Case for Multi-Domain/Forest Model

Slides:



Advertisements
Similar presentations
Network Systems Sales LLC
Advertisements

TERMINAL SERVER DEPLOYMENT PLAN. STEP 1: PREPARATION  UTILIZE THE CURRENT SERVER FOR: ACTIVE DIRECTORY (AD) ACTIVE DIRECTORY (AD) NEEDED FOR STORAGE.
With Microsoft ® Enrolment for Education solutions Be the school of tomorrow, today.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
A.Vandenberg August 7, 2001 HE PKI Summit State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.
HP and Microsoft Solutions for the Midsize Business Presented by: Adaptive Infrastructure for Midsize Businesses Plaza Dynamics HP Alternative Thinking.
The future of client networks. Virtualization developed 59 years ago as a software solution to the hardware limitation Used in server environments to.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Information Security in Real Business
1 SLAC Windows Migration Bob Cowles Presented for the SLAC Windows Migration Project HEPNT, Fermilab October 24, 2002.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
20411D Administering Windows Server® 2012 刘道军老师主讲 如有疑问请与我联系:
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions Associate.
Windows 2003 and 802.1x Secure Wireless Deployments.
Active Directory Implementation Class 4
Clinic Security and Policy Enforcement in Windows Server 2008.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015.
Microsoft Windows 8.1 Enterprise: A brief overview of Microsoft Windows 8 Enhancements. Welcome!
Module 4: Add Client Computers and Devices to the Network.
Chapter 9: Novell NetWare
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Active Directory Academic IT Directors December 6 th 2005.
Module 7: Fundamentals of Administering Windows Server 2008.
NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Presented by John Marian, Andrew Buhr, and Alvin Chen.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
DEP313 Active Directory Restructuring with ADMT v-2
FLOOR CANDY.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Craig A. Brown Practice Leader – Microsoft Global Knowledge MCT, Since 1996 MCSA/MCSE NT/2000/2003 MCDST MCITP: ES / CS.
1 Windows 2008 Configuring Server Roles and Services.
Your Database Solution Jason King. Benefits of a Database Centralized information Searchable Save space from multiple orders from one client.
Introduction to Microsoft Windows 2000 Welcome to Chapter 1 Windows 2000 Server.
2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.
Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.
Module 3 Planning for Active Directory®
Module 1: Introduction to Administering Accounts and Resources.
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Labs. Session 1 Lab 1: Designing an Active Directory Forest Infrastructure in Windows Server 2008 Exercise 1: Designing an Active Directory Forest Exercise.
1 Installing Microsoft Exchange 2000 Server Installation Types Postinstallation Considerations.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Module 1: Introduction to Windows 2000 and Networking.
Certification Overview.
SharePoint and Active Directory Update March 18, 2010.
DocuShare Replacement with SharePoint and Active Directory
Chapter 17 Windows NT/2000 Domains Cisco Learning Institute Network+ Fundamentals and Certification Copyright ©2005 by Pearson Education, Inc. Upper Saddle.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Al Lilianstrom and Dr. Olga Terlyga NLIT 2016 May 4 th, 2016 Under the Hood of Fermilab’s Identity Management Service.
Secure Connected Infrastructure
MED-V - Managing virtual PCs for IT Pros
Microsoft List Schedule April – May 2016
VCE Dumps
Tracie Barrow SBL/OLC Business Development Manager
Examining a Windows NT Infrastructure (2)
Install AD Certificate Services
Microsoft Virtual Academy
Presentation transcript:

Case for Multi-Domain/Forest Model Advantages and Disadvantages

Why have multiple domains or forests Isolation of data and service Data and services must be protected Autonomy of operation Domains require different levels of security & services Specialized operations “Acquired” resources According to M$ 30% of all AD deployments are multi-domain forest model(MDM). Three of the reasons according to Microsoft that multiple domains are employed are: Isolation (for security reason) Autonomy: (customized domains for special reasons) and “Acquired”: domains that were unauthorized or acquired through consolidation or merger . Though M$ primarily focuses on business the reasons for MDM holds for the academic world. Aims CC uses Isolation as part of a defense-in-depth model to separate admin from the academic . (guarding the chicken coop analogy) So when you are guarding the chicken coop from the fox Next screen

NT NT Learning lab CED NT Student Life (academic) (academic) NT Ft. Lupton (academic Admin) NT Admin (employee) NT Student NT CIS (academic) The current domain structure resulted from the consolidation and upgrade of existing autonomous M$ Windows NT domains to M$ Active Directory. During AD design it was decided to maintain the isolation of Administration & Academic domains for security and to allow for some autonomous control of the academic domain by faculty & students. Aims CC uses Isolation as part of a defense-in-depth model to separate admin from the academic . (guarding the chicken coop analogy) So when you are guarding the chicken coop from the fox Next screen NT Loveland (academic Admin) NT Com/Hum/Bus (academic)

1 fence is good 2 would be even better! Continue next slide

(use guarding the chicken coop analogy) In addition to having only a valid logon and Access Control List (typical of single domain ) to control access to domain resources. There will be additional credentials and ACL to access admin (staff/faculty)domain from academic domain…The Additional fence, Next screen

One Way Trust Admin Academic One Way Trust Creative Learning Greeley AD integrated App AD authentication and security for Nursing Dept. video capture system. Creative Learning Greeley Creative Learning Ft Lupton In the current Active Directory at Aims: all Staff/Faculty/Admin are members of the Admin. A 1 way trust, DNS zones, and delegations were established to allow access Academic domain resources. Additionally , an outside company Creative Learning Systems established labs at both the Greeley & Ft. Lupton campuses (The acquired domain). A one-way trust and DNS delegation was established with the Admin & Academic domains to allow greater utilization of the C.L.S. resources. Next screen

Academic Admin Some of the disadvantages that need to be addressed: Obvious: Duplication of physical resources, Servers, File sharing, Printing , Software/OS licensing, T.C.O. The other disadvantages increased complexity of the security configurations and monitoring of the security. Integrations of DNS operations to assure that cross-domain access resources Some solutions: Utilize server virtualization to reduce hardware and operating costs. Centralized printing. Delegated Active directory operations.. Spread the learning of AD operations to junior staff and to students

Problems to deal with.. Disadvantages Admin Academic Integrations of DNS operations to assure that cross-domain access resources The increased complexity of the security configurations. More access control lists to deal with but easier access . More complex monitoring of the security.

Ways around the Disadvantages Admin Academic Some solutions: Utilize server virtualization to reduce hardware and operating costs. Centralized printing. Delegated Active Directory operations.. Knowledge transfer of A.D. operations to junior staff and to students The Future Projects for Active Directory Print Management… RFP in progress Microsoft Exchange… Secure Wireless Access to Admin … using AD integrated PKI Desktop Encryption … using AD integrated PKI Some solutions: Utilize server virtualization to reduce hardware and operating costs. Centralized printing. Delegated Active Directory operations.. Knowledge transferof AD operations to junior staff and to students The future Print Management… RFP in progress Microsoft Exchange… Secure Wireless Access to Admin … using AD integrated PKI Desktop Encryption … using AD integrated PKI

The end result was worth the work YES! The end result was worth the work

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.