Presentation is loading. Please wait.

Presentation is loading. Please wait.

Te kuptojme “Active Directory”

Published byAnnabel Osborne Modified over 5 years ago

Similar presentations

Presentation on theme: "Te kuptojme “Active Directory”"— Presentation transcript:

1 Te kuptojme “Active Directory”
1 minute Frida GJERMENI

2 Ceshtje te leksionit Te kuptojme “Active Directory” 01 | Hyrje ne AD
02 | Active Directory Domain Services (DS)/Sherbimet ne domainet AD 03 | Active Directory Certificate Services (CS)/ Sherbimet certifikate AD 04 | Active Directory Federation Services (FS)/sherbimet federate AD 05 | Active Directory Rights Management Services (RMS)/ te drejtat per menaxhim sherbimi AD 06 | Active Directory Lightweight Directory Services (LDS)/Sherbimet direktori “lightweight” AD 1 minute

3 Hyrje ne “Active Directory/ (AD)”

4 Ne kete modul: AD nuk eshte me ashtu sic ka qene Cfare eshte (AD)?
Rolet ne (AD) Active Directory

5 Cfare eshte “Active Directory”/AD?
Domain Services Te brendshme Llogarite e perd Autorizimi Autentifikimi Nje bashkesi sherbimesh (rolesh dhe specifikash ne server) te perdorura per te menaxhuar identitetin dhe aksesin per /tek burimet ne rrjet Federation Services Network Access for External Resources Certificate Services Identity Non-Repudiation Active Directory Identitet Akses Menaxhim i centralizuar 2 minutes Active Directory is a collection of services (Server Roles and Features) used to manage identity and access for and to resources on a network. Rights Management Services Siguria e kontrolli i oermbajtjes Lightweight Directory Services Nderfaqja e aplikacioneve

6 Rolet “Active Directory”/AD
Sherbimet domain AD (AD DS) Perdorues, PC, Politika Sherbimet certifikate AD  (AD CS) Sherbim, klient, Server dhe identifikim i perdoruesit Sherbimet federate AD Aksesi i burimeve pergjate kufijve tradicionale AD Rights Management Services (AD RMS)/ Te drejtat per menaxhimin e sherbimeve AD Mirmbajtja e sigurise se te dhenave AD Lightweight Directory Services (AD LDS)/ Sherbimet directory lightweight 2 minutes In the next few slides you will cover each of these Windows Roles with a summary of what each is and what each does.

7 Cfare jane sherbimet domain AD DS?
Windows Server Mgmt Profil iNetwork Info Printers Shares Nje sherbim diretori eshte njekohesisht informacioni burim per direktorine dhe gjithashtu sherbimi qe e ben informacionin te disponueshem dhe te perdorshem Windows User Account Information Privileges Profiles Policies Windows Client Mgmt Profile Network Info Policies Sherbimet direktori AD Menaxhimi Siguri Interaktivitet Servers Mailbox Information Address Book Network Devices Config QoS Policy Security Policy 5 Minutes Use the phone book Applications Server Config SSO App-Specific Directory Info

8 Cfare realizojne sherbimet domain AD?
Infraktrukture te shkallzueshme, te sigurte dhe te menaxhueshme per menaxhimin e perdoruesve dhe burimeve Ruan dhe menaxhon informacionin ne lidhje me burimet ne rrjet Ofron suport per aplikacionet qe aktivizohen ne nivel direktorie sic eshte Microsoft® Exchange Server Lejon menaxhim te centralizuar

9 Cfare jane sherbimet certifikate AD?
Eshte implementimi MS per infrastrukturen e celesit publik PKI (publik key infrastucture) eshte nje bashkesi HW, SW, njerezish, politikash, procedurash te nevojshme per te krijuar, menaxhuar, shperndare, perdorur, ruajtur, dhe per te terhequr certifikatat dixhitale Certificate Signing Request Enrollment 3 Certificate Repository Certification Revocation Repository 2 x.509 Certificate Chain Certificate Retrieval 4 End-Entities (users or computers) 1 Revocation Request Certificate Revocation List CRL Retrieval 5 End-entity - the end-user consumers of PKI services. This could be a person, or a computer. Certificate Authority (CA) – Trusted party responsible for the management of digital certificates. The CA is the center of the PKI trust model. A CA is responsible for issuing signed digital certificates, maintaining a certificate repository, and managing revoked certificates and the public list of those certificates, the certificate revocation list (CRL). Certificate Signing Request (CSR) - a document generated by an end-entity used to enroll for a certificate. The request contains information about the user such as distinguished name and public key (signature). Public Digital Certificate and Certificate Path - a digital certificate is the public component in PKI. A public certificate represents the credentials for a given end-entity by connecting an entity to a specific public key. The end-entity represented holds the private key that corresponds to that certificate. Certificates can be used for a number of security measures such as digital signatures to verify the origin, integrity of information, and non-repudiation. Certificate Revocation List (CRL) - a list of revoked certificates. This list is checked during certificate verification by a certificate holder to verify the revocation status for a given certificate. Online Certificate Status Protocol (OCSP) is a CRL alternative that can be used to retrieve revocation and status information for a certificate as well.

10 Cfare realizojne sherbimet certifiakte AD CS?
AD CS ofrojne sherbime qe mund te pershtaten per ceshtjet dhe menaxhimin e certifikatave dixhitale Certification Authorities/Autoritetet qe ofrojne certifikim CA Web Enrollment/Anteraterizimi per certifikate dixhitale npm WEB Online Responders/Pergjigjet online Sherbimi per dhenie certifikate ne nivel pajisje rrjeti /Network Device Enrollment Service (NDES) Certificate Enrollment Web Service/Sherbi Web per dhenie certifikate Certificate Enrollment Policy Web Service/sherbimi i aktivizimit te certifikatave nepermjet politikave web By using Server Manager, you can install the following components of AD CS: Certification authorities (CAs) CAs issue certificates to users, computers, and services, and manage certificate validity CA Web enrollment Web enrollment allows users to connect to a CA by means of a Web browser in order to request certificates and retrieve certificate revocation lists (CRLs) Online Responder The Online Responder service sends a signed response containing requested certificate status information to clients Network Device Enrollment Service The Network Device Enrollment Service allows network devices to obtain certificates when they don’t have domain accounts Certificate Enrollment Web Service The Certificate Enrollment Web Service allows for certificate enrollment by users and computers using SSL to enables policy-based certificate enrollment for disconnected or non-domain-joined computers and users Certificate Enrollment Policy Web Service Delivers certificate enrollment policy information to computers and users to enable the Certificate Enrollment Web Service

11 Cfare jane sherbimet federate AD FS?
Nje komponent software-ik qe lehteson aksesin ne sisteme dhe ne aplikacione ne organizate Web Server Resource Federation Server Account Partner Organization Resource Partner Organization Account Federation Server AD DS Federation Trust

12 Cfare realizojne sherbimet federate AD FS ?
Roli i serverit ne ofrimin e sherbimit federate, ofron identitet te thjeshtuar dhe te sigurte dhe aftesi logimi npm web-it nje here te vetme. mundeson krijimin e lidhjeve te besimit ndermjet 2 organizatave Ofron akses ne aplikacione ndermjet 2 organizatave Ofron logim te vetem /Single Sign-on (SSO) ndermjet 2 direktorive te ndryshme per aplikacionet e bazuara ne WEB AD FS simplifies end-user access to systems and applications by using a claims-based access authorization mechanism to maintain application security. You can deploy AD FS to: Provide your employees or customers with seamless access to Web-based resources in any federation partner organization on the Internet without requiring employees or customers to log on more than once Retain complete control over your employee or customer identities without using other sign-on providers (Windows Live ID, Liberty Alliance, and others) Provide your employees or customers with a Web-based, SSO experience when they need remote access to internally hosted Web sites or services Provide your employees or customers with a Web-based, SSO experience when they access cross-organizational Web sites or services from within the firewalls of your network Identity Federation allows for separate authentication domains or realms to be able to share resources without having to provide complete access to each of the authentication domains. In the real world everyone has a number of usernames and passwords that they must remember, even in the same organizations or within partner organizations. Identity federation allows for different authentication domains/realms to provide single sign-on (SSO) services. This can be done without creating a full Active Directory trust between the organizations.

13 Cfare jane te drejtat per menaxhimin e sherbimeve AD/ AD RMS?
RMS Server Information Author Recipient Eshte nje teknologji per ruajtjen e informacionit qe punon ne nivel aplikacionesh dhe ben ruajtjen e informacionit dixhital

14 Cfare realizojne AD RMS?
Lejon individe dhe administratore te specifiojne lejet per akses ne dokumenta, prezantime, workbook Nuk lejon qe informacione sensitive te printohen, behen forward, apo te kopjohen nga njerez te paautorizuar Aksesi dhe perdorimi i limiteve behen me te forta pavaresisht se ku gjendet informacioni A rights-management solution protects information stored in documents, messages, and Web sites from unauthorized viewing, modification, or use. Features typically include: Protecting sensitive information from being accessed or shared with unauthorized users by preventing users from forwarding or copying content Ensuring that data content is protected and tamper-resistant using encryption and digital signatures Controlling when data will expire based on time requirements, even when that information is sent over the Internet to other individuals - ensuring that the most current information is used

15 Cfare jane sherbimet directory “lightweight” AD LDS?
Windows User Account Information Privileges Profiles Policies Network Devices Config QoS Policy Security Policy AD LDS eshte nje file qe ruan ne menyre hierarkike ne nivel direktorie AD LDS eshte edhe informacioni per burimin e informacionit ne nivel direktorie dhe sherbimi qe ben te mundur aksesin ne informacion dhe disponueshmerine e tij Active Directory LDS Menaxhim Siguri Interaktivitet The image here was also used in the slide regarding AD DS. It was left in place here intentionally to demonstrate the similarities between AD DS and AD LDS. Servers Mailbox Information Address Book Applications Server Config SSO App-Specific Directory Info

16 Cfare realizojne sherbimet AD LDS?
Lightweight Directory Access Protocol (LDAP)/protokolli LDAP Sherbim direktori qe ofron suport fleksibel per aplikacionet e aktivizuara ne nivel direktorie, pa hasur ne pengesat dhe varesite e AD DS Ofron sherbime direktori per aplikacionet qe ofrohen ne nivel direktorie, pa overheadin e domaineve dhe foresteve. Nuk ka ne nevoje per te pasur nje skeme te vetme ne forest. Active Directory Lightweight Directory Services (AD LDS) provides a Lightweight Directory Access Protocol (LDAP) compliant directory and associated services. It is used to provide authentication and directory services for custom written, third-party and other enterprise applications.

Download ppt "Te kuptojme “Active Directory”"

Similar presentations

(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Implementing and Administering AD FS

Implementing and Administering AD FS
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory

Understanding Active Directory
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.

Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Managing Client Access

Managing Client Access

Similar presentations

Ads by Google