduce the number of GCs, decrease hardware requirements for DCs, increase availability, and reduce the amount of bandwidth required for replication. This is of particular benefit for Siemens branch offices because it makes them simpler and less expensive to manage and support.

■ Replica DC from media, which allows an administrator to set up initial replication from files created when backing up an existing DC or GC server. The backup files, generated by any Active Directory–aware backup utility, can be transported to the candidate DC using media (such as tape, CD, and DVD) or a network. With Windows Server 2003, the administrator only needs to send the data to the remote site and the initial Active Directory can be built from backup data. This provides faster, more flexible support of remote sites that have low bandwidth but need a local DC to support logon connections.

■ Group membership replication improvements, which eliminate the 5,000-users per-group limit of Windows 2000 Server and the need for “group nesting.” This reduces administrative complexity and replication traffic, and eliminates the potential risk of losing data during simultaneous updates of groups.

■ New operational features. Object picker enhancements provide better, more efficient, and flexible support for finding objects in a large directory; reduce the impact of directory service on a network; and help users to narrow down a search to a specific organizational unit within the directory. This is expected to optimize administrator workflow and provide more efficient use and administration of the directory. With headless server support, Siemens can install and manage a server computer without a monitor, VGA display adaptor, keyboard, or mouse. Headless Server Emergency Management Services support for management controllers and ports allows servers to be managed even during system start or when a system has crashed. This will help Siemens reduce server hardware costs and provide better support for a server that has gone down.

■ Active Directory Migration Tool enhancements, including support for password synchronization and a scripting interface, which are expected to help reduce migration costs.

■ Improved management features—such as the new Group Policy Management Console user interface, improved reporting, backup and restore of Group Policy Objects (GPOs), and scripting of GPO operations as well as Microsoft Software Update Services—will streamline administration and improve server operations.

Consolidating Servers and Hubs

Siemens is achieving major consolidations in both its physical and logical architecture. Domains are telescoping from 1,000 Microsoft Windows NT® Server 4.0 domains to 75 Windows Server 2003 domains. Server consolidation is proceeding at a four-to-one reduction for member servers (for example, application servers and file/print servers) in the Active Directory architecture.

Minnick projects that Exchange Server 2003 could reduce the number of messaging servers by more than 75 percent when the deployment is complete, thanks to new features such as a multidatabase architecture and the ability to support more users per server compared with Exchange Server 5.5. The increased performance between Outlook 2003 clients and Exchange Server 2003—due to Cached Exchange Mode, a feature of Outlook—also will minimize the number of remote site servers, contributing further to server consolidation.

Siemens is consolidating its organization names from more than 150 to just one, facilitating a consolidation of its hub structure to just three regional centers. The consolidated hubs—in the Americas, Europe, and Asia—can take advantage of clustering in Windows Server 2003 and Exchange Server 2003 to support hundreds of thousands of users who may need many terabytes of storage. By using Windows Server System for the messaging and collaboration infrastructure, Siemens is positioned to achieve further consolidation when it wishes, by moving to 64-bit computing with Windows Server 2003, Datacenter Edition.

Siemens’s three-hub structure supports 14 Exchange Server 2003 routing groups. These routing groups differ from Exchange 5.5 sites in that Exchange Server 2003 provides the flexibility to assign server management permissions to a specific IT support group, and assign management and configuration of message transfer to a more network-centric organization in the enterprise. The additional flexibility is a significant advantage over Exchange 5.5, providing easier administration.

Routing groups also help manage messages and control the flow of messages across administrative boundaries. Unlike sites in earlier versions of Exchange, routing groups can be created and changed as required, and server membership can be dynamically altered. So the entire routing architecture for Siemens can be modified easily without reinstallation. As the underlying network infrastructure changes—for example, when Siemens accommodates mergers and acquisitions—the Exchange routing network can adjust quickly to the changes.

Implementing the Mobility Solution

A key goal of the Siemens Any4 vision is to enable information and application access from anywhere. That requires a mobility solution with which the company’s users can gain secure, reliable system access from their homes, client locations, or anywhere else. Siemens is able to achieve that solution through use of Outlook Web Access (OWA) for secure access from any standard Web browser and Outlook Mobile Access (OMA) for secure access from Pocket PCs and Smartphones running Microsoft Windows MobileTM software.

OWA and OMA are available automatically when Exchange Server 2003 is installed, and they take advantage of the same Active Directory structure that Siemens already is deploying, enabling the company to use these capabilities without the added burden and expense of managing a separate directory and mobility solution.

Siemens is deploying OWA in a front-end and back-end architecture where the company wants to maintain a single namespace to access all front-end servers or where it wants to provide enhanced security in a firewall or perimeter network environment. In this configuration, front-end servers communicate directly to client browsers and relay requests to back-end servers, but they do not contain any public or private databases. The private and public stores and databases are housed in the back-end server.

OMA and the ActiveSync® technology in Exchange Server help to provide secure access to Siemens e-mail from a variety of mobile clients. They also enable over-the-air synchronization on a scheduled or on-demand basis. This includes remote access to e-mail, calendar, contacts, tasks, and the global address list.

Moving Ahead with Deployment

In early 2003, Siemens began participating in the Office 2003 Rapid Adoption Program. In July 2003, Siemens engaged the Microsoft Enterprise Engineering Center to refine its plans for Windows Server 2003, establish plans for Exchange Server 2003, tie in the Microsoft Office System, and evaluate other Microsoft technologies against its business needs.

Release-to-manufacturing versions of Exchange Server 2003 and Windows Server 2003 were completed in April 2003 and July 2003, respectively. The Office 2003 Editions launched in October 2003, and deployment at Siemens is targeted for the first quarter of 2004. Siemens expects to migrate approximately 350,000 mailboxes to Exchange Server 2003 by the end of December 2004.

Benefits

With Microsoft Windows Server System, Siemens is on track to realize its vision for Any4 computing. The company is creating a dynamic system with easier management and operational efficiency for a lower total cost of ownership compared with its previous infrastructure. It is implementing a fully integrated server infrastructure for reliability, security, scalability, and serviceability—with no surprises. And it is using Windows Server System–based infrastructure and investment to add tremendous new business value for Siemens without tremendous new cost.

A Single, Global Environment

The most important benefit of Windows Server System to Siemens, according to Minnick, is the realization of the company’s single-forest, single-directory, global environment.

“Windows Server System makes our global Any4 vision a reality,” says Minnick. “We have a network that’s reliable enough to handle the demands we place on it. Windows Server System provides our global enterprise with a single infrastructure, enabling all of our independent business groups to work together. We can manage it better, smarter. We can do things globally that we were only able to do locally before. To me, that’s important; that’s the meaning of a global company. Users and resources 5,000 miles away can be addressed as easily as users and resources in the building I’m in right now.

“We want to run our business with maximum efficiency, and Windows Server System delivers the manageability, performance, reliability, availability, and security that makes that possible,” adds Minnick. “We can operate with global synergy because our business units and the people in them are aware of each other and can work together. We can focus on the strategic, not just the tactical.”

For example, to run a single enterprise with local interests in 190 countries, Siemens needs to balance local discretion to administer the IT infrastructure with global control over that infrastructure. By providing the flexibility to decentralize administration at a granular level, Windows Server System has helped the Siemens Workplace Architecture Team to develop an IT governance policy that addresses this challenge.

“Windows Server System enables us to have global governance for those things that impact scalability, security, reliability, and so on, yet give the local groups the freedom to run their businesses in the ways that they’re comfortable with,” says Minnick.

Greater Manageability That Cuts Costs by Millions of Dollars

Thanks to the broad range of operational efficiencies and manageability benefits in Windows Server System, Siemens expects to save tens of millions of dollars per year as the new solution is fully deployed—a savings that may come to more than 10 percent of infrastructure costs.

Siemens expects the biggest portion of that savings to come from server consolidation. With a major reduction in servers, continuing hardware costs will fall by 50 percent (less than the 75 percent reduction in server counts because systems are being consolidated onto somewhat more powerful machines). This consolidation, in turn, will enable Siemens to reduce the costs of its outsourcing contracts for server maintenance by about 20 percent. Also contributing to the savings will be the increased effectiveness of network traffic enabled by Cached Exchange Mode, as well as the reduction in domains, organization names, and hubs—all of which simplify the environment and thus minimize the time and cost of system management.

“As we consolidate our servers, our domains, and other aspects of our infrastructure, we are reducing the head count, the time, and the resources we must devote to managing our enterprise—enabling us to move people and resources to more strategic functions,” says Minnick. “And we are gaining network capabilities and business value we never had before. Truly, Windows Server System is enabling us to doing more with less.”

Added Business Value into the Future

By providing a powerful, single, global infrastructure, Windows Server System is doing more than enhancing manageability for Siemens’s current operations. It is also providing the resources and framework that the company can exploit to add tremendous new business value for years to come without tremendous new expense.

Taking advantage of Automated Deployment Services (ADS) for efficient and consistent server provisioning is one example. A feature of Windows Server 2003, Enterprise Edition, ADS is a powerful bare-metal server provisioning and mass server administering solution. Siemens Business Services Austria has decided to use ADS as its solution for internal and external server deployment. Once successfully deployed, ADS will enable fully automated zero-touch server build, drastically reducing the time and staffing cost for Windows-based server deployment.

Furthermore, the data center can dynamically reprovision servers based on business needs to improve server utilization. ADS also comes with Task Sequencing, so that the data center can encode business best practices to increase server build consistency. As a base operating system feature, ADS exposes all application programming interfaces through the Windows Management Interface, enabling further customization. Siemens Business Services Austria also uses ADS as a way to roll out a large number of homogenous clients simultaneously. With ADS, Siemens can quickly reinstall prepared client images, in cases of failures, without any intervention by the local staff.

Extending the Any4 environment to Web browsers, Pocket PCs, and smartphones is another example of added business value. Siemens can extend its existing Exchange Server environment to these new devices without building—and having to manage and maintain—a separate messaging environment on the back end.

Similarly, Siemens regards instant messaging (IM) is an important technology that can greatly facilitate collaboration among its far-flung employees. But until now, it wasn’t possible for Siemens to roll out the technology in a secure, reliable, and cost-effective way to all employees. Some employees were using third-party providers, and most employees were using no IM service at all. IM users were often stymied if colleagues were on a different service, behind a firewall, or without IM service.

Now, Siemens is developing the architecture to deploy Microsoft Office Live Communications Server 2003, which provides enterprise-ready IM, presence technology, and an extensible environment for connecting people, information, and business processes. The server software enables file transfer, audio and video conferencing, and application sharing.

“Windows Server System enables us to adopt solutions like Live Communications Server without having to deploy an entirely new infrastructure and additional staff to support it,” says Minnick. “We have our Active Directory structure in place, and Live Communications Server plugs right into it. We couldn’t afford to look at this otherwise. Windows Server System is not just the right solution for us today. It will enable us to adapt and extend our environment to serve our business interests for years to come.”

Microsoft Windows Server System

Microsoft Windows Server System is a comprehensive, integrated, and interoperable server infrastructure that helps reduce the complexity and costs of building, deploying, connecting, and operating agile business solutions. Windows Server System helps customers create new value for their business through the strategic use of their IT assets. With the Windows Server operating system as its foundation, Windows Server System delivers dependable infrastructure for data management and analysis; enterprise integration; customer, partner, and employee portals; business process automation; communications and collaboration; and core IT operations including security, deployment, and system management. For more information about Windows Server System, go to:

‌windowsserversystem

Manageability and Microsoft's Dynamic Systems Initiative

Improving the manageability of solutions built on Windows Server System is a key driver behind the Microsoft Dynamic Systems Initiative (DSI). DSI is a Microsoft-led industry initiative aimed at dramatically simplifying and automating how businesses design, deploy, and operate IT systems. DSI focuses on driving operational requirements back into

IT systems at design time and creating a connection that flows from design to operations to the end users utilizing a system. Dynamic Systems are composed of applications that self describe their operational characteristics, operating systems that automatically respond to changing business needs and adjust data center resources accordingly, and management solutions that automate administration tasks and allow business policy to drive IT.  The end result to your business is dramatically decreased operating costs, improved reliability, and increased responsiveness across the entire IT life cycle.

The Microsoft strategy for delivering on DSI combines a long-term vision with a solid set of near-term product offerings that enable customers to take practical steps toward that vision today.  Windows Server System products, including Windows Server 2003, Systems Management Server 2003, and the soon to arrive Microsoft Operations Manager 2004, are great ways to get on the DSI roadmap today. To learn more about DSI, go to:



-----------------------

Insert graphic here [pic]

Active Directory enables the single-forest architecture with forest root domain and second-tier domains that can manage all Siemens organizational units (OU), including user accounts, resources, business units, and other enterprise elements.

us001.



(Forest root)

de001.

de002.

OU

OU

OU

OU

OU

OU

OU

Second-tier domains

(Siemens units,

accounts, resources)

“Windows Server System is not only the right solution for us today. It will enable us to adapt and extend our environment to serve our business interests for years to come.”

John Minnick, Project Manager, Siemens Workplace Architecture Team

| |

Through system consolidation, Siemens created a highly effective messaging infrastructure including three powerful hubs and 14 highly flexible routing groups.

“Windows Server System makes our global Any4 vision a reality.”

John Minnick, Project Manager, Siemens Workplace Architecture Team

| |

Siemens’s use of a front-end and back-end architecture for Outlook Web Access enables user access from any standard client Web browser while enhancing reliability and security.

| |Software

■ Products

− Microsoft Windows Server System

Microsoft Windows Server 2003, Enterprise Edition

Microsoft Exchange Server 2003

− Microsoft Office System

Microsoft Office Professional Edition 2003

Microsoft Office Live Communications Server 2003

|Technologies

− Active Directory

− Automated Deployment Services

Hardware

■ Fujitsu-Siemens Primergy servers

■ HP Compaq ProLiant servers

■ Dell PowerEdge servers | |

© 2004 Microsoft Corporation. All rights reserved.

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Microsoft, Active Directory, ActiveSync, Outlook, Windows, the Windows logo, Windows Mobile, Windows NT, Windows Server, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Document published January 2004 | | |

For More Information

For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:



For more information about Siemens products and services, visit the website at:



................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download