Core Infrastructure Optimization - Models, Capabilities and Requirements by Maturity Level

There's a lot of information posted about Microsoft's efforts around Infrastructure Optimization, also known as simply IO. This is an interesting way to describe the maturity of an IT Infrastructure and also to provide clues to what would be your next logical step in improving it. Your organization can be at any of the four different maturity levels (Basic, Standardized, Rationalized or Dynamic). Microsoft has worked on three separate models (Core, Business Productivity and Application Platform).

This is all great, but most IT people find it somewhat complex to understand and even a little intimidating at first. I found that the easiest way to quickly grasp the value of these models is to look at a nice table showing the various capabilities and specific requirements at each maturity level. The table below shows that information for the Core IO Model:

Capability Level





Identity and Access Management

No centralized directory service

Unified Directory Service

Policy enforced Standard Configuration

Centrally Managed Identity Services

Multiple directories


Group policy management

Automated Account Provisioning




Secure Network Access for Customers and Partners




Federated Services

Desktop, Device and Server Management

Ad-hoc Patching

Desktop Patching

Server Patching

Infratructure Capacity Model

Multiple Desktop Configurations

Standard Desktop Images

Automated OS Deployment

Mobile Device Management and Security at Parity with PC’s

No Mobile Device Management

Two Client OS

Layered Images

Dynamic Workload Shifting for Virtual Infrastructure


Standardized Desktop Applications




Limited Mobile Device Management

Current OS Images




Mobile Device Management with SLA


Security and Networking

No Dedicated Firewall

Standard Antivirus

Managed Firewall

Threat Management and Mitigation Across Client and Server Edge

Limited Network Infrastructure (DNS, DHCP, etc)

Centralized Firewall

Host-based Firewalls

Model-enabled Service Level Monitoring

No Standard Antivirus

Basic Networking Services

Secure Remote Access

Automated Quarantine of Non-Compliant or Infected PCs

Manual Server Monitoring

Monitoring Critical Servers

Secure Wireless




Server Monitoring with SLAs




Managed WAN


Data Protection and Recovery

Ad-hoc Backups

Backup and Recovery for Critical Servers

Backup and Recovery for All Servers with SLAs

Backup and Recovery of Clients with SLA’s

No Recovery Testing


Central Branch Office Backup

Self service data backup and administration management

ITIL/COBIT-based Management Process

No Formalized Process

Defined Support Services

Defined Problem, Change  and Release Management

Business / IT Defined SLA’s

No Commitment to Service Levels

Document  Incident & Problem Response Strategy

Fully documented Operations

Proactive and Agile

Ad-hoc Support, Problem and Change Management

Limited Problem, Change and Configuration Management

Defined Service Levels

Optimizing Service Delivery



Enhanced Configuration Management

Improving Service Levels, Business Continuity and Availability

Security Process

Limited Security Accountability

Accountability to Data Security

Defined Security Compliance and Automated Audit Tools

Automated Risk Assessment

No Formalized Incident Response

Limited Risk Assessment


Managed Network and Data Security Process

Limited Access Control

Password Protection of Data

Documented Threats and Vulnerabilities

Automated Security Policy Verification


Limited Tools and Policy Compliance Automation

Security Standards for SW Acquisitions


If you find the table above interesting, I invite you to further investigate the details about the models, including extensive guides on how to progress from one level to the next. I like the guides, but the best IO-related resource I have seen is a tool to assess your company's current level by just answering a few questions. With that information at hand, you can get yourself busy with specific activities that will take you to the next level. You can also look at the other two models (the table above covers only the Core IO Model).

For details and access to the guides and assessment tool, check the main IO web site at: